Merge branch 'master' into metadata-gateway

owncloud · Apr 29, 2022 · 3c3955a · 3c3955a
2 parents ddbedfe + d9e3fb3
commit 3c3955a
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,15 +6,25 @@ The following sections list the changes for unreleased.
 
 ## Summary
 
+* Bugfix - Idp: Check if CA certificate if present: [#3623](https://github.com/owncloud/ocis/issues/3623)
 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
 * Bugfix - URL encode the webdav url in the graph API: [#3597](https://github.com/owncloud/ocis/pull/3597)
 * Change - Load configuration files just from one directory: [#3587](https://github.com/owncloud/ocis/pull/3587)
+* Change - Switched default configuration to use libregraph/idm: [#3331](https://github.com/owncloud/ocis/pull/3331)
 * Enhancement - Add capability for public link single file edit: [#6787](https://github.com/owncloud/web/pull/6787)
 * Enhancement - Update linkshare capabilities: [#3579](https://github.com/owncloud/ocis/pull/3579)
 * Enhancement - Update reva to v2.x.x: [#3552](https://github.com/owncloud/ocis/pull/3552)
 
 ## Details
 
+* Bugfix - Idp: Check if CA certificate if present: [#3623](https://github.com/owncloud/ocis/issues/3623)
+
+   Upon first start with the default configurtation the idm service creates a server
+   certificate, that might not be finished before the idp service is starting. Add a check to idp
+   similar to what the user, group, and auth-providers implement.
+
+   https://github.com/owncloud/ocis/issues/3623
+
 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
 
    The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
@@ -42,6 +52,15 @@ The following sections list the changes for unreleased.
 
    https://github.com/owncloud/ocis/pull/3587
 
+* Change - Switched default configuration to use libregraph/idm: [#3331](https://github.com/owncloud/ocis/pull/3331)
+
+   We switched the default configuration of oCIS to use the "idm" service (based on
+   libregraph/idm) as the standard source for user and group information. The accounts and
+   glauth services are no longer enabled by default and will be removed with an upcoming release.
+
+   https://github.com/owncloud/ocis/pull/3331
+   https://github.com/owncloud/ocis/pull/3633
+
 * Enhancement - Add capability for public link single file edit: [#6787](https://github.com/owncloud/web/pull/6787)
 
    It is now possible to share a single file by link with edit permissions. Therefore we need a

diff --git a/changelog/unreleased/idp-cert-wait.md b/changelog/unreleased/idp-cert-wait.md
@@ -0,0 +1,8 @@
+Bugfix: idp: Check if CA certificate if present
+
+Upon first start with the default configurtation the idm service creates
+a server certificate, that might not be finished before the idp service
+is starting. Add a check to idp similar to what the user, group, and
+auth-providers implement.
+
+https://github.com/owncloud/ocis/issues/3623
diff --git a/changelog/unreleased/libregraph-idm-switch.md b/changelog/unreleased/libregraph-idm-switch.md
@@ -0,0 +1,9 @@
+Change: Switched default configuration to use libregraph/idm
+
+We switched the default configuration of oCIS to use the "idm" service (based
+on libregraph/idm) as the standard source for user and group information. The
+accounts and glauth services are no longer enabled by default and will be
+removed with an upcoming release.
+
+https://github.com/owncloud/ocis/pull/3331
+https://github.com/owncloud/ocis/pull/3633
diff --git a/extensions/idp/pkg/service/v0/service.go b/extensions/idp/pkg/service/v0/service.go
@@ -22,6 +22,7 @@ import (
 	"github.com/owncloud/ocis/extensions/idp/pkg/assets"
 	"github.com/owncloud/ocis/extensions/idp/pkg/config"
 	"github.com/owncloud/ocis/extensions/idp/pkg/middleware"
+	"github.com/owncloud/ocis/ocis-pkg/ldap"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"stash.kopano.io/kgol/rndm"
 )
@@ -41,6 +42,14 @@ func NewService(opts ...Option) Service {
 		assets.Config(options.Config),
 	)
 
+	if err := ldap.WaitForCA(options.Logger, options.Config.IDP.Insecure, options.Config.Ldap.TLSCACert); err != nil {
+		logger.Fatal().Err(err).Msg("The configured LDAP CA cert does not exist")
+	}
+	if options.Config.IDP.Insecure {
+		// force CACert to be empty to avoid lico try to load it
+		options.Config.Ldap.TLSCACert = ""
+	}
+
 	if err := initLicoInternalEnvVars(&options.Config.Ldap); err != nil {
 		logger.Fatal().Err(err).Msg("could not initialize env vars")
 	}
@@ -56,7 +65,6 @@ func NewService(opts ...Option) Service {
 
 	// https://play.golang.org/p/Mh8AVJCd593
 	idpSettings := bootstrap.Settings(options.Config.IDP)
-
 	bs, err := bootstrap.Boot(ctx, &idpSettings, &licoconfig.Config{
 		Logger: log.LogrusWrap(logger),
 	})

diff --git a/extensions/web/pkg/config/defaults/defaultconfig.go b/extensions/web/pkg/config/defaults/defaultconfig.go
@@ -50,7 +50,7 @@ func DefaultConfig() *config.Config {
 					ResponseType: "code",
 					Scope:        "openid profile email",
 				},
-				Apps: []string{"files", "search", "preview", "text-editor", "pdf-viewer", "external"},
+				Apps: []string{"files", "search", "preview", "text-editor", "pdf-viewer", "external", "user-management"},
 			},
 		},
 	}

diff --git a/extensions/web/pkg/service/v0/service.go b/extensions/web/pkg/service/v0/service.go
@@ -85,10 +85,6 @@ func (p Web) getPayload() (payload []byte, err error) {
 					ID:   "settings",
 					Path: "/settings.js",
 				},
-				{
-					ID:   "accounts",
-					Path: "/accounts.js",
-				},
 			}
 		}