From f5955ed1ecf1e4c51a2998015edd4554d2efb78a Mon Sep 17 00:00:00 2001 From: Gianmaria Del Monte <39946305+gmgigi96@users.noreply.github.com> Date: Fri, 27 Oct 2023 16:11:02 +0200 Subject: [PATCH] Sciencemesh fixes (#4294) * better check for unauthenticated endpoints * fix typo for unauthenticated endpoints * fix get accepted user call * add changelog --- changelog/unreleased/sciencemesh-fixes.md | 7 +++ cmd/reva/ocm-share-create.go | 43 ++++++++++++++++-- .../services/authregistry/authregistry.go | 2 +- .../ocminvitemanager/ocminvitemanager.go | 3 +- .../handlers/apps/sharing/shares/remote.go | 45 +++++++++++++++++-- .../http/services/sciencemesh/sciencemesh.go | 2 +- pkg/utils/utils.go | 15 ++++++- 7 files changed, 104 insertions(+), 13 deletions(-) create mode 100644 changelog/unreleased/sciencemesh-fixes.md diff --git a/changelog/unreleased/sciencemesh-fixes.md b/changelog/unreleased/sciencemesh-fixes.md new file mode 100644 index 0000000000..76173094ab --- /dev/null +++ b/changelog/unreleased/sciencemesh-fixes.md @@ -0,0 +1,7 @@ +Bugfix: Sciencemesh fixes + +Fixes different issues introduced with the recent changes, in ocm/sciencemesh, +in particular the `GetAccepetdUser` and `/sciencemesh/find-accepted-users` +endpoints. + +https://github.com/cs3org/reva/pull/4294 \ No newline at end of file diff --git a/cmd/reva/ocm-share-create.go b/cmd/reva/ocm-share-create.go index b151156a4b..585a6a1a43 100644 --- a/cmd/reva/ocm-share-create.go +++ b/cmd/reva/ocm-share-create.go @@ -19,17 +19,20 @@ package main import ( + "fmt" "io" "os" "time" appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1" + gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1" ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1" rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" + types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions" ocmshare "github.com/cs3org/reva/pkg/ocm/share" "github.com/cs3org/reva/pkg/utils" @@ -89,9 +92,41 @@ func ocmShareCreateCommand() *command { return err } - u := &userpb.UserId{OpaqueId: *grantee, Idp: *idp, Type: utils.UserTypeMap(*userType)} + token, err := readToken() + if err != nil { + fmt.Println("the token file cannot be read from file ", getTokenFile()) + fmt.Println("make sure you have logged in before with \"reva login\"") + return err + } + + res, err := client.WhoAmI(ctx, &gatewayv1beta1.WhoAmIRequest{ + Token: token, + }) + if err != nil { + return err + } + if res.Status.Code != rpc.Code_CODE_OK { + return formatError(res.Status) + } + + d, err := utils.MarshalProtoV1ToJSON(res.User.Id) + if err != nil { + return err + } + + o := &types.Opaque{ + Map: map[string]*types.OpaqueEntry{ + "user-filter": { + Decoder: "json", + Value: d, + }, + }, + } + + remoteUserID := &userpb.UserId{OpaqueId: *grantee, Idp: *idp, Type: userpb.UserType_USER_TYPE_FEDERATED} remoteUserRes, err := client.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{ - RemoteUserId: u, + RemoteUserId: remoteUserID, + Opaque: o, }) if err != nil { return err @@ -102,7 +137,7 @@ func ocmShareCreateCommand() *command { ref := &provider.Reference{Path: fn} req := &provider.StatRequest{Ref: ref} - res, err := client.Stat(ctx, req) + resStat, err := client.Stat(ctx, req) if err != nil { return err } @@ -117,7 +152,7 @@ func ocmShareCreateCommand() *command { } shareRequest := &ocm.CreateOCMShareRequest{ - ResourceId: res.Info.Id, + ResourceId: resStat.Info.Id, Grantee: &provider.Grantee{ Type: gt, // For now, we only support user shares. diff --git a/internal/grpc/services/authregistry/authregistry.go b/internal/grpc/services/authregistry/authregistry.go index 1caaaf4d54..6c9ecf0301 100644 --- a/internal/grpc/services/authregistry/authregistry.go +++ b/internal/grpc/services/authregistry/authregistry.go @@ -52,7 +52,7 @@ func (s *service) Close() error { func (s *service) UnprotectedEndpoints() []string { return []string{ - "/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProvider", + "/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders", "/cs3.auth.registry.v1beta1.RegistryAPI/ListAuthProviders", } } diff --git a/internal/grpc/services/ocminvitemanager/ocminvitemanager.go b/internal/grpc/services/ocminvitemanager/ocminvitemanager.go index bcd0c4c919..8bb849bea4 100644 --- a/internal/grpc/services/ocminvitemanager/ocminvitemanager.go +++ b/internal/grpc/services/ocminvitemanager/ocminvitemanager.go @@ -308,12 +308,13 @@ func isTokenValid(token *invitepb.InviteToken) bool { func (s *service) GetAcceptedUser(ctx context.Context, req *invitepb.GetAcceptedUserRequest) (*invitepb.GetAcceptedUserResponse, error) { logger := appctx.GetLogger(ctx) user, ok := getUserFilter(ctx, req) - logger.Info().Msgf("GetAcceptedUser %s at %s", user.Id.OpaqueId, user.Id.Idp) if !ok { return &invitepb.GetAcceptedUserResponse{ Status: status.NewInvalidArg(ctx, "user not found"), }, nil } + + logger.Info().Msgf("GetAcceptedUser %s at %s", user.Id.OpaqueId, user.Id.Idp) remoteUser, err := s.repo.GetRemoteUser(ctx, user.GetId(), req.GetRemoteUserId()) if err != nil { return &invitepb.GetAcceptedUserResponse{ diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go index 9af400a818..fb6e7a80b1 100644 --- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go +++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go @@ -32,10 +32,13 @@ import ( rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1" provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" + types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions" "github.com/cs3org/reva/internal/http/services/owncloud/ocs/response" + "github.com/cs3org/reva/pkg/appctx" "github.com/cs3org/reva/pkg/ocm/share" "github.com/cs3org/reva/pkg/rgrpc/todo/pool" + "github.com/cs3org/reva/pkg/utils" "github.com/go-chi/chi/v5" "github.com/pkg/errors" ) @@ -69,8 +72,25 @@ func (h *Handler) createFederatedCloudShare(w http.ResponseWriter, r *http.Reque return } + user := appctx.ContextMustGetUser(ctx) + d, err := utils.MarshalProtoV1ToJSON(user.Id) + if err != nil { + response.WriteOCSError(w, r, response.MetaServerError.StatusCode, err.Error(), errors.New(providerInfoResp.Status.Message)) + return + } + + o := &types.Opaque{ + Map: map[string]*types.OpaqueEntry{ + "user-filter": { + Decoder: "json", + Value: d, + }, + }, + } + remoteUserRes, err := c.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{ RemoteUserId: &userpb.UserId{OpaqueId: shareWithUser, Idp: shareWithProvider, Type: userpb.UserType_USER_TYPE_FEDERATED}, + Opaque: o, }) if err != nil { response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error searching recipient", err) @@ -251,11 +271,28 @@ func (h *Handler) mapUserIdsFederatedShare(ctx context.Context, gw gatewayv1beta func (h *Handler) mustGetRemoteUser(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, id string) *userIdentifiers { s := strings.SplitN(id, "@", 2) opaqueID, idp := s[0], s[1] + + user := appctx.ContextMustGetUser(ctx) + d, err := utils.MarshalProtoV1ToJSON(user.Id) + if err != nil { + return &userIdentifiers{} + } + + o := &types.Opaque{ + Map: map[string]*types.OpaqueEntry{ + "user-filter": { + Decoder: "json", + Value: d, + }, + }, + } + userRes, err := gw.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{ RemoteUserId: &userpb.UserId{ Idp: idp, OpaqueId: opaqueID, }, + Opaque: o, }) if err != nil { return &userIdentifiers{} @@ -264,11 +301,11 @@ func (h *Handler) mustGetRemoteUser(ctx context.Context, gw gatewayv1beta1.Gatew return &userIdentifiers{} } - user := userRes.RemoteUser + remote := userRes.RemoteUser return &userIdentifiers{ - DisplayName: user.DisplayName, - Username: user.Username, - Mail: user.Mail, + DisplayName: remote.DisplayName, + Username: remote.Username, + Mail: remote.Mail, } } diff --git a/internal/http/services/sciencemesh/sciencemesh.go b/internal/http/services/sciencemesh/sciencemesh.go index 6f3446968f..c07d3d89ad 100644 --- a/internal/http/services/sciencemesh/sciencemesh.go +++ b/internal/http/services/sciencemesh/sciencemesh.go @@ -61,7 +61,7 @@ func (s *svc) Close() error { type config struct { Prefix string `mapstructure:"prefix"` - SMTPCredentials *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials" validate:"required"` + SMTPCredentials *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials"` GatewaySvc string `mapstructure:"gatewaysvc" validate:"required"` MeshDirectoryURL string `mapstructure:"mesh_directory_url" validate:"required"` ProviderDomain string `mapstructure:"provider_domain" validate:"required"` diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 6e94407580..ce0162579c 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -55,11 +55,22 @@ var ( GlobalRegistry registry.Registry = memory.New(map[string]interface{}{}) ) +func appendSlash(p string) string { + if p == "" { + return "/" + } + if p[len(p)-1] == '/' { + return p + } + return p + "/" +} + // Skip evaluates whether a source endpoint contains any of the prefixes. // i.e: /a/b/c/d/e contains prefix /a/b/c. func Skip(source string, prefixes []string) bool { - for i := range prefixes { - if strings.HasPrefix(path.Join(source, "/"), path.Join(prefixes[i], "/")) { + source = appendSlash(source) + for _, prefix := range prefixes { + if strings.HasPrefix(source, appendSlash(prefix)) { return true } }