diff --git a/changelog/unreleased/mint-uid-and-gid.md b/changelog/unreleased/mint-uid-and-gid.md new file mode 100644 index 0000000..95c059b --- /dev/null +++ b/changelog/unreleased/mint-uid-and-gid.md @@ -0,0 +1,5 @@ +Enhancement: Add numeric uid and gid to the access token + +The eos storage driver is fetching the uid and gid of a user from the access token. This PR is using the response of the accounts service to mint them in the token. + +https://github.com/owncloud/ocis-proxy/pull/89 diff --git a/pkg/middleware/account_uuid.go b/pkg/middleware/account_uuid.go index 620731e..24cb60d 100644 --- a/pkg/middleware/account_uuid.go +++ b/pkg/middleware/account_uuid.go @@ -4,9 +4,11 @@ import ( "context" "fmt" "net/http" + "strconv" "strings" revauser "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" + types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/token/manager/jwt" acc "github.com/owncloud/ocis-accounts/pkg/proto/v0" "github.com/owncloud/ocis-pkg/v2/log" @@ -145,7 +147,7 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { } l.Debug().Interface("claims", claims).Interface("account", account).Msgf("Associated claims with uuid") - token, err := tokenManager.MintToken(r.Context(), &revauser.User{ + user := &revauser.User{ Id: &revauser.UserId{ OpaqueId: account.Id, Idp: claims.Iss, @@ -155,7 +157,21 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler { Mail: account.Mail, MailVerified: account.ExternalUserState == "" || account.ExternalUserState == "Accepted", Groups: groups, - }) + Opaque: &types.Opaque{ + Map: map[string]*types.OpaqueEntry{}, + }, + } + + user.Opaque.Map["uid"] = &types.OpaqueEntry{ + Decoder: "plain", + Value: []byte(strconv.FormatInt(account.UidNumber, 10)), + } + user.Opaque.Map["gid"] = &types.OpaqueEntry{ + Decoder: "plain", + Value: []byte(strconv.FormatInt(account.GidNumber, 10)), + } + + token, err := tokenManager.MintToken(r.Context(), user) if err != nil { l.Error().Err(err).Msgf("Could not mint token")