Merged oidcmapping auth manager into oidc

cs3org · Mar 2, 2022 · 6967f1d · 6967f1d
1 parent 812d9e6
commit 6967f1d
Show file tree

Hide file tree

Showing 8 changed files with 188 additions and 420 deletions.
diff --git a/changelog/unreleased/unify-oidc.md b/changelog/unreleased/unify-oidc.md
@@ -0,0 +1,7 @@
+Change: Merge oidcmapping auth manager into oidc
+
+The oidcmapping auth manager was created as a separate package to ease testing. As it has now been tested
+also as a pure OIDC auth provider without mapping, and as the code is largely refactored, it makes
+sense to merge it back so to maintain a single OIDC manager.
+
+https://github.com/cs3org/reva/pull/2561
diff --git a/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md b/docs/content/en/docs/config/packages/auth/manager/oidc/_index.md
@@ -9,50 +9,66 @@ description: >
 # _struct: config_
 
 {{% dir name="insecure" type="bool" default=false %}}
-Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L55)
+Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L61)
 {{< highlight toml >}}
 [auth.manager.oidc]
 insecure = false
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="issuer" type="string" default="" %}}
-The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L56)
+The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L62)
 {{< highlight toml >}}
 [auth.manager.oidc]
 issuer = ""
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="id_claim" type="string" default="sub" %}}
-The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L57)
+The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L63)
 {{< highlight toml >}}
 [auth.manager.oidc]
 id_claim = "sub"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="uid_claim" type="string" default="" %}}
-The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L58)
+The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L64)
 {{< highlight toml >}}
 [auth.manager.oidc]
 uid_claim = ""
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="gid_claim" type="string" default="" %}}
-The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L59)
+The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L65)
 {{< highlight toml >}}
 [auth.manager.oidc]
 gid_claim = ""
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="gatewaysvc" type="string" default="" %}}
-The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L60)
+The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L66)
 {{< highlight toml >}}
 [auth.manager.oidc]
 gatewaysvc = ""
 {{< /highlight >}}
 {{% /dir %}}
 
+{{% dir name="users_mapping" type="string" default="" %}}
+ The optional OIDC users mapping file path [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L67)
+{{< highlight toml >}}
+[auth.manager.oidc]
+users_mapping = ""
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="group_claim" type="string" default="" %}}
+ The group claim to be looked up to map the user (default to 'groups'). [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidc/oidc.go#L68)
+{{< highlight toml >}}
+[auth.manager.oidc]
+group_claim = ""
+{{< /highlight >}}
+{{% /dir %}}
+
diff --git a/examples/oidc-mapping-tpc/oidcmapping-1.toml b/examples/oidc-mapping-tpc/oidcmapping-1.toml
@@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4"
 address = "0.0.0.0:13000"
 
 [grpc.services.authprovider]
-auth_manager = "oidcmapping"
+auth_manager = "oidc"
 [grpc.services.authprovider.auth_managers.json]
 users = "users.json"
-[grpc.services.authprovider.auth_managers.oidcmapping]
+[grpc.services.authprovider.auth_managers.oidc]
 gatewaysvc = "localhost:19000"
 issuer = "https://iam-escape.cloud.cnaf.infn.it/"
 # ESCAPE adopted the WLCG groups as group claims
 group_claim = "wlcg.groups"
 # The OIDC users mapping file path
-users_mapping = "users-oidcmapping-1.demo.json"
+users_mapping = "users-oidc-1.demo.json"
 # If your local identity provider service configuration includes further claims,
 # please configure them also here
 #uid_claim = ""

diff --git a/examples/oidc-mapping-tpc/oidcmapping-2.toml b/examples/oidc-mapping-tpc/oidcmapping-2.toml
@@ -8,16 +8,16 @@ jwt_secret = "Pive-Fumkiu4"
 address = "0.0.0.0:14000"
 
 [grpc.services.authprovider]
-auth_manager = "oidcmapping"
+auth_manager = "oidc"
 [grpc.services.authprovider.auth_managers.json]
 users = "users.json"
-[grpc.services.authprovider.auth_managers.oidcmapping]
+[grpc.services.authprovider.auth_managers.oidc]
 gatewaysvc = "localhost:17000"
 issuer = "https://iam-escape.cloud.cnaf.infn.it/"
 # ESCAPE adopted the WLCG groups as group claims
 group_claim = "wlcg.groups"
 # The OIDC users mapping file path
-users_mapping = "users-oidcmapping-2.demo.json"
+users_mapping = "users-oidc-2.demo.json"
 # If your local identity provider service configuration includes further claims,
 # please configure them also here
 #uid_claim = ""

diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go
@@ -171,7 +171,7 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc
 		}
 	}
 	if q.Get("appurl") == "" {
-		// assuming that an view action is always available in the /hosting/discovery manifest
+		// assuming that a view action is always available in the /hosting/discovery manifest
 		// eg. Collabora does support viewing jpgs but no editing
 		// eg. OnlyOffice does support viewing pdfs but no editing
 		// there is no known case of supporting edit only without view
@@ -327,6 +327,7 @@ func getAppURLs(c *config) (map[string]map[string]string, error) {
 		}
 
 		// register the supported mimetypes in the AppRegistry: this is hardcoded for the time being
+		// TODO(lopresti) move to config
 		switch c.AppName {
 		case "CodiMD":
 			appURLs = getCodimdExtensions(c.AppURL)

diff --git a/pkg/auth/manager/loader/loader.go b/pkg/auth/manager/loader/loader.go
@@ -28,7 +28,6 @@ import (
 	_ "github.com/cs3org/reva/pkg/auth/manager/machine"
 	_ "github.com/cs3org/reva/pkg/auth/manager/nextcloud"
 	_ "github.com/cs3org/reva/pkg/auth/manager/oidc"
-	_ "github.com/cs3org/reva/pkg/auth/manager/oidcmapping"
 	_ "github.com/cs3org/reva/pkg/auth/manager/owncloudsql"
 	_ "github.com/cs3org/reva/pkg/auth/manager/publicshares"
 	// Add your own here