From c47dc845b1b45bea144b9cd7da967dc41d534f9b Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Mon, 11 May 2020 13:59:18 +0200
Subject: [PATCH] Use email claim for account GetRequest

---
 pkg/command/server.go           |  1 -
 pkg/middleware/account_uuid.go  | 21 +++++++-------
 pkg/middleware/openidconnect.go | 49 +--------------------------------
 3 files changed, 11 insertions(+), 60 deletions(-)

diff --git a/pkg/command/server.go b/pkg/command/server.go
index 085c301900..ea3c4b3f49 100644
--- a/pkg/command/server.go
+++ b/pkg/command/server.go
@@ -247,7 +247,6 @@ func loadMiddlewares(cfg *config.Config, l log.Logger) alice.Chain {
 			oidc.Logger(l),
 		)
 
-		// configuredMiddlewares = append(configuredMiddlewares, oidcMW, middleware.AccountUUID)
 		return alice.New(middleware.RedirectToHTTPS, oidcMW, middleware.AccountUUID)
 	}
 
diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go
index b2ccf19bb1..19496c470a 100644
--- a/pkg/middleware/account_uuid.go
+++ b/pkg/middleware/account_uuid.go
@@ -22,8 +22,7 @@ func AccountUUID(next http.Handler) http.Handler {
 		if err != nil {
 			c := acc.NewAccountsService("com.owncloud.accounts", mclient.DefaultClient) // TODO this won't work with a registry other than mdns. Look into Micro's client initialization.
 			resp, err := c.Get(context.Background(), &acc.GetRequest{
-				Uuid: "200~a54bf154-e6a5-4e96-851b-a56c9f6c1fce",
-				// Email: claims.Email // depends on https://github.com/owncloud/ocis-accounts/pull/28
+				Email: claims.(ocisoidc.StandardClaims).Email,
 			})
 			if err != nil {
 				w.WriteHeader(http.StatusInternalServerError)
@@ -38,18 +37,18 @@ func AccountUUID(next http.Handler) http.Handler {
 
 			// TODO: build JWT and set it, instead of the uuid on that header.
 			w.Header().Set("x-ocis-accounts-uuid", resp.Payload.Account.Uuid)
-		}
+		} else {
+			uuid, ok := entry.V.(string)
+			if !ok {
+				// placeholder. Add more meaningful response
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
 
-		uuid, ok := entry.V.(string)
-		if !ok {
-			// placeholder. Add more meaningful response
-			w.WriteHeader(http.StatusInternalServerError)
-			return
+			// TODO: build JWT and set it, instead of the uuid on that header.
+			w.Header().Set("x-ocis-accounts-uuid", uuid)
 		}
 
-		// TODO: build JWT and set it, instead of the uuid on that header.
-		w.Header().Set("x-ocis-accounts-uuid", uuid)
-
 		next.ServeHTTP(w, r)
 	})
 }
diff --git a/pkg/middleware/openidconnect.go b/pkg/middleware/openidconnect.go
index 6e8a0e2b58..79f1c9efd7 100644
--- a/pkg/middleware/openidconnect.go
+++ b/pkg/middleware/openidconnect.go
@@ -4,14 +4,11 @@ import (
 	"context"
 	"crypto/tls"
 	"errors"
-	"fmt"
 	"net/http"
 	"strings"
 	"time"
 
-	oidc "github.com/coreos/go-oidc"
-	mclient "github.com/micro/go-micro/v2/client"
-	acc "github.com/owncloud/ocis-accounts/pkg/proto/v0"
+	"github.com/coreos/go-oidc"
 	ocisoidc "github.com/owncloud/ocis-pkg/v2/oidc"
 	"github.com/owncloud/ocis-proxy/pkg/cache"
 	"golang.org/x/oauth2"
@@ -24,11 +21,6 @@ var (
 	// svcCache caches requests for given services to prevent round trips to the service
 	svcCache = cache.NewCache()
 
-	accountSvc = "com.owncloud.accounts"
-
-	// UUIDKey works as a context key
-	UUIDKey interface{} = "uuid"
-
 	// ClaimsKey works as a context key for user claims
 	ClaimsKey interface{} = "claims"
 )
@@ -121,14 +113,6 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(next http.Handler) http.Handler
 			ctxWithClaims := context.WithValue(r.Context(), ClaimsKey, claims)
 			r = r.WithContext(ctxWithClaims)
 
-			// add UUID to the request context for the handler to deal with
-			_, err = uuidFromClaims(claims)
-			if err != nil {
-				opt.Logger.Error().Err(err).Interface("account uuid", userInfo).Msg("failed to unmarshal userinfo claims")
-				w.WriteHeader(http.StatusInternalServerError)
-				return
-			}
-
 			opt.Logger.Debug().Interface("claims", claims).Interface("userInfo", userInfo).Msg("unmarshalled userinfo")
 			// store claims in context
 			// uses the original context, not the one with probably reduced security
@@ -154,34 +138,3 @@ const (
 	// It is shared between services.
 	NodeKey = "node"
 )
-
-// from the user claims we need to get the uuid from the accounts service
-func uuidFromClaims(claims ocisoidc.StandardClaims) (string, error) {
-	entry, err := svcCache.Get(AccountsKey, claims.Email)
-	if err != nil {
-		c := acc.NewAccountsService("com.owncloud.accounts", mclient.DefaultClient) // TODO this won't work with a registry other than mdns. Look into Micro's client initialization.
-		resp, err := c.Get(context.Background(), &acc.GetRequest{
-			Uuid: "200~a54bf154-e6a5-4e96-851b-a56c9f6c1fce",
-			// Email: claims.Email // depends on https://github.com/owncloud/ocis-accounts/pull/28
-		})
-		if err != nil {
-			return "", err
-		}
-
-		// TODO add logging info. Round trip has been made to the accounts service.
-		err = svcCache.Set(AccountsKey, claims.Email, resp.Payload.Account.Uuid)
-		if err != nil {
-			return "", err
-		}
-
-		return resp.Key, nil
-	}
-
-	uuid, ok := entry.V.(string)
-	if !ok {
-		return "", fmt.Errorf("unexpected type on cache entry value. Expected string type")
-	}
-
-	// TODO add logging info. Read from cache.
-	return uuid, nil
-}