Sciencemesh fixes (#4294)

* better check for unauthenticated endpoints

* fix typo for unauthenticated endpoints

* fix get accepted user call

* add changelog

changelog/unreleased/sciencemesh-fixes.md

@@ -0,0 +1,7 @@
+Bugfix:  Sciencemesh fixes
+
+Fixes different issues introduced with the recent changes, in ocm/sciencemesh,
+in particular the `GetAccepetdUser` and `/sciencemesh/find-accepted-users`
+endpoints.
+
+https://github.com/cs3org/reva/pull/4294

cmd/reva/ocm-share-create.go

@@ -19,17 +19,20 @@
 package main
 
 import (
+	"fmt"
 	"io"
 	"os"
 	"time"
 
 	appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
+	gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
 	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
 	ocmshare "github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/utils"
@@ -89,9 +92,41 @@ func ocmShareCreateCommand() *command {
 			return err
 		}
 
-		u := &userpb.UserId{OpaqueId: *grantee, Idp: *idp, Type: utils.UserTypeMap(*userType)}
+		token, err := readToken()
+		if err != nil {
+			fmt.Println("the token file cannot be read from file ", getTokenFile())
+			fmt.Println("make sure you have logged in before with \"reva login\"")
+			return err
+		}
+
+		res, err := client.WhoAmI(ctx, &gatewayv1beta1.WhoAmIRequest{
+			Token: token,
+		})
+		if err != nil {
+			return err
+		}
+		if res.Status.Code != rpc.Code_CODE_OK {
+			return formatError(res.Status)
+		}
+
+		d, err := utils.MarshalProtoV1ToJSON(res.User.Id)
+		if err != nil {
+			return err
+		}
+
+		o := &types.Opaque{
+			Map: map[string]*types.OpaqueEntry{
+				"user-filter": {
+					Decoder: "json",
+					Value:   d,
+				},
+			},
+		}
+
+		remoteUserID := &userpb.UserId{OpaqueId: *grantee, Idp: *idp, Type: userpb.UserType_USER_TYPE_FEDERATED}
 		remoteUserRes, err := client.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
-			RemoteUserId: u,
+			RemoteUserId: remoteUserID,
+			Opaque:       o,
 		})
 		if err != nil {
 			return err
@@ -102,7 +137,7 @@ func ocmShareCreateCommand() *command {
 
 		ref := &provider.Reference{Path: fn}
 		req := &provider.StatRequest{Ref: ref}
-		res, err := client.Stat(ctx, req)
+		resStat, err := client.Stat(ctx, req)
 		if err != nil {
 			return err
 		}
@@ -117,7 +152,7 @@ func ocmShareCreateCommand() *command {
 		}
 
 		shareRequest := &ocm.CreateOCMShareRequest{
-			ResourceId: res.Info.Id,
+			ResourceId: resStat.Info.Id,
 			Grantee: &provider.Grantee{
 				Type: gt,
 				// For now, we only support user shares.

internal/grpc/services/authregistry/authregistry.go

@@ -52,7 +52,7 @@ func (s *service) Close() error {
 
 func (s *service) UnprotectedEndpoints() []string {
 	return []string{
-		"/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProvider",
+		"/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders",
 		"/cs3.auth.registry.v1beta1.RegistryAPI/ListAuthProviders",
 	}
 }

internal/grpc/services/ocminvitemanager/ocminvitemanager.go

@@ -308,12 +308,13 @@ func isTokenValid(token *invitepb.InviteToken) bool {
 func (s *service) GetAcceptedUser(ctx context.Context, req *invitepb.GetAcceptedUserRequest) (*invitepb.GetAcceptedUserResponse, error) {
 	logger := appctx.GetLogger(ctx)
 	user, ok := getUserFilter(ctx, req)
-	logger.Info().Msgf("GetAcceptedUser %s at %s", user.Id.OpaqueId, user.Id.Idp)
 	if !ok {
 		return &invitepb.GetAcceptedUserResponse{
 			Status: status.NewInvalidArg(ctx, "user not found"),
 		}, nil
 	}
+
+	logger.Info().Msgf("GetAcceptedUser %s at %s", user.Id.OpaqueId, user.Id.Idp)
 	remoteUser, err := s.repo.GetRemoteUser(ctx, user.GetId(), req.GetRemoteUserId())
 	if err != nil {
 		return &invitepb.GetAcceptedUserResponse{

internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go

@@ -32,10 +32,13 @@ import (
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/response"
+	"github.com/cs3org/reva/pkg/appctx"
 	"github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
+	"github.com/cs3org/reva/pkg/utils"
 	"github.com/go-chi/chi/v5"
 	"github.com/pkg/errors"
 )
@@ -69,8 +72,25 @@ func (h *Handler) createFederatedCloudShare(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
+	user := appctx.ContextMustGetUser(ctx)
+	d, err := utils.MarshalProtoV1ToJSON(user.Id)
+	if err != nil {
+		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, err.Error(), errors.New(providerInfoResp.Status.Message))
+		return
+	}
+
+	o := &types.Opaque{
+		Map: map[string]*types.OpaqueEntry{
+			"user-filter": {
+				Decoder: "json",
+				Value:   d,
+			},
+		},
+	}
+
 	remoteUserRes, err := c.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
 		RemoteUserId: &userpb.UserId{OpaqueId: shareWithUser, Idp: shareWithProvider, Type: userpb.UserType_USER_TYPE_FEDERATED},
+		Opaque:       o,
 	})
 	if err != nil {
 		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error searching recipient", err)
@@ -251,11 +271,28 @@ func (h *Handler) mapUserIdsFederatedShare(ctx context.Context, gw gatewayv1beta
 func (h *Handler) mustGetRemoteUser(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, id string) *userIdentifiers {
 	s := strings.SplitN(id, "@", 2)
 	opaqueID, idp := s[0], s[1]
+
+	user := appctx.ContextMustGetUser(ctx)
+	d, err := utils.MarshalProtoV1ToJSON(user.Id)
+	if err != nil {
+		return &userIdentifiers{}
+	}
+
+	o := &types.Opaque{
+		Map: map[string]*types.OpaqueEntry{
+			"user-filter": {
+				Decoder: "json",
+				Value:   d,
+			},
+		},
+	}
+
 	userRes, err := gw.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
 		RemoteUserId: &userpb.UserId{
 			Idp:      idp,
 			OpaqueId: opaqueID,
 		},
+		Opaque: o,
 	})
 	if err != nil {
 		return &userIdentifiers{}
@@ -264,11 +301,11 @@ func (h *Handler) mustGetRemoteUser(ctx context.Context, gw gatewayv1beta1.Gatew
 		return &userIdentifiers{}
 	}
 
-	user := userRes.RemoteUser
+	remote := userRes.RemoteUser
 	return &userIdentifiers{
-		DisplayName: user.DisplayName,
-		Username:    user.Username,
-		Mail:        user.Mail,
+		DisplayName: remote.DisplayName,
+		Username:    remote.Username,
+		Mail:        remote.Mail,
 	}
 }
 

internal/http/services/sciencemesh/sciencemesh.go

@@ -61,7 +61,7 @@ func (s *svc) Close() error {
 
 type config struct {
 	Prefix           string                      `mapstructure:"prefix"`
-	SMTPCredentials  *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials"   validate:"required"`
+	SMTPCredentials  *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials"`
 	GatewaySvc       string                      `mapstructure:"gatewaysvc"         validate:"required"`
 	MeshDirectoryURL string                      `mapstructure:"mesh_directory_url" validate:"required"`
 	ProviderDomain   string                      `mapstructure:"provider_domain"    validate:"required"`

pkg/utils/utils.go

@@ -55,11 +55,22 @@ var (
 	GlobalRegistry registry.Registry = memory.New(map[string]interface{}{})
 )
 
+func appendSlash(p string) string {
+	if p == "" {
+		return "/"
+	}
+	if p[len(p)-1] == '/' {
+		return p
+	}
+	return p + "/"
+}
+
 // Skip  evaluates whether a source endpoint contains any of the prefixes.
 // i.e: /a/b/c/d/e contains prefix /a/b/c.
 func Skip(source string, prefixes []string) bool {
-	for i := range prefixes {
-		if strings.HasPrefix(path.Join(source, "/"), path.Join(prefixes[i], "/")) {
+	source = appendSlash(source)
+	for _, prefix := range prefixes {
+		if strings.HasPrefix(source, appendSlash(prefix)) {
 			return true
 		}
 	}