From def59347022475ca608f2bb6f116da6ea76cb452 Mon Sep 17 00:00:00 2001 From: Dipak Acharya Date: Mon, 10 Aug 2020 14:03:08 +0545 Subject: [PATCH 1/7] Add UidNumber and GidNumber when creating new user --- pkg/service/v0/data/user.go | 2 ++ pkg/service/v0/users.go | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/pkg/service/v0/data/user.go b/pkg/service/v0/data/user.go index c43cc9cf5f..4b3c0c5a30 100644 --- a/pkg/service/v0/data/user.go +++ b/pkg/service/v0/data/user.go @@ -14,6 +14,8 @@ type User struct { DisplayName string `json:"displayname" xml:"displayname"` Email string `json:"email" xml:"email"` Quota *Quota `json:"quota" xml:"quota"` + UIDNumber int64 `json:"uidNumber" xml:"uidNumber"` + GIDNumber int64 `json:"gidNumber" xml:"gidNumber"` } // Quota holds quota information diff --git a/pkg/service/v0/users.go b/pkg/service/v0/users.go index 42b87f38ee..41ed11a48b 100644 --- a/pkg/service/v0/users.go +++ b/pkg/service/v0/users.go @@ -5,6 +5,7 @@ import ( "encoding/hex" "fmt" "net/http" + "strconv" "strings" "github.com/cs3org/reva/pkg/user" @@ -60,6 +61,8 @@ func (o Ocs) GetUser(w http.ResponseWriter, r *http.Request) { Username: account.PreferredName, DisplayName: account.DisplayName, Email: account.Mail, + UIDNumber: account.UidNumber, + GIDNumber: account.GidNumber, Enabled: account.AccountEnabled, // FIXME only return quota for users/{userid} endpoint (not /user) // TODO query storage registry for free space? of home storage, maybe... @@ -81,6 +84,21 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { username := r.PostFormValue("username") displayname := r.PostFormValue("displayname") email := r.PostFormValue("email") + uid := r.PostFormValue("uidNumber") + gid := r.PostFormValue("gidNumber") + + uidNumber, err := strconv.ParseInt(uid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the uidNumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the uidNumber provided") + return + } + gidNumber, err := strconv.ParseInt(gid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the gidNumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the gidNumber provided") + return + } // fallbacks /* TODO decide if we want to make these fallbacks. Keep in mind: @@ -99,6 +117,8 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { DisplayName: displayname, PreferredName: username, OnPremisesSamAccountName: username, + UidNumber: uidNumber, + GidNumber: gidNumber, PasswordProfile: &accounts.PasswordProfile{ Password: password, }, From 1cb7d26ece5d6fd2770b1852e9ed6d6e9e4e9375 Mon Sep 17 00:00:00 2001 From: Dipak Acharya Date: Mon, 10 Aug 2020 14:33:49 +0545 Subject: [PATCH 2/7] Allow creating user without uidnumber and gidnumber --- pkg/service/v0/data/user.go | 4 +-- pkg/service/v0/users.go | 67 +++++++++++++++++++++++-------------- 2 files changed, 44 insertions(+), 27 deletions(-) diff --git a/pkg/service/v0/data/user.go b/pkg/service/v0/data/user.go index 4b3c0c5a30..6181352202 100644 --- a/pkg/service/v0/data/user.go +++ b/pkg/service/v0/data/user.go @@ -14,8 +14,8 @@ type User struct { DisplayName string `json:"displayname" xml:"displayname"` Email string `json:"email" xml:"email"` Quota *Quota `json:"quota" xml:"quota"` - UIDNumber int64 `json:"uidNumber" xml:"uidNumber"` - GIDNumber int64 `json:"gidNumber" xml:"gidNumber"` + UIDNumber int64 `json:"uidnumber" xml:"uidnumber"` + GIDNumber int64 `json:"gidnumber" xml:"gidnumber"` } // Quota holds quota information diff --git a/pkg/service/v0/users.go b/pkg/service/v0/users.go index 41ed11a48b..0a71607cbb 100644 --- a/pkg/service/v0/users.go +++ b/pkg/service/v0/users.go @@ -84,20 +84,27 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { username := r.PostFormValue("username") displayname := r.PostFormValue("displayname") email := r.PostFormValue("email") - uid := r.PostFormValue("uidNumber") - gid := r.PostFormValue("gidNumber") + uid := r.PostFormValue("uidnumber") + gid := r.PostFormValue("gidnumber") - uidNumber, err := strconv.ParseInt(uid, 10, 64) - if err != nil { - render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the uidNumber provided")) - o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the uidNumber provided") - return + var uidNumber, gidNumber int64 + var err error + + if uid != "" { + uidNumber, err = strconv.ParseInt(uid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the uidnumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the uidnumber provided") + return + } } - gidNumber, err := strconv.ParseInt(gid, 10, 64) - if err != nil { - render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the gidNumber provided")) - o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the gidNumber provided") - return + if gid != "" { + gidNumber, err = strconv.ParseInt(gid, 10, 64) + if err != nil { + render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "Cannot use the gidnumber provided")) + o.logger.Error().Err(err).Str("userid", userid).Msg("Cannot use the gidnumber provided") + return + } } // fallbacks @@ -112,20 +119,28 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { } */ - account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{ - Account: &accounts.Account{ - DisplayName: displayname, - PreferredName: username, - OnPremisesSamAccountName: username, - UidNumber: uidNumber, - GidNumber: gidNumber, - PasswordProfile: &accounts.PasswordProfile{ - Password: password, - }, - Id: userid, - Mail: email, - AccountEnabled: true, + newAccount := &accounts.Account{ + DisplayName: displayname, + PreferredName: username, + OnPremisesSamAccountName: username, + PasswordProfile: &accounts.PasswordProfile{ + Password: password, }, + Id: userid, + Mail: email, + AccountEnabled: true, + } + + if uidNumber != 0 { + newAccount.UidNumber = uidNumber + } + + if gidNumber != 0 { + newAccount.GidNumber = gidNumber + } + + account, err := o.getAccountService().CreateAccount(r.Context(), &accounts.CreateAccountRequest{ + Account: newAccount, }) if err != nil { merr := merrors.FromError(err) @@ -150,6 +165,8 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) { Username: account.PreferredName, DisplayName: account.DisplayName, Email: account.Mail, + UIDNumber: account.UidNumber, + GIDNumber: account.UidNumber, Enabled: account.AccountEnabled, })) } From e880600b615b6d39ff1d5d38dfea1d90f188944c Mon Sep 17 00:00:00 2001 From: Dipak Acharya Date: Mon, 10 Aug 2020 14:46:37 +0545 Subject: [PATCH 3/7] Add changelog item --- changelog/unreleased/add-uid-gid.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelog/unreleased/add-uid-gid.md diff --git a/changelog/unreleased/add-uid-gid.md b/changelog/unreleased/add-uid-gid.md new file mode 100644 index 0000000000..ca7f93df3d --- /dev/null +++ b/changelog/unreleased/add-uid-gid.md @@ -0,0 +1,5 @@ +Enhancement: Add option to pass uidnumber and gidnumber while creating user through ocs + +We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user + +https://github.com/owncloud/ocis-ocs/pull/34 From 83023c30e9e3cdc38cb0252b49c5b2b2d2959bd6 Mon Sep 17 00:00:00 2001 From: Dipak Acharya Date: Mon, 10 Aug 2020 14:59:31 +0545 Subject: [PATCH 4/7] Fix the changelog title --- changelog/unreleased/add-uid-gid.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/unreleased/add-uid-gid.md b/changelog/unreleased/add-uid-gid.md index ca7f93df3d..cab2b7c8f6 100644 --- a/changelog/unreleased/add-uid-gid.md +++ b/changelog/unreleased/add-uid-gid.md @@ -1,4 +1,4 @@ -Enhancement: Add option to pass uidnumber and gidnumber while creating user through ocs +Enhancement: Add option to create user with uidnumber and gidnumber We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user From 0938dbcaf5014453b854c1bf644b50f416449150 Mon Sep 17 00:00:00 2001 From: Dipak Acharya Date: Mon, 10 Aug 2020 09:30:52 +0000 Subject: [PATCH 5/7] Automated changelog update [skip ci] --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07a410488c..a10ebba455 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ The following sections list the changes in ocis-ocs unreleased. ## Summary * Bugfix - Fix file descriptor leak: [#79](https://github.com/owncloud/ocis-accounts/issues/79) +* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25) * Enhancement - Basic Support for the User Provisioning API: [#23](https://github.com/owncloud/ocis-ocs/pull/23) @@ -21,6 +22,13 @@ The following sections list the changes in ocis-ocs unreleased. https://github.com/owncloud/ocis-ocs/pull/29 +* Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) + + We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user + + https://github.com/owncloud/ocis-ocs/pull/34 + + * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25) We added support for the group management related set of API calls of the provisioning API. From 10686290e79fc565d3c53670a967b3027f997d88 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 7 Aug 2020 11:03:28 +0200 Subject: [PATCH 6/7] Use opaque ID of a user for signing keys OCIS switched from user the user's opaque ID (UUID) everywhere, so to keep compatible we have adjusted the signing keys endpoint to also use the UUID when storing and generating the keys. --- changelog/unreleased/signing-keys-opaqueid | 8 ++++++++ pkg/service/v0/users.go | 14 +++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 changelog/unreleased/signing-keys-opaqueid diff --git a/changelog/unreleased/signing-keys-opaqueid b/changelog/unreleased/signing-keys-opaqueid new file mode 100644 index 0000000000..6f8b3b70cf --- /dev/null +++ b/changelog/unreleased/signing-keys-opaqueid @@ -0,0 +1,8 @@ +Bugfix: Use opaque ID of a user for signing keys + +OCIS switched from user the user's opaque ID (UUID) everywhere, +so to keep compatible we have adjusted the signing keys endpoint +to also use the UUID when storing and generating the keys. + +https://github.com/owncloud/ocis/issues/436 +https://github.com/owncloud/ocis-ocs/pull/32 diff --git a/pkg/service/v0/users.go b/pkg/service/v0/users.go index 0a71607cbb..aef9ae5b7b 100644 --- a/pkg/service/v0/users.go +++ b/pkg/service/v0/users.go @@ -261,17 +261,20 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { return } + // use the user's UUID + userID := u.Id.OpaqueId + c := storepb.NewStoreService("com.owncloud.api.store", grpc.NewClient()) res, err := c.Read(r.Context(), &storepb.ReadRequest{ Options: &storepb.ReadOptions{ Database: "proxy", Table: "signing-keys", }, - Key: u.Username, + Key: userID, }) if err == nil && len(res.Records) > 0 { render.Render(w, r, response.DataRender(&data.SigningKey{ - User: u.Username, + User: userID, SigningKey: string(res.Records[0].Value), })) return @@ -279,10 +282,8 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { if err != nil { e := merrors.Parse(err.Error()) if e.Code == http.StatusNotFound { - //o.logger.Debug().Str("username", u.Username).Msg("signing key not found") // not found is ok, so we can continue and generate the key on the fly } else { - //o.logger.Err(err).Msg("error reading from store") render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "error reading from store")) return } @@ -292,7 +293,6 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { key := make([]byte, 64) _, err = rand.Read(key[:]) if err != nil { - //o.logger.Error().Err(err).Msg("could not generate signing key") render.Render(w, r, response.ErrRender(data.MetaServerError.StatusCode, "could not generate signing key")) return } @@ -304,7 +304,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { Table: "signing-keys", }, Record: &storepb.Record{ - Key: u.Username, + Key: userID, Value: []byte(signingKey), // TODO Expiry? }, @@ -317,7 +317,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) { } render.Render(w, r, response.DataRender(&data.SigningKey{ - User: u.Username, + User: userID, SigningKey: signingKey, })) } From 3e2e494e570c216dc3c87cbc49df58e1dda24195 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Tue, 11 Aug 2020 14:36:38 +0000 Subject: [PATCH 7/7] Automated changelog update [skip ci] --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a10ebba455..73b5c00bcc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ The following sections list the changes in ocis-ocs unreleased. ## Summary * Bugfix - Fix file descriptor leak: [#79](https://github.com/owncloud/ocis-accounts/issues/79) +* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436) * Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) * Enhancement - Add Group management for OCS Povisioning API: [#25](https://github.com/owncloud/ocis-ocs/pull/25) * Enhancement - Basic Support for the User Provisioning API: [#23](https://github.com/owncloud/ocis-ocs/pull/23) @@ -22,6 +23,15 @@ The following sections list the changes in ocis-ocs unreleased. https://github.com/owncloud/ocis-ocs/pull/29 +* Bugfix - Use opaque ID of a user for signing keys: [#436](https://github.com/owncloud/ocis/issues/436) + + OCIS switched from user the user's opaque ID (UUID) everywhere, so to keep compatible we have + adjusted the signing keys endpoint to also use the UUID when storing and generating the keys. + + https://github.com/owncloud/ocis/issues/436 + https://github.com/owncloud/ocis-ocs/pull/32 + + * Enhancement - Add option to create user with uidnumber and gidnumber: [#34](https://github.com/owncloud/ocis-ocs/pull/34) We have added an option to pass uidnumber and gidnumber to the ocis api while creating a new user