mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-24 08:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

use on_premises_sam_account_name property of accounts and groups

Browse Source 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
This commit is contained in:
Jörn Friedrich Dreyer
2020-07-09 13:37:36 +02:00
parent 18fd953861
commit ed95005c6c
2 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/user-and-group-name-mapping Normal file
View File

@@ -0,0 +1,6 @@
Change: mint new username property in the reva token
An accounts username is now taken from the on_premises_sam_account_name property instead of the preferred_name.
Furthermore the group name (also from on_premises_sam_account_name property) is now minted into the token as well.
https://github.com/owncloud/ocis-proxy/pull/62

19
pkg/middleware/account_uuid.go
View File

@@ -65,10 +65,11 @@ func createAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsSer
// TODO check if fields are missing.
req := &acc.CreateAccountRequest{
Account: &acc.Account{
DisplayName: claims.DisplayName,
PreferredName: claims.PreferredUsername,
Mail: claims.Email,
CreationType: "LocalAccount",
DisplayName: claims.DisplayName,
PreferredName: claims.PreferredUsername,
OnPremisesSamAccountName: claims.PreferredUsername,
Mail: claims.Email,
CreationType: "LocalAccount",
},
}
created, err := ac.CreateAccount(context.Background(), req)
@@ -125,16 +126,22 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
return
}
groups := make([]string, len(account.MemberOf))
for i := range account.MemberOf {
// reva needs the unix group name
groups[i] = account.MemberOf[i].OnPremisesSamAccountName
}
l.Debug().Interface("claims", claims).Interface("account", account).Msgf("Associated claims with uuid")
token, err := tokenManager.MintToken(r.Context(), &revauser.User{
Id: &revauser.UserId{
OpaqueId: account.Id,
},
Username: account.PreferredName,
Username: account.OnPremisesSamAccountName,
DisplayName: account.DisplayName,
Mail: account.Mail,
MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted",
// TODO groups
Groups: groups,
})
if err != nil {