github.com/cs3org/reva/v2@v2.27.7/pkg/auth/manager/impersonator/impersonator.go

github.com/cs3org/reva/v2@v2.27.7/pkg/auth/manager/impersonator/impersonator.go (about)

     1  // Copyright 2018-2021 CERN
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  // In applying this license, CERN does not waive the privileges and immunities
    16  // granted to it by virtue of its status as an Intergovernmental Organization
    17  // or submit itself to any jurisdiction.
    18  
    19  package impersonator
    20  
    21  import (
    22  	"context"
    23  	"strings"
    24  
    25  	authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
    26  	user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
    27  	"github.com/cs3org/reva/v2/pkg/auth"
    28  	"github.com/cs3org/reva/v2/pkg/auth/manager/registry"
    29  	"github.com/cs3org/reva/v2/pkg/auth/scope"
    30  )
    31  
    32  func init() {
    33  	registry.Register("impersonator", New)
    34  }
    35  
    36  type mgr struct{}
    37  
    38  // New returns an auth manager implementation that allows to authenticate with any credentials.
    39  func New(c map[string]interface{}) (auth.Manager, error) {
    40  	return &mgr{}, nil
    41  }
    42  
    43  func (m *mgr) Configure(ml map[string]interface{}) error {
    44  	return nil
    45  }
    46  
    47  func (m *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) (*user.User, map[string]*authpb.Scope, error) {
    48  	// allow passing in uid as <opaqueid>@<idp>
    49  	at := strings.LastIndex(clientID, "@")
    50  	uid := &user.UserId{Type: user.UserType_USER_TYPE_PRIMARY}
    51  	if at < 0 {
    52  		uid.OpaqueId = clientID
    53  	} else {
    54  		uid.OpaqueId = clientID[:at]
    55  		uid.Idp = clientID[at+1:]
    56  	}
    57  
    58  	scope, err := scope.AddOwnerScope(nil)
    59  	if err != nil {
    60  		return nil, nil, err
    61  	}
    62  
    63  	return &user.User{
    64  		Id: uid,
    65  		// not much else to provide
    66  	}, scope, nil
    67  }