We were using stretchr/testify and test-go/testify inconsitently and
sometimes mixed in the same tests. This can cause very strange issue,
e.g when using things like mock.MatchedBy().
This moves all our code to stretchr/testify, which seems to be far
more active and maintained then test-go/testify.
* Move away from global tracers.
This PR moves away from global tracers and instead initialises
a tracer provider at Service setup and passes it where it needs to be.
* Change tracing provider to be set via options.
Also change name for GetServiceTraceProvider.
* Add changelog.
* enhancement: use reva client pool selectors
register mock service to registry and pass tests
* enhancement: bump reva
* Fix a couple of linter issues
---------
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>
This reverts commit 52951b42b0.
The change broke authentication for at least the desktop client when
using the builtin idp. There seem to be issues in the IDP (lico) which
result in the implicit scoped not being added correctly in some case.
When that scope is missing the `lg.uuid` claim will not be present in
the userinfo and we can correctly match users by id.
This reverts back to the old behaviour of matching users by name. Which
also brings some aspects of https://github.com/owncloud/ocis/issues/904Fixes#6415
Reconfigure the oidc clients for lico, so that lico adds the "lg.uuid" to
tokens and userinfo by default. That claim will contain the userid. So
we can now use the userid for matching users when using the default
idm/idp configuration. This fixes further problems so that users being
recreated with the same name are correctly treated as differnt users.
Fixes: #904
The "aud" claim of the logout token is supposed to contain the client-id
of the client for which the token was issued. Our current implementation of
validating that claim is somewhat broken. We only allow to configure a single
value for the allowed client id. But we have different client-ids
accessing oCIS.
This completely removes the current validation of the `aud` claim until
we come up with a working solution. As we currently require a session id
to be present in the logout token the risk not validating the `aud`
claim is pretty low.
Related: #6149
* Streamline the store implementation with and into reva
* Adapt to the cache/store refactoring in reva
* Streamline config options and their env vars
* Apply suggestions from code review
Co-authored-by: Martin <github@diemattels.at>
* Use the same database for all stores
* Bump reva
* Configure stat and filemetadata cache separately
* Fix default config
---------
Co-authored-by: Martin <github@diemattels.at>
Use access token to lookup session id. The userinfo endpoint does
not return the session id. Also add some debug logging.
Co-authored-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
when uploading files via uppy (tus), the path does not give any information about the file, PUT contains the filename in the path, tus POST not.
this pr extracts the HeaderUploadMetadata from that POST request and enhances the policies grpc environment request with that information.
Therefore, the policies service is now able to evaluate proxy requests for tus uploads too.
