return errors, clean up

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

changelog/unreleased/idp-directly-use-cs3-to-authenticate.md

@@ -1,5 +0,0 @@
-Enhancement: Allow authenticating users via CS3
-
-The IDP can now directly authenticates users using the CS3 API by setting `IDP_IDENTITY_MANAGER="cs3"`.
-
-https://github.com/owncloud/ocis/pull/3825

extensions/idp/pkg/backends/cs3/bootstrap/cs3.go

@@ -33,16 +33,19 @@ const (
 	identityManagerName = "cs3"
 )
 
+// Register adds the CS3 identity manager to the lico bootstrap
 func Register() error {
 	return bootstrap.RegisterIdentityManager(identityManagerName, NewIdentityManager)
 }
 
+// MustRegister adds the CS3 identity manager to the lico bootstrap or panics
 func MustRegister() {
 	if err := Register(); err != nil {
 		panic(err)
 	}
 }
 
+// NewIdentityManager produces a CS3 backed identity manager instance for the idp
 func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 	config := bs.Config()
 
@@ -69,8 +72,9 @@ func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 	identifierBackend, identifierErr := cs3.NewCS3Backend(
 		config.Config,
 		config.TLSClientConfig,
-		os.Getenv("CS3_GATEWAY"),              // FIXME how do we pass custom config to backends?
-		os.Getenv("CS3_MACHINE_AUTH_API_KEY"), // FIXME how do we pass custom config to backends?
+		// FIXME add a map[string]interface{} property to the lico config.Config so backends can pass custom config parameters through the bootstrap process
+		os.Getenv("CS3_GATEWAY"),
+		os.Getenv("CS3_MACHINE_AUTH_API_KEY"),
 		config.Settings.Insecure,
 	)
 	if identifierErr != nil {

extensions/idp/pkg/backends/cs3/identifier/cs3.go

@@ -43,6 +43,7 @@ type CS3Backend struct {
 	gateway cs3gateway.GatewayAPIClient
 }
 
+// NewCS3Backend creates a new CS3 backend identifier backend
 func NewCS3Backend(
 	c *config.Config,
 	tlsConfig *tls.Config,
@@ -94,19 +95,16 @@ func (b *CS3Backend) Logon(ctx context.Context, audience, username, password str
 		ClientId:     username,
 		ClientSecret: password,
 	})
-	if err != nil || res.Status.Code != cs3rpc.Code_CODE_OK {
-		return false, nil, nil, nil, nil
+	if err != nil {
+		return false, nil, nil, nil, fmt.Errorf("cs3 backend basic authenticate rpc error: %v", err)
 	}
-	res2, err := client.WhoAmI(ctx, &cs3gateway.WhoAmIRequest{
-		Token: res.Token,
-	})
-	if err != nil || res2.Status.Code != cs3rpc.Code_CODE_OK {
-		return false, nil, nil, nil, nil
+	if res.Status.Code != cs3rpc.Code_CODE_OK {
+		return false, nil, nil, nil, fmt.Errorf("cs3 backend basic authenticate failed with code %s: %s", res.Status.Code.String(), res.Status.Message)
 	}
 
-	session, _ := createSession(ctx, res2.User)
+	session := createSession(ctx, res.User)
 
-	user, err := newCS3User(res2.User)
+	user, err := newCS3User(res.User)
 	if err != nil {
 		return false, nil, nil, nil, fmt.Errorf("cs3 backend resolve entry data error: %v", err)
 	}
@@ -162,17 +160,14 @@ func (b *CS3Backend) ResolveUserByUsername(ctx context.Context, username string)
 		ClientId:     "username:" + username,
 		ClientSecret: b.machineAuthAPIKey,
 	})
-	if err != nil || res.Status.Code != cs3rpc.Code_CODE_OK {
-		return nil, nil
+	if err != nil {
+		return nil, fmt.Errorf("cs3 backend machine authenticate rpc error: %v", err)
 	}
-	res2, err := client.WhoAmI(ctx, &cs3gateway.WhoAmIRequest{
-		Token: res.Token,
-	})
-	if err != nil || res2.Status.Code != cs3rpc.Code_CODE_OK {
-		return nil, nil
+	if res.Status.Code != cs3rpc.Code_CODE_OK {
+		return nil, fmt.Errorf("cs3 backend machine authenticate failed with code %s: %s", res.Status.Code.String(), res.Status.Message)
 	}
 
-	user, err := newCS3User(res2.User)
+	user, err := newCS3User(res.User)
 	if err != nil {
 		return nil, fmt.Errorf("cs3 backend resolve username data error: %v", err)
 	}

extensions/idp/pkg/backends/cs3/identifier/session.go

@@ -9,7 +9,7 @@ import (
 
 // createSession creates a new Session without the server using the provided
 // data.
-func createSession(ctx context.Context, u *cs3user.User) (*cs3Session, error) {
+func createSession(ctx context.Context, u *cs3user.User) *cs3Session {
 
 	if ctx == nil {
 		ctx = context.Background()
@@ -24,7 +24,7 @@ func createSession(ctx context.Context, u *cs3user.User) (*cs3Session, error) {
 
 	s.when = time.Now()
 
-	return s, nil
+	return s
 }
 
 type cs3Session struct {

extensions/idp/pkg/backends/cs3/identifier/user.go

@@ -43,10 +43,6 @@ func (u *cs3User) Username() string {
 	return u.u.GetUsername()
 }
 
-func (u *cs3User) ID() int64 {
-	return u.u.GetUidNumber()
-}
-
 func (u *cs3User) UniqueID() string {
 	return u.u.GetId().GetOpaqueId()
 }

extensions/idp/pkg/config/config.go

@@ -71,7 +71,7 @@ type Settings struct {
 
 	Iss string `yaml:"iss" env:"OCIS_URL;OCIS_OIDC_ISSUER;IDP_ISS" desc:"The OIDC issuer URL to use."`
 
-	IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use, can be 'ldap', 'cs3', 'kc', 'libregraph', 'cookie' or 'guest'."`
+	IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use, defaults to 'ldap', can be changed to 'cs3', 'kc', 'libregraph', 'cookie' or 'guest'."`
 
 	URIBasePath string `yaml:"uri_base_path" env:"IDP_URI_BASE_PATH"`
 

extensions/idp/pkg/service/v0/service.go

@@ -60,7 +60,6 @@ func NewService(opts ...Option) Service {
 		logger.Fatal().Err(err).Msg("could not create default config")
 	}
 
-	//
 	switch options.Config.IDP.IdentityManager {
 	case "cs3":
 		cs3BackendSupport.MustRegister()