From d56bbd60d12a0dfba4d7f613726d7ae94bbaf074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Fri, 20 May 2022 10:32:47 +0000
Subject: [PATCH] return errors, clean up
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 .../idp-directly-use-cs3-to-authenticate.md   |  5 ----
 .../idp/pkg/backends/cs3/bootstrap/cs3.go     |  8 +++--
 .../idp/pkg/backends/cs3/identifier/cs3.go    | 29 ++++++++-----------
 .../pkg/backends/cs3/identifier/session.go    |  4 +--
 .../idp/pkg/backends/cs3/identifier/user.go   |  4 ---
 extensions/idp/pkg/config/config.go           |  2 +-
 extensions/idp/pkg/service/v0/service.go      |  1 -
 7 files changed, 21 insertions(+), 32 deletions(-)
 delete mode 100644 changelog/unreleased/idp-directly-use-cs3-to-authenticate.md

diff --git a/changelog/unreleased/idp-directly-use-cs3-to-authenticate.md b/changelog/unreleased/idp-directly-use-cs3-to-authenticate.md
deleted file mode 100644
index 5c80ecdab..000000000
--- a/changelog/unreleased/idp-directly-use-cs3-to-authenticate.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Enhancement: Allow authenticating users via CS3
-
-The IDP can now directly authenticates users using the CS3 API by setting `IDP_IDENTITY_MANAGER="cs3"`.
-
-https://github.com/owncloud/ocis/pull/3825
diff --git a/extensions/idp/pkg/backends/cs3/bootstrap/cs3.go b/extensions/idp/pkg/backends/cs3/bootstrap/cs3.go
index 5744b0dcc..964332d5a 100644
--- a/extensions/idp/pkg/backends/cs3/bootstrap/cs3.go
+++ b/extensions/idp/pkg/backends/cs3/bootstrap/cs3.go
@@ -33,16 +33,19 @@ const (
 	identityManagerName = "cs3"
 )
 
+// Register adds the CS3 identity manager to the lico bootstrap
 func Register() error {
 	return bootstrap.RegisterIdentityManager(identityManagerName, NewIdentityManager)
 }
 
+// MustRegister adds the CS3 identity manager to the lico bootstrap or panics
 func MustRegister() {
 	if err := Register(); err != nil {
 		panic(err)
 	}
 }
 
+// NewIdentityManager produces a CS3 backed identity manager instance for the idp
 func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 	config := bs.Config()
 
@@ -69,8 +72,9 @@ func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 	identifierBackend, identifierErr := cs3.NewCS3Backend(
 		config.Config,
 		config.TLSClientConfig,
-		os.Getenv("CS3_GATEWAY"),              // FIXME how do we pass custom config to backends?
-		os.Getenv("CS3_MACHINE_AUTH_API_KEY"), // FIXME how do we pass custom config to backends?
+		// FIXME add a map[string]interface{} property to the lico config.Config so backends can pass custom config parameters through the bootstrap process
+		os.Getenv("CS3_GATEWAY"),
+		os.Getenv("CS3_MACHINE_AUTH_API_KEY"),
 		config.Settings.Insecure,
 	)
 	if identifierErr != nil {
diff --git a/extensions/idp/pkg/backends/cs3/identifier/cs3.go b/extensions/idp/pkg/backends/cs3/identifier/cs3.go
index b987a2578..9b0bfa823 100644
--- a/extensions/idp/pkg/backends/cs3/identifier/cs3.go
+++ b/extensions/idp/pkg/backends/cs3/identifier/cs3.go
@@ -43,6 +43,7 @@ type CS3Backend struct {
 	gateway cs3gateway.GatewayAPIClient
 }
 
+// NewCS3Backend creates a new CS3 backend identifier backend
 func NewCS3Backend(
 	c *config.Config,
 	tlsConfig *tls.Config,
@@ -94,19 +95,16 @@ func (b *CS3Backend) Logon(ctx context.Context, audience, username, password str
 		ClientId:     username,
 		ClientSecret: password,
 	})
-	if err != nil || res.Status.Code != cs3rpc.Code_CODE_OK {
-		return false, nil, nil, nil, nil
+	if err != nil {
+		return false, nil, nil, nil, fmt.Errorf("cs3 backend basic authenticate rpc error: %v", err)
 	}
-	res2, err := client.WhoAmI(ctx, &cs3gateway.WhoAmIRequest{
-		Token: res.Token,
-	})
-	if err != nil || res2.Status.Code != cs3rpc.Code_CODE_OK {
-		return false, nil, nil, nil, nil
+	if res.Status.Code != cs3rpc.Code_CODE_OK {
+		return false, nil, nil, nil, fmt.Errorf("cs3 backend basic authenticate failed with code %s: %s", res.Status.Code.String(), res.Status.Message)
 	}
 
-	session, _ := createSession(ctx, res2.User)
+	session := createSession(ctx, res.User)
 
-	user, err := newCS3User(res2.User)
+	user, err := newCS3User(res.User)
 	if err != nil {
 		return false, nil, nil, nil, fmt.Errorf("cs3 backend resolve entry data error: %v", err)
 	}
@@ -162,17 +160,14 @@ func (b *CS3Backend) ResolveUserByUsername(ctx context.Context, username string)
 		ClientId:     "username:" + username,
 		ClientSecret: b.machineAuthAPIKey,
 	})
-	if err != nil || res.Status.Code != cs3rpc.Code_CODE_OK {
-		return nil, nil
+	if err != nil {
+		return nil, fmt.Errorf("cs3 backend machine authenticate rpc error: %v", err)
 	}
-	res2, err := client.WhoAmI(ctx, &cs3gateway.WhoAmIRequest{
-		Token: res.Token,
-	})
-	if err != nil || res2.Status.Code != cs3rpc.Code_CODE_OK {
-		return nil, nil
+	if res.Status.Code != cs3rpc.Code_CODE_OK {
+		return nil, fmt.Errorf("cs3 backend machine authenticate failed with code %s: %s", res.Status.Code.String(), res.Status.Message)
 	}
 
-	user, err := newCS3User(res2.User)
+	user, err := newCS3User(res.User)
 	if err != nil {
 		return nil, fmt.Errorf("cs3 backend resolve username data error: %v", err)
 	}
diff --git a/extensions/idp/pkg/backends/cs3/identifier/session.go b/extensions/idp/pkg/backends/cs3/identifier/session.go
index 9f68f3c1a..aab650c2a 100644
--- a/extensions/idp/pkg/backends/cs3/identifier/session.go
+++ b/extensions/idp/pkg/backends/cs3/identifier/session.go
@@ -9,7 +9,7 @@ import (
 
 // createSession creates a new Session without the server using the provided
 // data.
-func createSession(ctx context.Context, u *cs3user.User) (*cs3Session, error) {
+func createSession(ctx context.Context, u *cs3user.User) *cs3Session {
 
 	if ctx == nil {
 		ctx = context.Background()
@@ -24,7 +24,7 @@ func createSession(ctx context.Context, u *cs3user.User) (*cs3Session, error) {
 
 	s.when = time.Now()
 
-	return s, nil
+	return s
 }
 
 type cs3Session struct {
diff --git a/extensions/idp/pkg/backends/cs3/identifier/user.go b/extensions/idp/pkg/backends/cs3/identifier/user.go
index 15fbcb6e9..a3fcbc44b 100644
--- a/extensions/idp/pkg/backends/cs3/identifier/user.go
+++ b/extensions/idp/pkg/backends/cs3/identifier/user.go
@@ -43,10 +43,6 @@ func (u *cs3User) Username() string {
 	return u.u.GetUsername()
 }
 
-func (u *cs3User) ID() int64 {
-	return u.u.GetUidNumber()
-}
-
 func (u *cs3User) UniqueID() string {
 	return u.u.GetId().GetOpaqueId()
 }
diff --git a/extensions/idp/pkg/config/config.go b/extensions/idp/pkg/config/config.go
index a84c941c2..15a8b67ab 100644
--- a/extensions/idp/pkg/config/config.go
+++ b/extensions/idp/pkg/config/config.go
@@ -71,7 +71,7 @@ type Settings struct {
 
 	Iss string `yaml:"iss" env:"OCIS_URL;OCIS_OIDC_ISSUER;IDP_ISS" desc:"The OIDC issuer URL to use."`
 
-	IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use, can be 'ldap', 'cs3', 'kc', 'libregraph', 'cookie' or 'guest'."`
+	IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use, defaults to 'ldap', can be changed to 'cs3', 'kc', 'libregraph', 'cookie' or 'guest'."`
 
 	URIBasePath string `yaml:"uri_base_path" env:"IDP_URI_BASE_PATH"`
 
diff --git a/extensions/idp/pkg/service/v0/service.go b/extensions/idp/pkg/service/v0/service.go
index fda26feee..4b1409474 100644
--- a/extensions/idp/pkg/service/v0/service.go
+++ b/extensions/idp/pkg/service/v0/service.go
@@ -60,7 +60,6 @@ func NewService(opts ...Option) Service {
 		logger.Fatal().Err(err).Msg("could not create default config")
 	}
 
-	//
 	switch options.Config.IDP.IdentityManager {
 	case "cs3":
 		cs3BackendSupport.MustRegister()