From ed95005c6caf7bc51c41aa504fbfad5a9f5e2459 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Thu, 9 Jul 2020 13:37:36 +0200
Subject: [PATCH] use on_premises_sam_account_name property of accounts and
 groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 .../unreleased/user-and-group-name-mapping    |  6 ++++++
 pkg/middleware/account_uuid.go                | 19 +++++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)
 create mode 100644 changelog/unreleased/user-and-group-name-mapping

diff --git a/changelog/unreleased/user-and-group-name-mapping b/changelog/unreleased/user-and-group-name-mapping
new file mode 100644
index 0000000000..95dedabd5d
--- /dev/null
+++ b/changelog/unreleased/user-and-group-name-mapping
@@ -0,0 +1,6 @@
+Change: mint new username property in the reva token
+
+An accounts username is now taken from the on_premises_sam_account_name property instead of the preferred_name.
+Furthermore the group name (also from on_premises_sam_account_name property) is now minted into the token as well.
+
+https://github.com/owncloud/ocis-proxy/pull/62
diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go
index 7eed9eaf0a..529dfc67af 100644
--- a/pkg/middleware/account_uuid.go
+++ b/pkg/middleware/account_uuid.go
@@ -65,10 +65,11 @@ func createAccount(l log.Logger, claims *oidc.StandardClaims, ac acc.AccountsSer
 	// TODO check if fields are missing.
 	req := &acc.CreateAccountRequest{
 		Account: &acc.Account{
-			DisplayName:   claims.DisplayName,
-			PreferredName: claims.PreferredUsername,
-			Mail:          claims.Email,
-			CreationType:  "LocalAccount",
+			DisplayName:              claims.DisplayName,
+			PreferredName:            claims.PreferredUsername,
+			OnPremisesSamAccountName: claims.PreferredUsername,
+			Mail:                     claims.Email,
+			CreationType:             "LocalAccount",
 		},
 	}
 	created, err := ac.CreateAccount(context.Background(), req)
@@ -125,16 +126,22 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 				return
 			}
 
+			groups := make([]string, len(account.MemberOf))
+			for i := range account.MemberOf {
+				// reva needs the unix group name
+				groups[i] = account.MemberOf[i].OnPremisesSamAccountName
+			}
+
 			l.Debug().Interface("claims", claims).Interface("account", account).Msgf("Associated claims with uuid")
 			token, err := tokenManager.MintToken(r.Context(), &revauser.User{
 				Id: &revauser.UserId{
 					OpaqueId: account.Id,
 				},
-				Username:     account.PreferredName,
+				Username:     account.OnPremisesSamAccountName,
 				DisplayName:  account.DisplayName,
 				Mail:         account.Mail,
 				MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted",
-				// TODO groups
+				Groups:       groups,
 			})
 
 			if err != nil {