From c0888d3ed3641a8298a7012c8c98b19bcbec0f93 Mon Sep 17 00:00:00 2001 From: Eric Schubert Date: Tue, 11 Feb 2025 15:35:29 +0100 Subject: [PATCH] [#60151] use sso strategy only for oidc provider --- .editorconfig | 4 -- .../nextcloud_strategies.rb | 42 ++++++++++++------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/.editorconfig b/.editorconfig index 9b411022ae0..7f864d6081e 100644 --- a/.editorconfig +++ b/.editorconfig @@ -350,10 +350,7 @@ ij_json_spaces_within_brackets = false ij_json_wrap_long_lines = false [{rcov,spec,rake,rails,spork,capfile,gemfile,rakefile,guardfile,isolate,vagrantfile,Puppetfile,*.jbuilder,*.rbw,*.gemspec,*.thor,*.ru,*.rb,*.rake}] -indent_size = 2 -tab_width = 2 trim_trailing_whitespace=true -ij_continuation_indent_size = 2 ij_ruby_align_group_field_declarations = false ij_ruby_align_multiline_parameters = true ij_ruby_blank_lines_around_method = 1 @@ -364,7 +361,6 @@ ij_ruby_indent_protected_methods = false ij_ruby_indent_public_methods = false ij_ruby_indent_when_cases = false ij_ruby_keep_blank_lines_in_declarations = 2 -ij_ruby_keep_indents_on_empty_lines = false ij_ruby_keep_line_breaks = true ij_ruby_parentheses_around_method_arguments = true ij_ruby_spaces_around_hashrocket = true diff --git a/modules/storages/app/common/storages/peripherals/storage_interaction/authentication_strategies/nextcloud_strategies.rb b/modules/storages/app/common/storages/peripherals/storage_interaction/authentication_strategies/nextcloud_strategies.rb index ba325f17f73..4e7e3599db5 100644 --- a/modules/storages/app/common/storages/peripherals/storage_interaction/authentication_strategies/nextcloud_strategies.rb +++ b/modules/storages/app/common/storages/peripherals/storage_interaction/authentication_strategies/nextcloud_strategies.rb @@ -33,27 +33,37 @@ module Storages module StorageInteraction module AuthenticationStrategies module NextcloudStrategies - extend TaggedLogging - UserLess = -> do ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::BasicAuth.strategy end - UserBound = ->(user:, storage:) do - with_tagged_logger do - sso_preferred = storage.audience.present? && user.authentication_provider.present? + class UserBound + class << self + include TaggedLogging - if sso_preferred - ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::SsoUserToken - .strategy - .with_user(user) - elsif storage.oauth_client.present? - ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::OAuthUserToken - .strategy - .with_user(user) - else - error "No user-bound authentication strategy applicable for file storage #{storage.id}." - ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::Failure.strategy + def call(user:, storage:) + with_tagged_logger do + sso_preferred = storage.audience.present? && oidc_provider_for(user) + + if sso_preferred + ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::SsoUserToken + .strategy + .with_user(user) + elsif storage.oauth_client.present? + ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::OAuthUserToken + .strategy + .with_user(user) + else + error "No user-bound authentication strategy applicable for file storage #{storage.id}." + ::Storages::Peripherals::StorageInteraction::AuthenticationStrategies::Failure.strategy + end + end + end + + private + + def oidc_provider_for(user) + user.authentication_provider.is_a?(OpenIDConnect::Provider) end end end