From 2fa781fa2f7359ffa619b0c6837f73c51ebdcdb8 Mon Sep 17 00:00:00 2001 From: Giuseppe Lo Presti Date: Fri, 18 Feb 2022 17:52:10 +0100 Subject: [PATCH] Fixed all references to oidcmapping --- .../packages/auth/manager/oidc/_index.md | 28 +++++++++++++++---- examples/oidc-mapping-tpc/oidcmapping-1.toml | 6 ++-- examples/oidc-mapping-tpc/oidcmapping-2.toml | 6 ++-- .../storageprovider/storageprovider.go | 4 ++- pkg/app/provider/wopi/wopi.go | 3 +- pkg/auth/manager/loader/loader.go | 1 - pkg/auth/manager/oidc/oidc.go | 4 +-- 7 files changed, 35 insertions(+), 17 deletions(-) diff --git a/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md b/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md index 6abc8039f10..758a8a14af4 100644 --- a/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md +++ b/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md @@ -9,7 +9,7 @@ description: > # _struct: config_ {{% dir name="insecure" type="bool" default=false %}} -Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L55) +Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L61) {{< highlight toml >}} [auth.manager.oidc] insecure = false @@ -17,7 +17,7 @@ insecure = false {{% /dir %}} {{% dir name="issuer" type="string" default="" %}} -The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L56) +The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L62) {{< highlight toml >}} [auth.manager.oidc] issuer = "" @@ -25,7 +25,7 @@ issuer = "" {{% /dir %}} {{% dir name="id_claim" type="string" default="sub" %}} -The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L57) +The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L63) {{< highlight toml >}} [auth.manager.oidc] id_claim = "sub" @@ -33,7 +33,7 @@ id_claim = "sub" {{% /dir %}} {{% dir name="uid_claim" type="string" default="" %}} -The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L58) +The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L64) {{< highlight toml >}} [auth.manager.oidc] uid_claim = "" @@ -41,7 +41,7 @@ uid_claim = "" {{% /dir %}} {{% dir name="gid_claim" type="string" default="" %}} -The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L59) +The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L65) {{< highlight toml >}} [auth.manager.oidc] gid_claim = "" @@ -49,10 +49,26 @@ gid_claim = "" {{% /dir %}} {{% dir name="gatewaysvc" type="string" default="" %}} -The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L60) +The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L66) {{< highlight toml >}} [auth.manager.oidc] gatewaysvc = "" {{< /highlight >}} {{% /dir %}} +{{% dir name="users_mapping" type="string" default="" %}} + The optional OIDC users mapping file path [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L67) +{{< highlight toml >}} +[auth.manager.oidc] +users_mapping = "" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="group_claim" type="string" default="" %}} + The group claim to be looked up to map the user (default to 'groups'). [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L68) +{{< highlight toml >}} +[auth.manager.oidc] +group_claim = "" +{{< /highlight >}} +{{% /dir %}} + diff --git a/examples/oidc-mapping-tpc/oidcmapping-1.toml b/examples/oidc-mapping-tpc/oidcmapping-1.toml index 166c96880f2..008416a9c2c 100644 --- a/examples/oidc-mapping-tpc/oidcmapping-1.toml +++ b/examples/oidc-mapping-tpc/oidcmapping-1.toml @@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4" address = "0.0.0.0:13000" [grpc.services.authprovider] -auth_manager = "oidcmapping" +auth_manager = "oidc" [grpc.services.authprovider.auth_managers.json] users = "users.json" -[grpc.services.authprovider.auth_managers.oidcmapping] +[grpc.services.authprovider.auth_managers.oidc] gatewaysvc = "localhost:19000" issuer = "https://iam-escape.cloud.cnaf.infn.it/" # ESCAPE adopted the WLCG groups as group claims group_claim = "wlcg.groups" # The OIDC users mapping file path -users_mapping = "users-oidcmapping-1.demo.json" +users_mapping = "users-oidc-1.demo.json" # If your local identity provider service configuration includes further claims, # please configure them also here #uid_claim = "" diff --git a/examples/oidc-mapping-tpc/oidcmapping-2.toml b/examples/oidc-mapping-tpc/oidcmapping-2.toml index 51eb894eed5..d9bf633f36a 100644 --- a/examples/oidc-mapping-tpc/oidcmapping-2.toml +++ b/examples/oidc-mapping-tpc/oidcmapping-2.toml @@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4" address = "0.0.0.0:14000" [grpc.services.authprovider] -auth_manager = "oidcmapping" +auth_manager = "oidc" [grpc.services.authprovider.auth_managers.json] users = "users.json" -[grpc.services.authprovider.auth_managers.oidcmapping] +[grpc.services.authprovider.auth_managers.oidc] gatewaysvc = "localhost:17000" issuer = "https://iam-escape.cloud.cnaf.infn.it/" # ESCAPE adopted the WLCG groups as group claims group_claim = "wlcg.groups" # The OIDC users mapping file path -users_mapping = "users-oidcmapping-2.demo.json" +users_mapping = "users-oidc-2.demo.json" # If your local identity provider service configuration includes further claims, # please configure them also here #uid_claim = "" diff --git a/internal/grpc/services/storageprovider/storageprovider.go b/internal/grpc/services/storageprovider/storageprovider.go index fd72dbcb7c8..79cfe8b1cc9 100644 --- a/internal/grpc/services/storageprovider/storageprovider.go +++ b/internal/grpc/services/storageprovider/storageprovider.go @@ -95,7 +95,9 @@ func (c *config) init() { c.AvailableXS = map[string]uint32{"md5": 100, "unset": 1000} } if c.MimeTypes == nil || len(c.MimeTypes) == 0 { - c.MimeTypes = map[string]string{".zmd": "application/compressed-markdown"} + c.MimeTypes = map[string]string{ + ".zmd": "application/compressed-markdown", + ".zep": "application/compressed-etherpad"} } } diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go index 0a9b2fd1872..3c152e8e9c9 100644 --- a/pkg/app/provider/wopi/wopi.go +++ b/pkg/app/provider/wopi/wopi.go @@ -171,7 +171,7 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc } } if q.Get("appurl") == "" { - // assuming that an view action is always available in the /hosting/discovery manifest + // assuming that a view action is always available in the /hosting/discovery manifest // eg. Collabora does support viewing jpgs but no editing // eg. OnlyOffice does support viewing pdfs but no editing // there is no known case of supporting edit only without view @@ -327,6 +327,7 @@ func getAppURLs(c *config) (map[string]map[string]string, error) { } // register the supported mimetypes in the AppRegistry: this is hardcoded for the time being + // TODO(lopresti) move to config switch c.AppName { case "CodiMD": appURLs = getCodimdExtensions(c.AppURL) diff --git a/pkg/auth/manager/loader/loader.go b/pkg/auth/manager/loader/loader.go index bc162229d69..69862bc1446 100644 --- a/pkg/auth/manager/loader/loader.go +++ b/pkg/auth/manager/loader/loader.go @@ -28,7 +28,6 @@ import ( _ "github.com/cs3org/reva/pkg/auth/manager/machine" _ "github.com/cs3org/reva/pkg/auth/manager/nextcloud" _ "github.com/cs3org/reva/pkg/auth/manager/oidc" - _ "github.com/cs3org/reva/pkg/auth/manager/oidcmapping" _ "github.com/cs3org/reva/pkg/auth/manager/owncloudsql" _ "github.com/cs3org/reva/pkg/auth/manager/publicshares" // Add your own here diff --git a/pkg/auth/manager/oidc/oidc.go b/pkg/auth/manager/oidc/oidc.go index ab8afd09a53..e5724bdd760 100644 --- a/pkg/auth/manager/oidc/oidc.go +++ b/pkg/auth/manager/oidc/oidc.go @@ -163,7 +163,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) // claims contains the standard OIDC claims like iss, iat, aud, ... and any other non-standard one. // TODO(labkode): make claims configuration dynamic from the config file so we can add arbitrary mappings from claims to user struct. // For now, only the group claim is dynamic. - // TODO(labkode): may do like K8s does it: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go + // TODO(labkode): may do like K8s does it: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go var claims map[string]interface{} if err := userInfo.Claims(&claims); err != nil { return nil, nil, fmt.Errorf("oidc: error unmarshaling userinfo claims: %v", err) @@ -344,7 +344,7 @@ func (am *mgr) resolveUser(ctx context.Context, claims map[string]interface{}) e if am.c.GIDClaim != "" { claims[am.c.GIDClaim] = getUserByClaimResp.GetUser().GidNumber } - appctx.GetLogger(ctx).Debug().Str("username", username).Interface("claims", claims).Msg("resolveUser: claims overridden from mapped user") + appctx.GetLogger(ctx).Debug().Str("username", username).Interface("claims", claims).Msg("resolveUser: claims overridden from mapped user") } return nil }