diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go index 8d832464c57..29ad3fa21c5 100644 --- a/pkg/app/provider/wopi/wopi.go +++ b/pkg/app/provider/wopi/wopi.go @@ -144,28 +144,24 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc q.Add("fileid", resource.GetId().OpaqueId) q.Add("endpoint", resource.GetId().StorageId) q.Add("viewmode", viewMode.String()) + q.Add("appname", p.conf.AppName) u, ok := ctxpkg.ContextGetUser(ctx) - if ok { // else defaults to "Guest xyz" + if ok { // else username defaults to "Guest xyz" if u.Id.Type == userpb.UserType_USER_TYPE_LIGHTWEIGHT || u.Id.Type == userpb.UserType_USER_TYPE_FEDERATED { q.Add("userid", resource.Owner.OpaqueId+"@"+resource.Owner.Idp) } else { q.Add("userid", u.Id.OpaqueId+"@"+u.Id.Idp) } - var isPublicShare bool + + q.Add("username", url.QueryEscape(u.DisplayName)) if u.Opaque != nil { if _, ok := u.Opaque.Map["public-share-role"]; ok { - isPublicShare = true + q.Del("username") // on public shares default to "Guest xyz" } } - - if !isPublicShare { - q.Add("username", u.Username) - } } - q.Add("appname", p.conf.AppName) - var viewAppURL string if viewAppURLs, ok := p.appURLs["view"]; ok { if viewAppURL, ok = viewAppURLs[ext]; ok { diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go index 9d9a6e8f166..7352850b607 100644 --- a/pkg/auth/manager/oidc/oidc.go +++ b/pkg/auth/manager/oidc/oidc.go @@ -247,6 +247,10 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) if err != nil { return nil, nil, err } + // strip the `guest:` prefix if present in the email claim (appears to come from LDAP at CERN?) + u.Mail = strings.Replace(u.Mail, "guest: ", "", 1) + // and decorate the display name with the email domain to make it different from a primary account + u.DisplayName = u.DisplayName + " (" + strings.Split(u.Mail, "@")[1] + ")" } else { scopes, err = scope.AddOwnerScope(nil) if err != nil {