Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add authprovider owncloudsql #2119

Merged
merged 1 commit into from
Nov 1, 2021
Merged

add authprovider owncloudsql #2119

merged 1 commit into from
Nov 1, 2021

Conversation

butonic
Copy link
Contributor

@butonic butonic commented Sep 29, 2021

I added an authprovider that can be configured to authenticate against an owncloud classic mysql database. It verifies the password from the oc_users table. I am using this for my personal migration / parralel setup.

Tested using sqlite and in production using this toml file for reva:

[shared]
jwt_secret = "Pive-Fumkiu4"

[grpc]
address = "0.0.0.0:9999"

[grpc.services.authprovider]
auth_manager = "owncloudsql"

[grpc.services.authprovider.auth_managers.owncloudsql]
dbusername = "owncloud"
dbpassword = "secret"
dbhost = "mysql"
dbport = 3306
dbname = "owncloud"
idp = "https://idp.example.org"
#nobody = 99
#legacy_salt = ""
join_username = true
join_ownclouduuid = false

Then running grpcurl like this:

$ grpcurl -d '{"client_id": "test", "client_secret": "secret"}' -import-path ./cs3apis/ -proto ./cs3apis/cs3/auth/provider/v1beta1/provider_api.proto -plaintext localhost:9999 cs3.auth.provider.v1beta1.ProviderAPI/Authenticate
{
  "status": {
    "code": "CODE_OK",
    "trace": "00000000000000000000000000000000"
  },
  "user": {
    "id": {
      "idp": "https://idp.example.org",
      "opaqueId": "test",
      "type": "USER_TYPE_PRIMARY"
    },
    "mail": "test@example.org",
    "displayName": "test"
  },
  "tokenScope": {
    "user": {
      "resource": {
        "decoder": "json",
        "value": "***redacted***"
      },
      "role": "ROLE_OWNER"
    }
  }
}

I am only using this to test basic auth for some routes that the ocis proxy forwards to reva ... but I'd like to forward auth requests to the gateway, and then I could directly authenticate without having to go throug an ldap proxy.

@butonic butonic requested review from C0rby and refs September 29, 2021 21:20
refs
refs previously approved these changes Sep 30, 2021
View reviewed changes
Copy link
Member

@refs refs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks for the tests!

A few remarks:

  • if the use of queries becomes more prominent we should consider using a query builder

pkg/auth/manager/owncloudsql/owncloudsql.go Show resolved Hide resolved
pkg/auth/manager/owncloudsql/owncloudsql.go Outdated Show resolved Hide resolved
@butonic butonic force-pushed the authprovider-owncloudsql branch 2 times, most recently from e9f8355 to 14faf86 Compare October 1, 2021 11:05
@butonic butonic requested review from refs and C0rby October 1, 2021 11:23
C0rby
C0rby previously approved these changes Oct 1, 2021
View reviewed changes
@labkode
Copy link
Member

labkode commented Oct 26, 2021

@butonic can you add a line to the CODEOWNERS to also track this plugin?

@butonic
add authprovider owncloudsql
2fb3efc 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
Copy link
Contributor Author

butonic commented Nov 1, 2021

@labkode @ishank011 rebased, added CODEOWNERS line, good to merge

@labkode labkode merged commit 867d1e2 into cs3org:master Nov 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labkode labkode labkode approved these changes

@C0rby C0rby C0rby left review comments

@refs refs Awaiting requested review from refs

@ishank011 ishank011 Awaiting requested review from ishank011

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@butonic @labkode @C0rby @refs