set only user oidc claim only if cs3 claim is userid

owncloud · Nov 15, 2021 · e67a759 · e67a759
1 parent d05df2f
commit e67a759
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go
@@ -221,6 +221,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
 			middleware.UserProvider(userProvider),
 			middleware.OIDCIss(cfg.OIDC.Issuer),
 			middleware.UserOIDCClaim(cfg.UserOIDCClaim),
+			middleware.UserCS3Claim(cfg.UserCS3Claim),
 			middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent),
 		),
 		middleware.SignedURLAuth(

diff --git a/proxy/pkg/middleware/authentication.go b/proxy/pkg/middleware/authentication.go
@@ -127,6 +127,7 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler {
 		AccountsClient(options.AccountsClient),
 		OIDCIss(options.OIDCIss),
 		UserOIDCClaim(options.UserOIDCClaim),
+		UserCS3Claim(options.UserCS3Claim),
 		CredentialsByUserAgent(options.CredentialsByUserAgent),
 	)
 }
diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go
@@ -85,11 +85,14 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
 				// fake oidc claims
 				claims := map[string]interface{}{
 					oidc.OwncloudUUID:      user.Id.OpaqueId,
-					options.UserOIDCClaim:  user.Id.OpaqueId,
 					oidc.Iss:               user.Id.Idp,
 					oidc.PreferredUsername: user.Username,
 					oidc.Email:             user.Mail,
 				}
+				if options.UserCS3Claim == "userid" {
+					claims[options.UserOIDCClaim] = user.Id.OpaqueId
+					// OpaqueId contains the userid configured in STORAGE_LDAP_USER_SCHEMA_UID
+				}
 
 				next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims)))
 			},