Skip to content
This repository has been archived by the owner on Jan 27, 2021. It is now read-only.

Use UUID for account lookup from presigned URLs #84

Closed
wants to merge 2 commits into from
Closed

Use UUID for account lookup from presigned URLs #84

wants to merge 2 commits into from

Conversation

PVince81
Copy link
Contributor

@PVince81 PVince81 commented Aug 7, 2020

Other part of owncloud/ocis-ocs#32

  • TODO: test
  • TODO: changelog

@PVince81 PVince81 requested review from butonic and refs August 7, 2020 10:58
@update-docs
Copy link

update-docs bot commented Aug 7, 2020

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@PVince81 PVince81 self-assigned this Aug 7, 2020
@PVince81 PVince81 mentioned this pull request Aug 7, 2020
Merged
@PVince81
Another attempt
0e6521e 
Remove claims query preparation as we already have the information
available.
@PVince81
Copy link
Contributor Author

PVince81 commented Aug 7, 2020

I'm stuck now as I don't have enough understanding of the auth layers.

Before this PR, the "presigned_url" middleware would prepare some claims query with the username that is then resolved by the next middleware "account_uuid".

However I noticed in the logs that even if I don't pass in anything to the "account_uuid" through the context, it still manages to find the correct account and claims, and then mints the token.

Still, despite "x-access-token" being set with the minted token, reva complains that there is no bearer header.

Not sure how this could even work before my change since the Bearer header is never set, and the previous logic seemed to also rely on "x-access-token".

This is the log output from the download request:

2020-08-07T15:39:22+02:00 DBG director found path=/konnect/v1/userinfo policy=reva prefix=/konnect/ routeType=prefix service=proxy
2020-08-07T15:39:22+02:00 DBG Bind request basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org service=glauth src={"IP":"127.0.0.1","Port":41858,"Zone":""}
2020-08-07T15:39:22+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","fuzziness":0,"match":"konnectd","prefix_length":0}]} service=accounts
2020-08-07T15:39:22+02:00 DBG result result={"facets":null,"hits":[{"id":"820ba2a1-3f54-4538-80a4-2d73007e30bf","index":"/var/tmp/ocis-accounts/index.bleve","score":3.477196570701495,"sort":["_score"]}],"max_score":3.477196570701495,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","fuzziness":0,"match":"konnectd","prefix_length":0}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":197894,"total_hits":1} service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Kopano Konnectd" GidNumber=15000 Id=820ba2a1-3f54-4538-80a4-2d73007e30bf Identities=null IsResourceAccount=false Mail=idp@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=konnectd OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=konnectd UidNumber=10000 service=accounts
2020-08-07T15:39:22+02:00 DBG Bind success binddn=cn=konnectd,ou=sysusers,dc=example,dc=org service=glauth src={"IP":"127.0.0.1","Port":41858,"Zone":""}
2020-08-07T15:39:22+02:00 DBG Search request basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) service=glauth src={"IP":"127.0.0.1","Port":41858,"Zone":""}
2020-08-07T15:39:22+02:00 DBG parsed query basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) qtype=users query= service=glauth
2020-08-07T15:39:22+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"}]} service=accounts
2020-08-07T15:39:22+02:00 DBG result result={"facets":null,"hits":[{"id":"4c510ada-c86b-4815-8820-42cdf82c3d51","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"820ba2a1-3f54-4538-80a4-2d73007e30bf","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"932b4540-8d16-481e-8ef4-588e4b6b151c","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"bc596f3c-c955-4328-80a0-60d018b4ad57","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]}],"max_score":1.8472978603872037,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":65429,"total_hits":5} service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Albert Einstein" GidNumber=30000 Id=4c510ada-c86b-4815-8820-42cdf82c3d51 Identities=null IsResourceAccount=false Mail=einstein@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"6040aa17-9c64-4fef-9bd0-77234d71bad0"},{"id":"dd58e5ec-842e-498b-8800-61f2ec6f911f"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=einstein OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=einstein UidNumber=20000 service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Kopano Konnectd" GidNumber=15000 Id=820ba2a1-3f54-4538-80a4-2d73007e30bf Identities=null IsResourceAccount=false Mail=idp@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=konnectd OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=konnectd UidNumber=10000 service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Richard Feynman" GidNumber=30000 Id=932b4540-8d16-481e-8ef4-588e4b6b151c Identities=null IsResourceAccount=false Mail=richard@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"a1726108-01f8-4c30-88df-2b1a9d1cba1a"},{"id":"167cbee2-0518-455a-bfb2-031fe0621e5d"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=richard OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=richard UidNumber=20002 service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Reva Inter Operability Platform" GidNumber=15000 Id=bc596f3c-c955-4328-80a0-60d018b4ad57 Identities=null IsResourceAccount=false Mail=storage@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=reva OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=reva UidNumber=10001 service=accounts
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Marie Curie" GidNumber=30000 Id=f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c Identities=null IsResourceAccount=false Mail=marie@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"7b87fd49-286e-4a5f-bafd-c535d5dd997a"},{"id":"cedc21aa-4072-4614-8676-fa9165f598ff"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=marie OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=marie UidNumber=20001 service=accounts
2020-08-07T15:39:22+02:00 DBG AP: Search OK basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) service=glauth src={"IP":"127.0.0.1","Port":41858,"Zone":""}
2020-08-07T15:39:22+02:00 DBG  bytes=259 duration=135.149426 method=GET path=/konnect/v1/userinfo proto=HTTP/1.1 request=219d0f1b-f6e6-4e89-8679-0c8c99debc5f service=konnectd status=200
2020-08-07T15:39:22+02:00 DBG unmarshalled userinfo claims={"email":"einstein@example.org","family_name":"einstein","iss":"https://localhost:9200","name":"einstein","preferred_username":"einstein","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"} service=proxy userInfo={"email":"einstein@example.org","email_verified":false,"profile":"","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"}
2020-08-07T15:39:22+02:00 DBG using cache entry for mail eq 'einstein@example.org' service=proxy
2020-08-07T15:39:22+02:00 DBG Associated claims with uuid account={"accountEnabled":true,"displayName":"Albert Einstein","gidNumber":"30000","id":"4c510ada-c86b-4815-8820-42cdf82c3d51","mail":"einstein@example.org","memberOf":[{"description":"A group every normal user belongs to.","displayName":"Users","gidNumber":"30000","id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa","onPremisesSamAccountName":"users"},{"displayName":"Sailing lovers","gidNumber":"30001","id":"6040aa17-9c64-4fef-9bd0-77234d71bad0","onPremisesSamAccountName":"sailing-lovers"},{"displayName":"Violin haters","gidNumber":"30002","id":"dd58e5ec-842e-498b-8800-61f2ec6f911f","onPremisesSamAccountName":"violin-haters"},{"displayName":"Physics lovers","gidNumber":"30007","id":"262982c1-2362-4afa-bfdf-8cbfef64a06e","onPremisesSamAccountName":"physics-lovers"}],"onPremisesSamAccountName":"einstein","passwordProfile":{},"preferredName":"einstein","uidNumber":"20000"} claims={"email":"einstein@example.org","family_name":"einstein","iss":"https://localhost:9200","name":"einstein","preferred_username":"einstein","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"} service=proxy
2020-08-07T15:39:22+02:00 DBG minted token account.Id=4c510ada-c86b-4815-8820-42cdf82c3d51 claims.Iss=https://localhost:9200 service=proxy token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNTk2ODA3NjIyLCJpYXQiOjE1OTY4MDc1NjIsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJ1c2VyIjp7ImlkIjp7ImlkcCI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJvcGFxdWVfaWQiOiI0YzUxMGFkYS1jODZiLTQ4MTUtODgyMC00MmNkZjgyYzNkNTEifSwidXNlcm5hbWUiOiJlaW5zdGVpbiIsIm1haWwiOiJlaW5zdGVpbkBleGFtcGxlLm9yZyIsIm1haWxfdmVyaWZpZWQiOnRydWUsImRpc3BsYXlfbmFtZSI6IkFsYmVydCBFaW5zdGVpbiIsImdyb3VwcyI6WyJ1c2VycyIsInNhaWxpbmctbG92ZXJzIiwidmlvbGluLWhhdGVycyIsInBoeXNpY3MtbG92ZXJzIl19fQ.38cfapOkxbCKiujNVQUaeHLK0JV-uyUFFRifDMnj4JE
2020-08-07T15:39:22+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Albert Einstein" GidNumber=30000 Id=4c510ada-c86b-4815-8820-42cdf82c3d51 Identities=null IsResourceAccount=false Mail=einstein@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"6040aa17-9c64-4fef-9bd0-77234d71bad0"},{"id":"dd58e5ec-842e-498b-8800-61f2ec6f911f"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=einstein OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=einstein UidNumber=20000 service=accounts
2020-08-07T15:39:22+02:00 DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/CreateHome pkg=rgrpc service=reva traceid=2b12f06f54fa1f707cc219aa2a0a763a
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:33604 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=314524 traceid=2b12f06f54fa1f707cc219aa2a0a763a uri=/cs3.storage.registry.v1beta1.RegistryAPI/GetStorageProvider user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:56866 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=880350 traceid=2b12f06f54fa1f707cc219aa2a0a763a uri=/cs3.storage.provider.v1beta1.ProviderAPI/CreateHome user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:33432 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=3807038 traceid=2b12f06f54fa1f707cc219aa2a0a763a uri=/cs3.gateway.v1beta1.GatewayAPI/CreateHome user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 DBG director found path=/remote.php/webdav/report3.txt policy=reva prefix=/remote.php/ routeType=prefix service=proxy
2020-08-07T15:39:22+02:00 INF access token is already provided pkg=rhttp service=reva traceid=ebe36dbe6ce3ada635ed78ed6819c303
2020-08-07T15:39:22+02:00 DBG http routing: head= tail=/remote.php/webdav/report3.txt svc=root pkg=rhttp service=reva
2020-08-07T15:39:22+02:00 DBG http routing head=remote.php pkg=rhttp service=reva tail=/webdav/report3.txt traceid=ebe36dbe6ce3ada635ed78ed6819c303
2020-08-07T15:39:22+02:00 DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/Stat pkg=rgrpc service=reva traceid=ebe36dbe6ce3ada635ed78ed6819c303
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:33604 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=418181 traceid=ebe36dbe6ce3ada635ed78ed6819c303 uri=/cs3.storage.registry.v1beta1.RegistryAPI/GetStorageProvider user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 DBG ocfs: unwrap: internal=/var/tmp/reva/data/4c510ada-c86b-4815-8820-42cdf82c3d51/files/report3.txt external=/report3.txt pkg=rgrpc service=reva traceid=ebe36dbe6ce3ada635ed78ed6819c303
2020-08-07T15:39:22+02:00 DBG ocfs: unwrap: internal=/var/tmp/reva/data/4c510ada-c86b-4815-8820-42cdf82c3d51/files/report3.txt external=/report3.txt pkg=rgrpc service=reva traceid=ebe36dbe6ce3ada635ed78ed6819c303
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:56866 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=2391972 traceid=ebe36dbe6ce3ada635ed78ed6819c303 uri=/cs3.storage.provider.v1beta1.ProviderAPI/Stat user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 INF unary code=OK end="07/Aug/2020:15:39:22 +0200" from=tcp://127.0.0.1:33638 pkg=rgrpc service=reva start="07/Aug/2020:15:39:22 +0200" time_ns=5574112 traceid=ebe36dbe6ce3ada635ed78ed6819c303 uri=/cs3.gateway.v1beta1.GatewayAPI/Stat user-agent=grpc-go/1.26.0
2020-08-07T15:39:22+02:00 INF http end="07/Aug/2020:15:39:22 +0200" host=127.0.0.1 method=HEAD pkg=rhttp proto=HTTP/1.1 service=reva size=0 start="07/Aug/2020:15:39:22 +0200" status=200 time_ns=8024283 traceid=ebe36dbe6ce3ada635ed78ed6819c303 uri=/remote.php/webdav/report3.txt url=/remote.php/webdav/report3.txt
2020-08-07T15:39:22+02:00 DBG director found path=/remote.php/webdav/report3.txt policy=reva prefix=/remote.php/ routeType=prefix service=proxy
2020-08-07T15:39:22+02:00 WRN core access token not set pkg=rhttp service=reva traceid=ae2f4d02b404236c1d6624bd66e4a733
2020-08-07T15:39:22+02:00 DBG error retrieving credentials error="no basic auth provided" pkg=rhttp service=reva traceid=ae2f4d02b404236c1d6624bd66e4a733
2020-08-07T15:39:22+02:00 DBG error retrieving credentials error="no bearer auth provided" pkg=rhttp service=reva traceid=ae2f4d02b404236c1d6624bd66e4a733
2020-08-07T15:39:22+02:00 WRN http end="07/Aug/2020:15:39:22 +0200" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=reva size=0 start="07/Aug/2020:15:39:22 +0200" status=401 time_ns=387810 traceid=ae2f4d02b404236c1d6624bd66e4a733 uri=/remote.php/webdav/report3.txt?OC-Credential=4c510ada-c86b-4815-8820-42cdf82c3d51&OC-Date=2020-08-07T13%3A39%3A22.320Z&OC-Expires=1200&OC-Verb=GET url=/remote.php/webdav/report3.txt?OC-Credential=4c510ada-c86b-4815-8820-42cdf82c3d51&OC-Date=2020-08-07T13%3A39%3A22.320Z&OC-Expires=1200&OC-Verb=GET
2020-08-07T15:39:22+02:00 DBG director found path=/remote.php/webdav/report3.txt policy=reva prefix=/remote.php/ routeType=prefix service=proxy
2020-08-07T15:39:22+02:00 WRN core access token not set pkg=rhttp service=reva traceid=959a80c6959fbe2639820cc1625ea3a3
2020-08-07T15:39:22+02:00 DBG error retrieving credentials error="no basic auth provided" pkg=rhttp service=reva traceid=959a80c6959fbe2639820cc1625ea3a3
2020-08-07T15:39:22+02:00 DBG error retrieving credentials error="no bearer auth provided" pkg=rhttp service=reva traceid=959a80c6959fbe2639820cc1625ea3a3
2020-08-07T15:39:22+02:00 WRN http end="07/Aug/2020:15:39:22 +0200" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=reva size=0 start="07/Aug/2020:15:39:22 +0200" status=401 time_ns=337392 traceid=959a80c6959fbe2639820cc1625ea3a3 uri=/remote.php/webdav/report3.txt?OC-Credential=4c510ada-c86b-4815-8820-42cdf82c3d51&OC-Date=2020-08-07T13%3A39%3A22.320Z&OC-Expires=1200&OC-Verb=GET url=/remote.php/webdav/report3.txt?OC-Credential=4c510ada-c86b-4815-8820-42cdf82c3d51&OC-Date=2020-08-07T13%3A39%3A22.320Z&OC-Expires=1200&OC-Verb=GET
2020-08-07 15:39:22.946195 I | http: superfluous response.WriteHeader call from net/http/httputil.(*ReverseProxy).ServeHTTP (reverseproxy.go:295)
2020-08-07T15:39:23+02:00 DBG director found path=/konnect/v1/userinfo policy=reva prefix=/konnect/ routeType=prefix service=proxy
2020-08-07T15:39:23+02:00 DBG Bind request basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org service=glauth src={"IP":"127.0.0.1","Port":41872,"Zone":""}
2020-08-07T15:39:23+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","fuzziness":0,"match":"konnectd","prefix_length":0}]} service=accounts
2020-08-07T15:39:23+02:00 DBG result result={"facets":null,"hits":[{"id":"820ba2a1-3f54-4538-80a4-2d73007e30bf","index":"/var/tmp/ocis-accounts/index.bleve","score":3.477196570701495,"sort":["_score"]}],"max_score":3.477196570701495,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"},{"field":"on_premises_sam_account_name","fuzziness":0,"match":"konnectd","prefix_length":0}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":103819,"total_hits":1} service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Kopano Konnectd" GidNumber=15000 Id=820ba2a1-3f54-4538-80a4-2d73007e30bf Identities=null IsResourceAccount=false Mail=idp@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=konnectd OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=konnectd UidNumber=10000 service=accounts
2020-08-07T15:39:23+02:00 DBG Bind success binddn=cn=konnectd,ou=sysusers,dc=example,dc=org service=glauth src={"IP":"127.0.0.1","Port":41872,"Zone":""}
2020-08-07T15:39:23+02:00 DBG Search request basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) service=glauth src={"IP":"127.0.0.1","Port":41872,"Zone":""}
2020-08-07T15:39:23+02:00 DBG parsed query basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) qtype=users query= service=glauth
2020-08-07T15:39:23+02:00 DBG using query query={"conjuncts":[{"field":"bleve_type","term":"account"}]} service=accounts
2020-08-07T15:39:23+02:00 DBG result result={"facets":null,"hits":[{"id":"4c510ada-c86b-4815-8820-42cdf82c3d51","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"820ba2a1-3f54-4538-80a4-2d73007e30bf","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"932b4540-8d16-481e-8ef4-588e4b6b151c","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"bc596f3c-c955-4328-80a0-60d018b4ad57","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]},{"id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","index":"/var/tmp/ocis-accounts/index.bleve","score":1.8472978603872037,"sort":["_score"]}],"max_score":1.8472978603872037,"request":{"explain":false,"facets":null,"fields":null,"from":0,"highlight":null,"includeLocations":false,"query":{"conjuncts":[{"field":"bleve_type","term":"account"}]},"search_after":null,"search_before":null,"size":10,"sort":["-_score"]},"status":{"failed":0,"successful":1,"total":1},"took":4422729,"total_hits":5} service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Albert Einstein" GidNumber=30000 Id=4c510ada-c86b-4815-8820-42cdf82c3d51 Identities=null IsResourceAccount=false Mail=einstein@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"6040aa17-9c64-4fef-9bd0-77234d71bad0"},{"id":"dd58e5ec-842e-498b-8800-61f2ec6f911f"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=einstein OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=einstein UidNumber=20000 service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Kopano Konnectd" GidNumber=15000 Id=820ba2a1-3f54-4538-80a4-2d73007e30bf Identities=null IsResourceAccount=false Mail=idp@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=konnectd OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=konnectd UidNumber=10000 service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Richard Feynman" GidNumber=30000 Id=932b4540-8d16-481e-8ef4-588e4b6b151c Identities=null IsResourceAccount=false Mail=richard@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"a1726108-01f8-4c30-88df-2b1a9d1cba1a"},{"id":"167cbee2-0518-455a-bfb2-031fe0621e5d"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=richard OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=richard UidNumber=20002 service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Reva Inter Operability Platform" GidNumber=15000 Id=bc596f3c-c955-4328-80a0-60d018b4ad57 Identities=null IsResourceAccount=false Mail=storage@example.org MemberOf=[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=reva OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=reva UidNumber=10001 service=accounts
2020-08-07T15:39:23+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Marie Curie" GidNumber=30000 Id=f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c Identities=null IsResourceAccount=false Mail=marie@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"7b87fd49-286e-4a5f-bafd-c535d5dd997a"},{"id":"cedc21aa-4072-4614-8676-fa9165f598ff"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=marie OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=marie UidNumber=20001 service=accounts
2020-08-07T15:39:23+02:00 DBG AP: Search OK basedn=dc=example,dc=org binddn=cn=konnectd,ou=sysusers,dc=example,dc=org filter=(objectClass=posixaccount) service=glauth src={"IP":"127.0.0.1","Port":41872,"Zone":""}
2020-08-07T15:39:23+02:00 DBG  bytes=259 duration=38.543849 method=GET path=/konnect/v1/userinfo proto=HTTP/1.1 request=e0b4cbfe-5949-4058-b624-d93064794561 service=konnectd status=200
2020-08-07T15:39:23+02:00 DBG unmarshalled userinfo claims={"email":"einstein@example.org","family_name":"einstein","iss":"https://localhost:9200","name":"einstein","preferred_username":"einstein","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"} service=proxy userInfo={"email":"einstein@example.org","email_verified":false,"profile":"","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"}
2020-08-07T15:39:23+02:00 DBG using cache entry for mail eq 'einstein@example.org' service=proxy
2020-08-07T15:39:23+02:00 DBG Associated claims with uuid account={"accountEnabled":true,"displayName":"Albert Einstein","gidNumber":"30000","id":"4c510ada-c86b-4815-8820-42cdf82c3d51","mail":"einstein@example.org","memberOf":[{"description":"A group every normal user belongs to.","displayName":"Users","gidNumber":"30000","id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa","onPremisesSamAccountName":"users"},{"displayName":"Sailing lovers","gidNumber":"30001","id":"6040aa17-9c64-4fef-9bd0-77234d71bad0","onPremisesSamAccountName":"sailing-lovers"},{"displayName":"Violin haters","gidNumber":"30002","id":"dd58e5ec-842e-498b-8800-61f2ec6f911f","onPremisesSamAccountName":"violin-haters"},{"displayName":"Physics lovers","gidNumber":"30007","id":"262982c1-2362-4afa-bfdf-8cbfef64a06e","onPremisesSamAccountName":"physics-lovers"}],"onPremisesSamAccountName":"einstein","passwordProfile":{},"preferredName":"einstein","uidNumber":"20000"} claims={"email":"einstein@example.org","family_name":"einstein","iss":"https://localhost:9200","name":"einstein","preferred_username":"einstein","sub":"XtSi_miyWSB-pkvGnxPoC5A4flih0UCLgvU7cLwjmjCKX7FYn2HWk6rRCEuy2G5qAy_yMQc_FK9aNFhUMrX2pQ@konnect"} service=proxy
2020-08-07T15:39:23+02:00 DBG minted token account.Id=4c510ada-c86b-4815-8820-42cdf82c3d51 claims.Iss=https://localhost:9200 service=proxy token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNTk2ODA3NjIzLCJpYXQiOjE1OTY4MDc1NjMsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJ1c2VyIjp7ImlkIjp7ImlkcCI6Imh0dHBzOi8vbG9jYWxob3N0OjkyMDAiLCJvcGFxdWVfaWQiOiI0YzUxMGFkYS1jODZiLTQ4MTUtODgyMC00MmNkZjgyYzNkNTEifSwidXNlcm5hbWUiOiJlaW5zdGVpbiIsIm1haWwiOiJlaW5zdGVpbkBleGFtcGxlLm9yZyIsIm1haWxfdmVyaWZpZWQiOnRydWUsImRpc3BsYXlfbmFtZSI6IkFsYmVydCBFaW5zdGVpbiIsImdyb3VwcyI6WyJ1c2VycyIsInNhaWxpbmctbG92ZXJzIiwidmlvbGluLWhhdGVycyIsInBoeXNpY3MtbG92ZXJzIl19fQ.QbfG3PHa0OJyE068xHJIA3hgMiJyDDnuuoJMx_4k8Sk
2020-08-07T15:39:24+02:00 DBG found account AccountEnabled=true CreatedDateTime=null DeletedDateTime=null Description= DisplayName="Albert Einstein" GidNumber=30000 Id=4c510ada-c86b-4815-8820-42cdf82c3d51 Identities=null IsResourceAccount=false Mail=einstein@example.org MemberOf=[{"id":"509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"},{"id":"6040aa17-9c64-4fef-9bd0-77234d71bad0"},{"id":"dd58e5ec-842e-498b-8800-61f2ec6f911f"},{"id":"262982c1-2362-4afa-bfdf-8cbfef64a06e"}] OnPremisesDistinguishedName= OnPremisesLastSyncDateTime=null OnPremisesSamAccountName=einstein OnPremisesSecurityIdentifier= OnPremisesSyncEnabled=false OnPremisesUserPrincipalName= PreferredName=einstein UidNumber=20000 service=accounts
2020-08-07T15:39:24+02:00 DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/CreateHome pkg=rgrpc service=reva traceid=fe39dbc55290d1b04024a47457741e1c
2020-08-07T15:39:24+02:00 INF unary code=OK end="07/Aug/2020:15:39:24 +0200" from=tcp://127.0.0.1:33604 pkg=rgrpc service=reva start="07/Aug/2020:15:39:24 +0200" time_ns=445686 traceid=fe39dbc55290d1b04024a47457741e1c uri=/cs3.storage.registry.v1beta1.RegistryAPI/GetStorageProvider user-agent=grpc-go/1.26.0
2020-08-07T15:39:24+02:00 INF unary code=OK end="07/Aug/2020:15:39:24 +0200" from=tcp://127.0.0.1:56866 pkg=rgrpc service=reva start="07/Aug/2020:15:39:24 +0200" time_ns=872610 traceid=fe39dbc55290d1b04024a47457741e1c uri=/cs3.storage.provider.v1beta1.ProviderAPI/CreateHome user-agent=grpc-go/1.26.0
2020-08-07T15:39:24+02:00 INF unary code=OK end="07/Aug/2020:15:39:24 +0200" from=tcp://127.0.0.1:33432 pkg=rgrpc service=reva start="07/Aug/2020:15:39:24 +0200" time_ns=4343130 traceid=fe39dbc55290d1b04024a47457741e1c uri=/cs3.gateway.v1beta1.GatewayAPI/CreateHome user-agent=grpc-go/1.26.0
2020-08-07T15:39:24+02:00 DBG director found path=/ocs/v2.php/apps/notifications/api/v1/notifications policy=reva prefix=/ocs/ routeType=prefix service=proxy
2020-08-07T15:39:24+02:00 INF access token is already provided pkg=rhttp service=reva traceid=33a23f3e811c78b20a53702559732974
2020-08-07T15:39:24+02:00 DBG http routing: head=ocs tail=/v2.php/apps/notifications/api/v1/notifications svc=ocs pkg=rhttp service=reva
2020-08-07T15:39:24+02:00 DBG ocs routing head=v2.php pkg=rhttp service=reva tail=/apps/notifications/api/v1/notifications traceid=33a23f3e811c78b20a53702559732974
2020-08-07T15:39:24+02:00 DBG http routing head=notifications pkg=rhttp service=reva tail=/ traceid=33a23f3e811c78b20a53702559732974

@butonic we'll need your help here

@PVince81
Copy link
Contributor Author

PVince81 commented Aug 7, 2020

also to note: the user's validity is already verified by signedRequestIsValid() through the signature.
so all we need to do is prepare the request/context to make that user available to the following services, here Reva.
I thought this was done with "x-access-token".

@PVince81 PVince81 mentioned this pull request Aug 10, 2020
Closed
@PVince81
Copy link
Contributor Author

obsoleted by #85

@PVince81 PVince81 closed this Aug 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@butonic butonic Awaiting requested review from butonic

@refs refs Awaiting requested review from refs

Assignees

@PVince81 PVince81

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@PVince81