eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(proxy): Update selected attributes of autoprovisioned users

Browse Source 
When autoprovisioning is enabled, we now update autoprovisioned users when their
display name or email address claims change.

Closes: #8955
This commit is contained in:
Ralf Haferkamp
2024-05-14 15:26:09 +02:00
committed by Ralf Haferkamp
parent cd7b15b250
commit 7ca8391ce2
5 changed files with 120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
services/proxy/pkg/user/backend/cs3.go
View File

@@ -224,6 +224,62 @@ func (c *cs3backend) CreateUserFromClaims(ctx context.Context, claims map[string
return &cs3UserCreated, nil
}
func (c cs3backend) UpdateUserIfNeeded(ctx context.Context, user *cs3.User, claims map[string]interface{}) error {
newUser, err := c.libregraphUserFromClaims(claims)
if err != nil {
c.logger.Error().Err(err).Interface("claims", claims).Msg("Error converting claims to user")
return fmt.Errorf("error converting claims to updated user: %w", err)
}
// Check if the user needs to be updated, only updates of "displayName" and "mail" are supported
// currently.
switch {
case newUser.GetDisplayName() != user.GetDisplayName():
fallthrough
case newUser.GetMail() != user.GetMail():
return c.updateLibregraphUser(user.GetId().GetOpaqueId(), newUser)
}
return nil
}
func (c cs3backend) updateLibregraphUser(userid string, user libregraph.User) error {
gatewayClient, err := c.gatewaySelector.Next()
if err != nil {
c.logger.Error().Err(err).Msg("could not select next gateway client")
return err
}
newctx := context.Background()
authRes, err := gatewayClient.Authenticate(newctx, &gateway.AuthenticateRequest{
Type: "serviceaccounts",
ClientId: c.serviceAccount.ServiceAccountID,
ClientSecret: c.serviceAccount.ServiceAccountSecret,
})
if err != nil {
return err
}
if authRes.GetStatus().GetCode() != rpcv1beta1.Code_CODE_OK {
return fmt.Errorf("error authenticating service user: %s", authRes.GetStatus().GetMessage())
}
lgClient, err := c.setupLibregraphClient(newctx, authRes.GetToken())
if err != nil {
c.logger.Error().Err(err).Msg("Error setting up libregraph client")
return err
}
req := lgClient.UserApi.UpdateUser(newctx, userid).User(user)
_, resp, err := req.Execute()
defer resp.Body.Close()
if err != nil {
c.logger.Error().Err(err).Msg("Failed to update user via libregraph")
return err
}
return nil
}
func (c cs3backend) setupLibregraphClient(ctx context.Context, cs3token string) (*libregraph.APIClient, error) {
// Use micro registry to resolve next graph service endpoint
next, err := c.graphSelector.Select("com.owncloud.graph.graph")