From b66e85abd4e852bf86cdbf83bbdee41ee78aac16 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 30 Jan 2023 13:42:02 +0100
Subject: [PATCH 01/44] rewritten new share endpoint according to new ocm specs

---
 internal/http/services/ocmd/ocm.go            |   4 +-
 internal/http/services/ocmd/protocols.go      | 134 +++++++++
 internal/http/services/ocmd/protocols_test.go | 190 +++++++++++++
 internal/http/services/ocmd/shares.go         | 267 ++++++++----------
 4 files changed, 452 insertions(+), 143 deletions(-)
 create mode 100644 internal/http/services/ocmd/protocols.go
 create mode 100644 internal/http/services/ocmd/protocols_test.go

diff --git a/internal/http/services/ocmd/ocm.go b/internal/http/services/ocmd/ocm.go
index 2974320a0e4..829a9126299 100644
--- a/internal/http/services/ocmd/ocm.go
+++ b/internal/http/services/ocmd/ocm.go
@@ -85,7 +85,9 @@ func (s *svc) routerInit() error {
 	invitesHandler := new(invitesHandler)
 
 	configHandler.init(s.Conf)
-	sharesHandler.init(s.Conf)
+	if err := sharesHandler.init(s.Conf); err != nil {
+		return err
+	}
 	notificationsHandler.init(s.Conf)
 	if err := invitesHandler.init(s.Conf); err != nil {
 		return err
diff --git a/internal/http/services/ocmd/protocols.go b/internal/http/services/ocmd/protocols.go
new file mode 100644
index 00000000000..5bf7a38aa1f
--- /dev/null
+++ b/internal/http/services/ocmd/protocols.go
@@ -0,0 +1,134 @@
+package ocmd
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
+
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+)
+
+type Protocols []Protocol
+
+type Protocol interface {
+	ToOCMProtocol() *ocm.Protocol
+}
+
+// protocols supported by the OCM API
+
+// WebDAV contains the parameters for the WebDAV protocol.
+type WebDAV struct {
+	SharedSecret string   `json:"sharedSecret" validate:"required"`
+	Permissions  []string `json:"permissions" validate:"required,dive,required,oneof=read write share"`
+	URL          string   `json:"url" validate:"required"`
+}
+
+func (w *WebDAV) ToOCMProtocol() *ocm.Protocol {
+	perms := &ocm.SharePermissions{
+		Permissions: &providerv1beta1.ResourcePermissions{},
+	}
+	for _, p := range w.Permissions {
+		switch p {
+		case "read":
+			perms.Permissions.GetPath = true
+			perms.Permissions.InitiateFileDownload = true
+			perms.Permissions.ListContainer = true
+			perms.Permissions.Stat = true
+		case "write":
+			perms.Permissions.InitiateFileUpload = true
+		case "share":
+			perms.Reshare = true
+		}
+	}
+
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_WebdapOptions{
+			WebdapOptions: &ocm.WebDAVProtocol{
+				SharedSecret: w.SharedSecret,
+				Uri:          w.URL,
+				Permissions:  perms,
+			},
+		},
+	}
+}
+
+// Webapp contains the parameters for the Webapp protocol.
+type Webapp struct {
+	URITemplate string `json:"uriTemplate" validate:"required"`
+}
+
+func (w *Webapp) ToOCMProtocol() *ocm.Protocol {
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_WebappOptions{
+			WebappOptions: &ocm.WebappProtocol{
+				UriTemplate: w.URITemplate,
+			},
+		},
+	}
+}
+
+// Datatx contains the parameters for the Datatx protocol.
+type Datatx struct {
+	SharedSecret string `json:"sharedSecret" validate:"required"`
+	SourceURI    string `json:"srcUri" validate:"required"`
+	Size         uint64 `json:"size" validate:"required"`
+}
+
+func (w *Datatx) ToOCMProtocol() *ocm.Protocol {
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_DatatxOprions{
+			DatatxOprions: &ocm.DatatxProtocol{
+				SharedSecret: w.SharedSecret,
+				SourceUri:    w.SourceURI,
+				Size:         w.Size,
+			},
+		},
+	}
+}
+
+var protocolImpl = map[string]reflect.Type{
+	"webdav": reflect.TypeOf(WebDAV{}),
+	"webapp": reflect.TypeOf(Webapp{}),
+	"datatx": reflect.TypeOf(Datatx{}),
+}
+
+func (p *Protocols) UnmarshalJSON(data []byte) error {
+	var prot map[string]json.RawMessage
+	if err := json.Unmarshal(data, &prot); err != nil {
+		return err
+	}
+
+	*p = []Protocol{}
+
+	for name, d := range prot {
+		var res Protocol
+		ctype, ok := protocolImpl[name]
+		if !ok {
+			return fmt.Errorf("protocol %s not recognised", name)
+		}
+
+		res = reflect.New(ctype).Interface().(Protocol)
+		if err := json.Unmarshal(d, &res); err != nil {
+			return err
+		}
+
+		*p = append(*p, res)
+	}
+	return nil
+}
+
+func (p Protocols) MarshalJSON() ([]byte, error) {
+	d := make(map[string]Protocol)
+	for _, prot := range p {
+		d[getProtocolName(prot)] = prot
+	}
+	return json.Marshal(d)
+}
+
+func getProtocolName(p Protocol) string {
+	n := reflect.TypeOf(p).String()
+	s := strings.Split(n, ".")
+	return strings.ToLower(s[len(s)-1])
+}
diff --git a/internal/http/services/ocmd/protocols_test.go b/internal/http/services/ocmd/protocols_test.go
new file mode 100644
index 00000000000..f397bb9fd48
--- /dev/null
+++ b/internal/http/services/ocmd/protocols_test.go
@@ -0,0 +1,190 @@
+package ocmd
+
+import (
+	"encoding/json"
+	"reflect"
+	"testing"
+
+	"github.com/gdexlab/go-render/render"
+)
+
+func TestUnmarshalProtocol(t *testing.T) {
+	tests := []struct {
+		raw      string
+		expected Protocols
+		err      string
+	}{
+		{
+			raw:      "{}",
+			expected: []Protocol{},
+		},
+		{
+			raw: `{"webdav":{"sharedSecret":"secret","permissions":["read","write"],"url":"http://example.org"}}`,
+			expected: []Protocol{
+				&WebDAV{
+					SharedSecret: "secret",
+					Permissions:  []string{"read", "write"},
+					URL:          "http://example.org",
+				},
+			},
+		},
+		{
+			raw: `{"webapp":{"uriTemplate":"http://example.org/{test}"}}`,
+			expected: []Protocol{
+				&Webapp{
+					URITemplate: "http://example.org/{test}",
+				},
+			},
+		},
+		{
+			raw: `{"datatx":{"sharedSecret":"secret","srcUri":"http://example.org","size":10}}`,
+			expected: []Protocol{
+				&Datatx{
+					SharedSecret: "secret",
+					SourceURI:    "http://example.org",
+					Size:         10,
+				},
+			},
+		},
+		{
+			raw: `{"webdav":{"sharedSecret":"secret","permissions":["read","write"],"url":"http://example.org"},"webapp":{"uriTemplate":"http://example.org/{test}"},"datatx":{"sharedSecret":"secret","srcUri":"http://example.org","size":10}}`,
+			expected: []Protocol{
+				&WebDAV{
+					SharedSecret: "secret",
+					Permissions:  []string{"read", "write"},
+					URL:          "http://example.org",
+				},
+				&Webapp{
+					URITemplate: "http://example.org/{test}",
+				},
+				&Datatx{
+					SharedSecret: "secret",
+					SourceURI:    "http://example.org",
+					Size:         10,
+				},
+			},
+		},
+		{
+			raw: `{"not_existing":{}}`,
+			err: "protocol not_existing not recognised",
+		},
+	}
+
+	for _, tt := range tests {
+		var got Protocols
+		err := json.Unmarshal([]byte(tt.raw), &got)
+		if err != nil && err.Error() != tt.err {
+			t.Fatalf("not expected error. got=%+v expected=%+v", err, tt.err)
+		}
+
+		if tt.err == "" {
+			if !reflect.DeepEqual(got, tt.expected) {
+				t.Fatalf("result does not match with expected. got=%+v expected=%+v", render.AsCode(got), render.AsCode(tt.expected))
+			}
+		}
+	}
+}
+
+func TestMarshalProtocol(t *testing.T) {
+	tests := []struct {
+		in       Protocols
+		expected map[string]map[string]any
+	}{
+		{
+			in:       []Protocol{},
+			expected: map[string]map[string]any{},
+		},
+		{
+			in: []Protocol{
+				&WebDAV{
+					SharedSecret: "secret",
+					Permissions:  []string{"read"},
+					URL:          "http://example.org",
+				},
+			},
+			expected: map[string]map[string]any{
+				"webdav": {
+					"sharedSecret": "secret",
+					"permissions":  []any{"read"},
+					"url":          "http://example.org",
+				},
+			},
+		},
+		{
+			in: []Protocol{
+				&Webapp{
+					URITemplate: "http://example.org",
+				},
+			},
+			expected: map[string]map[string]any{
+				"webapp": {
+					"uriTemplate": "http://example.org",
+				},
+			},
+		},
+		{
+			in: []Protocol{
+				&Datatx{
+					SharedSecret: "secret",
+					SourceURI:    "http://example.org/source",
+					Size:         10,
+				},
+			},
+			expected: map[string]map[string]any{
+				"datatx": {
+					"sharedSecret": "secret",
+					"srcUri":       "http://example.org/source",
+					"size":         float64(10),
+				},
+			},
+		},
+		{
+			in: []Protocol{
+				&WebDAV{
+					SharedSecret: "secret",
+					Permissions:  []string{"read"},
+					URL:          "http://example.org",
+				},
+				&Webapp{
+					URITemplate: "http://example.org",
+				},
+				&Datatx{
+					SharedSecret: "secret",
+					SourceURI:    "http://example.org/source",
+					Size:         10,
+				},
+			},
+			expected: map[string]map[string]any{
+				"webdav": {
+					"sharedSecret": "secret",
+					"permissions":  []any{"read"},
+					"url":          "http://example.org",
+				},
+				"webapp": {
+					"uriTemplate": "http://example.org",
+				},
+				"datatx": {
+					"sharedSecret": "secret",
+					"srcUri":       "http://example.org/source",
+					"size":         float64(10),
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		d, err := json.Marshal(tt.in)
+		if err != nil {
+			t.Fatal("not expected error", err)
+		}
+
+		var got map[string]map[string]any
+		if err := json.Unmarshal(d, &got); err != nil {
+			t.Fatal("not expected error", err)
+		}
+
+		if !reflect.DeepEqual(tt.expected, got) {
+			t.Fatalf("result does not match with expected. got=%+v expected=%+v", render.AsCode(got), render.AsCode(tt.expected))
+		}
+	}
+}
diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index a4dbd9699b0..153040501e1 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -22,89 +22,68 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"math"
 	"mime"
 	"net/http"
-	"reflect"
 	"strings"
-	"time"
+
+	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
+	providerpb "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	ocmcore "github.com/cs3org/go-cs3apis/cs3/ocm/core/v1beta1"
 	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
 	"github.com/cs3org/reva/internal/http/services/reqres"
-	"github.com/cs3org/reva/pkg/appctx"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
 	"github.com/cs3org/reva/pkg/utils"
+	"github.com/go-playground/validator/v10"
 )
 
+var validate = validator.New()
+
 type sharesHandler struct {
-	gatewayAddr string
+	gatewayClient gateway.GatewayAPIClient
+}
+
+func (h *sharesHandler) init(c *config) error {
+	var err error
+	h.gatewayClient, err = pool.GetGatewayServiceClient(pool.Endpoint(c.GatewaySvc))
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
-func (h *sharesHandler) init(c *config) {
-	h.gatewayAddr = c.GatewaySvc
+type createShareRequest struct {
+	ShareWith         string    `json:"shareWith" validate:"required"`                  // identifier of the recipient of the share
+	Name              string    `json:"name" validate:"required"`                       // name of the resource
+	Description       string    `json:"description"`                                    // (optional) description of the resource
+	ResourceID        string    `json:"resourceId" validate:"required"`                 // unique identifier of the resource at provider side
+	Owner             string    `json:"owner" validate:"required"`                      // unique identifier of the owner at provider side
+	Sender            string    `json:"sender" validate:"required"`                     // unique indentifier of the user who wants to share the resource at provider side
+	OwnerDisplayName  string    `json:"ownerDisplayName"`                               // display name of the owner of the resource
+	SenderDisplayName string    `json:"senderDisplayName"`                              // dispay name of the user who wants to share the resource
+	ShareType         string    `json:"shareType" validate:"required,oneof=user group"` // recipient share type (user or group)
+	ResourceType      string    `json:"resourceType" validate:"required,oneof=file folder"`
+	Protocols         Protocols `json:"protocols" validate:"required"`
 }
 
 // CreateShare sends all the informations to the consumer needed to start
 // synchronization between the two services.
 func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	log := appctx.GetLogger(ctx)
-	contentType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
-	var shareWith, meshProvider, resource, providerID, owner string
-	var protocol map[string]interface{}
-	if err == nil && contentType == "application/json" {
-		defer r.Body.Close()
-		reqBody, err := io.ReadAll(r.Body)
-		if err == nil {
-			reqMap := make(map[string]interface{})
-			err = json.Unmarshal(reqBody, &reqMap)
-			if err == nil {
-				meshProvider = reqMap["meshProvider"].(string) // FIXME: get this from sharedBy string?
-				shareWith, protocol = reqMap["shareWith"].(string), reqMap["protocol"].(map[string]interface{})
-				resource, owner = reqMap["name"].(string), reqMap["owner"].(string)
-				// Note that if an OCM request were to go directly from a Nextcloud server
-				// to a Reva server, it will (incorrectly) sends an integer provider_id instead a string one.
-				// This doesn't happen when using the sciencemesh-nextcloud app, but in order to make the OCM
-				// test suite pass, this code works around that:
-				if reflect.ValueOf(reqMap["providerId"]).Kind() == reflect.Float64 {
-					providerID = fmt.Sprintf("%d", int(math.Round(reqMap["providerId"].(float64))))
-				} else {
-					providerID = reqMap["providerId"].(string)
-				}
-			} else {
-				reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "could not parse json request body", nil)
-			}
-		}
-	} else {
-		var protocolJSON string
-		shareWith, protocolJSON, meshProvider = r.FormValue("shareWith"), r.FormValue("protocol"), r.FormValue("meshProvider")
-		resource, providerID, owner = r.FormValue("name"), r.FormValue("providerId"), r.FormValue("owner")
-		err = json.Unmarshal([]byte(protocolJSON), &protocol)
-		if err != nil {
-			reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "invalid protocol parameters", nil)
-		}
-	}
 
-	if resource == "" || providerID == "" || owner == "" {
-		msg := fmt.Sprintf("missing details about resource to be shared (resource='%s', providerID='%s', owner='%s", resource, providerID, owner)
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, msg, nil)
-		return
-	}
-	if shareWith == "" || protocol["name"] == "" || meshProvider == "" {
-		msg := fmt.Sprintf("missing request parameters (shareWith='%s', protocol.name='%s', meshProvider='%s'", shareWith, protocol["name"], meshProvider)
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, msg, nil)
+	req, err := getCreateShareRequest(r)
+	if err != nil {
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
 	}
 
-	gatewayClient, err := pool.GetGatewayServiceClient(pool.Endpoint(h.gatewayAddr))
+	_, meshProvider, err := getIdAndMeshProvider(req.Sender)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error getting storage grpc client", err)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
 	}
 
@@ -122,7 +101,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	providerAllowedResp, err := gatewayClient.IsProviderAllowed(ctx, &ocmprovider.IsProviderAllowedRequest{
+	providerAllowedResp, err := h.gatewayClient.IsProviderAllowed(ctx, &ocmprovider.IsProviderAllowedRequest{
 		Provider: &providerInfo,
 	})
 	if err != nil {
@@ -134,9 +113,14 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var shareWithParts = strings.Split(shareWith, "@")
-	userRes, err := gatewayClient.GetUser(ctx, &userpb.GetUserRequest{
-		UserId: &userpb.UserId{OpaqueId: shareWithParts[0]}, SkipFetchingUserGroups: true,
+	shareWith, _, err := getIdAndMeshProvider(req.ShareWith)
+	if err != nil {
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
+		return
+	}
+
+	userRes, err := h.gatewayClient.GetUser(ctx, &userpb.GetUserRequest{
+		UserId: &userpb.UserId{OpaqueId: shareWith}, SkipFetchingUserGroups: true,
 	})
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorServerError, "error searching recipient", err)
@@ -147,105 +131,104 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var permissions conversions.Permissions
-	var token string
-	options, ok := protocol["options"].(map[string]interface{})
-	if !ok {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "protocol: webdav token not provided", nil)
+	owner, err := getUserIDFromOCMUser(req.Owner)
+	if err != nil {
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
 	}
 
-	token, ok = options["sharedSecret"].(string)
-	if !ok {
-		token, ok = options["token"].(string)
-		if !ok {
-			reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "protocol: webdav token not provided", nil)
-			return
-		}
-	}
-	var role *conversions.Role
-	pval, ok := options["permissions"].(int)
-	if !ok {
-		role = conversions.NewViewerRole()
-	} else {
-		permissions, err = conversions.NewPermissions(pval)
-		if err != nil {
-			reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
-			return
-		}
-		role = conversions.RoleFromOCSPermissions(permissions)
-	}
-
-	val, err := json.Marshal(role.CS3ResourcePermissions())
+	sender, err := getUserIDFromOCMUser(req.Sender)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "could not encode role", nil)
+		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
 	}
 
-	ownerParts := strings.Split(owner, "@")
-	if len(ownerParts) != 2 {
-		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, "owner should be opaqueId@webDAVHost", nil)
-	}
-	ownerID := &userpb.UserId{
-		OpaqueId: ownerParts[0],
-		Idp:      ownerParts[1],
-		Type:     userpb.UserType_USER_TYPE_PRIMARY,
-	}
-	createShareReq := &ocmcore.CreateOCMCoreShareRequest{
-		Name:       resource,
-		ProviderId: providerID,
-		Owner:      ownerID,
-		ShareWith:  userRes.User.GetId(),
-		Protocol: &ocmcore.Protocol{
-			Name: protocol["name"].(string),
-			Opaque: &types.Opaque{
-				Map: map[string]*types.OpaqueEntry{
-					"permissions": {
-						Decoder: "json",
-						Value:   val,
-					},
-					"token": {
-						Decoder: "plain",
-						Value:   []byte(token),
-					},
-				},
-			},
-		},
-	}
-	createShareResponse, err := gatewayClient.CreateOCMCoreShare(ctx, createShareReq)
+	createShareResp, err := h.gatewayClient.CreateOCMCoreShare(ctx, &ocmcore.CreateOCMCoreShareRequest{
+		Description:  req.Description,
+		Name:         req.Name,
+		ResourceId:   req.ResourceID,
+		Owner:        owner,
+		Sender:       sender,
+		ShareWith:    userRes.User.Id,
+		ResourceType: getResourceTypeFromOCMRequest(req.ResourceType),
+		ShareType:    getOCMShareType(req.ShareType),
+		Protocols:    getProtocols(req.Protocols),
+	})
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error sending a grpc create ocm core share request", err)
-		return
-	}
-	if createShareResponse.Status.Code != rpc.Code_CODE_OK {
-		if createShareResponse.Status.Code == rpc.Code_CODE_NOT_FOUND {
-			reqres.WriteError(w, r, reqres.APIErrorNotFound, "not found", nil)
-			return
-		}
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "grpc create ocm core share request failed", errors.New(createShareResponse.Status.Message))
+		reqres.WriteError(w, r, reqres.APIErrorServerError, "error creating ocm share", err)
 		return
 	}
 
-	timeCreated := createShareResponse.Created
-	jsonOut, err := json.Marshal(
-		map[string]string{
-			"id":        createShareResponse.Id,
-			"createdAt": time.Unix(int64(timeCreated.Seconds), int64(timeCreated.Nanos)).String(),
-		},
-	)
-	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error marshalling share data", err)
+	if userRes.Status.Code != rpc.Code_CODE_OK {
+		// TODO: define errors in the cs3apis
+		reqres.WriteError(w, r, reqres.APIErrorServerError, "error creating ocm share", errors.New(createShareResp.Status.Message))
 		return
 	}
 
 	w.WriteHeader(http.StatusCreated)
-	w.Header().Set("Content-Type", "application/json")
+}
 
-	_, err = w.Write(jsonOut)
+func getUserIDFromOCMUser(user string) (*userpb.UserId, error) {
+	id, idp, err := getIdAndMeshProvider(user)
 	if err != nil {
-		reqres.WriteError(w, r, reqres.APIErrorServerError, "error writing shares data", err)
-		return
+		return nil, err
+	}
+	return &userpb.UserId{
+		OpaqueId: id,
+		Idp:      idp,
+		// the remote user is a federated account for the local reva
+		Type: userpb.UserType_USER_TYPE_FEDERATED,
+	}, nil
+}
+
+func getIdAndMeshProvider(user string) (string, string, error) {
+	// the user is in the form of dimitri@apiwise.nl
+	split := strings.Split(user, "@")
+	if len(split) < 2 {
+		return "", "", errors.New("not in the form <id>@<provider>")
+	}
+	return strings.Join(split[:len(split)-1], "@"), split[len(split)-1], nil
+}
+
+func getCreateShareRequest(r *http.Request) (*createShareRequest, error) {
+	var req createShareRequest
+	contentType, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err == nil && contentType == "application/json" {
+		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+			return nil, err
+		}
+	} else {
+		return nil, errors.New("body request not recognised")
+	}
+	// validate the request
+	if err := validate.Struct(req); err != nil {
+		return nil, err
+	}
+	return &req, nil
+}
+
+func getResourceTypeFromOCMRequest(t string) providerpb.ResourceType {
+	switch t {
+	case "file":
+		return providerpb.ResourceType_RESOURCE_TYPE_FILE
+	case "folder":
+		return providerpb.ResourceType_RESOURCE_TYPE_CONTAINER
+	default:
+		return providerpb.ResourceType_RESOURCE_TYPE_INVALID
 	}
+}
 
-	log.Info().Msg("Share created.")
+func getOCMShareType(t string) ocm.ShareType {
+	if t == "user" {
+		return ocm.ShareType_SHARE_TYPE_USER
+	}
+	return ocm.ShareType_SHARE_TYPE_GROUP
+}
+
+func getProtocols(p Protocols) []*ocm.Protocol {
+	var prot []*ocm.Protocol
+	for _, data := range p {
+		prot = append(prot, data.ToOCMProtocol())
+	}
+	return prot
 }

From 0802220815ac21a386af80a8aa332de696ccd463 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 30 Jan 2023 13:44:01 +0100
Subject: [PATCH 02/44] add go validator dependency

---
 go.mod | 5 +++++
 go.sum | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/go.mod b/go.mod
index ae5ee497ef0..1a5064e0065 100644
--- a/go.mod
+++ b/go.mod
@@ -94,6 +94,9 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/errors v0.20.2 // indirect
 	github.com/go-openapi/strfmt v0.21.2 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.11.2 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
@@ -109,6 +112,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.15.11 // indirect
 	github.com/klauspost/cpuid/v2 v2.1.0 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
@@ -163,6 +167,7 @@ require (
 go 1.19
 
 replace (
+	github.com/cs3org/go-cs3apis => /home/gianmaria/Documents/CERN/go-cs3apis
 	github.com/eventials/go-tus => github.com/andrewmostello/go-tus v0.0.0-20200314041820-904a9904af9a
 	github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1
 )
diff --git a/go.sum b/go.sum
index ac5ce943f2e..32d4914ac5a 100644
--- a/go.sum
+++ b/go.sum
@@ -397,8 +397,14 @@ github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/e
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
+github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
 github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@@ -687,6 +693,8 @@ github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c
 github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g=
 github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk=
 github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/linode/linodego v0.25.3/go.mod h1:GSBKPpjoQfxEfryoCRcgkuUOCuVtGHWhzI8OMdycNTE=

From f46b0c4f3657a47c17ee587c1ec2c20f3f0093dd Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 30 Jan 2023 15:44:12 +0100
Subject: [PATCH 03/44] add new share to ocm client

---
 pkg/ocm/client/client.go | 73 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/pkg/ocm/client/client.go b/pkg/ocm/client/client.go
index fa6214a8350..2d861d12cbd 100644
--- a/pkg/ocm/client/client.go
+++ b/pkg/ocm/client/client.go
@@ -27,6 +27,7 @@ import (
 	"net/url"
 	"time"
 
+	"github.com/cs3org/reva/internal/http/services/ocmd"
 	"github.com/cs3org/reva/pkg/errtypes"
 	"github.com/cs3org/reva/pkg/rhttp"
 	"github.com/pkg/errors"
@@ -48,6 +49,10 @@ var ErrUserAlreadyAccepted = errors.New("user already accepted an invitation tok
 // endpoint when the request is done using a not existing token.
 var ErrTokenNotFound = errors.New("token not found")
 
+// ErrInvalidParameters is the error returned by the shares endpoint
+// when the request does not contain required properties.
+var ErrInvalidParameters = errors.New("invalid parameters")
+
 // OCMClient is the client for an OCM provider.
 type OCMClient struct {
 	client *http.Client
@@ -147,3 +152,71 @@ func (c *OCMClient) parseInviteAcceptedResponse(r *http.Response) (*User, error)
 	}
 	return nil, errtypes.InternalError(string(body))
 }
+
+// NewShareRequest contains the parameters for creating a new OCM share.
+type NewShareRequest struct {
+	ShareWith         string         `json:"shareWith"`
+	Name              string         `json:"name"`
+	Description       string         `json:"description"`
+	ResourceID        string         `json:"resourceId"`
+	Owner             string         `json:"owner"`
+	Sender            string         `json:"sender"`
+	OwnerDisplayName  string         `json:"ownerDisplayName"`
+	SenderDisplayName string         `json:"senderDisplayName"`
+	ShareType         string         `json:"shareType"`
+	ResourceType      string         `json:"resourceType"`
+	Protocols         ocmd.Protocols `json:"protocols"`
+}
+
+func (r *NewShareRequest) toJSON() (io.Reader, error) {
+	var b bytes.Buffer
+	if err := json.NewEncoder(&b).Encode(r); err != nil {
+		return nil, err
+	}
+	return &b, nil
+}
+
+// NewShare creates a new share.
+// https://github.com/cs3org/OCM-API/blob/223285aa4d828ed85c361c7382efd08c42b5e719/spec.yaml
+func (c *OCMClient) NewShare(ctx context.Context, endpoint string, r *NewShareRequest) error {
+	url, err := url.JoinPath(endpoint, "shares")
+	if err != nil {
+		return err
+	}
+
+	body, err := r.toJSON()
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, body)
+	if err != nil {
+		return errors.Wrap(err, "error creating request")
+	}
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return errors.Wrap(err, "error doing request")
+	}
+	defer resp.Body.Close()
+
+	return c.parseNewShareError(resp)
+}
+
+func (c *OCMClient) parseNewShareError(r *http.Response) error {
+	switch r.StatusCode {
+	case http.StatusOK, http.StatusCreated:
+		return nil
+	case http.StatusBadRequest:
+		return ErrInvalidParameters
+	case http.StatusUnauthorized, http.StatusForbidden:
+		return ErrServiceNotTrusted
+	}
+
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		return errors.Wrap(err, "error decoding response body")
+	}
+	return errtypes.InternalError(string(body))
+}

From 8eb474be853673deb9b4d6bbb1bcb14f91435f32 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 30 Jan 2023 15:44:25 +0100
Subject: [PATCH 04/44] defined ocm repository

---
 pkg/ocm/share/share.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/pkg/ocm/share/share.go b/pkg/ocm/share/share.go
index 1ced096455a..4ab05bb639c 100644
--- a/pkg/ocm/share/share.go
+++ b/pkg/ocm/share/share.go
@@ -57,6 +57,34 @@ type Manager interface {
 	UpdateReceivedShare(ctx context.Context, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
 }
 
+// Repository is the interface that manipulates the OCM shares repositories.
+type Repository interface {
+	// StoreShare stores a share.
+	StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error)
+
+	// GetShare gets the information for a share by the given ref.
+	GetShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.Share, error)
+
+	// DeleteShare deletes the share pointed by ref.
+	DeleteShare(ctx context.Context, ref *ocm.ShareReference) error
+
+	// UpdateShare updates the mode of the given share.
+	UpdateShare(ctx context.Context, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
+
+	// ListShares returns the shares created by the user. If md is provided is not nil,
+	// it returns only shares attached to the given resource.
+	ListShares(ctx context.Context, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
+
+	// ListReceivedShares returns the list of shares the user has access.
+	ListReceivedShares(ctx context.Context) ([]*ocm.ReceivedShare, error)
+
+	// GetReceivedShare returns the information for a received share the user has access.
+	GetReceivedShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
+
+	// UpdateReceivedShare updates the received share with share state.
+	UpdateReceivedShare(ctx context.Context, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
+}
+
 // ResourceIDFilter is an abstraction for creating filter by resource id.
 func ResourceIDFilter(id *provider.ResourceId) *ocm.ListOCMSharesRequest_Filter {
 	return &ocm.ListOCMSharesRequest_Filter{

From ddfe37eea368ece37cc03cf2ee4b7599e9e5ff8b Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 1 Feb 2023 14:33:52 +0100
Subject: [PATCH 05/44] rewrote ocm core

---
 internal/grpc/services/ocmcore/ocmcore.go     | 109 +---
 pkg/ocm/share/repository/json/json.go         | 538 ++++++++++++++++++
 pkg/ocm/share/repository/loader/loader.go     |  26 +
 pkg/ocm/share/repository/registry/registry.go |  34 ++
 pkg/ocm/share/share.go                        |  51 +-
 5 files changed, 636 insertions(+), 122 deletions(-)
 create mode 100644 pkg/ocm/share/repository/json/json.go
 create mode 100644 pkg/ocm/share/repository/loader/loader.go
 create mode 100644 pkg/ocm/share/repository/registry/registry.go

diff --git a/internal/grpc/services/ocmcore/ocmcore.go b/internal/grpc/services/ocmcore/ocmcore.go
index adc960cf199..c7521b6c51c 100644
--- a/internal/grpc/services/ocmcore/ocmcore.go
+++ b/internal/grpc/services/ocmcore/ocmcore.go
@@ -20,16 +20,14 @@ package ocmcore
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 
 	ocmcore "github.com/cs3org/go-cs3apis/cs3/ocm/core/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
-	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
+	providerpb "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/cs3org/reva/pkg/errtypes"
 	"github.com/cs3org/reva/pkg/ocm/share"
-	"github.com/cs3org/reva/pkg/ocm/share/manager/registry"
+	"github.com/cs3org/reva/pkg/ocm/share/repository/registry"
 	"github.com/cs3org/reva/pkg/rgrpc"
 	"github.com/cs3org/reva/pkg/rgrpc/status"
 	"github.com/mitchellh/mapstructure"
@@ -48,7 +46,7 @@ type config struct {
 
 type service struct {
 	conf *config
-	sm   share.Manager
+	repo share.Repository
 }
 
 func (c *config) init() {
@@ -61,7 +59,7 @@ func (s *service) Register(ss *grpc.Server) {
 	ocmcore.RegisterOcmCoreAPIServer(ss, s)
 }
 
-func getShareManager(c *config) (share.Manager, error) {
+func getShareRepository(c *config) (share.Repository, error) {
 	if f, ok := registry.NewFuncs[c.Driver]; ok {
 		return f(c.Drivers[c.Driver])
 	}
@@ -85,14 +83,14 @@ func New(m map[string]interface{}, ss *grpc.Server) (rgrpc.Service, error) {
 	}
 	c.init()
 
-	sm, err := getShareManager(c)
+	repo, err := getShareRepository(c)
 	if err != nil {
 		return nil, err
 	}
 
 	service := &service{
 		conf: c,
-		sm:   sm,
+		repo: repo,
 	}
 
 	return service, nil
@@ -108,91 +106,36 @@ func (s *service) UnprotectedEndpoints() []string {
 
 // CreateOCMCoreShare is called when an OCM request comes into this reva instance from.
 func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCMCoreShareRequest) (*ocmcore.CreateOCMCoreShareResponse, error) {
-	resource := &provider.ResourceId{
-		StorageId: "remote",
-		OpaqueId:  req.Name,
+	if req.ShareType != ocm.ShareType_SHARE_TYPE_USER {
+		return nil, errtypes.NotSupported("share type not supported")
 	}
 
-	var resourcePermissions *provider.ResourcePermissions
-	permOpaque, ok := req.Protocol.Opaque.Map["permissions"]
-	if !ok {
-		return &ocmcore.CreateOCMCoreShareResponse{
-			Status: status.NewInternal(ctx, errtypes.BadRequest("resource permissions not set"), ""),
-		}, nil
-	}
-	switch permOpaque.Decoder {
-	case "json":
-		err := json.Unmarshal(permOpaque.Value, &resourcePermissions)
-		if err != nil {
-			return &ocmcore.CreateOCMCoreShareResponse{
-				Status: status.NewInternal(ctx, err, "error decoding resource permissions"),
-			}, nil
-		}
-	default:
-		err := errtypes.NotSupported("opaque entry decoder not recognized")
-		return &ocmcore.CreateOCMCoreShareResponse{
-			Status: status.NewInternal(ctx, err, "invalid opaque entry decoder"),
-		}, nil
-	}
-
-	var token string
-	tokenOpaque, ok := req.Protocol.Opaque.Map["token"]
-	if !ok {
-		return &ocmcore.CreateOCMCoreShareResponse{
-			Status: status.NewInternal(ctx, errtypes.PermissionDenied("token not set"), ""),
-		}, nil
-	}
-	switch tokenOpaque.Decoder {
-	case "plain":
-		token = string(tokenOpaque.Value)
-	default:
-		err := errtypes.NotSupported("opaque entry decoder not recognized: " + tokenOpaque.Decoder)
-		return &ocmcore.CreateOCMCoreShareResponse{
-			Status: status.NewInternal(ctx, err, "invalid opaque entry decoder"),
-		}, nil
-	}
-
-	grant := &ocm.ShareGrant{
-		Grantee: &provider.Grantee{
-			Type: provider.GranteeType_GRANTEE_TYPE_USER,
-			// For now, we only support user shares.
-			// TODO (ishank011): To be updated once this is decided.
-			Id: &provider.Grantee_UserId{UserId: req.ShareWith},
-			// passing this in grant.Grantee.Opaque because ShareGrant itself doesn't have a root opaque.
-			Opaque: &typespb.Opaque{
-				Map: map[string]*typespb.OpaqueEntry{
-					"remoteShareId": {
-						Decoder: "plain",
-						Value:   []byte(req.ProviderId),
-					},
-				},
-			},
+	share, err := s.repo.StoreReceivedShare(ctx, &ocm.ReceivedShare{
+		ResourceId: &providerpb.ResourceId{
+			OpaqueId: req.ResourceId,
 		},
-		Permissions: &ocm.SharePermissions{
-			Permissions: resourcePermissions,
+		Name: req.Name,
+		Grantee: &providerpb.Grantee{
+			Type: providerpb.GranteeType_GRANTEE_TYPE_USER,
+			Id: &providerpb.Grantee_UserId{
+				UserId: req.ShareWith,
+			},
 		},
-	}
-
-	var shareType ocm.Share_ShareType
-	switch req.Protocol.Name {
-	case "datatx":
-		shareType = ocm.Share_SHARE_TYPE_TRANSFER
-	default:
-		shareType = ocm.Share_SHARE_TYPE_REGULAR
-	}
-
-	share, err := s.sm.Share(ctx, resource, grant, req.Name, nil, "", req.Owner, token, shareType)
-
+		Owner:     req.Owner,
+		Creator:   req.Sender,
+		Protocols: req.Protocols,
+		State:     ocm.ShareState_SHARE_STATE_PENDING,
+	})
 	if err != nil {
+		// TODO: identify errors
 		return &ocmcore.CreateOCMCoreShareResponse{
-			Status: status.NewInternal(ctx, err, "error creating ocm core share"),
+			Status: status.NewInternal(ctx, err, err.Error()),
 		}, nil
 	}
 
-	res := &ocmcore.CreateOCMCoreShareResponse{
+	return &ocmcore.CreateOCMCoreShareResponse{
 		Status:  status.NewOK(ctx),
 		Id:      share.Id.OpaqueId,
 		Created: share.Ctime,
-	}
-	return res, nil
+	}, nil
 }
diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
new file mode 100644
index 00000000000..57c15cc95d1
--- /dev/null
+++ b/pkg/ocm/share/repository/json/json.go
@@ -0,0 +1,538 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package json
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"sync"
+	"time"
+
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
+	"github.com/cs3org/reva/pkg/errtypes"
+	"github.com/cs3org/reva/pkg/ocm/share"
+	"github.com/cs3org/reva/pkg/ocm/share/repository/registry"
+	"github.com/cs3org/reva/pkg/utils"
+	"github.com/google/uuid"
+	"github.com/mitchellh/mapstructure"
+	"github.com/pkg/errors"
+	"google.golang.org/genproto/protobuf/field_mask"
+)
+
+func init() {
+	registry.Register("json", New)
+}
+
+// New returns a new authorizer object.
+func New(m map[string]interface{}) (share.Repository, error) {
+	c, err := parseConfig(m)
+	if err != nil {
+		err = errors.Wrap(err, "error creating a new manager")
+		return nil, err
+	}
+	c.init()
+
+	// load or create file
+	model, err := loadOrCreate(c.File)
+	if err != nil {
+		err = errors.Wrap(err, "error loading the file containing the shares")
+		return nil, err
+	}
+
+	mgr := &mgr{
+		c:     c,
+		model: model,
+	}
+
+	return mgr, nil
+}
+
+func loadOrCreate(file string) (*shareModel, error) {
+	_, err := os.Stat(file)
+	if os.IsNotExist(err) {
+		if err := os.WriteFile(file, []byte("{}"), 0700); err != nil {
+			return nil, errors.Wrap(err, "error creating the file: "+file)
+		}
+	}
+
+	f, err := os.OpenFile(file, os.O_RDONLY, 0644)
+	if err != nil {
+		err = errors.Wrap(err, "error opening the file: "+file)
+		return nil, err
+	}
+	defer f.Close()
+
+	var m shareModel
+	if err := json.NewDecoder(f).Decode(&m); err != nil {
+		return nil, errors.Wrap(err, "error decoding data to json")
+	}
+
+	if m.Shares == nil {
+		m.Shares = map[string]*ocm.Share{}
+	}
+	if m.ReceivedShares == nil {
+		m.ReceivedShares = map[string]*ocm.ReceivedShare{}
+	}
+	m.file = file
+
+	return &m, nil
+}
+
+type shareModel struct {
+	file           string                        `json:"-"`
+	Shares         map[string]*ocm.Share         `json:"shares"`          // share_id -> share
+	ReceivedShares map[string]*ocm.ReceivedShare `json:"received_shares"` // share_id -> share
+}
+
+type config struct {
+	File                string `mapstructure:"file"`
+	InsecureConnections bool   `mapstructure:"insecure_connections"`
+}
+
+func (c *config) init() {
+	if c.File == "" {
+		c.File = "/var/tmp/reva/ocm-shares.json"
+	}
+}
+
+type mgr struct {
+	c          *config
+	sync.Mutex // concurrent access to the file
+	model      *shareModel
+}
+
+func (m *shareModel) save() error {
+	f, err := os.OpenFile(m.file, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+	if err != nil {
+		return errors.Wrap(err, "error opening file "+m.file)
+	}
+	defer f.Close()
+
+	if err := json.NewEncoder(f).Encode(m); err != nil {
+		return errors.Wrap(err, "error encoding to json")
+	}
+
+	return nil
+}
+
+func parseConfig(m map[string]interface{}) (*config, error) {
+	c := &config{}
+	if err := mapstructure.Decode(m, c); err != nil {
+		return nil, err
+	}
+	return c, nil
+}
+
+func genID() string {
+	return uuid.New().String()
+}
+
+func (m *mgr) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error) {
+	m.Lock()
+	defer m.Unlock()
+
+	now := time.Now().UnixNano()
+	ts := &typespb.Timestamp{
+		Seconds: uint64(now / 1000000000),
+		Nanos:   uint32(now % 1000000000),
+	}
+
+	share.Id = &ocm.ShareId{
+		OpaqueId: genID(),
+	}
+	share.Mtime = ts
+	share.Ctime = ts
+
+	m.model.Shares[share.Id.OpaqueId] = cloneShare(share)
+
+	if err := m.model.save(); err != nil {
+		return nil, errors.Wrap(err, "error saving share")
+	}
+
+	return share, nil
+}
+
+func cloneShare(s *ocm.Share) *ocm.Share {
+	d, err := utils.MarshalProtoV1ToJSON(s)
+	if err != nil {
+		panic(err)
+	}
+	var cloned ocm.Share
+	if err := utils.UnmarshalJSONToProtoV1(d, &cloned); err != nil {
+		panic(err)
+	}
+	return &cloned
+}
+
+func cloneReceivedShare(s *ocm.ReceivedShare) *ocm.ReceivedShare {
+	d, err := utils.MarshalProtoV1ToJSON(s)
+	if err != nil {
+		panic(err)
+	}
+	var cloned ocm.ReceivedShare
+	if err := utils.UnmarshalJSONToProtoV1(d, &cloned); err != nil {
+		panic(err)
+	}
+	return &cloned
+}
+
+func (m *mgr) GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.Share, error) {
+	var (
+		s   *ocm.Share
+		err error
+	)
+
+	switch {
+	case ref.GetId() != nil:
+		s, err = m.getByID(ctx, ref.GetId())
+	case ref.GetKey() != nil:
+		s, err = m.getByKey(ctx, ref.GetKey())
+	default:
+		err = errtypes.NotFound(ref.String())
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	// check if we are the owner
+	if utils.UserEqual(user, s.Owner) || utils.UserEqual(user, s.Creator) {
+		return s, nil
+	}
+
+	return nil, errtypes.NotFound(ref.String())
+}
+
+// // Called from both grpc CreateOCMShare for outgoing
+// // and http /ocm/shares for incoming
+// // pi is provider info
+// // pm is permissions.
+// func (m *mgr) Share(ctx context.Context, md *provider.ResourceId, g *ocm.ShareGrant, name string,
+// 	pi *ocmprovider.ProviderInfo, pm string, owner *userpb.UserId, token string, st ocm.Share_ShareType) (*ocm.Share, error) {
+// 	id := genID()
+// 	now := time.Now().UnixNano()
+// 	ts := &typespb.Timestamp{
+// 		Seconds: uint64(now / 1000000000),
+// 		Nanos:   uint32(now % 1000000000),
+// 	}
+
+// 	// Since both OCMCore and OCMShareProvider use the same package, we distinguish
+// 	// between calls received from them on the basis of whether they provide info
+// 	// about the remote provider on which the share is to be created.
+// 	// If this info is provided, this call is on the owner's mesh provider and so
+// 	// we call the CreateOCMCoreShare method on the remote provider as well,
+// 	// else this is received from another provider and we only create a local share.
+// 	var isOwnersMeshProvider bool
+// 	if pi != nil {
+// 		isOwnersMeshProvider = true
+// 	}
+
+// 	var userID *userpb.UserId
+// 	if !isOwnersMeshProvider {
+// 		// Since this call is on the remote provider, the owner of the resource is expected to be specified.
+// 		if owner == nil {
+// 			return nil, errors.New("json: owner of resource not provided")
+// 		}
+// 		userID = owner
+// 		g.Grantee.Opaque = &typespb.Opaque{
+// 			Map: map[string]*typespb.OpaqueEntry{
+// 				"token": {
+// 					Decoder: "plain",
+// 					Value:   []byte(token),
+// 				},
+// 			},
+// 		}
+// 	} else {
+// 		userID = ctxpkg.ContextMustGetUser(ctx).GetId()
+// 	}
+
+// 	// do not allow share to myself if share is for a user
+// 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(g.Grantee.GetUserId(), userID) {
+// 		return nil, errors.New("json: user and grantee are the same")
+// 	}
+
+// 	// check if share already exists.
+// 	key := &ocm.ShareKey{
+// 		Owner:      userID,
+// 		ResourceId: md,
+// 		Grantee:    g.Grantee,
+// 	}
+// 	_, err := m.getByKey(ctx, key)
+
+// 	// share already exists
+// 	if isOwnersMeshProvider && err == nil {
+// 		return nil, errtypes.AlreadyExists(key.String())
+// 	}
+
+// 	s := &ocm.Share{
+// 		Id: &ocm.ShareId{
+// 			OpaqueId: id,
+// 		},
+// 		Name:        name,
+// 		ResourceId:  md,
+// 		Permissions: g.Permissions,
+// 		Grantee:     g.Grantee,
+// 		Owner:       userID,
+// 		Creator:     userID,
+// 		Ctime:       ts,
+// 		Mtime:       ts,
+// 		ShareType:   st,
+// 	}
+
+// 	if isOwnersMeshProvider {
+// 		protocol := map[string]interface{}{
+// 			"name": "webdav",
+// 			"options": map[string]string{
+// 				"permissions": pm,
+// 				"token":       ctxpkg.ContextMustGetToken(ctx),
+// 			},
+// 		}
+// 		if st == ocm.Share_SHARE_TYPE_TRANSFER {
+// 			protocol["name"] = "datatx"
+// 		}
+
+// 		requestBodyMap := map[string]interface{}{
+// 			"shareWith":    g.Grantee.GetUserId().OpaqueId,
+// 			"name":         name,
+// 			"providerId":   fmt.Sprintf("%s:%s", md.StorageId, md.OpaqueId),
+// 			"owner":        fmt.Sprintf("%s@%s", userID.OpaqueId, userID.Idp),
+// 			"protocol":     protocol,
+// 			"meshProvider": userID.Idp,
+// 		}
+// 		err = sender.Send(ctx, requestBodyMap, pi)
+// 		if err != nil {
+// 			err = errors.Wrap(err, "error sending OCM POST")
+// 			return nil, err
+// 		}
+// 	}
+
+// 	m.Lock()
+// 	if err := m.model.ReadFile(); err != nil {
+// 		err = errors.Wrap(err, "error reading model")
+// 		return nil, err
+// 	}
+
+// 	if isOwnersMeshProvider {
+// 		encShare, err := utils.MarshalProtoV1ToJSON(s)
+// 		if err != nil {
+// 			return nil, err
+// 		}
+// 		m.model.Shares[s.Id.OpaqueId] = string(encShare)
+// 	} else {
+// 		encShare, err := utils.MarshalProtoV1ToJSON(&ocm.ReceivedShare{
+// 			Share: s,
+// 			State: ocm.ShareState_SHARE_STATE_PENDING,
+// 		})
+// 		if err != nil {
+// 			return nil, err
+// 		}
+// 		m.model.ReceivedShares[s.Id.OpaqueId] = string(encShare)
+// 	}
+
+// 	if err := m.model.Save(); err != nil {
+// 		err = errors.Wrap(err, "error saving model")
+// 		return nil, err
+// 	}
+// 	m.Unlock()
+
+// 	return s, nil
+// }
+
+func (m *mgr) getByID(ctx context.Context, id *ocm.ShareId) (*ocm.Share, error) {
+	m.Lock()
+	defer m.Unlock()
+
+	if share, ok := m.model.Shares[id.OpaqueId]; ok {
+		return share, nil
+	}
+	return nil, errtypes.NotFound(id.String())
+}
+
+func (m *mgr) getByKey(ctx context.Context, key *ocm.ShareKey) (*ocm.Share, error) {
+	m.Lock()
+	defer m.Unlock()
+
+	for _, share := range m.model.Shares {
+		if (utils.UserEqual(key.Owner, share.Owner) || utils.UserEqual(key.Owner, share.Creator)) &&
+			utils.ResourceIDEqual(key.ResourceId, share.ResourceId) && utils.GranteeEqual(key.Grantee, share.Grantee) {
+			return share, nil
+		}
+	}
+	return nil, errtypes.NotFound(key.String())
+}
+
+func (m *mgr) DeleteShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) error {
+	m.Lock()
+	defer m.Unlock()
+
+	for id, share := range m.model.Shares {
+		if sharesEqual(ref, share) {
+			if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+				delete(m.model.Shares, id)
+				if err := m.model.save(); err != nil {
+					return err
+				}
+				return nil
+			}
+		}
+	}
+	return errtypes.NotFound(ref.String())
+}
+
+func sharesEqual(ref *ocm.ShareReference, s *ocm.Share) bool {
+	if ref.GetId() != nil && s.Id != nil {
+		if ref.GetId().OpaqueId == s.Id.OpaqueId {
+			return true
+		}
+	} else if ref.GetKey() != nil {
+		if (utils.UserEqual(ref.GetKey().Owner, s.Owner) || utils.UserEqual(ref.GetKey().Owner, s.Creator)) &&
+			utils.ResourceIDEqual(ref.GetKey().ResourceId, s.ResourceId) && utils.GranteeEqual(ref.GetKey().Grantee, s.Grantee) {
+			return true
+		}
+	}
+	return false
+}
+
+func receivedShareEqual(ref *ocm.ShareReference, s *ocm.ReceivedShare) bool {
+	if ref.GetId() != nil && s.Id != nil {
+		if ref.GetId().OpaqueId == s.Id.OpaqueId {
+			return true
+		}
+	} else if ref.GetKey() != nil {
+
+		if (utils.UserEqual(ref.GetKey().Owner, s.Owner) || utils.UserEqual(ref.GetKey().Owner, s.Creator)) &&
+			utils.ResourceIDEqual(ref.GetKey().ResourceId, s.ResourceId) && utils.GranteeEqual(ref.GetKey().Grantee, s.Grantee) {
+			return true
+		}
+	}
+	return false
+}
+
+func (m *mgr) UpdateShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
+	return nil, errtypes.NotSupported("not yet implemented")
+}
+
+func (m *mgr) ListShares(ctx context.Context, user *userpb.UserId, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
+	var ss []*ocm.Share
+
+	m.Lock()
+	defer m.Unlock()
+
+	for _, share := range m.model.Shares {
+		if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+			// no filter we return earlier
+			if len(filters) == 0 {
+				ss = append(ss, share)
+			} else {
+				// check filters
+				// TODO(labkode): add the rest of filters.
+				for _, f := range filters {
+					if f.Type == ocm.ListOCMSharesRequest_Filter_TYPE_RESOURCE_ID {
+						if utils.ResourceIDEqual(share.ResourceId, f.GetResourceId()) {
+							ss = append(ss, share)
+						}
+					}
+				}
+			}
+		}
+	}
+	return ss, nil
+}
+
+func (m *mgr) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error) {
+	m.Lock()
+	defer m.Unlock()
+
+	now := time.Now().UnixNano()
+	ts := &typespb.Timestamp{
+		Seconds: uint64(now / 1000000000),
+		Nanos:   uint32(now % 1000000000),
+	}
+
+	share.Id = &ocm.ShareId{
+		OpaqueId: genID(),
+	}
+	share.Ctime = ts
+	share.Mtime = ts
+
+	m.model.ReceivedShares[share.Id.OpaqueId] = cloneReceivedShare(share)
+
+	return share, nil
+}
+
+func (m *mgr) ListReceivedShares(ctx context.Context, user *userpb.UserId) ([]*ocm.ReceivedShare, error) {
+	var rss []*ocm.ReceivedShare
+	m.Lock()
+	defer m.Unlock()
+
+	for _, share := range m.model.ReceivedShares {
+		if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+			// omit shares created by me
+			continue
+		}
+		if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user, share.Grantee.GetUserId()) {
+			rss = append(rss, share)
+		}
+	}
+	return rss, nil
+}
+
+func (m *mgr) GetReceivedShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
+	m.Lock()
+	defer m.Unlock()
+
+	for _, share := range m.model.ReceivedShares {
+		if receivedShareEqual(ref, share) {
+			if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user, share.Grantee.GetUserId()) {
+				return share, nil
+			}
+		}
+	}
+	return nil, errtypes.NotFound(ref.String())
+}
+
+func (m *mgr) UpdateReceivedShare(ctx context.Context, user *userpb.UserId, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
+	rs, err := m.GetReceivedShare(ctx, user, &ocm.ShareReference{Spec: &ocm.ShareReference_Id{Id: share.Id}})
+	if err != nil {
+		return nil, err
+	}
+
+	m.Lock()
+	defer m.Unlock()
+
+	for _, mask := range fieldMask.Paths {
+		switch mask {
+		case "state":
+			rs.State = share.State
+		// TODO case "mount_point":
+		default:
+			return nil, errtypes.NotSupported("updating " + mask + " is not supported")
+		}
+	}
+
+	if err := m.model.save(); err != nil {
+		return nil, errors.Wrap(err, "error saving model")
+	}
+
+	return rs, nil
+}
diff --git a/pkg/ocm/share/repository/loader/loader.go b/pkg/ocm/share/repository/loader/loader.go
new file mode 100644
index 00000000000..486f66c63e8
--- /dev/null
+++ b/pkg/ocm/share/repository/loader/loader.go
@@ -0,0 +1,26 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package loader
+
+import (
+	// Load core share repository drivers.
+	_ "github.com/cs3org/reva/pkg/ocm/share/repository/json"
+	_ "github.com/cs3org/reva/pkg/ocm/share/repository/nextcloud"
+	// Add your own here.
+)
diff --git a/pkg/ocm/share/repository/registry/registry.go b/pkg/ocm/share/repository/registry/registry.go
new file mode 100644
index 00000000000..c4a9b76b348
--- /dev/null
+++ b/pkg/ocm/share/repository/registry/registry.go
@@ -0,0 +1,34 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package registry
+
+import "github.com/cs3org/reva/pkg/ocm/share"
+
+// NewShareRepositoryFunc is the function that share repositories
+// should register at init time.
+type NewFunc func(map[string]interface{}) (share.Repository, error)
+
+// NewFuncs is a map containing all the registered share repositories.
+var NewFuncs = map[string]NewFunc{}
+
+// Register registers a new share repository new function.
+// Not safe for concurrent use. Safe for use from package init.
+func Register(name string, f NewFunc) {
+	NewFuncs[name] = f
+}
diff --git a/pkg/ocm/share/share.go b/pkg/ocm/share/share.go
index 4ab05bb639c..4d392b1b8a1 100644
--- a/pkg/ocm/share/share.go
+++ b/pkg/ocm/share/share.go
@@ -22,67 +22,40 @@ import (
 	"context"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"google.golang.org/genproto/protobuf/field_mask"
 )
 
-// Manager is the interface that manipulates the OCM shares.
-type Manager interface {
-	// Create a new share in fn with the given acl.
-	Share(ctx context.Context, md *provider.ResourceId, g *ocm.ShareGrant, name string,
-		pi *ocmprovider.ProviderInfo, pm string, owner *userpb.UserId, token string, st ocm.Share_ShareType) (*ocm.Share, error)
-
-	// GetShare gets the information for a share by the given ref.
-	GetShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.Share, error)
-
-	// Unshare deletes the share pointed by ref.
-	Unshare(ctx context.Context, ref *ocm.ShareReference) error
-
-	// UpdateShare updates the mode of the given share.
-	UpdateShare(ctx context.Context, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
-
-	// ListShares returns the shares created by the user. If md is provided is not nil,
-	// it returns only shares attached to the given resource.
-	ListShares(ctx context.Context, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
-
-	// ListReceivedShares returns the list of shares the user has access.
-	ListReceivedShares(ctx context.Context) ([]*ocm.ReceivedShare, error)
-
-	// GetReceivedShare returns the information for a received share the user has access.
-	GetReceivedShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
-
-	// UpdateReceivedShare updates the received share with share state.
-	UpdateReceivedShare(ctx context.Context, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
-}
-
-// Repository is the interface that manipulates the OCM shares repositories.
+// Repository is the interface that manipulates the OCM shares repository.
 type Repository interface {
-	// StoreShare stores a share.
+	// StoreShare // TODO
 	StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error)
 
 	// GetShare gets the information for a share by the given ref.
-	GetShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.Share, error)
+	GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.Share, error)
 
 	// DeleteShare deletes the share pointed by ref.
-	DeleteShare(ctx context.Context, ref *ocm.ShareReference) error
+	DeleteShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) error
 
 	// UpdateShare updates the mode of the given share.
-	UpdateShare(ctx context.Context, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
+	UpdateShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
 
 	// ListShares returns the shares created by the user. If md is provided is not nil,
 	// it returns only shares attached to the given resource.
-	ListShares(ctx context.Context, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
+	ListShares(ctx context.Context, user *userpb.UserId, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
+
+	// StoreShare stores a share.
+	StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error)
 
 	// ListReceivedShares returns the list of shares the user has access.
-	ListReceivedShares(ctx context.Context) ([]*ocm.ReceivedShare, error)
+	ListReceivedShares(ctx context.Context, user *userpb.UserId) ([]*ocm.ReceivedShare, error)
 
 	// GetReceivedShare returns the information for a received share the user has access.
-	GetReceivedShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
+	GetReceivedShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
 
 	// UpdateReceivedShare updates the received share with share state.
-	UpdateReceivedShare(ctx context.Context, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
+	UpdateReceivedShare(ctx context.Context, user *userpb.UserId, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
 }
 
 // ResourceIDFilter is an abstraction for creating filter by resource id.

From 61df93c12cb7fe2ea303028428d48c583c218495 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 1 Feb 2023 16:46:47 +0100
Subject: [PATCH 06/44] rewrote ocm share provider

---
 .../ocmshareprovider/ocmshareprovider.go      | 254 ++++++++++++------
 1 file changed, 170 insertions(+), 84 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 51b99a3737e..402ee0481b9 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -20,13 +20,26 @@ package ocmshareprovider
 
 import (
 	"context"
-
+	"fmt"
+	"path/filepath"
+	"time"
+
+	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
+	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/internal/http/services/ocmd"
+	ctxpkg "github.com/cs3org/reva/pkg/ctx"
 	"github.com/cs3org/reva/pkg/errtypes"
+	"github.com/cs3org/reva/pkg/ocm/client"
 	"github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/ocm/share/manager/registry"
 	"github.com/cs3org/reva/pkg/rgrpc"
 	"github.com/cs3org/reva/pkg/rgrpc/status"
+	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
+	"github.com/cs3org/reva/pkg/sharedconf"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
@@ -37,26 +50,37 @@ func init() {
 }
 
 type config struct {
-	Driver  string                            `mapstructure:"driver"`
-	Drivers map[string]map[string]interface{} `mapstructure:"drivers"`
+	Driver         string                            `mapstructure:"driver"`
+	Drivers        map[string]map[string]interface{} `mapstructure:"drivers"`
+	ClientTimeout  int                               `mapstructure:"client_timeout"`
+	ClientInsecure bool                              `mapstructure:"client_insecure"`
+	GatewaySVC     string                            `mapstructure:"gatewaysvc"`
+	WebDAVPrefix   string                            `mapstructure:"webdav_prefix"`
 }
 
 type service struct {
-	conf *config
-	sm   share.Manager
+	conf    *config
+	repo    share.Repository
+	client  *client.OCMClient
+	gateway gateway.GatewayAPIClient
 }
 
 func (c *config) init() {
 	if c.Driver == "" {
 		c.Driver = "json"
 	}
+	if c.ClientTimeout == 0 {
+		c.ClientTimeout = 10
+	}
+
+	c.GatewaySVC = sharedconf.GetGatewaySVC(c.GatewaySVC)
 }
 
 func (s *service) Register(ss *grpc.Server) {
 	ocm.RegisterOcmAPIServer(ss, s)
 }
 
-func getShareManager(c *config) (share.Manager, error) {
+func getShareRepository(c *config) (share.Repository, error) {
 	if f, ok := registry.NewFuncs[c.Driver]; ok {
 		return f(c.Drivers[c.Driver])
 	}
@@ -80,14 +104,26 @@ func New(m map[string]interface{}, ss *grpc.Server) (rgrpc.Service, error) {
 	}
 	c.init()
 
-	sm, err := getShareManager(c)
+	repo, err := getShareRepository(c)
+	if err != nil {
+		return nil, err
+	}
+
+	client := client.New(&client.Config{
+		Timeout:  time.Duration(c.ClientTimeout) * time.Second,
+		Insecure: c.ClientInsecure,
+	})
+
+	gateway, err := pool.GetGatewayServiceClient(pool.Endpoint(c.GatewaySVC))
 	if err != nil {
 		return nil, err
 	}
 
 	service := &service{
-		conf: c,
-		sm:   sm,
+		conf:    c,
+		repo:    repo,
+		client:  client,
+		gateway: gateway,
 	}
 
 	return service, nil
@@ -98,87 +134,123 @@ func (s *service) Close() error {
 }
 
 func (s *service) UnprotectedEndpoints() []string {
-	return []string{}
+	return nil
 }
 
-// Note: this is for outgoing OCM shares
-// This function is used when you for instance
-// call `ocm-share-create` in reva-cli.
-// For incoming OCM shares from internal/http/services/ocmd/shares.go
-// there is the very similar but slightly different function
-// CreateOCMCoreShare (the "Core" somehow means "incoming").
-// So make sure to keep in mind the difference between this file for outgoing:
-// internal/grpc/services/ocmshareprovider/ocmshareprovider.go
-// and the other one for incoming:
-// internal/grpc/service/ocmcore/ocmcore.go
-// Both functions end up calling the same s.sm.Share function
-// on the OCM share manager:
-// pkg/ocm/share/manager/{json|nextcloud|...}.
-func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareRequest) (*ocm.CreateOCMShareResponse, error) {
-	if req.Opaque == nil {
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, errtypes.BadRequest("can't find resource permissions"), ""),
-		}, nil
+func getOCMEndpoint(originProvider *ocmprovider.ProviderInfo) (string, error) {
+	for _, s := range originProvider.Services {
+		if s.Endpoint.Type.Name == "OCM" {
+			return s.Endpoint.Path, nil
+		}
 	}
+	return "", errors.New("ocm endpoint not specified for mesh provider")
+}
 
-	var permissions string
-	permOpaque, ok := req.Opaque.Map["permissions"]
-	if !ok {
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, errtypes.BadRequest("resource permissions not set"), ""),
-		}, nil
-	}
-	switch permOpaque.Decoder {
-	case "plain":
-		permissions = string(permOpaque.Value)
-	default:
-		err := errtypes.NotSupported("opaque entry decoder not recognized: " + permOpaque.Decoder)
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, err, "invalid opaque entry decoder"),
-		}, nil
+func formatOCMUser(u *userpb.UserId) string {
+	return fmt.Sprintf("%s@%s", u.OpaqueId, u.Idp)
+}
+
+func getResourceType(info *providerv1beta1.ResourceInfo) string {
+	switch info.Type {
+	case providerv1beta1.ResourceType_RESOURCE_TYPE_FILE:
+		return "file"
+	case providerv1beta1.ResourceType_RESOURCE_TYPE_CONTAINER:
+		return "folder"
 	}
+	return "unknown"
+}
 
-	var name string
-	nameOpaque, ok := req.Opaque.Map["name"]
-	if !ok {
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, errtypes.BadRequest("resource name not set"), ""),
-		}, nil
+func (s *service) webdavURL(ctx context.Context, path string) string {
+	// the url is in the form of https://cernbox.cern.ch/remote.php/dav/files/gdelmont/eos/user/g/gdelmont
+	user := ctxpkg.ContextMustGetUser(ctx)
+	return filepath.Join(s.conf.WebDAVPrefix, user.Username, path)
+}
+
+func (s *service) getWebdavProtocol(ctx context.Context, info *providerv1beta1.ResourceInfo, m *ocm.AccessMethod_WebdavOptions) *ocmd.WebDAV {
+	var perms []string
+	if m.WebdavOptions.Permissions.InitiateFileDownload {
+		perms = append(perms, "read")
 	}
-	switch nameOpaque.Decoder {
-	case "plain":
-		name = string(nameOpaque.Value)
-	default:
-		err := errtypes.NotSupported("opaque entry decoder not recognized: " + nameOpaque.Decoder)
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, err, "invalid opaque entry decoder"),
-		}, nil
+	if m.WebdavOptions.Permissions.InitiateFileUpload {
+		perms = append(perms, "write")
 	}
 
-	// discover share type
-	sharetype := ocm.Share_SHARE_TYPE_REGULAR
-	protocol, ok := req.Opaque.Map["protocol"]
-	if ok {
-		switch protocol.Decoder {
-		case "plain":
-			if string(protocol.Value) == "datatx" {
-				sharetype = ocm.Share_SHARE_TYPE_TRANSFER
-			}
-		default:
-			err := errors.New("protocol decoder not recognized")
-			return &ocm.CreateOCMShareResponse{
-				Status: status.NewInternal(ctx, err, "error creating share"),
-			}, nil
+	return &ocmd.WebDAV{
+		SharedSecret: ctxpkg.ContextMustGetToken(ctx), // TODO: change this and use an ocm token
+		Permissions:  perms,
+		URL:          s.webdavURL(ctx, info.Path), // TODO: change this and use an endpoint for ocm
+	}
+}
+
+func (s *service) getProtocols(ctx context.Context, info *providerv1beta1.ResourceInfo, methods []*ocm.AccessMethod) ocmd.Protocols {
+	var p ocmd.Protocols
+	for _, m := range methods {
+		switch t := m.Term.(type) {
+		case *ocm.AccessMethod_WebdavOptions:
+			p = append(p, s.getWebdavProtocol(ctx, info, t))
+		case *ocm.AccessMethod_WebappOptions:
+			// TODO
+		case *ocm.AccessMethod_DatatxOptions:
+			// TODO
 		}
 	}
+	return p
+}
+
+func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareRequest) (*ocm.CreateOCMShareResponse, error) {
+	statRes, err := s.gateway.Stat(ctx, &providerv1beta1.StatRequest{
+		Ref: &providerv1beta1.Reference{
+			ResourceId: req.ResourceId,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if statRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+		// TODO: review error codes
+		return nil, errtypes.InternalError(statRes.Status.Message)
+	}
 
-	var sharedSecret string
-	share, err := s.sm.Share(ctx, req.ResourceId, req.Grant, name, req.RecipientMeshProvider, permissions, nil, sharedSecret, sharetype)
+	info := statRes.Info
+	user := ctxpkg.ContextMustGetUser(ctx)
 
+	share := &ocm.Share{
+		Name:          filepath.Base(info.Path),
+		ResourceId:    req.ResourceId,
+		Grantee:       req.Grantee,
+		Owner:         info.Owner,
+		Creator:       user.Id,
+		AccessMethods: req.AccessMethods,
+	}
+
+	share, err = s.repo.StoreShare(ctx, share)
 	if err != nil {
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, err, "error creating share: "+err.Error()),
-		}, nil
+		// TODO: err
+		return nil, errtypes.InternalError(err.Error())
+	}
+
+	ocmEndpoint, err := getOCMEndpoint(req.RecipientMeshProvider)
+	if err != nil {
+		// TODO: err
+		return nil, errtypes.InternalError(err.Error())
+	}
+
+	err = s.client.NewShare(ctx, ocmEndpoint, &client.NewShareRequest{
+		ShareWith:         req.Grantee.GetGroupId().OpaqueId,
+		Name:              share.Name,
+		ResourceID:        fmt.Sprintf("%s:%s", req.ResourceId.StorageId, req.ResourceId.OpaqueId),
+		Owner:             formatOCMUser(info.Owner),
+		Sender:            formatOCMUser(user.Id),
+		SenderDisplayName: user.DisplayName,
+		ShareType:         "user",
+		ResourceType:      getResourceType(info),
+		Protocols:         s.getProtocols(ctx, info, req.AccessMethods),
+	})
+
+	if err != nil {
+		// TODO: err
+		return nil, errtypes.InternalError(err.Error())
 	}
 
 	res := &ocm.CreateOCMShareResponse{
@@ -189,8 +261,11 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 }
 
 func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareRequest) (*ocm.RemoveOCMShareResponse, error) {
-	err := s.sm.Unshare(ctx, req.Ref)
-	if err != nil {
+	// TODO (gdelmont): notify the remote provider using the /notification ocm endpoint
+	// https://cs3org.github.io/OCM-API/docs.html?branch=develop&repo=OCM-API&user=cs3org#/paths/~1notifications/post
+	user := ctxpkg.ContextMustGetUser(ctx)
+	if err := s.repo.DeleteShare(ctx, user.Id, req.Ref); err != nil {
+		// TODO: error
 		return &ocm.RemoveOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error removing share"),
 		}, nil
@@ -202,8 +277,10 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 }
 
 func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest) (*ocm.GetOCMShareResponse, error) {
-	share, err := s.sm.GetShare(ctx, req.Ref)
+	user := ctxpkg.ContextMustGetUser(ctx)
+	share, err := s.repo.GetShare(ctx, user.Id, req.Ref)
 	if err != nil {
+		// TODO: error
 		return &ocm.GetOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting share"),
 		}, nil
@@ -216,7 +293,8 @@ func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest)
 }
 
 func (s *service) ListOCMShares(ctx context.Context, req *ocm.ListOCMSharesRequest) (*ocm.ListOCMSharesResponse, error) {
-	shares, err := s.sm.ListShares(ctx, req.Filters) // TODO(labkode): add filter to share manager
+	user := ctxpkg.ContextMustGetUser(ctx)
+	shares, err := s.repo.ListShares(ctx, user.Id, req.Filters)
 	if err != nil {
 		return &ocm.ListOCMSharesResponse{
 			Status: status.NewInternal(ctx, err, "error listing shares"),
@@ -231,8 +309,10 @@ func (s *service) ListOCMShares(ctx context.Context, req *ocm.ListOCMSharesReque
 }
 
 func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareRequest) (*ocm.UpdateOCMShareResponse, error) {
-	_, err := s.sm.UpdateShare(ctx, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
+	user := ctxpkg.ContextMustGetUser(ctx)
+	_, err := s.repo.UpdateShare(ctx, user.Id, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
 	if err != nil {
+		// TODO: error
 		return &ocm.UpdateOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating share"),
 		}, nil
@@ -245,8 +325,10 @@ func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareReq
 }
 
 func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceivedOCMSharesRequest) (*ocm.ListReceivedOCMSharesResponse, error) {
-	shares, err := s.sm.ListReceivedShares(ctx)
+	user := ctxpkg.ContextMustGetUser(ctx)
+	shares, err := s.repo.ListReceivedShares(ctx, user.Id)
 	if err != nil {
+		// TODO: error
 		return &ocm.ListReceivedOCMSharesResponse{
 			Status: status.NewInternal(ctx, err, "error listing received shares"),
 		}, nil
@@ -260,8 +342,10 @@ func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceiv
 }
 
 func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceivedOCMShareRequest) (*ocm.UpdateReceivedOCMShareResponse, error) {
-	_, err := s.sm.UpdateReceivedShare(ctx, req.Share, req.UpdateMask) // TODO(labkode): check what to update
+	user := ctxpkg.ContextMustGetUser(ctx)
+	_, err := s.repo.UpdateReceivedShare(ctx, user.Id, req.Share, req.UpdateMask) // TODO(labkode): check what to update
 	if err != nil {
+		// TODO: error
 		return &ocm.UpdateReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating received share"),
 		}, nil
@@ -274,8 +358,10 @@ func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateRec
 }
 
 func (s *service) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMShareRequest) (*ocm.GetReceivedOCMShareResponse, error) {
-	share, err := s.sm.GetReceivedShare(ctx, req.Ref)
+	user := ctxpkg.ContextMustGetUser(ctx)
+	share, err := s.repo.GetReceivedShare(ctx, user.Id, req.Ref)
 	if err != nil {
+		// TODO: error
 		return &ocm.GetReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting received share"),
 		}, nil

From 75753ac7d1ac5d752a473654ddbecf5bc75a904c Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 1 Feb 2023 16:47:43 +0100
Subject: [PATCH 07/44] removed commented code

---
 pkg/ocm/share/repository/json/json.go | 135 --------------------------
 1 file changed, 135 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 57c15cc95d1..33b8faeeaff 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -223,141 +223,6 @@ func (m *mgr) GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareR
 	return nil, errtypes.NotFound(ref.String())
 }
 
-// // Called from both grpc CreateOCMShare for outgoing
-// // and http /ocm/shares for incoming
-// // pi is provider info
-// // pm is permissions.
-// func (m *mgr) Share(ctx context.Context, md *provider.ResourceId, g *ocm.ShareGrant, name string,
-// 	pi *ocmprovider.ProviderInfo, pm string, owner *userpb.UserId, token string, st ocm.Share_ShareType) (*ocm.Share, error) {
-// 	id := genID()
-// 	now := time.Now().UnixNano()
-// 	ts := &typespb.Timestamp{
-// 		Seconds: uint64(now / 1000000000),
-// 		Nanos:   uint32(now % 1000000000),
-// 	}
-
-// 	// Since both OCMCore and OCMShareProvider use the same package, we distinguish
-// 	// between calls received from them on the basis of whether they provide info
-// 	// about the remote provider on which the share is to be created.
-// 	// If this info is provided, this call is on the owner's mesh provider and so
-// 	// we call the CreateOCMCoreShare method on the remote provider as well,
-// 	// else this is received from another provider and we only create a local share.
-// 	var isOwnersMeshProvider bool
-// 	if pi != nil {
-// 		isOwnersMeshProvider = true
-// 	}
-
-// 	var userID *userpb.UserId
-// 	if !isOwnersMeshProvider {
-// 		// Since this call is on the remote provider, the owner of the resource is expected to be specified.
-// 		if owner == nil {
-// 			return nil, errors.New("json: owner of resource not provided")
-// 		}
-// 		userID = owner
-// 		g.Grantee.Opaque = &typespb.Opaque{
-// 			Map: map[string]*typespb.OpaqueEntry{
-// 				"token": {
-// 					Decoder: "plain",
-// 					Value:   []byte(token),
-// 				},
-// 			},
-// 		}
-// 	} else {
-// 		userID = ctxpkg.ContextMustGetUser(ctx).GetId()
-// 	}
-
-// 	// do not allow share to myself if share is for a user
-// 	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(g.Grantee.GetUserId(), userID) {
-// 		return nil, errors.New("json: user and grantee are the same")
-// 	}
-
-// 	// check if share already exists.
-// 	key := &ocm.ShareKey{
-// 		Owner:      userID,
-// 		ResourceId: md,
-// 		Grantee:    g.Grantee,
-// 	}
-// 	_, err := m.getByKey(ctx, key)
-
-// 	// share already exists
-// 	if isOwnersMeshProvider && err == nil {
-// 		return nil, errtypes.AlreadyExists(key.String())
-// 	}
-
-// 	s := &ocm.Share{
-// 		Id: &ocm.ShareId{
-// 			OpaqueId: id,
-// 		},
-// 		Name:        name,
-// 		ResourceId:  md,
-// 		Permissions: g.Permissions,
-// 		Grantee:     g.Grantee,
-// 		Owner:       userID,
-// 		Creator:     userID,
-// 		Ctime:       ts,
-// 		Mtime:       ts,
-// 		ShareType:   st,
-// 	}
-
-// 	if isOwnersMeshProvider {
-// 		protocol := map[string]interface{}{
-// 			"name": "webdav",
-// 			"options": map[string]string{
-// 				"permissions": pm,
-// 				"token":       ctxpkg.ContextMustGetToken(ctx),
-// 			},
-// 		}
-// 		if st == ocm.Share_SHARE_TYPE_TRANSFER {
-// 			protocol["name"] = "datatx"
-// 		}
-
-// 		requestBodyMap := map[string]interface{}{
-// 			"shareWith":    g.Grantee.GetUserId().OpaqueId,
-// 			"name":         name,
-// 			"providerId":   fmt.Sprintf("%s:%s", md.StorageId, md.OpaqueId),
-// 			"owner":        fmt.Sprintf("%s@%s", userID.OpaqueId, userID.Idp),
-// 			"protocol":     protocol,
-// 			"meshProvider": userID.Idp,
-// 		}
-// 		err = sender.Send(ctx, requestBodyMap, pi)
-// 		if err != nil {
-// 			err = errors.Wrap(err, "error sending OCM POST")
-// 			return nil, err
-// 		}
-// 	}
-
-// 	m.Lock()
-// 	if err := m.model.ReadFile(); err != nil {
-// 		err = errors.Wrap(err, "error reading model")
-// 		return nil, err
-// 	}
-
-// 	if isOwnersMeshProvider {
-// 		encShare, err := utils.MarshalProtoV1ToJSON(s)
-// 		if err != nil {
-// 			return nil, err
-// 		}
-// 		m.model.Shares[s.Id.OpaqueId] = string(encShare)
-// 	} else {
-// 		encShare, err := utils.MarshalProtoV1ToJSON(&ocm.ReceivedShare{
-// 			Share: s,
-// 			State: ocm.ShareState_SHARE_STATE_PENDING,
-// 		})
-// 		if err != nil {
-// 			return nil, err
-// 		}
-// 		m.model.ReceivedShares[s.Id.OpaqueId] = string(encShare)
-// 	}
-
-// 	if err := m.model.Save(); err != nil {
-// 		err = errors.Wrap(err, "error saving model")
-// 		return nil, err
-// 	}
-// 	m.Unlock()
-
-// 	return s, nil
-// }
-
 func (m *mgr) getByID(ctx context.Context, id *ocm.ShareId) (*ocm.Share, error) {
 	m.Lock()
 	defer m.Unlock()

From 4bef665a385964698da7566ffeffb4554b09060f Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 11:56:43 +0100
Subject: [PATCH 08/44] fixed app provider with new cs3apis

---
 internal/grpc/services/gateway/appprovider.go | 2 +-
 pkg/app/app.go                                | 2 +-
 pkg/app/provider/demo/demo.go                 | 2 +-
 pkg/app/provider/wopi/wopi.go                 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/grpc/services/gateway/appprovider.go b/internal/grpc/services/gateway/appprovider.go
index 95ed8780091..a6b06bcbde0 100644
--- a/internal/grpc/services/gateway/appprovider.go
+++ b/internal/grpc/services/gateway/appprovider.go
@@ -195,7 +195,7 @@ func (s *svc) openLocalResources(ctx context.Context, ri *storageprovider.Resour
 
 	appProviderReq := &providerpb.OpenInAppRequest{
 		ResourceInfo: ri,
-		ViewMode:     providerpb.OpenInAppRequest_ViewMode(req.ViewMode),
+		ViewMode:     providerpb.ViewMode(req.ViewMode),
 		AccessToken:  accessToken,
 		Opaque:       req.Opaque,
 	}
diff --git a/pkg/app/app.go b/pkg/app/app.go
index 32a4e34dbe1..da2720c15da 100644
--- a/pkg/app/app.go
+++ b/pkg/app/app.go
@@ -41,6 +41,6 @@ type Registry interface {
 // Provider is the interface that application providers implement
 // for interacting with external apps that serve the requested resource.
 type Provider interface {
-	GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.OpenInAppRequest_ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error)
+	GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error)
 	GetAppProviderInfo(ctx context.Context) (*registry.ProviderInfo, error)
 }
diff --git a/pkg/app/provider/demo/demo.go b/pkg/app/provider/demo/demo.go
index e10d7fa3c48..344f7d88833 100644
--- a/pkg/app/provider/demo/demo.go
+++ b/pkg/app/provider/demo/demo.go
@@ -40,7 +40,7 @@ type demoProvider struct {
 	iframeUIProvider string
 }
 
-func (p *demoProvider) GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.OpenInAppRequest_ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error) {
+func (p *demoProvider) GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error) {
 	url := fmt.Sprintf("<iframe src=%s/open/%s?view-mode=%s&access-token=%s&lang=%s />", p.iframeUIProvider, resource.Id.StorageId+":"+resource.Id.OpaqueId, viewMode.String(), token, language)
 	return &appprovider.OpenInAppURL{
 		AppUrl: url,
diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go
index 2c4b0defe5c..e0c86c5f705 100644
--- a/pkg/app/provider/wopi/wopi.go
+++ b/pkg/app/provider/wopi/wopi.go
@@ -125,7 +125,7 @@ func New(m map[string]interface{}) (app.Provider, error) {
 	}, nil
 }
 
-func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.OpenInAppRequest_ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error) {
+func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.ResourceInfo, viewMode appprovider.ViewMode, token string, opaqueMap map[string]*typespb.OpaqueEntry, language string) (*appprovider.OpenInAppURL, error) {
 	log := appctx.GetLogger(ctx)
 
 	ext := path.Ext(resource.Path)

From cbe2c78db67eacd1bfd154699efdcf6f66dadd8a Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 13:42:59 +0100
Subject: [PATCH 09/44] rewrote ocmshareprovider

---
 .../grpc/services/gateway/ocmshareprovider.go | 119 +++++-------------
 1 file changed, 30 insertions(+), 89 deletions(-)

diff --git a/internal/grpc/services/gateway/ocmshareprovider.go b/internal/grpc/services/gateway/ocmshareprovider.go
index ad56f222aca..8c3cc3148e8 100644
--- a/internal/grpc/services/gateway/ocmshareprovider.go
+++ b/internal/grpc/services/gateway/ocmshareprovider.go
@@ -53,24 +53,6 @@ func (s *svc) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareRequest
 		return nil, errors.Wrap(err, "gateway: error calling CreateShare")
 	}
 
-	// if we don't need to commit we return earlier
-	if !s.c.CommitShareToStorageGrant && !s.c.CommitShareToStorageRef {
-		return res, nil
-	}
-
-	// TODO(labkode): if both commits are enabled they could be done concurrently.
-	if s.c.CommitShareToStorageGrant {
-		addGrantStatus, err := s.addGrant(ctx, req.ResourceId, req.Grant.Grantee, req.Grant.Permissions.Permissions)
-		if err != nil {
-			return nil, errors.Wrap(err, "gateway: error adding OCM grant to storage")
-		}
-		if addGrantStatus.Code != rpc.Code_CODE_OK {
-			return &ocm.CreateOCMShareResponse{
-				Status: addGrantStatus,
-			}, err
-		}
-	}
-
 	return res, nil
 }
 
@@ -82,50 +64,11 @@ func (s *svc) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareRequest
 		}, nil
 	}
 
-	// if we need to commit the share, we need the resource it points to.
-	var share *ocm.Share
-	if s.c.CommitShareToStorageGrant {
-		getShareReq := &ocm.GetOCMShareRequest{
-			Ref: req.Ref,
-		}
-		getShareRes, err := c.GetOCMShare(ctx, getShareReq)
-		if err != nil {
-			return nil, errors.Wrap(err, "gateway: error calling GetShare")
-		}
-
-		if getShareRes.Status.Code != rpc.Code_CODE_OK {
-			res := &ocm.RemoveOCMShareResponse{
-				Status: status.NewInternal(ctx, status.NewErrorFromCode(getShareRes.Status.Code, "gateway"),
-					"error getting share when committing to the storage"),
-			}
-			return res, nil
-		}
-		share = getShareRes.Share
-	}
-
 	res, err := c.RemoveOCMShare(ctx, req)
 	if err != nil {
 		return nil, errors.Wrap(err, "gateway: error calling RemoveShare")
 	}
 
-	// if we don't need to commit we return earlier
-	if !s.c.CommitShareToStorageGrant && !s.c.CommitShareToStorageRef {
-		return res, nil
-	}
-
-	// TODO(labkode): if both commits are enabled they could be done concurrently.
-	if s.c.CommitShareToStorageGrant {
-		removeGrantStatus, err := s.removeGrant(ctx, share.ResourceId, share.Grantee, share.Permissions.Permissions)
-		if err != nil {
-			return nil, errors.Wrap(err, "gateway: error removing OCM grant from storage")
-		}
-		if removeGrantStatus.Code != rpc.Code_CODE_OK {
-			return &ocm.RemoveOCMShareResponse{
-				Status: removeGrantStatus,
-			}, err
-		}
-	}
-
 	return res, nil
 }
 
@@ -225,11 +168,6 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 		}, nil
 	}
 
-	// if we don't need to create/delete references then we return early.
-	if !s.c.CommitShareToStorageGrant && !s.c.CommitShareToStorageRef {
-		return res, nil
-	}
-
 	// properties are updated in the order they appear in the field mask
 	// when an error occurs the request ends and no further fields are updated
 	for i := range req.UpdateMask.Paths {
@@ -240,7 +178,7 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 				getShareReq := &ocm.GetReceivedOCMShareRequest{
 					Ref: &ocm.ShareReference{
 						Spec: &ocm.ShareReference_Id{
-							Id: req.Share.Share.Id,
+							Id: req.Share.Id,
 						},
 					},
 				}
@@ -268,8 +206,8 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 					panic("gateway: error updating a received share: the share is nil")
 				}
 
-				if share.GetShare().ShareType == ocm.Share_SHARE_TYPE_TRANSFER {
-					srcIdp := share.GetShare().GetOwner().GetIdp()
+				if isTransferShare(share) {
+					srcIdp := share.GetOwner().GetIdp()
 					meshProvider, err := s.GetInfoByDomain(ctx, &ocmprovider.GetInfoByDomainRequest{
 						Domain: srcIdp,
 					})
@@ -309,7 +247,7 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 					}
 
 					var srcToken string
-					srcTokenOpaque, ok := share.GetShare().Grantee.Opaque.Map["token"]
+					srcTokenOpaque, ok := share.Grantee.Opaque.Map["token"]
 					if !ok {
 						return &ocm.UpdateReceivedOCMShareResponse{
 							Status: status.NewNotFound(ctx, "token not found"),
@@ -325,16 +263,16 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 						}, nil
 					}
 
-					srcPath := path.Join(srcEndpointPath, share.GetShare().Name)
+					srcPath := path.Join(srcEndpointPath, share.Name)
 					srcTargetURI := fmt.Sprintf("%s://%s@%s?name=%s", srcEndpointScheme, srcToken, srcServiceHost, srcPath)
 
 					// get the webdav endpoint of the grantee's idp
 					var granteeIdp string
-					if share.GetShare().GetGrantee().Type == provider.GranteeType_GRANTEE_TYPE_USER {
-						granteeIdp = share.GetShare().GetGrantee().GetUserId().Idp
+					if share.GetGrantee().Type == provider.GranteeType_GRANTEE_TYPE_USER {
+						granteeIdp = share.GetGrantee().GetUserId().Idp
 					}
-					if share.GetShare().GetGrantee().Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
-						granteeIdp = share.GetShare().GetGrantee().GetGroupId().Idp
+					if share.GetGrantee().Type == provider.GranteeType_GRANTEE_TYPE_GROUP {
+						granteeIdp = share.GetGrantee().GetGroupId().Idp
 					}
 					destWebdavEndpoint, err := s.getWebdavEndpoint(ctx, granteeIdp)
 					if err != nil {
@@ -377,14 +315,14 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 							Status: &rpc.Status{Code: rpc.Code_CODE_INTERNAL},
 						}, nil
 					}
-					destPath := path.Join(destEndpointPath, homeRes.Path, s.c.DataTransfersFolder, path.Base(share.GetShare().Name))
+					destPath := path.Join(destEndpointPath, homeRes.Path, s.c.DataTransfersFolder, path.Base(share.Name))
 					destTargetURI := fmt.Sprintf("%s://%s@%s?name=%s", destEndpointScheme, destToken, destServiceHost, destPath)
 
 					opaqueObj := &types.Opaque{
 						Map: map[string]*types.OpaqueEntry{
 							"shareId": {
 								Decoder: "plain",
-								Value:   []byte(share.GetShare().GetId().OpaqueId),
+								Value:   []byte(share.Id.OpaqueId),
 							},
 						},
 					}
@@ -411,12 +349,12 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 					}, nil
 				}
 
-				createRefStatus, err := s.createOCMReference(ctx, share.Share)
+				createRefStatus, err := s.createOCMReference(ctx, share)
 				return &ocm.UpdateReceivedOCMShareResponse{
 					Status: createRefStatus,
 				}, err
 			case ocm.ShareState_SHARE_STATE_REJECTED:
-				s.removeReference(ctx, req.GetShare().GetShare().ResourceId) // error is logged inside removeReference
+				s.removeReference(ctx, req.GetShare().ResourceId) // error is logged inside removeReference
 				// FIXME we are ignoring an error from removeReference here
 				return res, nil
 			}
@@ -433,6 +371,11 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 	return res, nil
 }
 
+func isTransferShare(s *ocm.ReceivedShare) bool {
+	_, ok := getDatatxProtocol(s)
+	return ok
+}
+
 func (s *svc) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMShareRequest) (*ocm.GetReceivedOCMShareResponse, error) {
 	c, err := pool.GetOCMShareProviderClient(pool.Endpoint(s.c.OCMShareProviderEndpoint))
 	if err != nil {
@@ -450,21 +393,19 @@ func (s *svc) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMSh
 	return res, nil
 }
 
-func (s *svc) createOCMReference(ctx context.Context, share *ocm.Share) (*rpc.Status, error) {
+func getDatatxProtocol(share *ocm.ReceivedShare) (*ocm.DatatxProtocol, bool) {
+	for _, p := range share.Protocols {
+		if d, ok := p.Term.(*ocm.Protocol_DatatxOprions); ok {
+			return d.DatatxOprions, true
+		}
+	}
+	return nil, false
+}
+
+func (s *svc) createOCMReference(ctx context.Context, share *ocm.ReceivedShare) (*rpc.Status, error) {
 	log := appctx.GetLogger(ctx)
 
-	var token string
-	tokenOpaque, ok := share.Grantee.Opaque.Map["token"]
-	if !ok {
-		return status.NewNotFound(ctx, "token not found"), nil
-	}
-	switch tokenOpaque.Decoder {
-	case "plain":
-		token = string(tokenOpaque.Value)
-	default:
-		err := errtypes.NotSupported("opaque entry decoder not recognized: " + tokenOpaque.Decoder)
-		return status.NewInternal(ctx, err, "invalid opaque entry decoder"), nil
-	}
+	d, _ := getDatatxProtocol(share)
 
 	homeRes, err := s.GetHome(ctx, &provider.GetHomeRequest{})
 	if err != nil {
@@ -479,7 +420,7 @@ func (s *svc) createOCMReference(ctx context.Context, share *ocm.Share) (*rpc.St
 	// from the main request.
 	refPath = path.Join(homeRes.Path, s.c.ShareFolder, path.Base(share.Name))
 	// webdav is the scheme, token@host the opaque part and the share name the query of the URL.
-	targetURI = fmt.Sprintf("webdav://%s@%s?name=%s", token, share.Creator.Idp, share.Name)
+	targetURI = fmt.Sprintf("webdav://%s@%s?name=%s", d.SharedSecret, share.Creator.Idp, share.Name)
 
 	log.Info().Msg("mount path will be:" + refPath)
 	createRefReq := &provider.CreateReferenceRequest{

From 34fe2cdd45d2c490c9fdebab60e42113c81b11c6 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 14:20:02 +0100
Subject: [PATCH 10/44] fix commands

---
 cmd/reva/arguments.go                         |   2 +-
 cmd/reva/ocm-share-create.go                  | 110 ++++++++----
 cmd/reva/ocm-share-list-received.go           |  10 +-
 cmd/reva/ocm-share-list.go                    |   4 +-
 cmd/reva/ocm-share-update.go                  |   6 +-
 cmd/reva/transfer-create.go                   |  39 ++--
 .../handlers/apps/sharing/shares/remote.go    | 168 +++++++++---------
 7 files changed, 174 insertions(+), 165 deletions(-)

diff --git a/cmd/reva/arguments.go b/cmd/reva/arguments.go
index 85eba57196c..7d1a4a84b09 100644
--- a/cmd/reva/arguments.go
+++ b/cmd/reva/arguments.go
@@ -138,7 +138,7 @@ func (c *Completer) ocmShareReceivedArgumentCompleter() []prompt.Suggest {
 		}
 
 		for _, r := range info {
-			suggests = append(suggests, prompt.Suggest{Text: r.Share.Id.OpaqueId})
+			suggests = append(suggests, prompt.Suggest{Text: r.Id.OpaqueId})
 		}
 	}
 
diff --git a/cmd/reva/ocm-share-create.go b/cmd/reva/ocm-share-create.go
index cfe61ca9830..3f171482a1c 100644
--- a/cmd/reva/ocm-share-create.go
+++ b/cmd/reva/ocm-share-create.go
@@ -21,16 +21,15 @@ package main
 import (
 	"io"
 	"os"
-	"strconv"
 	"time"
 
+	appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
 	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
 	"github.com/cs3org/reva/pkg/utils"
 	"github.com/jedib0t/go-pretty/table"
@@ -45,10 +44,15 @@ func ocmShareCreateCommand() *command {
 	grantee := cmd.String("grantee", "", "the grantee")
 	idp := cmd.String("idp", "", "the idp of the grantee, default to same idp as the user triggering the action")
 	userType := cmd.String("user-type", "primary", "the type of user account, defaults to primary")
-	rol := cmd.String("rol", "viewer", "the permission for the share (viewer or editor)")
+
+	webdav := cmd.Bool("webdav", false, "create a share with webdav access")
+	webapp := cmd.Bool("webapp", false, "create a share for app access")
+	datatx := cmd.Bool("datatx", false, "create a share for a data transfer")
+
+	rol := cmd.String("rol", "viewer", "the permission for the share (viewer or editor) / applies to webdav and webapp")
 
 	cmd.ResetFlags = func() {
-		*grantType, *grantee, *idp, *rol, *userType = "user", "", "", "viewer", "primary"
+		*grantType, *grantee, *idp, *rol, *userType, *webdav, *webapp, *datatx = "user", "", "", "viewer", "primary", false, false, false
 	}
 
 	cmd.Action = func(w ...io.Writer) error {
@@ -101,40 +105,22 @@ func ocmShareCreateCommand() *command {
 			return formatError(res.Status)
 		}
 
-		perm, pint, err := getOCMSharePerm(*rol)
+		gt := getGrantType(*grantType)
+		am, err := getAccessMethods(*webdav, *webapp, *datatx, *rol)
 		if err != nil {
 			return err
 		}
 
-		gt := getGrantType(*grantType)
-		grant := &ocm.ShareGrant{
-			Permissions: perm,
+		shareRequest := &ocm.CreateOCMShareRequest{
+			ResourceId: res.Info.Id,
 			Grantee: &provider.Grantee{
 				Type: gt,
 				// For now, we only support user shares.
 				// TODO (ishank011): To be updated once this is decided.
 				Id: &provider.Grantee_UserId{UserId: u},
 			},
-		}
-
-		opaqueObj := &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				"permissions": {
-					Decoder: "plain",
-					Value:   []byte(strconv.Itoa(pint)),
-				},
-				"name": {
-					Decoder: "plain",
-					Value:   []byte(res.Info.Path),
-				},
-			},
-		}
-
-		shareRequest := &ocm.CreateOCMShareRequest{
-			Opaque:                opaqueObj,
-			ResourceId:            res.Info.Id,
-			Grant:                 grant,
 			RecipientMeshProvider: providerInfo.ProviderInfo,
+			AccessMethods:         am,
 		}
 
 		shareRes, err := client.CreateOCMShare(ctx, shareRequest)
@@ -148,11 +134,12 @@ func ocmShareCreateCommand() *command {
 
 		t := table.NewWriter()
 		t.SetOutputMirror(os.Stdout)
-		t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Permissions", "Type", "Grantee.Idp", "Grantee.OpaqueId", "Created", "Updated"})
+		t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Type", "Grantee.Idp", "Grantee.OpaqueId", "Created", "Updated"})
+		// TODO (gdelmont): expose protocols info
 
 		s := shareRes.Share
 		t.AppendRows([]table.Row{
-			{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(), s.Permissions.String(),
+			{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(),
 				s.Grantee.Type.String(), s.Grantee.GetUserId().Idp, s.Grantee.GetUserId().OpaqueId,
 				time.Unix(int64(s.Ctime.Seconds), 0), time.Unix(int64(s.Mtime.Seconds), 0)},
 		})
@@ -163,15 +150,60 @@ func ocmShareCreateCommand() *command {
 	return cmd
 }
 
-func getOCMSharePerm(p string) (*ocm.SharePermissions, int, error) {
-	if p == viewerPermission {
-		return &ocm.SharePermissions{
-			Permissions: conversions.NewViewerRole().CS3ResourcePermissions(),
-		}, 1, nil
-	} else if p == editorPermission {
-		return &ocm.SharePermissions{
-			Permissions: conversions.NewEditorRole().CS3ResourcePermissions(),
-		}, 15, nil
+func getAccessMethods(webdav, webapp, datatx bool, rol string) ([]*ocm.AccessMethod, error) {
+	var m []*ocm.AccessMethod
+	if webdav {
+		perm, err := getOCMSharePerm(rol)
+		if err != nil {
+			return nil, err
+		}
+		m = append(m, &ocm.AccessMethod{
+			Term: &ocm.AccessMethod_WebdavOptions{
+				WebdavOptions: &ocm.WebDAVAccessMethod{
+					Permissions: perm,
+				},
+			},
+		})
+	}
+	if webapp {
+		v, err := getOCMViewMode(rol)
+		if err != nil {
+			return nil, err
+		}
+		m = append(m, &ocm.AccessMethod{
+			Term: &ocm.AccessMethod_WebappOptions{
+				WebappOptions: &ocm.WebappAccessMethod{
+					ViewMode: v,
+				},
+			},
+		})
+	}
+	if datatx {
+		m = append(m, &ocm.AccessMethod{
+			Term: &ocm.AccessMethod_DatatxOptions{
+				DatatxOptions: &ocm.DatatxAccessMethod{},
+			},
+		})
+	}
+	return m, nil
+}
+
+func getOCMSharePerm(p string) (*provider.ResourcePermissions, error) {
+	switch p {
+	case viewerPermission:
+		return conversions.NewViewerRole().CS3ResourcePermissions(), nil
+	case editorPermission:
+		return conversions.NewEditorRole().CS3ResourcePermissions(), nil
+	}
+	return nil, errors.New("invalid rol: " + p)
+}
+
+func getOCMViewMode(p string) (appprovider.ViewMode, error) {
+	switch p {
+	case viewerPermission:
+		return appprovider.ViewMode_VIEW_MODE_READ_ONLY, nil
+	case editorPermission:
+		return appprovider.ViewMode_VIEW_MODE_READ_WRITE, nil
 	}
-	return nil, 0, errors.New("invalid rol: " + p)
+	return 0, errors.New("invalid rol: " + p)
 }
diff --git a/cmd/reva/ocm-share-list-received.go b/cmd/reva/ocm-share-list-received.go
index 60f770b7e3b..11d34e68375 100644
--- a/cmd/reva/ocm-share-list-received.go
+++ b/cmd/reva/ocm-share-list-received.go
@@ -54,14 +54,14 @@ func ocmShareListReceivedCommand() *command {
 		if len(w) == 0 {
 			t := table.NewWriter()
 			t.SetOutputMirror(os.Stdout)
-			t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Permissions", "Type",
+			t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Type",
 				"Grantee.Idp", "Grantee.OpaqueId", "Created", "Updated", "State", "ShareType"})
 			for _, s := range shareRes.Shares {
 				t.AppendRows([]table.Row{
-					{s.Share.Id.OpaqueId, s.Share.Owner.Idp, s.Share.Owner.OpaqueId, s.Share.ResourceId.String(),
-						s.Share.Permissions.String(), s.Share.Grantee.Type.String(), s.Share.Grantee.GetUserId().Idp,
-						s.Share.Grantee.GetUserId().OpaqueId, time.Unix(int64(s.Share.Ctime.Seconds), 0),
-						time.Unix(int64(s.Share.Mtime.Seconds), 0), s.State.String(), s.Share.ShareType.String()},
+					{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(),
+						s.Grantee.Type.String(), s.Grantee.GetUserId().Idp,
+						s.Grantee.GetUserId().OpaqueId, time.Unix(int64(s.Ctime.Seconds), 0),
+						time.Unix(int64(s.Mtime.Seconds), 0), s.State.String(), s.ShareType.String()},
 				})
 			}
 			t.Render()
diff --git a/cmd/reva/ocm-share-list.go b/cmd/reva/ocm-share-list.go
index 5a6ebbce87e..e36d9ac0b22 100644
--- a/cmd/reva/ocm-share-list.go
+++ b/cmd/reva/ocm-share-list.go
@@ -76,12 +76,12 @@ func ocmShareListCommand() *command {
 		if len(w) == 0 {
 			t := table.NewWriter()
 			t.SetOutputMirror(os.Stdout)
-			t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Permissions", "Type",
+			t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Type",
 				"ShareType", "Grantee.Idp", "Grantee.OpaqueId", "Created", "Updated"})
 
 			for _, s := range shareRes.Shares {
 				t.AppendRows([]table.Row{
-					{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(), s.Permissions.String(),
+					{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(),
 						s.Grantee.Type.String(), s.ShareType.String(), s.Grantee.GetUserId().Idp, s.Grantee.GetUserId().OpaqueId,
 						time.Unix(int64(s.Ctime.Seconds), 0), time.Unix(int64(s.Mtime.Seconds), 0)},
 				})
diff --git a/cmd/reva/ocm-share-update.go b/cmd/reva/ocm-share-update.go
index 617ca904f7f..20eda9db08b 100644
--- a/cmd/reva/ocm-share-update.go
+++ b/cmd/reva/ocm-share-update.go
@@ -54,7 +54,7 @@ func ocmShareUpdateCommand() *command {
 			return err
 		}
 
-		perm, _, err := getOCMSharePerm(*rol)
+		perm, err := getOCMSharePerm(*rol)
 		if err != nil {
 			return err
 		}
@@ -69,7 +69,9 @@ func ocmShareUpdateCommand() *command {
 			},
 			Field: &ocm.UpdateOCMShareRequest_UpdateField{
 				Field: &ocm.UpdateOCMShareRequest_UpdateField_Permissions{
-					Permissions: perm,
+					Permissions: &ocm.SharePermissions{
+						Permissions: perm,
+					},
 				},
 			},
 		}
diff --git a/cmd/reva/transfer-create.go b/cmd/reva/transfer-create.go
index c60ba1f2e36..b1708b7f383 100644
--- a/cmd/reva/transfer-create.go
+++ b/cmd/reva/transfer-create.go
@@ -21,7 +21,6 @@ package main
 import (
 	"io"
 	"os"
-	"strconv"
 	"strings"
 	"time"
 
@@ -31,7 +30,6 @@ import (
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/utils"
 	"github.com/jedib0t/go-pretty/table"
 	"github.com/pkg/errors"
@@ -99,42 +97,25 @@ func transferCreateCommand() *command {
 			return err
 		}
 
-		resourcePermissions, pint, err := getOCMSharePerm(editorPermission)
-		if err != nil {
-			return err
-		}
-
 		gt := provider.GranteeType_GRANTEE_TYPE_USER
 		if strings.ToLower(*granteeType) == "group" {
 			gt = provider.GranteeType_GRANTEE_TYPE_GROUP
 		}
 
 		createShareReq := &ocm.CreateOCMShareRequest{
-			Opaque: &types.Opaque{
-				Map: map[string]*types.OpaqueEntry{
-					"permissions": {
-						Decoder: "plain",
-						Value:   []byte(strconv.Itoa(pint)),
-					},
-					"name": {
-						Decoder: "plain",
-						Value:   []byte(statRes.Info.Path),
-					},
-					"protocol": {
-						Decoder: "plain",
-						Value:   []byte("datatx"),
-					},
+			Grantee: &provider.Grantee{
+				Type: gt,
+				Id: &provider.Grantee_UserId{
+					UserId: u,
 				},
 			},
 			ResourceId: statRes.Info.Id,
-			Grant: &ocm.ShareGrant{
-				Grantee: &provider.Grantee{
-					Type: gt,
-					Id: &provider.Grantee_UserId{
-						UserId: u,
+			AccessMethods: []*ocm.AccessMethod{
+				&ocm.AccessMethod{
+					Term: &ocm.AccessMethod_DatatxOptions{
+						DatatxOptions: &ocm.DatatxAccessMethod{},
 					},
 				},
-				Permissions: resourcePermissions,
 			},
 			RecipientMeshProvider: providerInfoResp.ProviderInfo,
 		}
@@ -152,11 +133,11 @@ func transferCreateCommand() *command {
 
 		t := table.NewWriter()
 		t.SetOutputMirror(os.Stdout)
-		t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Permissions", "Type", "Grantee.Idp", "Grantee.OpaqueId", "ShareType", "Created", "Updated"})
+		t.AppendHeader(table.Row{"#", "Owner.Idp", "Owner.OpaqueId", "ResourceId", "Type", "Grantee.Idp", "Grantee.OpaqueId", "ShareType", "Created", "Updated"})
 
 		s := createShareResponse.Share
 		t.AppendRows([]table.Row{
-			{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(), s.Permissions.String(),
+			{s.Id.OpaqueId, s.Owner.Idp, s.Owner.OpaqueId, s.ResourceId.String(),
 				s.Grantee.Type.String(), s.Grantee.GetUserId().Idp, s.Grantee.GetUserId().OpaqueId, s.ShareType.String(),
 				time.Unix(int64(s.Ctime.Seconds), 0), time.Unix(int64(s.Mtime.Seconds), 0)},
 		})
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go
index f35830c5c04..5bc18ea4964 100644
--- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go
+++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/remote.go
@@ -20,15 +20,9 @@ package shares
 
 import (
 	"net/http"
-	"strconv"
 
-	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
-	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
-	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/response"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
@@ -36,87 +30,87 @@ import (
 )
 
 func (h *Handler) createFederatedCloudShare(w http.ResponseWriter, r *http.Request, statInfo *provider.ResourceInfo, role *conversions.Role, roleVal []byte) {
-	ctx := r.Context()
-
-	c, err := pool.GetGatewayServiceClient(pool.Endpoint(h.gatewayAddr))
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err)
-		return
-	}
-
-	shareWithUser, shareWithProvider := r.FormValue("shareWithUser"), r.FormValue("shareWithProvider")
-	if shareWithUser == "" || shareWithProvider == "" {
-		response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "missing shareWith parameters", nil)
-		return
-	}
-
-	providerInfoResp, err := c.GetInfoByDomain(ctx, &ocmprovider.GetInfoByDomainRequest{
-		Domain: shareWithProvider,
-	})
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc get invite by domain info request", err)
-		return
-	}
-
-	remoteUserRes, err := c.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
-		RemoteUserId: &userpb.UserId{OpaqueId: shareWithUser, Idp: shareWithProvider, Type: userpb.UserType_USER_TYPE_PRIMARY},
-	})
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error searching recipient", err)
-		return
-	}
-	if remoteUserRes.Status.Code != rpc.Code_CODE_OK {
-		response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "user not found", err)
-		return
-	}
-
-	createShareReq := &ocm.CreateOCMShareRequest{
-		Opaque: &types.Opaque{
-			Map: map[string]*types.OpaqueEntry{
-				/* TODO extend the spec with role names?
-				"role": {
-					Decoder: "plain",
-					Value:   []byte(role.Name),
-				},
-				*/
-				"permissions": {
-					Decoder: "plain",
-					Value:   []byte(strconv.Itoa(int(role.OCSPermissions()))),
-				},
-				"name": {
-					Decoder: "plain",
-					Value:   []byte(statInfo.Path),
-				},
-			},
-		},
-		ResourceId: statInfo.Id,
-		Grant: &ocm.ShareGrant{
-			Grantee: &provider.Grantee{
-				Type: provider.GranteeType_GRANTEE_TYPE_USER,
-				Id:   &provider.Grantee_UserId{UserId: remoteUserRes.RemoteUser.GetId()},
-			},
-			Permissions: &ocm.SharePermissions{
-				Permissions: role.CS3ResourcePermissions(),
-			},
-		},
-		RecipientMeshProvider: providerInfoResp.ProviderInfo,
-	}
-
-	createShareResponse, err := c.CreateOCMShare(ctx, createShareReq)
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc create ocm share request", err)
-		return
-	}
-	if createShareResponse.Status.Code != rpc.Code_CODE_OK {
-		if createShareResponse.Status.Code == rpc.Code_CODE_NOT_FOUND {
-			response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "not found", nil)
-			return
-		}
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "grpc create ocm share request failed", err)
-		return
-	}
-
-	response.WriteOCSSuccess(w, r, "OCM Share created")
+	// ctx := r.Context()
+
+	// c, err := pool.GetGatewayServiceClient(pool.Endpoint(h.gatewayAddr))
+	// if err != nil {
+	// 	response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err)
+	// 	return
+	// }
+
+	// shareWithUser, shareWithProvider := r.FormValue("shareWithUser"), r.FormValue("shareWithProvider")
+	// if shareWithUser == "" || shareWithProvider == "" {
+	// 	response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "missing shareWith parameters", nil)
+	// 	return
+	// }
+
+	// providerInfoResp, err := c.GetInfoByDomain(ctx, &ocmprovider.GetInfoByDomainRequest{
+	// 	Domain: shareWithProvider,
+	// })
+	// if err != nil {
+	// 	response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc get invite by domain info request", err)
+	// 	return
+	// }
+
+	// remoteUserRes, err := c.GetAcceptedUser(ctx, &invitepb.GetAcceptedUserRequest{
+	// 	RemoteUserId: &userpb.UserId{OpaqueId: shareWithUser, Idp: shareWithProvider, Type: userpb.UserType_USER_TYPE_PRIMARY},
+	// })
+	// if err != nil {
+	// 	response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error searching recipient", err)
+	// 	return
+	// }
+	// if remoteUserRes.Status.Code != rpc.Code_CODE_OK {
+	// 	response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "user not found", err)
+	// 	return
+	// }
+
+	// createShareReq := &ocm.CreateOCMShareRequest{
+	// 	Opaque: &types.Opaque{
+	// 		Map: map[string]*types.OpaqueEntry{
+	// 			/* TODO extend the spec with role names?
+	// 			"role": {
+	// 				Decoder: "plain",
+	// 				Value:   []byte(role.Name),
+	// 			},
+	// 			*/
+	// 			"permissions": {
+	// 				Decoder: "plain",
+	// 				Value:   []byte(strconv.Itoa(int(role.OCSPermissions()))),
+	// 			},
+	// 			"name": {
+	// 				Decoder: "plain",
+	// 				Value:   []byte(statInfo.Path),
+	// 			},
+	// 		},
+	// 	},
+	// 	ResourceId: statInfo.Id,
+	// 	Grant: &ocm.ShareGrant{
+	// 		Grantee: &provider.Grantee{
+	// 			Type: provider.GranteeType_GRANTEE_TYPE_USER,
+	// 			Id:   &provider.Grantee_UserId{UserId: remoteUserRes.RemoteUser.GetId()},
+	// 		},
+	// 		Permissions: &ocm.SharePermissions{
+	// 			Permissions: role.CS3ResourcePermissions(),
+	// 		},
+	// 	},
+	// 	RecipientMeshProvider: providerInfoResp.ProviderInfo,
+	// }
+
+	// createShareResponse, err := c.CreateOCMShare(ctx, createShareReq)
+	// if err != nil {
+	// 	response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc create ocm share request", err)
+	// 	return
+	// }
+	// if createShareResponse.Status.Code != rpc.Code_CODE_OK {
+	// 	if createShareResponse.Status.Code == rpc.Code_CODE_NOT_FOUND {
+	// 		response.WriteOCSError(w, r, response.MetaNotFound.StatusCode, "not found", nil)
+	// 		return
+	// 	}
+	// 	response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "grpc create ocm share request failed", err)
+	// 	return
+	// }
+
+	// response.WriteOCSSuccess(w, r, "OCM Share created")
 }
 
 // GetFederatedShare handles GET requests on /apps/files_sharing/api/v1/shares/remote_shares/{shareid}.

From 4527da123652ec9018ac4bc6bf8363c4fdbdc2eb Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 14:26:15 +0100
Subject: [PATCH 11/44] add share type

---
 internal/grpc/services/ocmcore/ocmcore.go                   | 1 +
 internal/grpc/services/ocmshareprovider/ocmshareprovider.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/internal/grpc/services/ocmcore/ocmcore.go b/internal/grpc/services/ocmcore/ocmcore.go
index c7521b6c51c..92f3379c388 100644
--- a/internal/grpc/services/ocmcore/ocmcore.go
+++ b/internal/grpc/services/ocmcore/ocmcore.go
@@ -121,6 +121,7 @@ func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCM
 				UserId: req.ShareWith,
 			},
 		},
+		ShareType: req.ShareType,
 		Owner:     req.Owner,
 		Creator:   req.Sender,
 		Protocols: req.Protocols,
diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 402ee0481b9..0eca43bce23 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -219,6 +219,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		Name:          filepath.Base(info.Path),
 		ResourceId:    req.ResourceId,
 		Grantee:       req.Grantee,
+		ShareType:     ocm.ShareType_SHARE_TYPE_USER,
 		Owner:         info.Owner,
 		Creator:       user.Id,
 		AccessMethods: req.AccessMethods,

From f0eba5e7ba312bb9742b7b83d7b3041c3b53d534 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 14:29:46 +0100
Subject: [PATCH 12/44] add token

---
 internal/grpc/services/ocmshareprovider/ocmshareprovider.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 0eca43bce23..2c990701339 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -40,6 +40,7 @@ import (
 	"github.com/cs3org/reva/pkg/rgrpc/status"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
 	"github.com/cs3org/reva/pkg/sharedconf"
+	"github.com/cs3org/reva/pkg/utils"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc"
@@ -214,8 +215,10 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 
 	info := statRes.Info
 	user := ctxpkg.ContextMustGetUser(ctx)
+	tkn := utils.RandString(32)
 
 	share := &ocm.Share{
+		Token:         tkn,
 		Name:          filepath.Base(info.Path),
 		ResourceId:    req.ResourceId,
 		Grantee:       req.Grantee,

From a51f50df2ef3637e520b2a1ffec090990df81dfe Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 14:43:40 +0100
Subject: [PATCH 13/44] add expiration time to ocm shares

---
 internal/grpc/services/ocmcore/ocmcore.go          | 11 ++++++-----
 .../services/ocmshareprovider/ocmshareprovider.go  | 11 +++++++++--
 internal/http/services/ocmd/shares.go              | 14 ++++++++++++--
 pkg/ocm/client/client.go                           |  1 +
 4 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/internal/grpc/services/ocmcore/ocmcore.go b/internal/grpc/services/ocmcore/ocmcore.go
index 92f3379c388..2d258485516 100644
--- a/internal/grpc/services/ocmcore/ocmcore.go
+++ b/internal/grpc/services/ocmcore/ocmcore.go
@@ -121,11 +121,12 @@ func (s *service) CreateOCMCoreShare(ctx context.Context, req *ocmcore.CreateOCM
 				UserId: req.ShareWith,
 			},
 		},
-		ShareType: req.ShareType,
-		Owner:     req.Owner,
-		Creator:   req.Sender,
-		Protocols: req.Protocols,
-		State:     ocm.ShareState_SHARE_STATE_PENDING,
+		ShareType:  req.ShareType,
+		Owner:      req.Owner,
+		Creator:    req.Sender,
+		Protocols:  req.Protocols,
+		Expiration: req.Expiration,
+		State:      ocm.ShareState_SHARE_STATE_PENDING,
 	})
 	if err != nil {
 		// TODO: identify errors
diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 2c990701339..2fe235007f9 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -225,6 +225,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		ShareType:     ocm.ShareType_SHARE_TYPE_USER,
 		Owner:         info.Owner,
 		Creator:       user.Id,
+		Expiration:    req.Expiration,
 		AccessMethods: req.AccessMethods,
 	}
 
@@ -240,7 +241,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		return nil, errtypes.InternalError(err.Error())
 	}
 
-	err = s.client.NewShare(ctx, ocmEndpoint, &client.NewShareRequest{
+	newShareReq := &client.NewShareRequest{
 		ShareWith:         req.Grantee.GetGroupId().OpaqueId,
 		Name:              share.Name,
 		ResourceID:        fmt.Sprintf("%s:%s", req.ResourceId.StorageId, req.ResourceId.OpaqueId),
@@ -250,7 +251,13 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		ShareType:         "user",
 		ResourceType:      getResourceType(info),
 		Protocols:         s.getProtocols(ctx, info, req.AccessMethods),
-	})
+	}
+
+	if req.Expiration != nil {
+		newShareReq.Expiration = req.Expiration.Seconds
+	}
+
+	err = s.client.NewShare(ctx, ocmEndpoint, newShareReq)
 
 	if err != nil {
 		// TODO: err
diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index 153040501e1..78d1925d665 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -28,6 +28,7 @@ import (
 
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	providerpb "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	ocmcore "github.com/cs3org/go-cs3apis/cs3/ocm/core/v1beta1"
@@ -67,6 +68,7 @@ type createShareRequest struct {
 	SenderDisplayName string    `json:"senderDisplayName"`                              // dispay name of the user who wants to share the resource
 	ShareType         string    `json:"shareType" validate:"required,oneof=user group"` // recipient share type (user or group)
 	ResourceType      string    `json:"resourceType" validate:"required,oneof=file folder"`
+	Expiration        uint64    `json:"expiration"`
 	Protocols         Protocols `json:"protocols" validate:"required"`
 }
 
@@ -143,7 +145,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	createShareResp, err := h.gatewayClient.CreateOCMCoreShare(ctx, &ocmcore.CreateOCMCoreShareRequest{
+	createShareReq := &ocmcore.CreateOCMCoreShareRequest{
 		Description:  req.Description,
 		Name:         req.Name,
 		ResourceId:   req.ResourceID,
@@ -153,7 +155,15 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		ResourceType: getResourceTypeFromOCMRequest(req.ResourceType),
 		ShareType:    getOCMShareType(req.ShareType),
 		Protocols:    getProtocols(req.Protocols),
-	})
+	}
+
+	if req.Expiration != 0 {
+		createShareReq.Expiration = &types.Timestamp{
+			Seconds: req.Expiration,
+		}
+	}
+
+	createShareResp, err := h.gatewayClient.CreateOCMCoreShare(ctx, createShareReq)
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorServerError, "error creating ocm share", err)
 		return
diff --git a/pkg/ocm/client/client.go b/pkg/ocm/client/client.go
index 2d861d12cbd..05604ccaef6 100644
--- a/pkg/ocm/client/client.go
+++ b/pkg/ocm/client/client.go
@@ -164,6 +164,7 @@ type NewShareRequest struct {
 	OwnerDisplayName  string         `json:"ownerDisplayName"`
 	SenderDisplayName string         `json:"senderDisplayName"`
 	ShareType         string         `json:"shareType"`
+	Expiration        uint64         `json:"expiration"`
 	ResourceType      string         `json:"resourceType"`
 	Protocols         ocmd.Protocols `json:"protocols"`
 }

From 17887a846cb05372ef93793eb5b9627c4ef37c9b Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 14:55:40 +0100
Subject: [PATCH 14/44] refactor

---
 cmd/reva/ocm-share-create.go             | 23 ++------
 internal/http/services/ocmd/protocols.go | 29 ++--------
 pkg/ocm/share/utils.go                   | 69 ++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 44 deletions(-)
 create mode 100644 pkg/ocm/share/utils.go

diff --git a/cmd/reva/ocm-share-create.go b/cmd/reva/ocm-share-create.go
index 3f171482a1c..930fe32491d 100644
--- a/cmd/reva/ocm-share-create.go
+++ b/cmd/reva/ocm-share-create.go
@@ -31,6 +31,7 @@ import (
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
+	ocmshare "github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/utils"
 	"github.com/jedib0t/go-pretty/table"
 	"github.com/pkg/errors"
@@ -157,33 +158,17 @@ func getAccessMethods(webdav, webapp, datatx bool, rol string) ([]*ocm.AccessMet
 		if err != nil {
 			return nil, err
 		}
-		m = append(m, &ocm.AccessMethod{
-			Term: &ocm.AccessMethod_WebdavOptions{
-				WebdavOptions: &ocm.WebDAVAccessMethod{
-					Permissions: perm,
-				},
-			},
-		})
+		m = append(m, ocmshare.NewWebDavAccessMethod(perm))
 	}
 	if webapp {
 		v, err := getOCMViewMode(rol)
 		if err != nil {
 			return nil, err
 		}
-		m = append(m, &ocm.AccessMethod{
-			Term: &ocm.AccessMethod_WebappOptions{
-				WebappOptions: &ocm.WebappAccessMethod{
-					ViewMode: v,
-				},
-			},
-		})
+		m = append(m, ocmshare.NewWebappAccessMethod(v))
 	}
 	if datatx {
-		m = append(m, &ocm.AccessMethod{
-			Term: &ocm.AccessMethod_DatatxOptions{
-				DatatxOptions: &ocm.DatatxAccessMethod{},
-			},
-		})
+		m = append(m, ocmshare.NewDatatxAccessMethod())
 	}
 	return m, nil
 }
diff --git a/internal/http/services/ocmd/protocols.go b/internal/http/services/ocmd/protocols.go
index 5bf7a38aa1f..41670e0d57b 100644
--- a/internal/http/services/ocmd/protocols.go
+++ b/internal/http/services/ocmd/protocols.go
@@ -8,6 +8,7 @@ import (
 
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	ocmshare "github.com/cs3org/reva/pkg/ocm/share"
 )
 
 type Protocols []Protocol
@@ -43,15 +44,7 @@ func (w *WebDAV) ToOCMProtocol() *ocm.Protocol {
 		}
 	}
 
-	return &ocm.Protocol{
-		Term: &ocm.Protocol_WebdapOptions{
-			WebdapOptions: &ocm.WebDAVProtocol{
-				SharedSecret: w.SharedSecret,
-				Uri:          w.URL,
-				Permissions:  perms,
-			},
-		},
-	}
+	return ocmshare.NewWebDAVProtocol(w.URL, w.SharedSecret, perms)
 }
 
 // Webapp contains the parameters for the Webapp protocol.
@@ -60,13 +53,7 @@ type Webapp struct {
 }
 
 func (w *Webapp) ToOCMProtocol() *ocm.Protocol {
-	return &ocm.Protocol{
-		Term: &ocm.Protocol_WebappOptions{
-			WebappOptions: &ocm.WebappProtocol{
-				UriTemplate: w.URITemplate,
-			},
-		},
-	}
+	return ocmshare.NewWebappProtocol(w.URITemplate)
 }
 
 // Datatx contains the parameters for the Datatx protocol.
@@ -77,15 +64,7 @@ type Datatx struct {
 }
 
 func (w *Datatx) ToOCMProtocol() *ocm.Protocol {
-	return &ocm.Protocol{
-		Term: &ocm.Protocol_DatatxOprions{
-			DatatxOprions: &ocm.DatatxProtocol{
-				SharedSecret: w.SharedSecret,
-				SourceUri:    w.SourceURI,
-				Size:         w.Size,
-			},
-		},
-	}
+	return ocmshare.NewDatatxProtocol(w.SourceURI, w.SharedSecret, w.Size)
 }
 
 var protocolImpl = map[string]reflect.Type{
diff --git a/pkg/ocm/share/utils.go b/pkg/ocm/share/utils.go
new file mode 100644
index 00000000000..2a077696cbb
--- /dev/null
+++ b/pkg/ocm/share/utils.go
@@ -0,0 +1,69 @@
+package share
+
+import (
+	appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+)
+
+func NewWebDAVProtocol(uri, shareSecred string, perms *ocm.SharePermissions) *ocm.Protocol {
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_WebdapOptions{
+			WebdapOptions: &ocm.WebDAVProtocol{
+				Uri:          uri,
+				SharedSecret: shareSecred,
+				Permissions:  perms,
+			},
+		},
+	}
+}
+
+func NewWebappProtocol(uriTemplate string) *ocm.Protocol {
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_WebappOptions{
+			WebappOptions: &ocm.WebappProtocol{
+				UriTemplate: uriTemplate,
+			},
+		},
+	}
+}
+
+func NewDatatxProtocol(sourceUri, sharedSecret string, size uint64) *ocm.Protocol {
+	return &ocm.Protocol{
+		Term: &ocm.Protocol_DatatxOprions{
+			DatatxOprions: &ocm.DatatxProtocol{
+				SourceUri:    sourceUri,
+				SharedSecret: sharedSecret,
+				Size:         size,
+			},
+		},
+	}
+}
+
+func NewWebDavAccessMethod(perms *provider.ResourcePermissions) *ocm.AccessMethod {
+	return &ocm.AccessMethod{
+		Term: &ocm.AccessMethod_WebdavOptions{
+			WebdavOptions: &ocm.WebDAVAccessMethod{
+				Permissions: perms,
+			},
+		},
+	}
+}
+
+func NewWebappAccessMethod(mode appprovider.ViewMode) *ocm.AccessMethod {
+	return &ocm.AccessMethod{
+		Term: &ocm.AccessMethod_WebappOptions{
+			WebappOptions: &ocm.WebappAccessMethod{
+				ViewMode: mode,
+			},
+		},
+	}
+}
+
+func NewDatatxAccessMethod() *ocm.AccessMethod {
+	return &ocm.AccessMethod{
+		Term: &ocm.AccessMethod_DatatxOptions{
+			DatatxOptions: &ocm.DatatxAccessMethod{},
+		},
+	}
+}

From 4d6e59162b10be173ee205a904c449714134d673 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 16:28:22 +0100
Subject: [PATCH 15/44] do not set ctime and mtime of share in json driver

---
 pkg/ocm/share/repository/json/json.go | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 33b8faeeaff..25f82eb3725 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -151,18 +151,7 @@ func (m *mgr) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, err
 	m.Lock()
 	defer m.Unlock()
 
-	now := time.Now().UnixNano()
-	ts := &typespb.Timestamp{
-		Seconds: uint64(now / 1000000000),
-		Nanos:   uint32(now % 1000000000),
-	}
-
-	share.Id = &ocm.ShareId{
-		OpaqueId: genID(),
-	}
-	share.Mtime = ts
-	share.Ctime = ts
-
+	share.Id = &ocm.ShareId{OpaqueId: genID()}
 	m.model.Shares[share.Id.OpaqueId] = cloneShare(share)
 
 	if err := m.model.save(); err != nil {

From 7917435bd58a4bd5831e143dd074f3fffbf81587 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 17:51:17 +0100
Subject: [PATCH 16/44] set ctime and mtime of ocm share on creation

---
 .../ocmshareprovider/ocmshareprovider.go      | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 2fe235007f9..bd19530f626 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -30,12 +30,13 @@ import (
 	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/ocmd"
 	ctxpkg "github.com/cs3org/reva/pkg/ctx"
 	"github.com/cs3org/reva/pkg/errtypes"
 	"github.com/cs3org/reva/pkg/ocm/client"
 	"github.com/cs3org/reva/pkg/ocm/share"
-	"github.com/cs3org/reva/pkg/ocm/share/manager/registry"
+	"github.com/cs3org/reva/pkg/ocm/share/repository/registry"
 	"github.com/cs3org/reva/pkg/rgrpc"
 	"github.com/cs3org/reva/pkg/rgrpc/status"
 	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
@@ -216,6 +217,11 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 	info := statRes.Info
 	user := ctxpkg.ContextMustGetUser(ctx)
 	tkn := utils.RandString(32)
+	now := time.Now().UnixNano()
+	ts := &typespb.Timestamp{
+		Seconds: uint64(now / 1000000000),
+		Nanos:   uint32(now % 1000000000),
+	}
 
 	share := &ocm.Share{
 		Token:         tkn,
@@ -225,6 +231,8 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		ShareType:     ocm.ShareType_SHARE_TYPE_USER,
 		Owner:         info.Owner,
 		Creator:       user.Id,
+		Ctime:         ts,
+		Mtime:         ts,
 		Expiration:    req.Expiration,
 		AccessMethods: req.AccessMethods,
 	}
@@ -275,7 +283,7 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 	// TODO (gdelmont): notify the remote provider using the /notification ocm endpoint
 	// https://cs3org.github.io/OCM-API/docs.html?branch=develop&repo=OCM-API&user=cs3org#/paths/~1notifications/post
 	user := ctxpkg.ContextMustGetUser(ctx)
-	if err := s.repo.DeleteShare(ctx, user.Id, req.Ref); err != nil {
+	if err := s.repo.DeleteShare(ctx, user, req.Ref); err != nil {
 		// TODO: error
 		return &ocm.RemoveOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error removing share"),
@@ -289,7 +297,7 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 
 func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest) (*ocm.GetOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	share, err := s.repo.GetShare(ctx, user.Id, req.Ref)
+	share, err := s.repo.GetShare(ctx, user, req.Ref)
 	if err != nil {
 		// TODO: error
 		return &ocm.GetOCMShareResponse{
@@ -305,7 +313,7 @@ func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest)
 
 func (s *service) ListOCMShares(ctx context.Context, req *ocm.ListOCMSharesRequest) (*ocm.ListOCMSharesResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	shares, err := s.repo.ListShares(ctx, user.Id, req.Filters)
+	shares, err := s.repo.ListShares(ctx, user, req.Filters)
 	if err != nil {
 		return &ocm.ListOCMSharesResponse{
 			Status: status.NewInternal(ctx, err, "error listing shares"),
@@ -321,7 +329,7 @@ func (s *service) ListOCMShares(ctx context.Context, req *ocm.ListOCMSharesReque
 
 func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareRequest) (*ocm.UpdateOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	_, err := s.repo.UpdateShare(ctx, user.Id, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
+	_, err := s.repo.UpdateShare(ctx, user, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
 	if err != nil {
 		// TODO: error
 		return &ocm.UpdateOCMShareResponse{
@@ -337,7 +345,7 @@ func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareReq
 
 func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceivedOCMSharesRequest) (*ocm.ListReceivedOCMSharesResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	shares, err := s.repo.ListReceivedShares(ctx, user.Id)
+	shares, err := s.repo.ListReceivedShares(ctx, user)
 	if err != nil {
 		// TODO: error
 		return &ocm.ListReceivedOCMSharesResponse{
@@ -354,7 +362,7 @@ func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceiv
 
 func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceivedOCMShareRequest) (*ocm.UpdateReceivedOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	_, err := s.repo.UpdateReceivedShare(ctx, user.Id, req.Share, req.UpdateMask) // TODO(labkode): check what to update
+	_, err := s.repo.UpdateReceivedShare(ctx, user, req.Share, req.UpdateMask) // TODO(labkode): check what to update
 	if err != nil {
 		// TODO: error
 		return &ocm.UpdateReceivedOCMShareResponse{
@@ -370,7 +378,7 @@ func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateRec
 
 func (s *service) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMShareRequest) (*ocm.GetReceivedOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	share, err := s.repo.GetReceivedShare(ctx, user.Id, req.Ref)
+	share, err := s.repo.GetReceivedShare(ctx, user, req.Ref)
 	if err != nil {
 		// TODO: error
 		return &ocm.GetReceivedOCMShareResponse{

From f7faa3da4ea62e5c7ac423d2216f2652ee658792 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 17:51:42 +0100
Subject: [PATCH 17/44] pass user obj

---
 pkg/ocm/share/repository/json/json.go | 26 +++++++++++++-------------
 pkg/ocm/share/share.go                | 14 +++++++-------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 25f82eb3725..a202c462835 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -185,7 +185,7 @@ func cloneReceivedShare(s *ocm.ReceivedShare) *ocm.ReceivedShare {
 	return &cloned
 }
 
-func (m *mgr) GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.Share, error) {
+func (m *mgr) GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.Share, error) {
 	var (
 		s   *ocm.Share
 		err error
@@ -205,7 +205,7 @@ func (m *mgr) GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareR
 	}
 
 	// check if we are the owner
-	if utils.UserEqual(user, s.Owner) || utils.UserEqual(user, s.Creator) {
+	if utils.UserEqual(user.Id, s.Owner) || utils.UserEqual(user.Id, s.Creator) {
 		return s, nil
 	}
 
@@ -235,13 +235,13 @@ func (m *mgr) getByKey(ctx context.Context, key *ocm.ShareKey) (*ocm.Share, erro
 	return nil, errtypes.NotFound(key.String())
 }
 
-func (m *mgr) DeleteShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) error {
+func (m *mgr) DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) error {
 	m.Lock()
 	defer m.Unlock()
 
 	for id, share := range m.model.Shares {
 		if sharesEqual(ref, share) {
-			if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+			if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 				delete(m.model.Shares, id)
 				if err := m.model.save(); err != nil {
 					return err
@@ -282,18 +282,18 @@ func receivedShareEqual(ref *ocm.ShareReference, s *ocm.ReceivedShare) bool {
 	return false
 }
 
-func (m *mgr) UpdateShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
+func (m *mgr) UpdateShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
 	return nil, errtypes.NotSupported("not yet implemented")
 }
 
-func (m *mgr) ListShares(ctx context.Context, user *userpb.UserId, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
+func (m *mgr) ListShares(ctx context.Context, user *userpb.User, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
 	var ss []*ocm.Share
 
 	m.Lock()
 	defer m.Unlock()
 
 	for _, share := range m.model.Shares {
-		if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 			// no filter we return earlier
 			if len(filters) == 0 {
 				ss = append(ss, share)
@@ -334,30 +334,30 @@ func (m *mgr) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare)
 	return share, nil
 }
 
-func (m *mgr) ListReceivedShares(ctx context.Context, user *userpb.UserId) ([]*ocm.ReceivedShare, error) {
+func (m *mgr) ListReceivedShares(ctx context.Context, user *userpb.User) ([]*ocm.ReceivedShare, error) {
 	var rss []*ocm.ReceivedShare
 	m.Lock()
 	defer m.Unlock()
 
 	for _, share := range m.model.ReceivedShares {
-		if utils.UserEqual(user, share.Owner) || utils.UserEqual(user, share.Creator) {
+		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 			// omit shares created by me
 			continue
 		}
-		if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user, share.Grantee.GetUserId()) {
+		if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
 			rss = append(rss, share)
 		}
 	}
 	return rss, nil
 }
 
-func (m *mgr) GetReceivedShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
+func (m *mgr) GetReceivedShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
 	m.Lock()
 	defer m.Unlock()
 
 	for _, share := range m.model.ReceivedShares {
 		if receivedShareEqual(ref, share) {
-			if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user, share.Grantee.GetUserId()) {
+			if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
 				return share, nil
 			}
 		}
@@ -365,7 +365,7 @@ func (m *mgr) GetReceivedShare(ctx context.Context, user *userpb.UserId, ref *oc
 	return nil, errtypes.NotFound(ref.String())
 }
 
-func (m *mgr) UpdateReceivedShare(ctx context.Context, user *userpb.UserId, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
+func (m *mgr) UpdateReceivedShare(ctx context.Context, user *userpb.User, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
 	rs, err := m.GetReceivedShare(ctx, user, &ocm.ShareReference{Spec: &ocm.ShareReference_Id{Id: share.Id}})
 	if err != nil {
 		return nil, err
diff --git a/pkg/ocm/share/share.go b/pkg/ocm/share/share.go
index 4d392b1b8a1..a850a1055f7 100644
--- a/pkg/ocm/share/share.go
+++ b/pkg/ocm/share/share.go
@@ -33,29 +33,29 @@ type Repository interface {
 	StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error)
 
 	// GetShare gets the information for a share by the given ref.
-	GetShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.Share, error)
+	GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.Share, error)
 
 	// DeleteShare deletes the share pointed by ref.
-	DeleteShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) error
+	DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) error
 
 	// UpdateShare updates the mode of the given share.
-	UpdateShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
+	UpdateShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error)
 
 	// ListShares returns the shares created by the user. If md is provided is not nil,
 	// it returns only shares attached to the given resource.
-	ListShares(ctx context.Context, user *userpb.UserId, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
+	ListShares(ctx context.Context, user *userpb.User, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
 
 	// StoreShare stores a share.
 	StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error)
 
 	// ListReceivedShares returns the list of shares the user has access.
-	ListReceivedShares(ctx context.Context, user *userpb.UserId) ([]*ocm.ReceivedShare, error)
+	ListReceivedShares(ctx context.Context, user *userpb.User) ([]*ocm.ReceivedShare, error)
 
 	// GetReceivedShare returns the information for a received share the user has access.
-	GetReceivedShare(ctx context.Context, user *userpb.UserId, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
+	GetReceivedShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.ReceivedShare, error)
 
 	// UpdateReceivedShare updates the received share with share state.
-	UpdateReceivedShare(ctx context.Context, user *userpb.UserId, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
+	UpdateReceivedShare(ctx context.Context, user *userpb.User, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error)
 }
 
 // ResourceIDFilter is an abstraction for creating filter by resource id.

From 2f56d72059d229149bc87263047f9e2e0f573069 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 17:52:12 +0100
Subject: [PATCH 18/44] removed old files

---
 pkg/ocm/share/manager/json/json.go           | 600 -----------------
 pkg/ocm/share/manager/loader/loader.go       |  26 -
 pkg/ocm/share/manager/nextcloud/nextcloud.go | 655 -------------------
 pkg/ocm/share/manager/registry/registry.go   |  34 -
 4 files changed, 1315 deletions(-)
 delete mode 100644 pkg/ocm/share/manager/json/json.go
 delete mode 100644 pkg/ocm/share/manager/loader/loader.go
 delete mode 100644 pkg/ocm/share/manager/nextcloud/nextcloud.go
 delete mode 100644 pkg/ocm/share/manager/registry/registry.go

diff --git a/pkg/ocm/share/manager/json/json.go b/pkg/ocm/share/manager/json/json.go
deleted file mode 100644
index 7b4d739a164..00000000000
--- a/pkg/ocm/share/manager/json/json.go
+++ /dev/null
@@ -1,600 +0,0 @@
-// Copyright 2018-2023 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package json
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"sync"
-	"time"
-
-	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
-	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
-	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	ctxpkg "github.com/cs3org/reva/pkg/ctx"
-	"github.com/cs3org/reva/pkg/errtypes"
-	"github.com/cs3org/reva/pkg/ocm/share"
-	"github.com/cs3org/reva/pkg/ocm/share/manager/registry"
-	"github.com/cs3org/reva/pkg/ocm/share/sender"
-	"github.com/cs3org/reva/pkg/utils"
-	"github.com/google/uuid"
-	"github.com/mitchellh/mapstructure"
-	"github.com/pkg/errors"
-	"google.golang.org/genproto/protobuf/field_mask"
-)
-
-func init() {
-	registry.Register("json", New)
-}
-
-// New returns a new authorizer object.
-func New(m map[string]interface{}) (share.Manager, error) {
-	c, err := parseConfig(m)
-	if err != nil {
-		err = errors.Wrap(err, "error creating a new manager")
-		return nil, err
-	}
-	c.init()
-
-	// load or create file
-	model, err := loadOrCreate(c.File)
-	if err != nil {
-		err = errors.Wrap(err, "error loading the file containing the shares")
-		return nil, err
-	}
-
-	mgr := &mgr{
-		c:     c,
-		model: model,
-	}
-
-	return mgr, nil
-}
-
-func loadOrCreate(file string) (*shareModel, error) {
-	_, err := os.Stat(file)
-	if os.IsNotExist(err) {
-		if err := os.WriteFile(file, []byte("{}"), 0700); err != nil {
-			err = errors.Wrap(err, "error creating the file: "+file)
-			return nil, err
-		}
-	}
-
-	fd, err := os.OpenFile(file, os.O_CREATE, 0644)
-	if err != nil {
-		err = errors.Wrap(err, "error opening the file: "+file)
-		return nil, err
-	}
-	defer fd.Close()
-
-	data, err := io.ReadAll(fd)
-	if err != nil {
-		err = errors.Wrap(err, "error reading the data")
-		return nil, err
-	}
-
-	m := &shareModel{}
-	if err := json.Unmarshal(data, m); err != nil {
-		err = errors.Wrap(err, "error decoding data to json")
-		return nil, err
-	}
-
-	if m.Shares == nil {
-		m.Shares = map[string]interface{}{}
-	}
-	if m.ReceivedShares == nil {
-		m.ReceivedShares = map[string]interface{}{}
-	}
-	m.file = file
-
-	return m, nil
-}
-
-type shareModel struct {
-	file           string
-	Shares         map[string]interface{} `json:"shares"`
-	ReceivedShares map[string]interface{} `json:"received_shares"`
-}
-
-type config struct {
-	File                string `mapstructure:"file"`
-	InsecureConnections bool   `mapstructure:"insecure_connections"`
-}
-
-func (c *config) init() {
-	if c.File == "" {
-		c.File = "/var/tmp/reva/ocm-shares.json"
-	}
-}
-
-type mgr struct {
-	c          *config
-	sync.Mutex // concurrent access to the file
-	model      *shareModel
-}
-
-func (m *shareModel) Save() error {
-	data, err := json.Marshal(m)
-	if err != nil {
-		err = errors.Wrap(err, "error encoding to json")
-		return err
-	}
-
-	if err := os.WriteFile(m.file, data, 0644); err != nil {
-		err = errors.Wrap(err, "error writing to file: "+m.file)
-		return err
-	}
-
-	return nil
-}
-
-func (m *shareModel) ReadFile() error {
-	data, err := os.ReadFile(m.file)
-	if err != nil {
-		err = errors.Wrap(err, "error reading the data")
-		return err
-	}
-
-	if err := json.Unmarshal(data, m); err != nil {
-		err = errors.Wrap(err, "error decoding data to json")
-		return err
-	}
-
-	return nil
-}
-
-func parseConfig(m map[string]interface{}) (*config, error) {
-	c := &config{}
-	if err := mapstructure.Decode(m, c); err != nil {
-		return nil, err
-	}
-	return c, nil
-}
-
-func genID() string {
-	return uuid.New().String()
-}
-
-// Called from both grpc CreateOCMShare for outgoing
-// and http /ocm/shares for incoming
-// pi is provider info
-// pm is permissions.
-func (m *mgr) Share(ctx context.Context, md *provider.ResourceId, g *ocm.ShareGrant, name string,
-	pi *ocmprovider.ProviderInfo, pm string, owner *userpb.UserId, token string, st ocm.Share_ShareType) (*ocm.Share, error) {
-	id := genID()
-	now := time.Now().UnixNano()
-	ts := &typespb.Timestamp{
-		Seconds: uint64(now / 1000000000),
-		Nanos:   uint32(now % 1000000000),
-	}
-
-	// Since both OCMCore and OCMShareProvider use the same package, we distinguish
-	// between calls received from them on the basis of whether they provide info
-	// about the remote provider on which the share is to be created.
-	// If this info is provided, this call is on the owner's mesh provider and so
-	// we call the CreateOCMCoreShare method on the remote provider as well,
-	// else this is received from another provider and we only create a local share.
-	var isOwnersMeshProvider bool
-	if pi != nil {
-		isOwnersMeshProvider = true
-	}
-
-	var userID *userpb.UserId
-	if !isOwnersMeshProvider {
-		// Since this call is on the remote provider, the owner of the resource is expected to be specified.
-		if owner == nil {
-			return nil, errors.New("json: owner of resource not provided")
-		}
-		userID = owner
-		g.Grantee.Opaque = &typespb.Opaque{
-			Map: map[string]*typespb.OpaqueEntry{
-				"token": {
-					Decoder: "plain",
-					Value:   []byte(token),
-				},
-			},
-		}
-	} else {
-		userID = ctxpkg.ContextMustGetUser(ctx).GetId()
-	}
-
-	// do not allow share to myself if share is for a user
-	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(g.Grantee.GetUserId(), userID) {
-		return nil, errors.New("json: user and grantee are the same")
-	}
-
-	// check if share already exists.
-	key := &ocm.ShareKey{
-		Owner:      userID,
-		ResourceId: md,
-		Grantee:    g.Grantee,
-	}
-	_, err := m.getByKey(ctx, key)
-
-	// share already exists
-	if isOwnersMeshProvider && err == nil {
-		return nil, errtypes.AlreadyExists(key.String())
-	}
-
-	s := &ocm.Share{
-		Id: &ocm.ShareId{
-			OpaqueId: id,
-		},
-		Name:        name,
-		ResourceId:  md,
-		Permissions: g.Permissions,
-		Grantee:     g.Grantee,
-		Owner:       userID,
-		Creator:     userID,
-		Ctime:       ts,
-		Mtime:       ts,
-		ShareType:   st,
-	}
-
-	if isOwnersMeshProvider {
-		protocol := map[string]interface{}{
-			"name": "webdav",
-			"options": map[string]string{
-				"permissions": pm,
-				"token":       ctxpkg.ContextMustGetToken(ctx),
-			},
-		}
-		if st == ocm.Share_SHARE_TYPE_TRANSFER {
-			protocol["name"] = "datatx"
-		}
-
-		requestBodyMap := map[string]interface{}{
-			"shareWith":    g.Grantee.GetUserId().OpaqueId,
-			"name":         name,
-			"providerId":   fmt.Sprintf("%s:%s", md.StorageId, md.OpaqueId),
-			"owner":        fmt.Sprintf("%s@%s", userID.OpaqueId, userID.Idp),
-			"protocol":     protocol,
-			"meshProvider": userID.Idp,
-		}
-		err = sender.Send(ctx, requestBodyMap, pi)
-		if err != nil {
-			err = errors.Wrap(err, "error sending OCM POST")
-			return nil, err
-		}
-	}
-
-	m.Lock()
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	if isOwnersMeshProvider {
-		encShare, err := utils.MarshalProtoV1ToJSON(s)
-		if err != nil {
-			return nil, err
-		}
-		m.model.Shares[s.Id.OpaqueId] = string(encShare)
-	} else {
-		encShare, err := utils.MarshalProtoV1ToJSON(&ocm.ReceivedShare{
-			Share: s,
-			State: ocm.ShareState_SHARE_STATE_PENDING,
-		})
-		if err != nil {
-			return nil, err
-		}
-		m.model.ReceivedShares[s.Id.OpaqueId] = string(encShare)
-	}
-
-	if err := m.model.Save(); err != nil {
-		err = errors.Wrap(err, "error saving model")
-		return nil, err
-	}
-	m.Unlock()
-
-	return s, nil
-}
-
-func (m *mgr) getByID(ctx context.Context, id *ocm.ShareId) (*ocm.Share, error) {
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	if s, ok := m.model.Shares[id.OpaqueId]; ok {
-		var share ocm.Share
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &share); err != nil {
-			return nil, err
-		}
-		return &share, nil
-	}
-
-	return nil, errtypes.NotFound(id.String())
-}
-
-func (m *mgr) getByKey(ctx context.Context, key *ocm.ShareKey) (*ocm.Share, error) {
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	for _, s := range m.model.Shares {
-		var share ocm.Share
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &share); err != nil {
-			continue
-		}
-		if (utils.UserEqual(key.Owner, share.Owner) || utils.UserEqual(key.Owner, share.Creator)) &&
-			utils.ResourceIDEqual(key.ResourceId, share.ResourceId) && utils.GranteeEqual(key.Grantee, share.Grantee) {
-			return &share, nil
-		}
-	}
-	return nil, errtypes.NotFound(key.String())
-}
-
-func (m *mgr) get(ctx context.Context, ref *ocm.ShareReference) (s *ocm.Share, err error) {
-	switch {
-	case ref.GetId() != nil:
-		s, err = m.getByID(ctx, ref.GetId())
-	case ref.GetKey() != nil:
-		s, err = m.getByKey(ctx, ref.GetKey())
-	default:
-		err = errtypes.NotFound(ref.String())
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	// check if we are the owner
-	user := ctxpkg.ContextMustGetUser(ctx)
-	if utils.UserEqual(user.Id, s.Owner) || utils.UserEqual(user.Id, s.Creator) {
-		return s, nil
-	}
-
-	// we return not found to not disclose information
-	return nil, errtypes.NotFound(ref.String())
-}
-
-func (m *mgr) GetShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.Share, error) {
-	share, err := m.get(ctx, ref)
-	if err != nil {
-		return nil, err
-	}
-
-	return share, nil
-}
-
-func (m *mgr) Unshare(ctx context.Context, ref *ocm.ShareReference) error {
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return err
-	}
-
-	user := ctxpkg.ContextMustGetUser(ctx)
-	for id, s := range m.model.Shares {
-		var share ocm.Share
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &share); err != nil {
-			continue
-		}
-		if sharesEqual(ref, &share) {
-			if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
-				delete(m.model.Shares, id)
-				if err := m.model.Save(); err != nil {
-					err = errors.Wrap(err, "error saving model")
-					return err
-				}
-				return nil
-			}
-		}
-	}
-	return errtypes.NotFound(ref.String())
-}
-
-func sharesEqual(ref *ocm.ShareReference, s *ocm.Share) bool {
-	if ref.GetId() != nil && s.Id != nil {
-		if ref.GetId().OpaqueId == s.Id.OpaqueId {
-			return true
-		}
-	} else if ref.GetKey() != nil {
-		if (utils.UserEqual(ref.GetKey().Owner, s.Owner) || utils.UserEqual(ref.GetKey().Owner, s.Creator)) &&
-			utils.ResourceIDEqual(ref.GetKey().ResourceId, s.ResourceId) && utils.GranteeEqual(ref.GetKey().Grantee, s.Grantee) {
-			return true
-		}
-	}
-	return false
-}
-
-func (m *mgr) UpdateShare(ctx context.Context, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	user := ctxpkg.ContextMustGetUser(ctx)
-	for id, s := range m.model.Shares {
-		var share ocm.Share
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &share); err != nil {
-			continue
-		}
-		if sharesEqual(ref, &share) {
-			if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
-				now := time.Now().UnixNano()
-				share.Permissions = p
-				share.Mtime = &typespb.Timestamp{
-					Seconds: uint64(now / 1000000000),
-					Nanos:   uint32(now % 1000000000),
-				}
-				encShare, err := utils.MarshalProtoV1ToJSON(&share)
-				if err != nil {
-					return nil, err
-				}
-				m.model.Shares[id] = string(encShare)
-				if err := m.model.Save(); err != nil {
-					err = errors.Wrap(err, "error saving model")
-					return nil, err
-				}
-				return &share, nil
-			}
-		}
-	}
-	return nil, errtypes.NotFound(ref.String())
-}
-
-func (m *mgr) ListShares(ctx context.Context, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
-	var ss []*ocm.Share
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	user := ctxpkg.ContextMustGetUser(ctx)
-	for _, s := range m.model.Shares {
-		var share ocm.Share
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &share); err != nil {
-			continue
-		}
-		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
-			// no filter we return earlier
-			if len(filters) == 0 {
-				ss = append(ss, &share)
-			} else {
-				// check filters
-				// TODO(labkode): add the rest of filters.
-				for _, f := range filters {
-					if f.Type == ocm.ListOCMSharesRequest_Filter_TYPE_RESOURCE_ID {
-						if utils.ResourceIDEqual(share.ResourceId, f.GetResourceId()) {
-							ss = append(ss, &share)
-						}
-					}
-				}
-			}
-		}
-	}
-	return ss, nil
-}
-
-func (m *mgr) ListReceivedShares(ctx context.Context) ([]*ocm.ReceivedShare, error) {
-	var rss []*ocm.ReceivedShare
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	user := ctxpkg.ContextMustGetUser(ctx)
-	for _, s := range m.model.ReceivedShares {
-		var rs ocm.ReceivedShare
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &rs); err != nil {
-			continue
-		}
-		share := rs.Share
-		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
-			// omit shares created by me
-			continue
-		}
-		if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
-			rss = append(rss, &rs)
-		}
-	}
-	return rss, nil
-}
-
-func (m *mgr) GetReceivedShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
-	return m.getReceived(ctx, ref)
-}
-
-func (m *mgr) getReceived(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
-	m.Lock()
-	defer m.Unlock()
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	user := ctxpkg.ContextMustGetUser(ctx)
-	for _, s := range m.model.ReceivedShares {
-		var rs ocm.ReceivedShare
-		if err := utils.UnmarshalJSONToProtoV1([]byte(s.(string)), &rs); err != nil {
-			continue
-		}
-		share := rs.Share
-		if sharesEqual(ref, share) {
-			if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
-				return &rs, nil
-			}
-		}
-	}
-	return nil, errtypes.NotFound(ref.String())
-}
-
-func (m *mgr) UpdateReceivedShare(ctx context.Context, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
-	rs, err := m.getReceived(ctx, &ocm.ShareReference{Spec: &ocm.ShareReference_Id{Id: share.Share.Id}})
-	if err != nil {
-		return nil, err
-	}
-
-	m.Lock()
-	defer m.Unlock()
-
-	for i := range fieldMask.Paths {
-		switch fieldMask.Paths[i] {
-		case "state":
-			rs.State = share.State
-		// TODO case "mount_point":
-		default:
-			return nil, errtypes.NotSupported("updating " + fieldMask.Paths[i] + " is not supported")
-		}
-	}
-
-	if err := m.model.ReadFile(); err != nil {
-		err = errors.Wrap(err, "error reading model")
-		return nil, err
-	}
-
-	encShare, err := utils.MarshalProtoV1ToJSON(rs)
-	if err != nil {
-		return nil, err
-	}
-	m.model.ReceivedShares[rs.Share.Id.GetOpaqueId()] = string(encShare)
-
-	if err := m.model.Save(); err != nil {
-		err = errors.Wrap(err, "error saving model")
-		return nil, err
-	}
-
-	return rs, nil
-}
diff --git a/pkg/ocm/share/manager/loader/loader.go b/pkg/ocm/share/manager/loader/loader.go
deleted file mode 100644
index 798abf265e6..00000000000
--- a/pkg/ocm/share/manager/loader/loader.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2018-2023 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package loader
-
-import (
-	// Load core share manager drivers.
-	_ "github.com/cs3org/reva/pkg/ocm/share/manager/json"
-	_ "github.com/cs3org/reva/pkg/ocm/share/manager/nextcloud"
-	// Add your own here.
-)
diff --git a/pkg/ocm/share/manager/nextcloud/nextcloud.go b/pkg/ocm/share/manager/nextcloud/nextcloud.go
deleted file mode 100644
index 4c2d1da069d..00000000000
--- a/pkg/ocm/share/manager/nextcloud/nextcloud.go
+++ /dev/null
@@ -1,655 +0,0 @@
-// Copyright 2018-2023 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-// Package nextcloud verifies a clientID and clientSecret against a Nextcloud backend.
-package nextcloud
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"math/rand"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ctxpkg "github.com/cs3org/reva/pkg/ctx"
-
-	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
-	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
-	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
-	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
-	"github.com/cs3org/reva/pkg/appctx"
-	"github.com/cs3org/reva/pkg/errtypes"
-	"github.com/cs3org/reva/pkg/ocm/share"
-	"github.com/cs3org/reva/pkg/ocm/share/manager/registry"
-	"github.com/cs3org/reva/pkg/ocm/share/sender"
-	"github.com/cs3org/reva/pkg/utils"
-	"github.com/mitchellh/mapstructure"
-	"github.com/pkg/errors"
-	"google.golang.org/genproto/protobuf/field_mask"
-)
-
-var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-
-func randSeq(n int) string {
-	b := make([]rune, n)
-	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))]
-	}
-	return string(b)
-}
-
-func init() {
-	rand.Seed(time.Now().UnixNano())
-	registry.Register("nextcloud", New)
-}
-
-// Manager is the Nextcloud-based implementation of the share.Manager interface
-// see https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-type Manager struct {
-	client       *http.Client
-	sharedSecret string
-	webDAVHost   string
-	endPoint     string
-}
-
-// ShareManagerConfig contains config for a Nextcloud-based ShareManager.
-type ShareManagerConfig struct {
-	EndPoint     string `mapstructure:"endpoint" docs:";The Nextcloud backend endpoint for user check"`
-	SharedSecret string `mapstructure:"shared_secret"`
-	WebDAVHost   string `mapstructure:"webdav_host"`
-	MockHTTP     bool   `mapstructure:"mock_http"`
-}
-
-// Action describes a REST request to forward to the Nextcloud backend.
-type Action struct {
-	verb string
-	argS string
-}
-
-// GranteeAltMap is an alternative map to JSON-unmarshal a Grantee
-// Grantees are hard to unmarshal, so unmarshalling into a map[string]interface{} first,
-// see also https://github.com/pondersource/sciencemesh-nextcloud/issues/27
-type GranteeAltMap struct {
-	ID *provider.Grantee_UserId `json:"id"`
-}
-
-// ShareAltMap is an alternative map to JSON-unmarshal a Share.
-type ShareAltMap struct {
-	ID          *ocm.ShareId          `json:"id"`
-	ResourceID  *provider.ResourceId  `json:"resource_id"`
-	Permissions *ocm.SharePermissions `json:"permissions"`
-	Grantee     *GranteeAltMap        `json:"grantee"`
-	Owner       *userpb.UserId        `json:"owner"`
-	Creator     *userpb.UserId        `json:"creator"`
-	Ctime       *typespb.Timestamp    `json:"ctime"`
-	Mtime       *typespb.Timestamp    `json:"mtime"`
-}
-
-// ReceivedShareAltMap is an alternative map to JSON-unmarshal a ReceivedShare.
-type ReceivedShareAltMap struct {
-	Share *ShareAltMap   `json:"share"`
-	State ocm.ShareState `json:"state"`
-}
-
-func (c *ShareManagerConfig) init() {
-}
-
-func parseConfig(m map[string]interface{}) (*ShareManagerConfig, error) {
-	c := &ShareManagerConfig{}
-	if err := mapstructure.Decode(m, c); err != nil {
-		err = errors.Wrap(err, "error decoding conf")
-		return nil, err
-	}
-	return c, nil
-}
-
-func getUser(ctx context.Context) (*userpb.User, error) {
-	u, ok := ctxpkg.ContextGetUser(ctx)
-	if !ok {
-		err := errors.Wrap(errtypes.UserRequired(""), "nextcloud storage driver: error getting user from ctx")
-		return nil, err
-	}
-	return u, nil
-}
-
-// New returns a share manager implementation that verifies against a Nextcloud backend.
-func New(m map[string]interface{}) (share.Manager, error) {
-	c, err := parseConfig(m)
-	if err != nil {
-		return nil, err
-	}
-	c.init()
-
-	return NewShareManager(c)
-}
-
-// NewShareManager returns a new Nextcloud-based ShareManager.
-func NewShareManager(c *ShareManagerConfig) (*Manager, error) {
-	var client *http.Client
-	if c.MockHTTP {
-		// called := make([]string, 0)
-		// nextcloudServerMock := GetNextcloudServerMock(&called)
-		// client, _ = TestingHTTPClient(nextcloudServerMock)
-
-		// Wait for SetHTTPClient to be called later
-		client = nil
-	} else {
-		if len(c.EndPoint) == 0 {
-			return nil, errors.New("Please specify 'endpoint' in '[grpc.services.ocmshareprovider.drivers.nextcloud]' and  '[grpc.services.ocmcore.drivers.nextcloud]'")
-		}
-		client = &http.Client{}
-	}
-
-	return &Manager{
-		endPoint:     c.EndPoint, // e.g. "http://nc/apps/sciencemesh/"
-		sharedSecret: c.SharedSecret,
-		client:       client,
-		webDAVHost:   c.WebDAVHost,
-	}, nil
-}
-
-// SetHTTPClient sets the HTTP client.
-func (sm *Manager) SetHTTPClient(c *http.Client) {
-	sm.client = c
-}
-
-func getUsername(ctx context.Context) string {
-	user, err := getUser(ctx)
-	if err != nil {
-		return "unknown"
-	}
-	if len(user.Username) > 0 {
-		return user.Username
-	}
-	if len(user.Id.OpaqueId) > 0 {
-		return user.Id.OpaqueId
-	}
-
-	return "empty-username"
-}
-
-func (sm *Manager) do(ctx context.Context, a Action, username string) (int, []byte, error) {
-	url := sm.endPoint + "~" + username + "/api/ocm/" + a.verb
-
-	log := appctx.GetLogger(ctx)
-	log.Info().Msgf("am.do %s %s", url, a.argS)
-	req, err := http.NewRequest(http.MethodPost, url, strings.NewReader(a.argS))
-	if err != nil {
-		return 0, nil, err
-	}
-	req.Header.Set("X-Reva-Secret", sm.sharedSecret)
-
-	req.Header.Set("Content-Type", "application/json")
-	resp, err := sm.client.Do(req)
-	if err != nil {
-		return 0, nil, err
-	}
-
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return 0, nil, err
-	}
-
-	// curl -i -H 'application/json' -H 'X-Reva-Secret: shared-secret-1' -d '{"md":{"opaque_id":"fileid-/other/q/as"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"revanc2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://nc1.docker/index.php/apps/sciencemesh/~/api/ocm/addSentShare
-
-	log.Info().Msgf("am.do response %d %s", resp.StatusCode, body)
-
-	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
-		return 0, nil, fmt.Errorf("Unexpected response code from EFSS API: " + strconv.Itoa(resp.StatusCode))
-	}
-	return resp.StatusCode, body, nil
-}
-
-// Share is called from both grpc CreateOCMShare for outgoing
-// and http /ocm/shares for incoming
-// pi is provider info
-// pm is permissions.
-func (sm *Manager) Share(ctx context.Context, md *provider.ResourceId, g *ocm.ShareGrant, name string,
-	pi *ocmprovider.ProviderInfo, pm string, owner *userpb.UserId, token string, st ocm.Share_ShareType) (*ocm.Share, error) {
-	// Since both OCMCore and OCMShareProvider use the same package, we distinguish
-	// between calls received from them on the basis of whether they provide info
-	// about the remote provider on which the share is to be created.
-	// If this info is provided, this call is on the owner's mesh provider and so
-	// we call the CreateOCMCoreShare method on the remote provider as well,
-	// else this is received from another provider and we only create a local share.
-	var isOwnersMeshProvider bool
-	var apiMethod string
-	var username string
-	if pi != nil {
-		isOwnersMeshProvider = true
-		apiMethod = "addSentShare"
-		username = getUsername(ctx)
-		token = randSeq(10) // FIXME: is this used for datatx?
-	} else {
-		apiMethod = "addReceivedShare"
-		username = g.Grantee.GetUserId().OpaqueId
-	}
-
-	var userID *userpb.UserId
-	if !isOwnersMeshProvider {
-		// Since this call is on the remote provider, the owner of the resource is expected to be specified.
-		if owner == nil {
-			return nil, errors.New("nextcloud: owner of resource not provided")
-		}
-		userID = owner
-	} else {
-		userID = ctxpkg.ContextMustGetUser(ctx).GetId()
-	}
-
-	// do not allow share to myself if share is for a user
-	if g.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(g.Grantee.GetUserId(), userID) {
-		return nil, errors.New("nextcloud: user and grantee are the same")
-	}
-
-	now := time.Now().UnixNano()
-	ts := &typespb.Timestamp{
-		Seconds: uint64(now / 1000000000),
-		Nanos:   uint32(now % 1000000000),
-	}
-
-	s := &ocm.Share{
-		Id: &ocm.ShareId{
-			OpaqueId: "will-be-filled-in-by-the-backend",
-		},
-		Name:        name,
-		ResourceId:  md,
-		Permissions: g.Permissions,
-		Grantee:     g.Grantee,
-		Owner:       userID,
-		Creator:     userID,
-		Ctime:       ts,
-		Mtime:       ts,
-		ShareType:   st,
-	}
-
-	var encShare []byte
-	var err error
-
-	if isOwnersMeshProvider {
-		// adding the webdav sharedSecret in the Grantee because Share itself doesn't have an Opaque field,
-		// see https://cs3org.github.io/cs3apis/#cs3.storage.provider.v1beta1.Grantee
-		// and https://cs3org.github.io/cs3apis/#cs3.sharing.ocm.v1beta1.Share
-		s.Grantee.Opaque = &typespb.Opaque{
-			Map: map[string]*typespb.OpaqueEntry{
-				"sharedSecret": {
-					Decoder: "plain",
-					Value:   []byte(token),
-				},
-			},
-		}
-
-		encShare, err = utils.MarshalProtoV1ToJSON(s)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		// adding the webdav sharedSecret and remote share id (called the "ProviderID" in OCM) in the Grantee because Share itself doesn't have an Opaque field,
-		// see https://cs3org.github.io/cs3apis/#cs3.storage.provider.v1beta1.Grantee
-		// and https://cs3org.github.io/cs3apis/#cs3.sharing.ocm.v1beta1.Share
-		s.Grantee.Opaque = &typespb.Opaque{
-			Map: map[string]*typespb.OpaqueEntry{
-				"sharedSecret": {
-					Decoder: "plain",
-					Value:   []byte(token),
-				},
-				"remoteShareId": {
-					Decoder: "plain",
-					Value:   g.Grantee.Opaque.Map["remoteShareId"].Value,
-				},
-			},
-		}
-
-		encShare, err = utils.MarshalProtoV1ToJSON(&ocm.ReceivedShare{
-			Share: s,
-			State: ocm.ShareState_SHARE_STATE_PENDING,
-		})
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	_, body, err := sm.do(ctx, Action{apiMethod, string(encShare)}, username)
-	s.Id = &ocm.ShareId{
-		OpaqueId: string(body),
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	if isOwnersMeshProvider {
-		// token, ok := ctxpkg.ContextGetToken(ctx)
-		// if !ok {
-		// 	return nil, errors.New("Could not get token from context")
-		// }
-		var protocol map[string]interface{}
-		if st == ocm.Share_SHARE_TYPE_TRANSFER {
-			protocol = map[string]interface{}{
-				"name": "datatx",
-				"options": map[string]string{
-					"permissions": pm,
-					"token":       token, // FIXME: Where is the token for datatx generated?
-				},
-			}
-		} else {
-			protocol = map[string]interface{}{
-				"name": "webdav",
-				"options": map[string]string{
-					"permissions":  pm,
-					"sharedSecret": token,
-					"remote":       sm.webDAVHost,
-				},
-			}
-		}
-
-		// required:
-		// shareWith	       string Consumer specific identifier of the user or group the provider wants to share the resource with. This is known in advance. Please note that the consumer service endpoint is known in advance as well, so this is no part of the request body.
-		// name				       string Name of the resource (file or folder).
-		// providerId        string Identifier to identify the resource at the provider side. This is unique per provider
-		// owner             string Provider specific identifier of the user who owns the resource.
-		// shareType         string Share type (user or group share)
-		// resourceType      string Resource type (file, calendar, contact,...)
-		// protocol          object The protocol which is used to establish synchronisation. At the moment only webdav is supported, but other (custom) protocols might be added in the future.
-		//
-		// optional:
-		// description       string Optional description of the resource (file or folder).
-		// sender	           string Provider specific identifier of the user that wants to share the resource. Please note that the requesting provider is being identified on a higher level, so the former remote property is no part of the request body.
-		// ownerDisplayName	 string Display name of the owner of the resource
-		// senderDisplayName string Display name of the owner of the resource
-
-		requestBodyMap := map[string]interface{}{
-			"shareWith":    g.Grantee.GetUserId().OpaqueId,
-			"name":         name, // e.g. /home/welcome.txt becomes /welcome.txt
-			"providerId":   s.Id.OpaqueId,
-			"owner":        fmt.Sprintf("%s@%s", userID.OpaqueId, sm.webDAVHost),
-			"protocol":     protocol,
-			"meshProvider": userID.Idp,
-		}
-		err = sender.Send(ctx, requestBodyMap, pi)
-		if err != nil {
-			err = errors.Wrap(err, "error sending OCM POST")
-			return nil, err
-		}
-	}
-
-	return s, nil
-}
-
-// GetShare as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-func (sm *Manager) GetShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.Share, error) {
-	bodyStr, err := json.Marshal(ref)
-	if err != nil {
-		return nil, err
-	}
-	_, body, err := sm.do(ctx, Action{"GetShare", string(bodyStr)}, getUsername(ctx))
-	if err != nil {
-		return nil, err
-	}
-
-	altResult := &ShareAltMap{}
-	err = json.Unmarshal(body, &altResult)
-	if altResult == nil {
-		return nil, err
-	}
-	return &ocm.Share{
-		Id:          altResult.ID,
-		ResourceId:  altResult.ResourceID,
-		Permissions: altResult.Permissions,
-		Grantee: &provider.Grantee{
-			Id: altResult.Grantee.ID,
-		},
-		Owner:   altResult.Owner,
-		Creator: altResult.Creator,
-		Ctime:   altResult.Ctime,
-		Mtime:   altResult.Mtime,
-	}, err
-}
-
-// Unshare as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-func (sm *Manager) Unshare(ctx context.Context, ref *ocm.ShareReference) error {
-	bodyStr, err := json.Marshal(ref)
-	if err != nil {
-		return err
-	}
-
-	_, _, err = sm.do(ctx, Action{"Unshare", string(bodyStr)}, getUsername(ctx))
-	return err
-}
-
-// UpdateShare as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-func (sm *Manager) UpdateShare(ctx context.Context, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
-	type paramsObj struct {
-		Ref *ocm.ShareReference   `json:"ref"`
-		P   *ocm.SharePermissions `json:"p"`
-	}
-	bodyObj := &paramsObj{
-		Ref: ref,
-		P:   p,
-	}
-	bodyStr, err := json.Marshal(bodyObj)
-	if err != nil {
-		return nil, err
-	}
-
-	_, body, err := sm.do(ctx, Action{"UpdateShare", string(bodyStr)}, getUsername(ctx))
-
-	if err != nil {
-		return nil, err
-	}
-
-	altResult := &ShareAltMap{}
-	err = json.Unmarshal(body, &altResult)
-	if altResult == nil {
-		return nil, err
-	}
-	return &ocm.Share{
-		Id:          altResult.ID,
-		ResourceId:  altResult.ResourceID,
-		Permissions: altResult.Permissions,
-		Grantee: &provider.Grantee{
-			Id: altResult.Grantee.ID,
-		},
-		Owner:   altResult.Owner,
-		Creator: altResult.Creator,
-		Ctime:   altResult.Ctime,
-		Mtime:   altResult.Mtime,
-	}, err
-}
-
-// ListShares as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-func (sm *Manager) ListShares(ctx context.Context, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
-	bodyStr, err := json.Marshal(filters)
-	if err != nil {
-		return nil, err
-	}
-
-	_, respBody, err := sm.do(ctx, Action{"ListShares", string(bodyStr)}, getUsername(ctx))
-	if err != nil {
-		return nil, err
-	}
-
-	var respArr []ShareAltMap
-	err = json.Unmarshal(respBody, &respArr)
-	if err != nil {
-		return nil, err
-	}
-
-	var pointers = make([]*ocm.Share, len(respArr))
-	for i := 0; i < len(respArr); i++ {
-		altResult := respArr[i]
-		pointers[i] = &ocm.Share{
-			Id:          altResult.ID,
-			ResourceId:  altResult.ResourceID,
-			Permissions: altResult.Permissions,
-			Grantee: &provider.Grantee{
-				Id: altResult.Grantee.ID,
-			},
-			Owner:   altResult.Owner,
-			Creator: altResult.Creator,
-			Ctime:   altResult.Ctime,
-			Mtime:   altResult.Mtime,
-		}
-	}
-	return pointers, err
-}
-
-// ListReceivedShares as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-// returns a list of these:
-// https://github.com/cs3org/go-cs3apis/blob/d297419/cs3/sharing/ocm/v1beta1/resources.pb.go#L290-L302
-func (sm *Manager) ListReceivedShares(ctx context.Context) ([]*ocm.ReceivedShare, error) {
-	log := appctx.GetLogger(ctx)
-	_, respBody, err := sm.do(ctx, Action{"ListReceivedShares", string("")}, getUsername(ctx))
-	if err != nil {
-		return nil, err
-	}
-
-	var respArr []ReceivedShareAltMap
-	err = json.Unmarshal(respBody, &respArr)
-	if err != nil {
-		return nil, err
-	}
-
-	var pointersReceivedShare = make([]*ocm.ReceivedShare, 0, len(respArr))
-	for _, share := range respArr {
-		altResultShare := share.Share
-		log.Info().Msgf("Unpacking share object %+v\n", altResultShare)
-		if altResultShare == nil {
-			return nil, errors.New("received an unreadable share object from the EFSS backend")
-		}
-		s := &ocm.Share{
-			Id:          altResultShare.ID,
-			ResourceId:  altResultShare.ResourceID,
-			Permissions: altResultShare.Permissions,
-			Grantee: &provider.Grantee{
-				Id: altResultShare.Grantee.ID,
-			},
-			Owner:   altResultShare.Owner,
-			Creator: altResultShare.Creator,
-			Ctime:   altResultShare.Ctime,
-			Mtime:   altResultShare.Mtime,
-		}
-		pointersReceivedShare = append(pointersReceivedShare, &ocm.ReceivedShare{
-			Share: s,
-			State: share.State,
-		})
-	}
-	return pointersReceivedShare, err
-}
-
-// GetReceivedShare as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L29-L54
-func (sm *Manager) GetReceivedShare(ctx context.Context, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
-	bodyStr, err := json.Marshal(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	_, respBody, err := sm.do(ctx, Action{"GetReceivedShare", string(bodyStr)}, getUsername(ctx))
-	if err != nil {
-		return nil, err
-	}
-
-	var altResult ReceivedShareAltMap
-	err = json.Unmarshal(respBody, &altResult)
-	if err != nil {
-		return nil, err
-	}
-	altResultShare := altResult.Share
-	if altResultShare == nil {
-		return &ocm.ReceivedShare{
-			Share: nil,
-			State: altResult.State,
-		}, err
-	}
-	return &ocm.ReceivedShare{
-		Share: &ocm.Share{
-			Id:          altResultShare.ID,
-			ResourceId:  altResultShare.ResourceID,
-			Permissions: altResultShare.Permissions,
-			Grantee: &provider.Grantee{
-				Id: altResultShare.Grantee.ID,
-			},
-			Owner:   altResultShare.Owner,
-			Creator: altResultShare.Creator,
-			Ctime:   altResultShare.Ctime,
-			Mtime:   altResultShare.Mtime,
-		},
-		State: altResult.State,
-	}, err
-}
-
-// UpdateReceivedShare as defined in the ocm.share.Manager interface
-// https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
-func (sm Manager) UpdateReceivedShare(ctx context.Context, receivedShare *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
-	type paramsObj struct {
-		ReceivedShare *ocm.ReceivedShare    `json:"received_share"`
-		FieldMask     *field_mask.FieldMask `json:"field_mask"`
-	}
-
-	bodyObj := &paramsObj{
-		ReceivedShare: receivedShare,
-		FieldMask:     fieldMask,
-	}
-	bodyStr, err := json.Marshal(bodyObj)
-	if err != nil {
-		return nil, err
-	}
-
-	_, respBody, err := sm.do(ctx, Action{"UpdateReceivedShare", string(bodyStr)}, getUsername(ctx))
-	if err != nil {
-		return nil, err
-	}
-
-	var altResult ReceivedShareAltMap
-	err = json.Unmarshal(respBody, &altResult)
-	if err != nil {
-		return nil, err
-	}
-	altResultShare := altResult.Share
-	if altResultShare == nil {
-		return &ocm.ReceivedShare{
-			Share: nil,
-			State: altResult.State,
-		}, err
-	}
-	return &ocm.ReceivedShare{
-		Share: &ocm.Share{
-			Id:          altResultShare.ID,
-			ResourceId:  altResultShare.ResourceID,
-			Permissions: altResultShare.Permissions,
-			Grantee: &provider.Grantee{
-				Id: altResultShare.Grantee.ID,
-			},
-			Owner:   altResultShare.Owner,
-			Creator: altResultShare.Creator,
-			Ctime:   altResultShare.Ctime,
-			Mtime:   altResultShare.Mtime,
-		},
-		State: altResult.State,
-	}, err
-}
diff --git a/pkg/ocm/share/manager/registry/registry.go b/pkg/ocm/share/manager/registry/registry.go
deleted file mode 100644
index cac9ab6803f..00000000000
--- a/pkg/ocm/share/manager/registry/registry.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018-2023 CERN
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// In applying this license, CERN does not waive the privileges and immunities
-// granted to it by virtue of its status as an Intergovernmental Organization
-// or submit itself to any jurisdiction.
-
-package registry
-
-import "github.com/cs3org/reva/pkg/ocm/share"
-
-// NewFunc is the function that share managers
-// should register at init time.
-type NewFunc func(map[string]interface{}) (share.Manager, error)
-
-// NewFuncs is a map containing all the registered share managers.
-var NewFuncs = map[string]NewFunc{}
-
-// Register registers a new share manager new function.
-// Not safe for concurrent use. Safe for use from package init.
-func Register(name string, f NewFunc) {
-	NewFuncs[name] = f
-}

From 3cce463f69183f9778e4602a2212e7a475baf432 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 17:52:27 +0100
Subject: [PATCH 19/44] refactored nextcloud ocm share driver

---
 cmd/revad/runtime/loader.go                   |   2 +-
 .../share/repository/nextcloud/nextcloud.go   | 464 ++++++++++++++++++
 .../nextcloud/nextcloud_server_mock.go        |   2 +-
 .../nextcloud/nextcloud_suite_test.go         |   0
 .../nextcloud/nextcloud_test.go               | 397 +++++----------
 5 files changed, 580 insertions(+), 285 deletions(-)
 create mode 100644 pkg/ocm/share/repository/nextcloud/nextcloud.go
 rename pkg/ocm/share/{manager => repository}/nextcloud/nextcloud_server_mock.go (92%)
 rename pkg/ocm/share/{manager => repository}/nextcloud/nextcloud_suite_test.go (100%)
 rename pkg/ocm/share/{manager => repository}/nextcloud/nextcloud_test.go (65%)

diff --git a/cmd/revad/runtime/loader.go b/cmd/revad/runtime/loader.go
index c34bafa537d..da63b369ce6 100644
--- a/cmd/revad/runtime/loader.go
+++ b/cmd/revad/runtime/loader.go
@@ -38,7 +38,7 @@ import (
 	_ "github.com/cs3org/reva/pkg/metrics/driver/loader"
 	_ "github.com/cs3org/reva/pkg/ocm/invite/repository/loader"
 	_ "github.com/cs3org/reva/pkg/ocm/provider/authorizer/loader"
-	_ "github.com/cs3org/reva/pkg/ocm/share/manager/loader"
+	_ "github.com/cs3org/reva/pkg/ocm/share/repository/loader"
 	_ "github.com/cs3org/reva/pkg/permission/manager/loader"
 	_ "github.com/cs3org/reva/pkg/preferences/loader"
 	_ "github.com/cs3org/reva/pkg/publicshare/manager/loader"
diff --git a/pkg/ocm/share/repository/nextcloud/nextcloud.go b/pkg/ocm/share/repository/nextcloud/nextcloud.go
new file mode 100644
index 00000000000..7fc07f11618
--- /dev/null
+++ b/pkg/ocm/share/repository/nextcloud/nextcloud.go
@@ -0,0 +1,464 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+// Package nextcloud verifies a clientID and clientSecret against a Nextcloud backend.
+package nextcloud
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	ctxpkg "github.com/cs3org/reva/pkg/ctx"
+
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
+	"github.com/cs3org/reva/pkg/appctx"
+	"github.com/cs3org/reva/pkg/errtypes"
+	"github.com/cs3org/reva/pkg/ocm/share"
+	"github.com/cs3org/reva/pkg/ocm/share/repository/registry"
+	"github.com/cs3org/reva/pkg/utils"
+	"github.com/mitchellh/mapstructure"
+	"github.com/pkg/errors"
+	"google.golang.org/genproto/protobuf/field_mask"
+)
+
+func init() {
+	registry.Register("nextcloud", New)
+}
+
+// Manager is the Nextcloud-based implementation of the share.Repository interface
+// see https://github.com/cs3org/reva/blob/v1.13.0/pkg/ocm/share/share.go#L30-L57
+type Manager struct {
+	client       *http.Client
+	sharedSecret string
+	webDAVHost   string
+	endPoint     string
+}
+
+// ShareManagerConfig contains config for a Nextcloud-based ShareManager.
+type ShareManagerConfig struct {
+	EndPoint     string `mapstructure:"endpoint" docs:";The Nextcloud backend endpoint for user check"`
+	SharedSecret string `mapstructure:"shared_secret"`
+	WebDAVHost   string `mapstructure:"webdav_host"`
+	MockHTTP     bool   `mapstructure:"mock_http"`
+}
+
+// Action describes a REST request to forward to the Nextcloud backend.
+type Action struct {
+	verb string
+	argS string
+}
+
+// GranteeAltMap is an alternative map to JSON-unmarshal a Grantee
+// Grantees are hard to unmarshal, so unmarshalling into a map[string]interface{} first,
+// see also https://github.com/pondersource/sciencemesh-nextcloud/issues/27
+type GranteeAltMap struct {
+	ID *provider.Grantee_UserId `json:"id"`
+}
+
+// ShareAltMap is an alternative map to JSON-unmarshal a Share.
+type ShareAltMap struct {
+	ID          *ocm.ShareId          `json:"id"`
+	ResourceID  *provider.ResourceId  `json:"resource_id"`
+	Permissions *ocm.SharePermissions `json:"permissions"`
+	Grantee     *GranteeAltMap        `json:"grantee"`
+	Owner       *userpb.UserId        `json:"owner"`
+	Creator     *userpb.UserId        `json:"creator"`
+	Ctime       *typespb.Timestamp    `json:"ctime"`
+	Mtime       *typespb.Timestamp    `json:"mtime"`
+}
+
+// ReceivedShareAltMap is an alternative map to JSON-unmarshal a ReceivedShare.
+type ReceivedShareAltMap struct {
+	Share *ShareAltMap   `json:"share"`
+	State ocm.ShareState `json:"state"`
+}
+
+func (c *ShareManagerConfig) init() {
+}
+
+func parseConfig(m map[string]interface{}) (*ShareManagerConfig, error) {
+	c := &ShareManagerConfig{}
+	if err := mapstructure.Decode(m, c); err != nil {
+		err = errors.Wrap(err, "error decoding conf")
+		return nil, err
+	}
+	return c, nil
+}
+
+func getUser(ctx context.Context) (*userpb.User, error) {
+	u, ok := ctxpkg.ContextGetUser(ctx)
+	if !ok {
+		err := errors.Wrap(errtypes.UserRequired(""), "nextcloud storage driver: error getting user from ctx")
+		return nil, err
+	}
+	return u, nil
+}
+
+// New returns a share manager implementation that verifies against a Nextcloud backend.
+func New(m map[string]interface{}) (share.Repository, error) {
+	c, err := parseConfig(m)
+	if err != nil {
+		return nil, err
+	}
+	c.init()
+
+	return NewShareManager(c)
+}
+
+// NewShareManager returns a new Nextcloud-based ShareManager.
+func NewShareManager(c *ShareManagerConfig) (*Manager, error) {
+	var client *http.Client
+	if c.MockHTTP {
+		// called := make([]string, 0)
+		// nextcloudServerMock := GetNextcloudServerMock(&called)
+		// client, _ = TestingHTTPClient(nextcloudServerMock)
+
+		// Wait for SetHTTPClient to be called later
+		client = nil
+	} else {
+		if len(c.EndPoint) == 0 {
+			return nil, errors.New("Please specify 'endpoint' in '[grpc.services.ocmshareprovider.drivers.nextcloud]' and  '[grpc.services.ocmcore.drivers.nextcloud]'")
+		}
+		client = &http.Client{}
+	}
+
+	return &Manager{
+		endPoint:     c.EndPoint, // e.g. "http://nc/apps/sciencemesh/"
+		sharedSecret: c.SharedSecret,
+		client:       client,
+		webDAVHost:   c.WebDAVHost,
+	}, nil
+}
+
+// SetHTTPClient sets the HTTP client.
+func (sm *Manager) SetHTTPClient(c *http.Client) {
+	sm.client = c
+}
+
+func (sm *Manager) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error) {
+	encShare, err := utils.MarshalProtoV1ToJSON(share)
+	if err != nil {
+		return nil, err
+	}
+	_, body, err := sm.do(ctx, Action{"addSentShare", string(encShare)}, getUsername(&userpb.User{Id: share.Creator}))
+	if err != nil {
+		return nil, err
+	}
+	share.Id = &ocm.ShareId{
+		OpaqueId: string(body),
+	}
+	return share, nil
+}
+
+// GetShare gets the information for a share by the given ref.
+func (sm *Manager) GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.Share, error) {
+	data, err := json.Marshal(ref)
+	if err != nil {
+		return nil, err
+	}
+	_, body, err := sm.do(ctx, Action{"GetShare", string(data)}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	altResult := &ShareAltMap{}
+	if err := json.Unmarshal(body, &altResult); err != nil {
+		return nil, err
+	}
+	return &ocm.Share{
+		Id:         altResult.ID,
+		ResourceId: altResult.ResourceID,
+		Grantee: &provider.Grantee{
+			Id: altResult.Grantee.ID,
+		},
+		Owner:   altResult.Owner,
+		Creator: altResult.Creator,
+		Ctime:   altResult.Ctime,
+		Mtime:   altResult.Mtime,
+	}, nil
+}
+
+// DeleteShare deletes the share pointed by ref.
+func (sm *Manager) DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) error {
+	bodyStr, err := json.Marshal(ref)
+	if err != nil {
+		return err
+	}
+
+	_, _, err = sm.do(ctx, Action{"Unshare", string(bodyStr)}, getUsername(user))
+	return err
+}
+
+// UpdateShare updates the mode of the given share.
+func (sm *Manager) UpdateShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference, p *ocm.SharePermissions) (*ocm.Share, error) {
+	type paramsObj struct {
+		Ref *ocm.ShareReference   `json:"ref"`
+		P   *ocm.SharePermissions `json:"p"`
+	}
+	bodyObj := &paramsObj{
+		Ref: ref,
+		P:   p,
+	}
+	data, err := json.Marshal(bodyObj)
+	if err != nil {
+		return nil, err
+	}
+
+	_, body, err := sm.do(ctx, Action{"UpdateShare", string(data)}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	altResult := &ShareAltMap{}
+	if err := json.Unmarshal(body, &altResult); err != nil {
+		return nil, err
+	}
+	return &ocm.Share{
+		Id:         altResult.ID,
+		ResourceId: altResult.ResourceID,
+		Grantee: &provider.Grantee{
+			Id: altResult.Grantee.ID,
+		},
+		Owner:   altResult.Owner,
+		Creator: altResult.Creator,
+		Ctime:   altResult.Ctime,
+		Mtime:   altResult.Mtime,
+	}, nil
+}
+
+// ListShares returns the shares created by the user. If md is provided is not nil,
+// it returns only shares attached to the given resource.
+func (sm *Manager) ListShares(ctx context.Context, user *userpb.User, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error) {
+	data, err := json.Marshal(filters)
+	if err != nil {
+		return nil, err
+	}
+
+	_, respBody, err := sm.do(ctx, Action{"ListShares", string(data)}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	var respArr []ShareAltMap
+	if err := json.Unmarshal(respBody, &respArr); err != nil {
+		return nil, err
+	}
+
+	var lst = make([]*ocm.Share, 0, len(respArr))
+	for _, altResult := range respArr {
+		lst = append(lst, &ocm.Share{
+			Id:         altResult.ID,
+			ResourceId: altResult.ResourceID,
+			Grantee: &provider.Grantee{
+				Id: altResult.Grantee.ID,
+			},
+			Owner:   altResult.Owner,
+			Creator: altResult.Creator,
+			Ctime:   altResult.Ctime,
+			Mtime:   altResult.Mtime,
+		})
+	}
+	return lst, nil
+}
+
+// StoreShare stores a share.
+func (sm *Manager) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error) {
+	data, err := utils.MarshalProtoV1ToJSON(share)
+	if err != nil {
+		return nil, err
+	}
+	_, body, err := sm.do(ctx, Action{"addReceivedShare", string(data)}, getUsername(&userpb.User{Id: share.Grantee.GetUserId()}))
+	if err != nil {
+		return nil, err
+	}
+	share.Id = &ocm.ShareId{
+		OpaqueId: string(body),
+	}
+
+	return share, nil
+}
+
+// ListReceivedShares returns the list of shares the user has access.
+func (sm *Manager) ListReceivedShares(ctx context.Context, user *userpb.User) ([]*ocm.ReceivedShare, error) {
+	log := appctx.GetLogger(ctx)
+	_, respBody, err := sm.do(ctx, Action{"ListReceivedShares", ""}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	var respArr []ReceivedShareAltMap
+	if err := json.Unmarshal(respBody, &respArr); err != nil {
+		return nil, err
+	}
+
+	res := make([]*ocm.ReceivedShare, 0, len(respArr))
+	for _, share := range respArr {
+		altResultShare := share.Share
+		log.Info().Msgf("Unpacking share object %+v\n", altResultShare)
+		if altResultShare == nil {
+			continue
+		}
+		res = append(res, &ocm.ReceivedShare{
+			Id:         altResultShare.ID,
+			ResourceId: altResultShare.ResourceID,
+			Grantee: &provider.Grantee{
+				Id: altResultShare.Grantee.ID,
+			},
+			Owner:   altResultShare.Owner,
+			Creator: altResultShare.Creator,
+			Ctime:   altResultShare.Ctime,
+			Mtime:   altResultShare.Mtime,
+			State:   share.State,
+		})
+	}
+	return res, nil
+}
+
+// GetReceivedShare returns the information for a received share the user has access.
+func (sm *Manager) GetReceivedShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.ReceivedShare, error) {
+	data, err := json.Marshal(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	_, respBody, err := sm.do(ctx, Action{"GetReceivedShare", string(data)}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	var altResult ReceivedShareAltMap
+	if err := json.Unmarshal(respBody, &altResult); err != nil {
+		return nil, err
+	}
+	altResultShare := altResult.Share
+	if altResultShare == nil {
+		return &ocm.ReceivedShare{
+			State: altResult.State,
+		}, nil
+	}
+	return &ocm.ReceivedShare{
+		Id:         altResultShare.ID,
+		ResourceId: altResultShare.ResourceID,
+		Grantee: &provider.Grantee{
+			Id: altResultShare.Grantee.ID,
+		},
+		Owner:   altResultShare.Owner,
+		Creator: altResultShare.Creator,
+		Ctime:   altResultShare.Ctime,
+		Mtime:   altResultShare.Mtime,
+		State:   altResult.State,
+	}, nil
+}
+
+// UpdateReceivedShare updates the received share with share state.
+func (sm *Manager) UpdateReceivedShare(ctx context.Context, user *userpb.User, share *ocm.ReceivedShare, fieldMask *field_mask.FieldMask) (*ocm.ReceivedShare, error) {
+	type paramsObj struct {
+		ReceivedShare *ocm.ReceivedShare    `json:"received_share"`
+		FieldMask     *field_mask.FieldMask `json:"field_mask"`
+	}
+
+	bodyObj := &paramsObj{
+		ReceivedShare: share,
+		FieldMask:     fieldMask,
+	}
+	bodyStr, err := json.Marshal(bodyObj)
+	if err != nil {
+		return nil, err
+	}
+
+	_, respBody, err := sm.do(ctx, Action{"UpdateReceivedShare", string(bodyStr)}, getUsername(user))
+	if err != nil {
+		return nil, err
+	}
+
+	var altResult ReceivedShareAltMap
+	err = json.Unmarshal(respBody, &altResult)
+	if err != nil {
+		return nil, err
+	}
+	altResultShare := altResult.Share
+	if altResultShare == nil {
+		return &ocm.ReceivedShare{
+			State: altResult.State,
+		}, nil
+	}
+	return &ocm.ReceivedShare{
+		Id:         altResultShare.ID,
+		ResourceId: altResultShare.ResourceID,
+		Grantee: &provider.Grantee{
+			Id: altResultShare.Grantee.ID,
+		},
+		Owner:   altResultShare.Owner,
+		Creator: altResultShare.Creator,
+		Ctime:   altResultShare.Ctime,
+		Mtime:   altResultShare.Mtime,
+		State:   altResult.State,
+	}, nil
+}
+
+func getUsername(user *userpb.User) string {
+	if len(user.Username) > 0 {
+		return user.Username
+	}
+	if len(user.Id.OpaqueId) > 0 {
+		return user.Id.OpaqueId
+	}
+
+	return "empty-username"
+}
+
+func (sm *Manager) do(ctx context.Context, a Action, username string) (int, []byte, error) {
+	url := sm.endPoint + "~" + username + "/api/ocm/" + a.verb
+
+	log := appctx.GetLogger(ctx)
+	log.Info().Msgf("am.do %s %s", url, a.argS)
+	req, err := http.NewRequest(http.MethodPost, url, strings.NewReader(a.argS))
+	if err != nil {
+		return 0, nil, err
+	}
+	req.Header.Set("X-Reva-Secret", sm.sharedSecret)
+
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := sm.client.Do(req)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return 0, nil, err
+	}
+
+	// curl -i -H 'application/json' -H 'X-Reva-Secret: shared-secret-1' -d '{"md":{"opaque_id":"fileid-/other/q/as"},"g":{"grantee":{"type":1,"Id":{"UserId":{"idp":"revanc2.docker","opaque_id":"marie"}}},"permissions":{"permissions":{"get_path":true,"initiate_file_download":true,"list_container":true,"list_file_versions":true,"stat":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' https://nc1.docker/index.php/apps/sciencemesh/~/api/ocm/addSentShare
+
+	log.Info().Msgf("am.do response %d %s", resp.StatusCode, body)
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		return 0, nil, fmt.Errorf("Unexpected response code from EFSS API: " + strconv.Itoa(resp.StatusCode))
+	}
+	return resp.StatusCode, body, nil
+}
diff --git a/pkg/ocm/share/manager/nextcloud/nextcloud_server_mock.go b/pkg/ocm/share/repository/nextcloud/nextcloud_server_mock.go
similarity index 92%
rename from pkg/ocm/share/manager/nextcloud/nextcloud_server_mock.go
rename to pkg/ocm/share/repository/nextcloud/nextcloud_server_mock.go
index 9fd715f1764..75ccf42d6f1 100644
--- a/pkg/ocm/share/manager/nextcloud/nextcloud_server_mock.go
+++ b/pkg/ocm/share/repository/nextcloud/nextcloud_server_mock.go
@@ -51,7 +51,7 @@ var responses = map[string]Response{
 	`POST /apps/sciencemesh/~tester/api/ocm/ListShares [{"type":4,"Term":{"Creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}}]`: {200, `[{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}}]`, serverStateHome},
 	`POST /apps/sciencemesh/~tester/api/ocm/ListReceivedShares `:                                            {200, `[{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2}]`, serverStateHome},
 	`POST /apps/sciencemesh/~tester/api/ocm/GetReceivedShare {"Spec":{"Id":{"opaque_id":"some-share-id"}}}`: {200, `{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2}`, serverStateHome},
-	`POST /apps/sciencemesh/~tester/api/ocm/UpdateReceivedShare {"received_share":{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2},"field_mask":{"paths":["state"]}}`: {200, `{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2}`, serverStateHome},
+	`POST /apps/sciencemesh/~tester/api/ocm/UpdateReceivedShare {"received_share":{"id":{},"resource_id":{},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890},"state":2},"field_mask":{"paths":["state"]}}`: {200, `{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2}`, serverStateHome},
 
 	`POST /index.php/apps/sciencemesh/~marie/api/ocm/addReceivedShare {"md":{"opaque_id":"fileid-/some/path"},"g":{"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"permissions":{"permissions":{"get_path":true}}},"provider_domain":"cern.ch","resource_type":"file","provider_id":2,"owner_opaque_id":"einstein","owner_display_name":"Albert Einstein","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}`: {200, `{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}}`, serverStateHome},
 	`POST /index.php/apps/sciencemesh/~marie/api/ocm/GetShare {"Spec":{"Id":{"opaque_id":"some-share-id"}}}`: {200, `{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}}`, serverStateHome},
diff --git a/pkg/ocm/share/manager/nextcloud/nextcloud_suite_test.go b/pkg/ocm/share/repository/nextcloud/nextcloud_suite_test.go
similarity index 100%
rename from pkg/ocm/share/manager/nextcloud/nextcloud_suite_test.go
rename to pkg/ocm/share/repository/nextcloud/nextcloud_suite_test.go
diff --git a/pkg/ocm/share/manager/nextcloud/nextcloud_test.go b/pkg/ocm/share/repository/nextcloud/nextcloud_test.go
similarity index 65%
rename from pkg/ocm/share/manager/nextcloud/nextcloud_test.go
rename to pkg/ocm/share/repository/nextcloud/nextcloud_test.go
index bec8bb199fe..ec1e764e463 100644
--- a/pkg/ocm/share/manager/nextcloud/nextcloud_test.go
+++ b/pkg/ocm/share/repository/nextcloud/nextcloud_test.go
@@ -28,7 +28,7 @@ import (
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/auth/scope"
 	ctxpkg "github.com/cs3org/reva/pkg/ctx"
-	"github.com/cs3org/reva/pkg/ocm/share/manager/nextcloud"
+	"github.com/cs3org/reva/pkg/ocm/share/repository/nextcloud"
 	jwt "github.com/cs3org/reva/pkg/token/manager/jwt"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -248,7 +248,7 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			share, err := am.GetShare(ctx, &ocm.ShareReference{
+			share, err := am.GetShare(ctx, user, &ocm.ShareReference{
 				Spec: &ocm.ShareReference_Id{
 					Id: &ocm.ShareId{
 						OpaqueId: "some-share-id",
@@ -259,29 +259,6 @@ var _ = Describe("Nextcloud", func() {
 			Expect(*share).To(Equal(ocm.Share{
 				Id:         &ocm.ShareId{},
 				ResourceId: &provider.ResourceId{},
-				Permissions: &ocm.SharePermissions{
-					Permissions: &provider.ResourcePermissions{
-						AddGrant:             true,
-						CreateContainer:      true,
-						Delete:               true,
-						GetPath:              true,
-						GetQuota:             true,
-						InitiateFileDownload: true,
-						InitiateFileUpload:   true,
-						ListGrants:           true,
-						ListContainer:        true,
-						ListFileVersions:     true,
-						ListRecycle:          true,
-						Move:                 true,
-						RemoveGrant:          true,
-						PurgeRecycle:         true,
-						RestoreFileVersion:   true,
-						RestoreRecycleItem:   true,
-						Stat:                 true,
-						UpdateGrant:          true,
-						DenyGrant:            true,
-					},
-				},
 				Grantee: &provider.Grantee{
 					Id: &provider.Grantee_UserId{
 						UserId: &userpb.UserId{
@@ -326,7 +303,7 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			err := am.Unshare(ctx, &ocm.ShareReference{
+			err := am.DeleteShare(ctx, user, &ocm.ShareReference{
 				Spec: &ocm.ShareReference_Id{
 					Id: &ocm.ShareId{
 						OpaqueId: "some-share-id",
@@ -344,7 +321,7 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			share, err := am.UpdateShare(ctx, &ocm.ShareReference{
+			share, err := am.UpdateShare(ctx, user, &ocm.ShareReference{
 				Spec: &ocm.ShareReference_Id{
 					Id: &ocm.ShareId{
 						OpaqueId: "some-share-id",
@@ -378,29 +355,6 @@ var _ = Describe("Nextcloud", func() {
 			Expect(*share).To(Equal(ocm.Share{
 				Id:         &ocm.ShareId{},
 				ResourceId: &provider.ResourceId{},
-				Permissions: &ocm.SharePermissions{
-					Permissions: &provider.ResourcePermissions{
-						AddGrant:             true,
-						CreateContainer:      true,
-						Delete:               true,
-						GetPath:              true,
-						GetQuota:             true,
-						InitiateFileDownload: true,
-						InitiateFileUpload:   true,
-						ListGrants:           true,
-						ListContainer:        true,
-						ListFileVersions:     true,
-						ListRecycle:          true,
-						Move:                 true,
-						RemoveGrant:          true,
-						PurgeRecycle:         true,
-						RestoreFileVersion:   true,
-						RestoreRecycleItem:   true,
-						Stat:                 true,
-						UpdateGrant:          true,
-						DenyGrant:            true,
-					},
-				},
 				Grantee: &provider.Grantee{
 					Id: &provider.Grantee_UserId{
 						UserId: &userpb.UserId{
@@ -445,7 +399,7 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			shares, err := am.ListShares(ctx, []*ocm.ListOCMSharesRequest_Filter{
+			shares, err := am.ListShares(ctx, user, []*ocm.ListOCMSharesRequest_Filter{
 				{
 					Type: ocm.ListOCMSharesRequest_Filter_TYPE_CREATOR,
 					Term: &ocm.ListOCMSharesRequest_Filter_Creator{
@@ -462,29 +416,6 @@ var _ = Describe("Nextcloud", func() {
 			Expect(*shares[0]).To(Equal(ocm.Share{
 				Id:         &ocm.ShareId{},
 				ResourceId: &provider.ResourceId{},
-				Permissions: &ocm.SharePermissions{
-					Permissions: &provider.ResourcePermissions{
-						AddGrant:             true,
-						CreateContainer:      true,
-						Delete:               true,
-						GetPath:              true,
-						GetQuota:             true,
-						InitiateFileDownload: true,
-						InitiateFileUpload:   true,
-						ListGrants:           true,
-						ListContainer:        true,
-						ListFileVersions:     true,
-						ListRecycle:          true,
-						Move:                 true,
-						RemoveGrant:          true,
-						PurgeRecycle:         true,
-						RestoreFileVersion:   true,
-						RestoreRecycleItem:   true,
-						Stat:                 true,
-						UpdateGrant:          true,
-						DenyGrant:            true,
-					},
-				},
 				Grantee: &provider.Grantee{
 					Id: &provider.Grantee_UserId{
 						UserId: &userpb.UserId{
@@ -529,69 +460,44 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			receivedShares, err := am.ListReceivedShares(ctx)
+			receivedShares, err := am.ListReceivedShares(ctx, user)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(len(receivedShares)).To(Equal(1))
 			Expect(*receivedShares[0]).To(Equal(ocm.ReceivedShare{
-				Share: &ocm.Share{
-					Id:         &ocm.ShareId{},
-					ResourceId: &provider.ResourceId{},
-					Permissions: &ocm.SharePermissions{
-						Permissions: &provider.ResourcePermissions{
-							AddGrant:             true,
-							CreateContainer:      true,
-							Delete:               true,
-							GetPath:              true,
-							GetQuota:             true,
-							InitiateFileDownload: true,
-							InitiateFileUpload:   true,
-							ListGrants:           true,
-							ListContainer:        true,
-							ListFileVersions:     true,
-							ListRecycle:          true,
-							Move:                 true,
-							RemoveGrant:          true,
-							PurgeRecycle:         true,
-							RestoreFileVersion:   true,
-							RestoreRecycleItem:   true,
-							Stat:                 true,
-							UpdateGrant:          true,
-							DenyGrant:            true,
-						},
-					},
-					Grantee: &provider.Grantee{
-						Id: &provider.Grantee_UserId{
-							UserId: &userpb.UserId{
-								Idp:      "0.0.0.0:19000",
-								OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-								Type:     userpb.UserType_USER_TYPE_PRIMARY,
-							},
+				Id:         &ocm.ShareId{},
+				ResourceId: &provider.ResourceId{},
+				Grantee: &provider.Grantee{
+					Id: &provider.Grantee_UserId{
+						UserId: &userpb.UserId{
+							Idp:      "0.0.0.0:19000",
+							OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+							Type:     userpb.UserType_USER_TYPE_PRIMARY,
 						},
 					},
-					Owner: &userpb.UserId{
-						Idp:      "0.0.0.0:19000",
-						OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-						Type:     userpb.UserType_USER_TYPE_PRIMARY,
-					},
-					Creator: &userpb.UserId{
-						Idp:      "0.0.0.0:19000",
-						OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-						Type:     userpb.UserType_USER_TYPE_PRIMARY,
-					},
-					Ctime: &types.Timestamp{
-						Seconds:              1234567890,
-						Nanos:                0,
-						XXX_NoUnkeyedLiteral: struct{}{},
-						XXX_unrecognized:     nil,
-						XXX_sizecache:        0,
-					},
-					Mtime: &types.Timestamp{
-						Seconds:              1234567890,
-						Nanos:                0,
-						XXX_NoUnkeyedLiteral: struct{}{},
-						XXX_unrecognized:     nil,
-						XXX_sizecache:        0,
-					},
+				},
+				Owner: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Creator: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Ctime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
+				},
+				Mtime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
 				},
 				State: ocm.ShareState_SHARE_STATE_ACCEPTED,
 			}))
@@ -605,7 +511,7 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			receivedShare, err := am.GetReceivedShare(ctx, &ocm.ShareReference{
+			receivedShare, err := am.GetReceivedShare(ctx, user, &ocm.ShareReference{
 				Spec: &ocm.ShareReference_Id{
 					Id: &ocm.ShareId{
 						OpaqueId: "some-share-id",
@@ -614,65 +520,40 @@ var _ = Describe("Nextcloud", func() {
 			})
 			Expect(err).ToNot(HaveOccurred())
 			Expect(*receivedShare).To(Equal(ocm.ReceivedShare{
-				Share: &ocm.Share{
-					Id:         &ocm.ShareId{},
-					ResourceId: &provider.ResourceId{},
-					Permissions: &ocm.SharePermissions{
-						Permissions: &provider.ResourcePermissions{
-							AddGrant:             true,
-							CreateContainer:      true,
-							Delete:               true,
-							GetPath:              true,
-							GetQuota:             true,
-							InitiateFileDownload: true,
-							InitiateFileUpload:   true,
-							ListGrants:           true,
-							ListContainer:        true,
-							ListFileVersions:     true,
-							ListRecycle:          true,
-							Move:                 true,
-							RemoveGrant:          true,
-							PurgeRecycle:         true,
-							RestoreFileVersion:   true,
-							RestoreRecycleItem:   true,
-							Stat:                 true,
-							UpdateGrant:          true,
-							DenyGrant:            true,
-						},
-					},
-					Grantee: &provider.Grantee{
-						Id: &provider.Grantee_UserId{
-							UserId: &userpb.UserId{
-								Idp:      "0.0.0.0:19000",
-								OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-								Type:     userpb.UserType_USER_TYPE_PRIMARY,
-							},
+				Id:         &ocm.ShareId{},
+				ResourceId: &provider.ResourceId{},
+				Grantee: &provider.Grantee{
+					Id: &provider.Grantee_UserId{
+						UserId: &userpb.UserId{
+							Idp:      "0.0.0.0:19000",
+							OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+							Type:     userpb.UserType_USER_TYPE_PRIMARY,
 						},
 					},
-					Owner: &userpb.UserId{
-						Idp:      "0.0.0.0:19000",
-						OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-						Type:     userpb.UserType_USER_TYPE_PRIMARY,
-					},
-					Creator: &userpb.UserId{
-						Idp:      "0.0.0.0:19000",
-						OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-						Type:     userpb.UserType_USER_TYPE_PRIMARY,
-					},
-					Ctime: &types.Timestamp{
-						Seconds:              1234567890,
-						Nanos:                0,
-						XXX_NoUnkeyedLiteral: struct{}{},
-						XXX_unrecognized:     nil,
-						XXX_sizecache:        0,
-					},
-					Mtime: &types.Timestamp{
-						Seconds:              1234567890,
-						Nanos:                0,
-						XXX_NoUnkeyedLiteral: struct{}{},
-						XXX_unrecognized:     nil,
-						XXX_sizecache:        0,
-					},
+				},
+				Owner: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Creator: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Ctime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
+				},
+				Mtime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
 				},
 				State: ocm.ShareState_SHARE_STATE_ACCEPTED,
 			}))
@@ -686,101 +567,10 @@ var _ = Describe("Nextcloud", func() {
 			am, called, teardown := setUpNextcloudServer()
 			defer teardown()
 
-			receivedShare, err := am.UpdateReceivedShare(ctx,
+			receivedShare, err := am.UpdateReceivedShare(ctx, user,
 				&ocm.ReceivedShare{
-					Share: &ocm.Share{
-						Id:         &ocm.ShareId{},
-						ResourceId: &provider.ResourceId{},
-						Permissions: &ocm.SharePermissions{
-							Permissions: &provider.ResourcePermissions{
-								AddGrant:             true,
-								CreateContainer:      true,
-								Delete:               true,
-								GetPath:              true,
-								GetQuota:             true,
-								InitiateFileDownload: true,
-								InitiateFileUpload:   true,
-								ListGrants:           true,
-								ListContainer:        true,
-								ListFileVersions:     true,
-								ListRecycle:          true,
-								Move:                 true,
-								RemoveGrant:          true,
-								PurgeRecycle:         true,
-								RestoreFileVersion:   true,
-								RestoreRecycleItem:   true,
-								Stat:                 true,
-								UpdateGrant:          true,
-								DenyGrant:            true,
-							},
-						},
-						Grantee: &provider.Grantee{
-							Id: &provider.Grantee_UserId{
-								UserId: &userpb.UserId{
-									Idp:      "0.0.0.0:19000",
-									OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-									Type:     userpb.UserType_USER_TYPE_PRIMARY,
-								},
-							},
-						},
-						Owner: &userpb.UserId{
-							Idp:      "0.0.0.0:19000",
-							OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-							Type:     userpb.UserType_USER_TYPE_PRIMARY,
-						},
-						Creator: &userpb.UserId{
-							Idp:      "0.0.0.0:19000",
-							OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
-							Type:     userpb.UserType_USER_TYPE_PRIMARY,
-						},
-						Ctime: &types.Timestamp{
-							Seconds:              1234567890,
-							Nanos:                0,
-							XXX_NoUnkeyedLiteral: struct{}{},
-							XXX_unrecognized:     nil,
-							XXX_sizecache:        0,
-						},
-						Mtime: &types.Timestamp{
-							Seconds:              1234567890,
-							Nanos:                0,
-							XXX_NoUnkeyedLiteral: struct{}{},
-							XXX_unrecognized:     nil,
-							XXX_sizecache:        0,
-						},
-					},
-					State: ocm.ShareState_SHARE_STATE_ACCEPTED,
-				},
-				&field_mask.FieldMask{
-					Paths: []string{"state"},
-				})
-			Expect(err).ToNot(HaveOccurred())
-			Expect(*receivedShare).To(Equal(ocm.ReceivedShare{
-				Share: &ocm.Share{
 					Id:         &ocm.ShareId{},
 					ResourceId: &provider.ResourceId{},
-					Permissions: &ocm.SharePermissions{
-						Permissions: &provider.ResourcePermissions{
-							AddGrant:             true,
-							CreateContainer:      true,
-							Delete:               true,
-							GetPath:              true,
-							GetQuota:             true,
-							InitiateFileDownload: true,
-							InitiateFileUpload:   true,
-							ListGrants:           true,
-							ListContainer:        true,
-							ListFileVersions:     true,
-							ListRecycle:          true,
-							Move:                 true,
-							RemoveGrant:          true,
-							PurgeRecycle:         true,
-							RestoreFileVersion:   true,
-							RestoreRecycleItem:   true,
-							Stat:                 true,
-							UpdateGrant:          true,
-							DenyGrant:            true,
-						},
-					},
 					Grantee: &provider.Grantee{
 						Id: &provider.Grantee_UserId{
 							UserId: &userpb.UserId{
@@ -814,10 +604,51 @@ var _ = Describe("Nextcloud", func() {
 						XXX_unrecognized:     nil,
 						XXX_sizecache:        0,
 					},
+					State: ocm.ShareState_SHARE_STATE_ACCEPTED,
+				},
+				&field_mask.FieldMask{
+					Paths: []string{"state"},
+				})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(*receivedShare).To(Equal(ocm.ReceivedShare{
+				Id:         &ocm.ShareId{},
+				ResourceId: &provider.ResourceId{},
+				Grantee: &provider.Grantee{
+					Id: &provider.Grantee_UserId{
+						UserId: &userpb.UserId{
+							Idp:      "0.0.0.0:19000",
+							OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+							Type:     userpb.UserType_USER_TYPE_PRIMARY,
+						},
+					},
+				},
+				Owner: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Creator: &userpb.UserId{
+					Idp:      "0.0.0.0:19000",
+					OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+					Type:     userpb.UserType_USER_TYPE_PRIMARY,
+				},
+				Ctime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
+				},
+				Mtime: &types.Timestamp{
+					Seconds:              1234567890,
+					Nanos:                0,
+					XXX_NoUnkeyedLiteral: struct{}{},
+					XXX_unrecognized:     nil,
+					XXX_sizecache:        0,
 				},
 				State: ocm.ShareState_SHARE_STATE_ACCEPTED,
 			}))
-			checkCalled(called, `POST /apps/sciencemesh/~tester/api/ocm/UpdateReceivedShare {"received_share":{"share":{"id":{},"resource_id":{},"permissions":{"permissions":{"add_grant":true,"create_container":true,"delete":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"update_grant":true,"deny_grant":true}},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890}},"state":2},"field_mask":{"paths":["state"]}}`)
+			checkCalled(called, `POST /apps/sciencemesh/~tester/api/ocm/UpdateReceivedShare {"received_share":{"id":{},"resource_id":{},"grantee":{"Id":{"UserId":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1}}},"owner":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"creator":{"idp":"0.0.0.0:19000","opaque_id":"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c","type":1},"ctime":{"seconds":1234567890},"mtime":{"seconds":1234567890},"state":2},"field_mask":{"paths":["state"]}}`)
 		})
 	})
 

From 1ed8c94d966a640b3da146603649b5a3895a685a Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Thu, 2 Feb 2023 18:13:01 +0100
Subject: [PATCH 20/44] removed unused variable

---
 pkg/ocm/share/repository/json/json.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index a202c462835..7cc9c31b4a3 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -105,8 +105,7 @@ type shareModel struct {
 }
 
 type config struct {
-	File                string `mapstructure:"file"`
-	InsecureConnections bool   `mapstructure:"insecure_connections"`
+	File string `mapstructure:"file"`
 }
 
 func (c *config) init() {

From 6fea1bbab635f4a91839a35eb26a4458f918d9ff Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Fri, 3 Feb 2023 17:57:51 +0100
Subject: [PATCH 21/44] add commands to get info about ocm share

---
 cmd/reva/main.go                   |  2 +
 cmd/reva/ocm-share-get-received.go | 74 ++++++++++++++++++++++++++++++
 cmd/reva/ocm-share-get.go          | 74 ++++++++++++++++++++++++++++++
 3 files changed, 150 insertions(+)
 create mode 100644 cmd/reva/ocm-share-get-received.go
 create mode 100644 cmd/reva/ocm-share-get.go

diff --git a/cmd/reva/main.go b/cmd/reva/main.go
index daf7a85851e..03f96278aad 100644
--- a/cmd/reva/main.go
+++ b/cmd/reva/main.go
@@ -62,8 +62,10 @@ var (
 		ocmShareListCommand(),
 		ocmShareRemoveCommand(),
 		ocmShareUpdateCommand(),
+		ocmShareGetCommand(),
 		ocmShareListReceivedCommand(),
 		ocmShareUpdateReceivedCommand(),
+		ocmShareGetReceivedCommand(),
 		openInAppCommand(),
 		preferencesCommand(),
 		publicShareCreateCommand(),
diff --git a/cmd/reva/ocm-share-get-received.go b/cmd/reva/ocm-share-get-received.go
new file mode 100644
index 00000000000..7653edc231d
--- /dev/null
+++ b/cmd/reva/ocm-share-get-received.go
@@ -0,0 +1,74 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	"github.com/cs3org/reva/pkg/utils"
+)
+
+func ocmShareGetReceivedCommand() *command {
+	cmd := newCommand("ocm-share-get-received")
+	cmd.Description = func() string { return "get the info of the OCM share you have received" }
+	cmd.Usage = func() string { return "Usage: ocm-share-get-received" }
+	cmd.Action = func(w ...io.Writer) error {
+		if cmd.NArg() < 1 {
+			return errors.New("Invalid arguments: " + cmd.Usage())
+		}
+
+		ctx := getAuthContext()
+		client, err := getClient()
+		if err != nil {
+			return err
+		}
+
+		id := cmd.Arg(0)
+
+		shareRes, err := client.GetReceivedOCMShare(ctx, &ocm.GetReceivedOCMShareRequest{
+			Ref: &ocm.ShareReference{
+				Spec: &ocm.ShareReference_Id{
+					Id: &ocm.ShareId{
+						OpaqueId: id,
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		if shareRes.Status.Code != rpc.Code_CODE_OK {
+			return formatError(shareRes.Status)
+		}
+
+		d, err := utils.MarshalProtoV1ToJSON(shareRes.Share)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println(string(d))
+
+		return nil
+	}
+	return cmd
+}
diff --git a/cmd/reva/ocm-share-get.go b/cmd/reva/ocm-share-get.go
new file mode 100644
index 00000000000..5c87e78a29b
--- /dev/null
+++ b/cmd/reva/ocm-share-get.go
@@ -0,0 +1,74 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	"github.com/cs3org/reva/pkg/utils"
+)
+
+func ocmShareGetCommand() *command {
+	cmd := newCommand("ocm-share-get")
+	cmd.Description = func() string { return "get the info of the OCM share" }
+	cmd.Usage = func() string { return "Usage: ocm-share-get" }
+	cmd.Action = func(w ...io.Writer) error {
+		if cmd.NArg() < 1 {
+			return errors.New("Invalid arguments: " + cmd.Usage())
+		}
+
+		ctx := getAuthContext()
+		client, err := getClient()
+		if err != nil {
+			return err
+		}
+
+		id := cmd.Arg(0)
+
+		shareRes, err := client.GetOCMShare(ctx, &ocm.GetOCMShareRequest{
+			Ref: &ocm.ShareReference{
+				Spec: &ocm.ShareReference_Id{
+					Id: &ocm.ShareId{
+						OpaqueId: id,
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		if shareRes.Status.Code != rpc.Code_CODE_OK {
+			return formatError(shareRes.Status)
+		}
+
+		d, err := utils.MarshalProtoV1ToJSON(shareRes.Share)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println(string(d))
+
+		return nil
+	}
+	return cmd
+}

From fc858b1afdef6c77517630b23c3bb7614a9231e4 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Fri, 3 Feb 2023 18:01:59 +0100
Subject: [PATCH 22/44] generate crypto secure random string

---
 pkg/utils/utils.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index ec8c3bde4bc..008f4c25845 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -20,7 +20,6 @@ package utils
 
 import (
 	"fmt"
-	"math/rand"
 	"net"
 	"net/http"
 	"net/url"
@@ -39,6 +38,7 @@ import (
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/registry"
 	"github.com/cs3org/reva/pkg/registry/memory"
+	"go.step.sm/crypto/randutil"
 
 	// gocritic is disabled because google.golang.org/protobuf/proto does not provide a method to convert MessageV1 to MessageV2.
 	"github.com/golang/protobuf/proto" //nolint:staticcheck
@@ -112,13 +112,11 @@ func ResolvePath(path string) (string, error) {
 
 // RandString is a helper to create tokens.
 func RandString(n int) string {
-	rand.Seed(time.Now().UTC().UnixNano())
-	var l = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-	b := make([]rune, n)
-	for i := range b {
-		b[i] = l[rand.Intn(len(l))]
+	s, err := randutil.Alphanumeric(n)
+	if err != nil {
+		panic(err)
 	}
-	return string(b)
+	return s
 }
 
 // TSToUnixNano converts a protobuf Timestamp to uint64

From 3d33767bdce6ba341d128508c05c6e3320cf31a7 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Fri, 3 Feb 2023 18:02:08 +0100
Subject: [PATCH 23/44] fixes in json pkg

---
 pkg/ocm/share/repository/json/json.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 7cc9c31b4a3..9aa7ebf43c4 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -21,6 +21,7 @@ package json
 import (
 	"context"
 	"encoding/json"
+	"io"
 	"os"
 	"sync"
 	"time"
@@ -84,7 +85,9 @@ func loadOrCreate(file string) (*shareModel, error) {
 
 	var m shareModel
 	if err := json.NewDecoder(f).Decode(&m); err != nil {
-		return nil, errors.Wrap(err, "error decoding data to json")
+		if err != io.EOF {
+			return nil, errors.Wrap(err, "error decoding data to json")
+		}
 	}
 
 	if m.Shares == nil {

From d1d3f7c7c3f8f610f70335ba17e7012ec96e1876 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Fri, 3 Feb 2023 18:03:47 +0100
Subject: [PATCH 24/44] fix linting

---
 cmd/reva/transfer-create.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/reva/transfer-create.go b/cmd/reva/transfer-create.go
index b1708b7f383..1bb53a05cf0 100644
--- a/cmd/reva/transfer-create.go
+++ b/cmd/reva/transfer-create.go
@@ -111,7 +111,7 @@ func transferCreateCommand() *command {
 			},
 			ResourceId: statRes.Info.Id,
 			AccessMethods: []*ocm.AccessMethod{
-				&ocm.AccessMethod{
+				{
 					Term: &ocm.AccessMethod_DatatxOptions{
 						DatatxOptions: &ocm.DatatxAccessMethod{},
 					},

From 4c2004550fb3d88e84a665ac897a6a277db82ecb Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Fri, 3 Feb 2023 18:04:14 +0100
Subject: [PATCH 25/44] add randutil pkg

---
 go.mod | 11 ++++++-----
 go.sum | 14 ++++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 1a5064e0065..0294243afc4 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/ReneKroon/ttlcache/v2 v2.11.0
 	github.com/asim/go-micro/plugins/events/nats/v4 v4.0.0-20220118152736-9e0be6c85d75
-	github.com/aws/aws-sdk-go v1.44.175
+	github.com/aws/aws-sdk-go v1.44.192
 	github.com/beevik/etree v1.1.0
 	github.com/bluele/gcache v0.0.2
 	github.com/c-bata/go-prompt v0.2.5
@@ -63,13 +63,13 @@ require (
 	go.opentelemetry.io/otel/sdk v1.11.2
 	go.opentelemetry.io/otel/trace v1.11.2
 	golang.org/x/crypto v0.5.0
-	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 	golang.org/x/sys v0.4.0
 	golang.org/x/term v0.4.0
 	golang.org/x/text v0.6.0
-	google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006
-	google.golang.org/grpc v1.51.0
+	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef
+	google.golang.org/grpc v1.52.0
 	google.golang.org/protobuf v1.28.1
 	gotest.tools v2.2.0+incompatible
 )
@@ -106,7 +106,7 @@ require (
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/raft v1.3.11 // indirect
 	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -154,6 +154,7 @@ require (
 	go.etcd.io/bbolt v1.3.6 // indirect
 	go.mongodb.org/mongo-driver v1.8.3 // indirect
 	go.opentelemetry.io/otel/metric v0.34.0 // indirect
+	go.step.sm/crypto v0.23.2 // indirect
 	golang.org/x/net v0.5.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 32d4914ac5a..006acec9228 100644
--- a/go.sum
+++ b/go.sum
@@ -57,6 +57,7 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
 cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
+cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
 cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs=
 cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM=
 cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo=
@@ -208,6 +209,9 @@ github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4
 github.com/aws/aws-sdk-go v1.44.114/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.175 h1:c0NzHHnPXV5kJoTUFQxFN5cUPpX1SxO635XnwL5/oIY=
 github.com/aws/aws-sdk-go v1.44.175/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.185/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.192 h1:KL54vCxRd5v5XBGjnF3FelzXXwl+aWHDmDTihFmRNgM=
+github.com/aws/aws-sdk-go v1.44.192/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -620,6 +624,8 @@ github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKe
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4=
@@ -1088,6 +1094,8 @@ go.opentelemetry.io/otel/sdk v1.11.2/go.mod h1:wZ1WxImwpq+lVRo4vsmSOxdd+xwoUJ6rq
 go.opentelemetry.io/otel/trace v1.11.2 h1:Xf7hWSF2Glv0DE3MH7fBHvtpSBsjcBUe5MYAmZM/+y0=
 go.opentelemetry.io/otel/trace v1.11.2/go.mod h1:4N+yC7QEz7TTsG9BSRLNAa63eg5E06ObSbKPmxQ/pKA=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.step.sm/crypto v0.23.2 h1:XGmQH9Pkpxop47cjYlUhF10L5roPCbu1BCZXopbeW8I=
+go.step.sm/crypto v0.23.2/go.mod h1:/IXGz8al8k7u7OV0RTWIi8TRVqO2FMyZVpedV+6Da6U=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
@@ -1261,6 +1269,8 @@ golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7Lm
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1667,6 +1677,8 @@ google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+S
 google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
 google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 h1:mmbq5q8M1t7dhkLw320YK4PsOXm6jdnUAkErImaIqOg=
 google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1706,6 +1718,8 @@ google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD
 google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
 google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
+google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
+google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=

From 4db441e5b87a79ae7b240b35f3e0a04c3cda4bc5 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 6 Feb 2023 14:24:02 +0100
Subject: [PATCH 26/44] fixes

---
 cmd/reva/ocm-share-create.go                     | 12 ++++++------
 cmd/reva/transfer-create.go                      |  7 ++-----
 .../grpc/services/gateway/ocmshareprovider.go    | 10 +++++-----
 .../ocmshareprovider/ocmshareprovider.go         |  2 +-
 internal/http/services/ocmd/protocols.go         |  2 +-
 pkg/ocm/share/utils.go                           | 16 ++++++++--------
 6 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/cmd/reva/ocm-share-create.go b/cmd/reva/ocm-share-create.go
index 930fe32491d..54e5e0081c6 100644
--- a/cmd/reva/ocm-share-create.go
+++ b/cmd/reva/ocm-share-create.go
@@ -48,12 +48,12 @@ func ocmShareCreateCommand() *command {
 
 	webdav := cmd.Bool("webdav", false, "create a share with webdav access")
 	webapp := cmd.Bool("webapp", false, "create a share for app access")
-	datatx := cmd.Bool("datatx", false, "create a share for a data transfer")
+	transfer := cmd.Bool("transfer", false, "create a share for a data transfer")
 
 	rol := cmd.String("rol", "viewer", "the permission for the share (viewer or editor) / applies to webdav and webapp")
 
 	cmd.ResetFlags = func() {
-		*grantType, *grantee, *idp, *rol, *userType, *webdav, *webapp, *datatx = "user", "", "", "viewer", "primary", false, false, false
+		*grantType, *grantee, *idp, *rol, *userType, *webdav, *webapp, *transfer = "user", "", "", "viewer", "primary", false, false, false
 	}
 
 	cmd.Action = func(w ...io.Writer) error {
@@ -107,7 +107,7 @@ func ocmShareCreateCommand() *command {
 		}
 
 		gt := getGrantType(*grantType)
-		am, err := getAccessMethods(*webdav, *webapp, *datatx, *rol)
+		am, err := getAccessMethods(*webdav, *webapp, *transfer, *rol)
 		if err != nil {
 			return err
 		}
@@ -151,7 +151,7 @@ func ocmShareCreateCommand() *command {
 	return cmd
 }
 
-func getAccessMethods(webdav, webapp, datatx bool, rol string) ([]*ocm.AccessMethod, error) {
+func getAccessMethods(webdav, webapp, transfer bool, rol string) ([]*ocm.AccessMethod, error) {
 	var m []*ocm.AccessMethod
 	if webdav {
 		perm, err := getOCMSharePerm(rol)
@@ -167,8 +167,8 @@ func getAccessMethods(webdav, webapp, datatx bool, rol string) ([]*ocm.AccessMet
 		}
 		m = append(m, ocmshare.NewWebappAccessMethod(v))
 	}
-	if datatx {
-		m = append(m, ocmshare.NewDatatxAccessMethod())
+	if transfer {
+		m = append(m, ocmshare.NewTransferAccessMethod())
 	}
 	return m, nil
 }
diff --git a/cmd/reva/transfer-create.go b/cmd/reva/transfer-create.go
index 1bb53a05cf0..969e3f1bc0b 100644
--- a/cmd/reva/transfer-create.go
+++ b/cmd/reva/transfer-create.go
@@ -30,6 +30,7 @@ import (
 	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/utils"
 	"github.com/jedib0t/go-pretty/table"
 	"github.com/pkg/errors"
@@ -111,11 +112,7 @@ func transferCreateCommand() *command {
 			},
 			ResourceId: statRes.Info.Id,
 			AccessMethods: []*ocm.AccessMethod{
-				{
-					Term: &ocm.AccessMethod_DatatxOptions{
-						DatatxOptions: &ocm.DatatxAccessMethod{},
-					},
-				},
+				share.NewTransferAccessMethod(),
 			},
 			RecipientMeshProvider: providerInfoResp.ProviderInfo,
 		}
diff --git a/internal/grpc/services/gateway/ocmshareprovider.go b/internal/grpc/services/gateway/ocmshareprovider.go
index 8c3cc3148e8..67b16283440 100644
--- a/internal/grpc/services/gateway/ocmshareprovider.go
+++ b/internal/grpc/services/gateway/ocmshareprovider.go
@@ -372,7 +372,7 @@ func (s *svc) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateReceive
 }
 
 func isTransferShare(s *ocm.ReceivedShare) bool {
-	_, ok := getDatatxProtocol(s)
+	_, ok := getTransferProtocol(s)
 	return ok
 }
 
@@ -393,10 +393,10 @@ func (s *svc) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMSh
 	return res, nil
 }
 
-func getDatatxProtocol(share *ocm.ReceivedShare) (*ocm.DatatxProtocol, bool) {
+func getTransferProtocol(share *ocm.ReceivedShare) (*ocm.TransferProtocol, bool) {
 	for _, p := range share.Protocols {
-		if d, ok := p.Term.(*ocm.Protocol_DatatxOprions); ok {
-			return d.DatatxOprions, true
+		if d, ok := p.Term.(*ocm.Protocol_TransferOptions); ok {
+			return d.TransferOptions, true
 		}
 	}
 	return nil, false
@@ -405,7 +405,7 @@ func getDatatxProtocol(share *ocm.ReceivedShare) (*ocm.DatatxProtocol, bool) {
 func (s *svc) createOCMReference(ctx context.Context, share *ocm.ReceivedShare) (*rpc.Status, error) {
 	log := appctx.GetLogger(ctx)
 
-	d, _ := getDatatxProtocol(share)
+	d, _ := getTransferProtocol(share)
 
 	homeRes, err := s.GetHome(ctx, &provider.GetHomeRequest{})
 	if err != nil {
diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index bd19530f626..79be6505e9c 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -192,7 +192,7 @@ func (s *service) getProtocols(ctx context.Context, info *providerv1beta1.Resour
 			p = append(p, s.getWebdavProtocol(ctx, info, t))
 		case *ocm.AccessMethod_WebappOptions:
 			// TODO
-		case *ocm.AccessMethod_DatatxOptions:
+		case *ocm.AccessMethod_TransferOptions:
 			// TODO
 		}
 	}
diff --git a/internal/http/services/ocmd/protocols.go b/internal/http/services/ocmd/protocols.go
index 41670e0d57b..1238b08d82d 100644
--- a/internal/http/services/ocmd/protocols.go
+++ b/internal/http/services/ocmd/protocols.go
@@ -64,7 +64,7 @@ type Datatx struct {
 }
 
 func (w *Datatx) ToOCMProtocol() *ocm.Protocol {
-	return ocmshare.NewDatatxProtocol(w.SourceURI, w.SharedSecret, w.Size)
+	return ocmshare.NewTransferProtocol(w.SourceURI, w.SharedSecret, w.Size)
 }
 
 var protocolImpl = map[string]reflect.Type{
diff --git a/pkg/ocm/share/utils.go b/pkg/ocm/share/utils.go
index 2a077696cbb..7e10193f292 100644
--- a/pkg/ocm/share/utils.go
+++ b/pkg/ocm/share/utils.go
@@ -8,8 +8,8 @@ import (
 
 func NewWebDAVProtocol(uri, shareSecred string, perms *ocm.SharePermissions) *ocm.Protocol {
 	return &ocm.Protocol{
-		Term: &ocm.Protocol_WebdapOptions{
-			WebdapOptions: &ocm.WebDAVProtocol{
+		Term: &ocm.Protocol_WebdavOptions{
+			WebdavOptions: &ocm.WebDAVProtocol{
 				Uri:          uri,
 				SharedSecret: shareSecred,
 				Permissions:  perms,
@@ -28,10 +28,10 @@ func NewWebappProtocol(uriTemplate string) *ocm.Protocol {
 	}
 }
 
-func NewDatatxProtocol(sourceUri, sharedSecret string, size uint64) *ocm.Protocol {
+func NewTransferProtocol(sourceUri, sharedSecret string, size uint64) *ocm.Protocol {
 	return &ocm.Protocol{
-		Term: &ocm.Protocol_DatatxOprions{
-			DatatxOprions: &ocm.DatatxProtocol{
+		Term: &ocm.Protocol_TransferOptions{
+			TransferOptions: &ocm.TransferProtocol{
 				SourceUri:    sourceUri,
 				SharedSecret: sharedSecret,
 				Size:         size,
@@ -60,10 +60,10 @@ func NewWebappAccessMethod(mode appprovider.ViewMode) *ocm.AccessMethod {
 	}
 }
 
-func NewDatatxAccessMethod() *ocm.AccessMethod {
+func NewTransferAccessMethod() *ocm.AccessMethod {
 	return &ocm.AccessMethod{
-		Term: &ocm.AccessMethod_DatatxOptions{
-			DatatxOptions: &ocm.DatatxAccessMethod{},
+		Term: &ocm.AccessMethod_TransferOptions{
+			TransferOptions: &ocm.TransferAccessMethod{},
 		},
 	}
 }

From 2c48b5689bd289c1d12f39a72030a38c4dfb771f Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Mon, 6 Feb 2023 14:49:58 +0100
Subject: [PATCH 27/44] expose recipient display name

---
 .../ocmshareprovider/ocmshareprovider.go      |  8 ++---
 internal/http/services/ocmd/ocm.go            | 13 +++++----
 internal/http/services/ocmd/shares.go         | 10 ++++++-
 pkg/ocm/client/client.go                      | 29 ++++++++++++-------
 4 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 79be6505e9c..d86d1219ea5 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -265,16 +265,16 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		newShareReq.Expiration = req.Expiration.Seconds
 	}
 
-	err = s.client.NewShare(ctx, ocmEndpoint, newShareReq)
-
+	newShareRes, err := s.client.NewShare(ctx, ocmEndpoint, newShareReq)
 	if err != nil {
 		// TODO: err
 		return nil, errtypes.InternalError(err.Error())
 	}
 
 	res := &ocm.CreateOCMShareResponse{
-		Status: status.NewOK(ctx),
-		Share:  share,
+		Status:               status.NewOK(ctx),
+		Share:                share,
+		RecipientDisplayName: newShareRes.RecipientDisplayName,
 	}
 	return res, nil
 }
diff --git a/internal/http/services/ocmd/ocm.go b/internal/http/services/ocmd/ocm.go
index 829a9126299..68e3040b0d3 100644
--- a/internal/http/services/ocmd/ocm.go
+++ b/internal/http/services/ocmd/ocm.go
@@ -35,12 +35,13 @@ func init() {
 }
 
 type config struct {
-	SMTPCredentials  *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials"`
-	Prefix           string                      `mapstructure:"prefix"`
-	Host             string                      `mapstructure:"host"`
-	GatewaySvc       string                      `mapstructure:"gatewaysvc"`
-	MeshDirectoryURL string                      `mapstructure:"mesh_directory_url"`
-	Config           configData                  `mapstructure:"config"`
+	SMTPCredentials            *smtpclient.SMTPCredentials `mapstructure:"smtp_credentials"`
+	Prefix                     string                      `mapstructure:"prefix"`
+	Host                       string                      `mapstructure:"host"`
+	GatewaySvc                 string                      `mapstructure:"gatewaysvc"`
+	MeshDirectoryURL           string                      `mapstructure:"mesh_directory_url"`
+	Config                     configData                  `mapstructure:"config"`
+	ExposeRecipientDisplayName bool                        `mapstructure:"expose_recipient_display_name"`
 }
 
 func (c *config) init() {
diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index 78d1925d665..307a5d8c085 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -45,7 +45,8 @@ import (
 var validate = validator.New()
 
 type sharesHandler struct {
-	gatewayClient gateway.GatewayAPIClient
+	gatewayClient              gateway.GatewayAPIClient
+	exposeRecipientDisplayName bool
 }
 
 func (h *sharesHandler) init(c *config) error {
@@ -54,6 +55,7 @@ func (h *sharesHandler) init(c *config) error {
 	if err != nil {
 		return err
 	}
+	h.exposeRecipientDisplayName = c.ExposeRecipientDisplayName
 	return nil
 }
 
@@ -175,6 +177,12 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if h.exposeRecipientDisplayName {
+		json.NewEncoder(w).Encode(map[string]any{
+			"recipientDisplayName": userRes.User.DisplayName,
+		})
+	}
+
 	w.WriteHeader(http.StatusCreated)
 }
 
diff --git a/pkg/ocm/client/client.go b/pkg/ocm/client/client.go
index 05604ccaef6..0785e1fd942 100644
--- a/pkg/ocm/client/client.go
+++ b/pkg/ocm/client/client.go
@@ -177,47 +177,54 @@ func (r *NewShareRequest) toJSON() (io.Reader, error) {
 	return &b, nil
 }
 
+// NewShareResponse is the response returned when creating a new share.
+type NewShareResponse struct {
+	RecipientDisplayName string `json:"recipientDisplayName"`
+}
+
 // NewShare creates a new share.
 // https://github.com/cs3org/OCM-API/blob/223285aa4d828ed85c361c7382efd08c42b5e719/spec.yaml
-func (c *OCMClient) NewShare(ctx context.Context, endpoint string, r *NewShareRequest) error {
+func (c *OCMClient) NewShare(ctx context.Context, endpoint string, r *NewShareRequest) (*NewShareResponse, error) {
 	url, err := url.JoinPath(endpoint, "shares")
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	body, err := r.toJSON()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, body)
 	if err != nil {
-		return errors.Wrap(err, "error creating request")
+		return nil, errors.Wrap(err, "error creating request")
 	}
 	req.Header.Set("Content-Type", "application/json")
 
 	resp, err := c.client.Do(req)
 	if err != nil {
-		return errors.Wrap(err, "error doing request")
+		return nil, errors.Wrap(err, "error doing request")
 	}
 	defer resp.Body.Close()
 
 	return c.parseNewShareError(resp)
 }
 
-func (c *OCMClient) parseNewShareError(r *http.Response) error {
+func (c *OCMClient) parseNewShareError(r *http.Response) (*NewShareResponse, error) {
 	switch r.StatusCode {
 	case http.StatusOK, http.StatusCreated:
-		return nil
+		var res NewShareResponse
+		err := json.NewDecoder(r.Body).Decode(&res)
+		return &res, err
 	case http.StatusBadRequest:
-		return ErrInvalidParameters
+		return nil, ErrInvalidParameters
 	case http.StatusUnauthorized, http.StatusForbidden:
-		return ErrServiceNotTrusted
+		return nil, ErrServiceNotTrusted
 	}
 
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
-		return errors.Wrap(err, "error decoding response body")
+		return nil, errors.Wrap(err, "error decoding response body")
 	}
-	return errtypes.InternalError(string(body))
+	return nil, errtypes.InternalError(string(body))
 }

From 94b05dfa4969dd62b28a531a8ee8670913b6a5a5 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:50:04 +0100
Subject: [PATCH 28/44] fixes in json parsing

---
 pkg/ocm/share/repository/json/json.go | 134 ++++++++++++++++++++++++--
 1 file changed, 125 insertions(+), 9 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 9aa7ebf43c4..60cb0e1e4a5 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -96,17 +96,76 @@ func loadOrCreate(file string) (*shareModel, error) {
 	if m.ReceivedShares == nil {
 		m.ReceivedShares = map[string]*ocm.ReceivedShare{}
 	}
-	m.file = file
 
 	return &m, nil
 }
 
 type shareModel struct {
-	file           string                        `json:"-"`
 	Shares         map[string]*ocm.Share         `json:"shares"`          // share_id -> share
 	ReceivedShares map[string]*ocm.ReceivedShare `json:"received_shares"` // share_id -> share
 }
 
+func (s *shareModel) UnmarshalJSON(d []byte) error {
+	m := struct {
+		Shares         map[string]json.RawMessage `json:"shares"`
+		ReceivedShares map[string]json.RawMessage `json:"received_shares"`
+	}{}
+
+	if err := json.Unmarshal(d, &m); err != nil {
+		return err
+	}
+
+	share := map[string]*ocm.Share{}
+	for k, v := range m.Shares {
+		var s ocm.Share
+		if err := utils.UnmarshalJSONToProtoV1(v, &s); err != nil {
+			return err
+		}
+		share[k] = &s
+	}
+
+	received := map[string]*ocm.ReceivedShare{}
+	for k, v := range m.ReceivedShares {
+		var s ocm.ReceivedShare
+		if err := utils.UnmarshalJSONToProtoV1(v, &s); err != nil {
+			return err
+		}
+		received[k] = &s
+	}
+
+	*s = shareModel{
+		Shares:         share,
+		ReceivedShares: received,
+	}
+
+	return nil
+}
+
+func (s *shareModel) MarshalJSON() ([]byte, error) {
+	shares := map[string]json.RawMessage{}
+	for k, v := range s.Shares {
+		d, err := utils.MarshalProtoV1ToJSON(v)
+		if err != nil {
+			return nil, err
+		}
+		shares[k] = d
+	}
+
+	received := map[string]json.RawMessage{}
+	for k, v := range s.ReceivedShares {
+		d, err := utils.MarshalProtoV1ToJSON(v)
+		if err != nil {
+			return nil, err
+		}
+		received[k] = d
+	}
+
+	return json.Marshal(map[string]any{
+		"shares":          shares,
+		"received_shares": received,
+	})
+}
+
 type config struct {
 	File string `mapstructure:"file"`
 }
@@ -123,17 +182,38 @@ type mgr struct {
 	model      *shareModel
 }
 
-func (m *shareModel) save() error {
-	f, err := os.OpenFile(m.file, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+func (m *mgr) save() error {
+	f, err := os.OpenFile(m.c.File, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
 	if err != nil {
-		return errors.Wrap(err, "error opening file "+m.file)
+		return errors.Wrap(err, "error opening file "+m.c.File)
 	}
 	defer f.Close()
 
-	if err := json.NewEncoder(f).Encode(m); err != nil {
+	if err := json.NewEncoder(f).Encode(m.model); err != nil {
 		return errors.Wrap(err, "error encoding to json")
 	}
 
+	return f.Sync()
+}
+
+func (m *mgr) load() error {
+	f, err := os.OpenFile(m.c.File, os.O_RDONLY, 0644)
+	if err != nil {
+		return errors.Wrap(err, "error opening file "+m.c.File)
+	}
+	defer f.Close()
+
+	d, err := io.ReadAll(f)
+	if err != nil {
+		return err
+	}
+
+	var model shareModel
+	if err := json.Unmarshal(d, &model); err != nil {
+		return err
+	}
+
+	m.model = &model
 	return nil
 }
 
@@ -153,10 +233,14 @@ func (m *mgr) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, err
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	share.Id = &ocm.ShareId{OpaqueId: genID()}
 	m.model.Shares[share.Id.OpaqueId] = cloneShare(share)
 
-	if err := m.model.save(); err != nil {
+	if err := m.save(); err != nil {
 		return nil, errors.Wrap(err, "error saving share")
 	}
 
@@ -193,6 +277,10 @@ func (m *mgr) GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareRef
 		err error
 	)
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	switch {
 	case ref.GetId() != nil:
 		s, err = m.getByID(ctx, ref.GetId())
@@ -241,11 +329,15 @@ func (m *mgr) DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.Share
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return err
+	}
+
 	for id, share := range m.model.Shares {
 		if sharesEqual(ref, share) {
 			if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 				delete(m.model.Shares, id)
-				if err := m.model.save(); err != nil {
+				if err := m.save(); err != nil {
 					return err
 				}
 				return nil
@@ -294,6 +386,10 @@ func (m *mgr) ListShares(ctx context.Context, user *userpb.User, filters []*ocm.
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	for _, share := range m.model.Shares {
 		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 			// no filter we return earlier
@@ -319,6 +415,10 @@ func (m *mgr) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare)
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	now := time.Now().UnixNano()
 	ts := &typespb.Timestamp{
 		Seconds: uint64(now / 1000000000),
@@ -332,6 +432,9 @@ func (m *mgr) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare)
 	share.Mtime = ts
 
 	m.model.ReceivedShares[share.Id.OpaqueId] = cloneReceivedShare(share)
+	if err := m.save(); err != nil {
+		return nil, err
+	}
 
 	return share, nil
 }
@@ -341,11 +444,16 @@ func (m *mgr) ListReceivedShares(ctx context.Context, user *userpb.User) ([]*ocm
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	for _, share := range m.model.ReceivedShares {
 		if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 			// omit shares created by me
 			continue
 		}
+
 		if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
 			rss = append(rss, share)
 		}
@@ -357,6 +465,10 @@ func (m *mgr) GetReceivedShare(ctx context.Context, user *userpb.User, ref *ocm.
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	for _, share := range m.model.ReceivedShares {
 		if receivedShareEqual(ref, share) {
 			if share.Grantee.Type == provider.GranteeType_GRANTEE_TYPE_USER && utils.UserEqual(user.Id, share.Grantee.GetUserId()) {
@@ -376,6 +488,10 @@ func (m *mgr) UpdateReceivedShare(ctx context.Context, user *userpb.User, share
 	m.Lock()
 	defer m.Unlock()
 
+	if err := m.load(); err != nil {
+		return nil, err
+	}
+
 	for _, mask := range fieldMask.Paths {
 		switch mask {
 		case "state":
@@ -386,7 +502,7 @@ func (m *mgr) UpdateReceivedShare(ctx context.Context, user *userpb.User, share
 		}
 	}
 
-	if err := m.model.save(); err != nil {
+	if err := m.save(); err != nil {
 		return nil, errors.Wrap(err, "error saving model")
 	}
 

From 5b9c17a2f1eb1f0fedd3ecb2a80d172f6f6ebd20 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:52:26 +0100
Subject: [PATCH 29/44] fix function name

---
 pkg/ocm/client/client.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/ocm/client/client.go b/pkg/ocm/client/client.go
index 0785e1fd942..7eb712b8883 100644
--- a/pkg/ocm/client/client.go
+++ b/pkg/ocm/client/client.go
@@ -207,10 +207,10 @@ func (c *OCMClient) NewShare(ctx context.Context, endpoint string, r *NewShareRe
 	}
 	defer resp.Body.Close()
 
-	return c.parseNewShareError(resp)
+	return c.parseNewShareResponse(resp)
 }
 
-func (c *OCMClient) parseNewShareError(r *http.Response) (*NewShareResponse, error) {
+func (c *OCMClient) parseNewShareResponse(r *http.Response) (*NewShareResponse, error) {
 	switch r.StatusCode {
 	case http.StatusOK, http.StatusCreated:
 		var res NewShareResponse

From 453c2b7df5917475af4a5f52e417d77c6633f972 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:55:49 +0100
Subject: [PATCH 30/44] add helper functions for tests

---
 tests/helpers/helpers.go | 135 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)

diff --git a/tests/helpers/helpers.go b/tests/helpers/helpers.go
index 6e067a24063..8cdef23785f 100644
--- a/tests/helpers/helpers.go
+++ b/tests/helpers/helpers.go
@@ -23,13 +23,20 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
+	"net/http"
 	"os"
 	"path/filepath"
 	"runtime"
 
+	gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
+	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/internal/http/services/datagateway"
+	"github.com/cs3org/reva/pkg/rhttp"
 	"github.com/cs3org/reva/pkg/storage"
+	"github.com/studio-b12/gowebdav"
 )
 
 // TempDir creates a temporary directory in tmp/ and returns its path
@@ -100,3 +107,131 @@ func Upload(ctx context.Context, fs storage.FS, ref *provider.Reference, content
 	err = fs.Upload(ctx, uploadRef, io.NopCloser(bytes.NewReader(content)))
 	return err
 }
+
+// Resource represents a general resource (file or folder).
+type Resource interface {
+	isResource()
+}
+
+// Folder implements the Resource interface.
+type Folder map[string]Resource
+
+func (Folder) isResource() {}
+
+// File implements the Resource interface.
+type File struct {
+	Content string
+}
+
+func (File) isResource() {}
+
+// CreateStructure creates the given structure.
+func CreateStructure(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, root string, f Resource) error {
+	switch r := f.(type) {
+	case Folder:
+		if err := CreateFolder(ctx, gw, root); err != nil {
+			return err
+		}
+		for name, resource := range r {
+			p := filepath.Join(root, name)
+			if err := CreateStructure(ctx, gw, p, resource); err != nil {
+				return err
+			}
+		}
+	case File:
+		if err := CreateFile(ctx, gw, root, []byte(r.Content)); err != nil {
+			return err
+		}
+	default:
+		return fmt.Errorf("resource %T not valid", f)
+	}
+	return nil
+}
+
+// CreateFile creates a file in the given path with an initial content.
+func CreateFile(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, path string, content []byte) error {
+	initRes, err := gw.InitiateFileUpload(ctx, &provider.InitiateFileUploadRequest{Ref: &provider.Reference{Path: path}})
+	if err != nil {
+		return err
+	}
+	var token, endpoint string
+	for _, p := range initRes.Protocols {
+		if p.Protocol == "simple" {
+			token, endpoint = p.Token, p.UploadEndpoint
+		}
+	}
+	httpReq, err := rhttp.NewRequest(ctx, http.MethodPut, endpoint, bytes.NewReader(content))
+	if err != nil {
+		return err
+	}
+
+	httpReq.Header.Set(datagateway.TokenTransportHeader, token)
+
+	httpRes, err := http.DefaultClient.Do(httpReq)
+	if err != nil {
+		return err
+	}
+	if httpRes.StatusCode != http.StatusOK {
+		return errors.New(httpRes.Status)
+	}
+	defer httpRes.Body.Close()
+	return nil
+}
+
+// CreateFolder creates a folder in the given path.
+func CreateFolder(ctx context.Context, gw gatewayv1beta1.GatewayAPIClient, path string) error {
+	res, err := gw.CreateContainer(ctx, &provider.CreateContainerRequest{
+		Ref: &provider.Reference{Path: path},
+	})
+	if err != nil {
+		return err
+	}
+	if res.Status.Code != rpcv1beta1.Code_CODE_OK {
+		return errors.New(res.Status.Message)
+	}
+	return nil
+}
+
+// SameContentWebDAV checks that starting from the root path the webdav client sees the same
+// content defined in the Resource.
+func SameContentWebDAV(cl *gowebdav.Client, root string, f Resource) (bool, error) {
+	return sameContentWebDAV(cl, root, "", f)
+}
+
+func sameContentWebDAV(cl *gowebdav.Client, root, rel string, f Resource) (bool, error) {
+	switch r := f.(type) {
+	case Folder:
+		list, err := cl.ReadDir(rel)
+		if err != nil {
+			return false, err
+		}
+		if len(list) != len(r) {
+			return false, nil
+		}
+		for _, d := range list {
+			resource, ok := r[d.Name()]
+			if !ok {
+				return false, nil
+			}
+			ok, err := sameContentWebDAV(cl, root, filepath.Join(rel, d.Name()), resource)
+			if err != nil {
+				return false, err
+			}
+			if !ok {
+				return false, nil
+			}
+		}
+		return true, nil
+	case File:
+		c, err := cl.Read(rel)
+		if err != nil {
+			return false, err
+		}
+		if !bytes.Equal(c, []byte(r.Content)) {
+			return false, nil
+		}
+		return true, nil
+	default:
+		return false, errors.New("resource not valid")
+	}
+}

From 9977feaec65e3e1e91493a8177f0d54413f1c1d5 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:56:04 +0100
Subject: [PATCH 31/44] fix response when creating new ocm share

---
 internal/http/services/ocmd/shares.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index 307a5d8c085..96a1b2e0762 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -177,12 +177,13 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	response := map[string]any{}
+
 	if h.exposeRecipientDisplayName {
-		json.NewEncoder(w).Encode(map[string]any{
-			"recipientDisplayName": userRes.User.DisplayName,
-		})
+		response["recipientDisplayName"] = userRes.User.DisplayName
 	}
 
+	_ = json.NewEncoder(w).Encode(response)
 	w.WriteHeader(http.StatusCreated)
 }
 

From 86ff8599128346f0c6f02a91de123a1c927b08d2 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:56:24 +0100
Subject: [PATCH 32/44] fix errors in ocm share provider (still internal error)

---
 .../ocmshareprovider/ocmshareprovider.go      | 29 ++++++++++++++-----
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index d86d1219ea5..508dc505cec 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -21,6 +21,7 @@ package ocmshareprovider
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"path/filepath"
 	"time"
 
@@ -165,7 +166,11 @@ func getResourceType(info *providerv1beta1.ResourceInfo) string {
 func (s *service) webdavURL(ctx context.Context, path string) string {
 	// the url is in the form of https://cernbox.cern.ch/remote.php/dav/files/gdelmont/eos/user/g/gdelmont
 	user := ctxpkg.ContextMustGetUser(ctx)
-	return filepath.Join(s.conf.WebDAVPrefix, user.Username, path)
+	p, err := url.JoinPath(s.conf.WebDAVPrefix, user.Username, path)
+	if err != nil {
+		panic(err)
+	}
+	return p
 }
 
 func (s *service) getWebdavProtocol(ctx context.Context, info *providerv1beta1.ResourceInfo, m *ocm.AccessMethod_WebdavOptions) *ocmd.WebDAV {
@@ -206,12 +211,16 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		},
 	})
 	if err != nil {
-		return nil, err
+		return &ocm.CreateOCMShareResponse{
+			Status: status.NewInternal(ctx, err, err.Error()),
+		}, err
 	}
 
 	if statRes.Status.Code != rpcv1beta1.Code_CODE_OK {
 		// TODO: review error codes
-		return nil, errtypes.InternalError(statRes.Status.Message)
+		return &ocm.CreateOCMShareResponse{
+			Status: status.NewInternal(ctx, errors.New(statRes.Status.Message), statRes.Status.Message),
+		}, nil
 	}
 
 	info := statRes.Info
@@ -240,17 +249,21 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 	share, err = s.repo.StoreShare(ctx, share)
 	if err != nil {
 		// TODO: err
-		return nil, errtypes.InternalError(err.Error())
+		return &ocm.CreateOCMShareResponse{
+			Status: status.NewInternal(ctx, err, err.Error()),
+		}, nil
 	}
 
 	ocmEndpoint, err := getOCMEndpoint(req.RecipientMeshProvider)
 	if err != nil {
 		// TODO: err
-		return nil, errtypes.InternalError(err.Error())
+		return &ocm.CreateOCMShareResponse{
+			Status: status.NewInternal(ctx, err, err.Error()),
+		}, nil
 	}
 
 	newShareReq := &client.NewShareRequest{
-		ShareWith:         req.Grantee.GetGroupId().OpaqueId,
+		ShareWith:         formatOCMUser(req.Grantee.GetUserId()),
 		Name:              share.Name,
 		ResourceID:        fmt.Sprintf("%s:%s", req.ResourceId.StorageId, req.ResourceId.OpaqueId),
 		Owner:             formatOCMUser(info.Owner),
@@ -268,7 +281,9 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 	newShareRes, err := s.client.NewShare(ctx, ocmEndpoint, newShareReq)
 	if err != nil {
 		// TODO: err
-		return nil, errtypes.InternalError(err.Error())
+		return &ocm.CreateOCMShareResponse{
+			Status: status.NewInternal(ctx, err, err.Error()),
+		}, nil
 	}
 
 	res := &ocm.CreateOCMShareResponse{

From 6a9c5f06f9fb40c43c46b87da96acc417f1bd325 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:57:24 +0100
Subject: [PATCH 33/44] improved spawn revad daemons for testing. it's possible
 now define files with initial content and empty folders used by config files

---
 tests/integration/grpc/grpc_suite_test.go | 223 ++++++++++++++--------
 1 file changed, 145 insertions(+), 78 deletions(-)

diff --git a/tests/integration/grpc/grpc_suite_test.go b/tests/integration/grpc/grpc_suite_test.go
index bacb1cca3fa..a02caa23eb2 100644
--- a/tests/integration/grpc/grpc_suite_test.go
+++ b/tests/integration/grpc/grpc_suite_test.go
@@ -19,11 +19,13 @@
 package grpc_test
 
 import (
+	"encoding/json"
 	"fmt"
 	"net"
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"strings"
 	"sync"
 	"testing"
@@ -33,12 +35,13 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/pkg/errors"
+	"golang.org/x/sync/errgroup"
 )
 
 const timeoutMs = 30000
 
 var mutex = sync.Mutex{}
-var port = 19000
+var port = 25000
 
 func TestGrpc(t *testing.T) {
 	RegisterFailHandler(Fail)
@@ -54,6 +57,24 @@ type Revad struct {
 	Cleanup     cleanupFunc // Function to kill the process and cleanup the temp. root. If the given parameter is true the files will be kept to make debugging failures easier.
 }
 
+type res struct{}
+
+func (res) isResource() {}
+
+type Resource interface {
+	isResource()
+}
+
+type Folder struct {
+	res
+}
+
+type File struct {
+	res
+	Content  any
+	Encoding string // json, plain
+}
+
 // stardRevads takes a list of revad configuration files plus a map of
 // variables that need to be substituted in them and starts them.
 //
@@ -75,23 +96,23 @@ type Revad struct {
 // `storage` and a `users` revad will make `storage_address` and
 // `users_address` available wit the dynamically assigned ports so that
 // the services can be made available to each other.
-func startRevads(configs map[string]string, files map[string]string, variables map[string]string) (map[string]*Revad, error) {
+func startRevads(configs map[string]string, externalFiles map[string]string, newResources map[string]Resource, variables map[string]string) (map[string]*Revad, error) {
 	mutex.Lock()
 	defer mutex.Unlock()
 
-	revads := map[string]*Revad{}
+	tmpRoot, err := helpers.TempDir("")
+	if err != nil {
+		return nil, errors.Wrapf(err, "cannot create tmpdir for")
+	}
+
+	var revads sync.Map //  map[string]*Revad{}
 	addresses := map[string]string{}
 	filesPath := map[string]string{}
 	for name := range configs {
 		addresses[name] = fmt.Sprintf("localhost:%d", port)
 		port++
 	}
-	for name, p := range files {
-		tmpRoot, err := helpers.TempDir("")
-		if err != nil {
-			return nil, errors.Wrapf(err, "cannot create tmpdir for")
-		}
-
+	for name, p := range externalFiles {
 		rawFile, err := os.ReadFile(path.Join("fixtures", p))
 		if err != nil {
 			return nil, errors.Wrapf(err, "error reading file")
@@ -110,85 +131,131 @@ func startRevads(configs map[string]string, files map[string]string, variables m
 		}
 		filesPath[name] = newFilePath
 	}
+	for name, resource := range newResources {
 
-	for name, config := range configs {
-		ownAddress := addresses[name]
+		tmpResourcePath := filepath.Join(tmpRoot, name)
 
-		// Create a temporary root for this revad
-		tmpRoot, err := helpers.TempDir("")
-		if err != nil {
-			return nil, errors.Wrapf(err, "Could not create tmpdir")
-		}
-		newCfgPath := path.Join(tmpRoot, config)
-		fmt.Println(newCfgPath)
-		rawCfg, err := os.ReadFile(path.Join("fixtures", config))
-		if err != nil {
-			return nil, errors.Wrapf(err, "Could not read config file")
-		}
-		cfg := string(rawCfg)
-		cfg = strings.ReplaceAll(cfg, "{{root}}", tmpRoot)
-		for name, path := range filesPath {
-			cfg = strings.ReplaceAll(cfg, "{{file_"+name+"}}", path)
-		}
-		cfg = strings.ReplaceAll(cfg, "{{grpc_address}}", ownAddress)
-		if url, ok := addresses["gateway"]; ok {
-			cfg = strings.ReplaceAll(cfg, "{{gateway_address}}", url)
-		}
-		for v, value := range variables {
-			cfg = strings.ReplaceAll(cfg, "{{"+v+"}}", value)
-		}
-		for name, address := range addresses {
-			cfg = strings.ReplaceAll(cfg, "{{"+name+"_address}}", address)
-		}
-		err = os.WriteFile(newCfgPath, []byte(cfg), 0600)
-		if err != nil {
-			return nil, errors.Wrapf(err, "Could not write config file")
+		switch r := resource.(type) {
+		case File:
+			// fill the file with the initial content
+			switch r.Encoding {
+			case "", "plain":
+				if err := os.WriteFile(tmpResourcePath, []byte(r.Content.(string)), 0644); err != nil {
+					return nil, err
+				}
+			case "json":
+				d, err := json.Marshal(r.Content)
+				if err != nil {
+					return nil, err
+				}
+				if err := os.WriteFile(tmpResourcePath, d, 0644); err != nil {
+					return nil, err
+				}
+			default:
+				return nil, errors.New("encoding not known " + r.Encoding)
+			}
+		case Folder:
+			if err := os.MkdirAll(tmpResourcePath, 0755); err != nil {
+				return nil, err
+			}
 		}
 
-		// Run revad
-		cmd := exec.Command("../../../cmd/revad/revad", "-c", newCfgPath)
+		filesPath[name] = tmpResourcePath
+	}
 
-		outfile, err := os.Create(path.Join(tmpRoot, name+"-out.log"))
-		if err != nil {
-			panic(err)
-		}
-		defer outfile.Close()
-		cmd.Stdout = outfile
-		cmd.Stderr = outfile
+	g := new(errgroup.Group)
 
-		err = cmd.Start()
-		if err != nil {
-			return nil, errors.Wrapf(err, "Could not start revad")
-		}
+	for name, config := range configs {
+		name, config := name, config
+		g.Go(func() error {
+			ownAddress := addresses[name]
 
-		err = waitForPort(ownAddress, "open")
-		if err != nil {
-			return nil, err
-		}
+			newCfgPath := path.Join(tmpRoot, config)
+			rawCfg, err := os.ReadFile(path.Join("fixtures", config))
+			if err != nil {
+				return errors.Wrapf(err, "Could not read config file")
+			}
+			cfg := string(rawCfg)
+			cfg = strings.ReplaceAll(cfg, "{{root}}", tmpRoot)
+			for name, path := range filesPath {
+				cfg = strings.ReplaceAll(cfg, "{{file_"+name+"}}", path)
+				cfg = strings.ReplaceAll(cfg, "{{"+name+"}}", path)
+			}
+			cfg = strings.ReplaceAll(cfg, "{{grpc_address}}", ownAddress)
+			if url, ok := addresses["gateway"]; ok {
+				cfg = strings.ReplaceAll(cfg, "{{gateway_address}}", url)
+			}
+			for v, value := range variables {
+				cfg = strings.ReplaceAll(cfg, "{{"+v+"}}", value)
+			}
+			for name, address := range addresses {
+				cfg = strings.ReplaceAll(cfg, "{{"+name+"_address}}", address)
+			}
+			if err := os.MkdirAll(filepath.Dir(newCfgPath), 0755); err != nil {
+				return errors.Wrapf(err, "cannot create config folders")
+			}
+			err = os.WriteFile(newCfgPath, []byte(cfg), 0644)
+			if err != nil {
+				return errors.Wrapf(err, "Could not write config file")
+			}
 
-		// even the port is open the service might not be available yet
-		time.Sleep(1 * time.Second)
+			// Run revad
+			cmd := exec.Command("../../../cmd/revad/revad", "-c", newCfgPath)
 
-		revad := &Revad{
-			TmpRoot:     tmpRoot,
-			GrpcAddress: ownAddress,
-			Cleanup: func(keepLogs bool) error {
-				err := cmd.Process.Signal(os.Kill)
-				if err != nil {
-					return errors.Wrap(err, "Could not kill revad")
-				}
-				_ = waitForPort(ownAddress, "close")
-				if keepLogs {
-					fmt.Println("Test failed, keeping root", tmpRoot, "around for debugging")
-				} else {
-					os.RemoveAll(tmpRoot)
-				}
-				return nil
-			},
-		}
-		revads[name] = revad
+			outfile, err := os.Create(path.Join(tmpRoot, name+"-out.log"))
+			if err != nil {
+				panic(err)
+			}
+			defer outfile.Close()
+			cmd.Stdout = outfile
+			cmd.Stderr = outfile
+
+			err = cmd.Start()
+			if err != nil {
+				return errors.Wrapf(err, "Could not start revad")
+			}
+
+			err = waitForPort(ownAddress, "open")
+			if err != nil {
+				return err
+			}
+
+			// even the port is open the service might not be available yet
+			time.Sleep(1 * time.Second)
+
+			revad := &Revad{
+				TmpRoot:     tmpRoot,
+				GrpcAddress: ownAddress,
+				Cleanup: func(keepLogs bool) error {
+					err := cmd.Process.Signal(os.Kill)
+					if err != nil {
+						return errors.Wrap(err, "Could not kill revad")
+					}
+					_ = waitForPort(ownAddress, "close")
+					if keepLogs {
+						fmt.Println("Test failed, keeping root", tmpRoot, "around for debugging")
+					} else {
+						os.RemoveAll(tmpRoot)
+					}
+					return nil
+				},
+			}
+			revads.Store(name, revad)
+			return nil
+		})
 	}
-	return revads, nil
+
+	if err := g.Wait(); err != nil {
+		return nil, err
+	}
+
+	res := make(map[string]*Revad)
+	revads.Range(func(key, value any) bool {
+		res[key.(string)] = value.(*Revad)
+		return true
+	})
+
+	return res, nil
 }
 
 func waitForPort(grpcAddress, expectedStatus string) error {

From a7f55806e70b5e9e5fcf385fbd9508b65f27c7d1 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 11:57:39 +0100
Subject: [PATCH 34/44] defined integration tests for ocm shares

---
 .../ocm-share/cernbox-webdav-server.toml      |  13 +
 .../ocm-share/ocm-providers.demo.json         |  48 ++
 .../ocm-share/ocm-server-cernbox-grpc.toml    |  70 +++
 .../ocm-share/ocm-server-cernbox-http.toml    |  30 ++
 .../ocm-share/ocm-server-cesnet-grpc.toml     |  58 +++
 .../ocm-share/ocm-server-cesnet-http.toml     |  20 +
 .../fixtures/ocm-share/ocm-users.demo.json    |  62 +++
 tests/integration/grpc/ocm_share_test.go      | 436 ++++++++++++++++++
 8 files changed, 737 insertions(+)
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/cernbox-webdav-server.toml
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-providers.demo.json
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-grpc.toml
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-http.toml
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-grpc.toml
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-http.toml
 create mode 100644 tests/integration/grpc/fixtures/ocm-share/ocm-users.demo.json
 create mode 100644 tests/integration/grpc/ocm_share_test.go

diff --git a/tests/integration/grpc/fixtures/ocm-share/cernbox-webdav-server.toml b/tests/integration/grpc/fixtures/ocm-share/cernbox-webdav-server.toml
new file mode 100644
index 00000000000..f46772282ab
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/cernbox-webdav-server.toml
@@ -0,0 +1,13 @@
+[log]
+mode = "json"
+
+[shared]
+gatewaysvc = "{{cernboxgw_address}}"
+
+[http]
+address = "{{grpc_address}}"
+
+[http.middlewares.auth]
+token_strategy = "bearer"
+
+[http.services.ocdav]
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-providers.demo.json b/tests/integration/grpc/fixtures/ocm-share/ocm-providers.demo.json
new file mode 100644
index 00000000000..2a95dc8ad2b
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-providers.demo.json
@@ -0,0 +1,48 @@
+[
+	{
+		"name": "cernbox",
+		"full_name": "CERNBox",
+		"organization": "CERN",
+		"domain": "cernbox.cern.ch",
+		"homepage": "https://cernbox.web.cern.ch",
+		"description": "CERNBox provides cloud data storage to all CERN users.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "CERNBox Open Cloud Mesh API"
+					},
+					"name": "CERNBox - OCM API",
+					"path": "http://{{cernboxhttp_address}}/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "{{cernboxhttp_address}}"
+			}
+		]
+	},
+	{
+		"name": "oc-cesnet",
+		"full_name": "ownCloud@CESNET",
+		"organization": "CESNET",
+		"domain": "cesnet.cz",
+		"homepage": "https://owncloud.cesnet.cz",
+		"description": "OwnCloud has been designed for individual users.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "CESNET Open Cloud Mesh API"
+					},
+					"name": "CESNET - OCM API",
+					"path": "http://{{cesnethttp_address}}/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "{{cesnethttp_address}}"
+			}
+		]
+	}
+]
\ No newline at end of file
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-grpc.toml b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-grpc.toml
new file mode 100644
index 00000000000..43bf38acca6
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-grpc.toml
@@ -0,0 +1,70 @@
+[log]
+mode = "json"
+
+[shared]
+gatewaysvc = "{{grpc_address}}"
+
+[grpc]
+address = "{{grpc_address}}"
+
+[grpc.services.gateway]
+authregistrysvc = "{{grpc_address}}"
+userprovidersvc = "{{grpc_address}}"
+ocminvitemanagersvc = "{{grpc_address}}"
+ocmproviderauthorizersvc = "{{grpc_address}}"
+storageregistrysvc = "{{grpc_address}}"
+ocmshareprovidersvc = "{{grpc_address}}"
+datagateway = "http://{{cernboxhttp_address}}/datagateway"
+
+[grpc.services.storageregistry]
+[grpc.services.storageregistry.drivers.static]
+home_provider = "/home"
+[grpc.services.storageregistry.drivers.static.rules]
+"/home" = {"address" = "{{grpc_address}}"}
+"123e4567-e89b-12d3-a456-426655440000" = {"address" = "{{grpc_address}}"}
+
+[grpc.services.storageprovider]
+driver = "localhome"
+mount_path = "/home"
+mount_id = "123e4567-e89b-12d3-a456-426655440000"
+data_server_url = "http://{{cernboxhttp_address}}/data"
+
+[grpc.services.storageprovider.drivers.localhome]
+root = "{{localhome_root}}"
+
+[grpc.services.authregistry]
+driver = "static"
+
+[grpc.services.authregistry.drivers.static.rules]
+basic = "{{grpc_address}}"
+
+[grpc.services.ocminvitemanager]
+driver = "json"
+
+[grpc.services.ocminvitemanager.drivers.json]
+file = "{{invite_token_file}}"
+
+[grpc.services.ocmproviderauthorizer]
+driver = "json"
+
+[grpc.services.ocmproviderauthorizer.drivers.json]
+providers = "{{file_providers}}"
+
+[grpc.services.ocmshareprovider]
+driver = "json"
+webdav_prefix = "http://{{cernboxwebdav_address}}/remote.php/dav/files"
+
+[grpc.services.ocmshareprovider.drivers.json]
+file = "{{ocm_share_cernbox_file}}"
+
+[grpc.services.authprovider]
+auth_manager = "json"
+
+[grpc.services.authprovider.auth_managers.json]
+users = "fixtures/ocm-share/ocm-users.demo.json"
+
+[grpc.services.userprovider]
+driver = "json"
+
+[grpc.services.userprovider.drivers.json]
+users = "fixtures/ocm-share/ocm-users.demo.json"
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-http.toml b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-http.toml
new file mode 100644
index 00000000000..d30faa0951c
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cernbox-http.toml
@@ -0,0 +1,30 @@
+[log]
+mode = "json"
+
+[shared]
+gatewaysvc = "{{cernboxgw_address}}"
+
+[http]
+address = "{{grpc_address}}"
+
+[http.services.ocmd]
+
+[http.services.sciencemesh]
+
+[http.middlewares.cors]
+
+[http.middlewares.providerauthorizer]
+driver = "json"
+
+[http.middlewares.providerauthorizer.drivers.json]
+providers = "fixtures/ocm-providers.demo.json"
+
+[http.services.datagateway]
+
+[http.services.dataprovider]
+driver = "localhome"
+
+[http.services.dataprovider.drivers.localhome]
+root = "{{localhome_root}}"
+
+[http.services.ocdav]
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-grpc.toml b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-grpc.toml
new file mode 100644
index 00000000000..aad74a3153b
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-grpc.toml
@@ -0,0 +1,58 @@
+[log]
+mode = "json"
+
+[shared]
+gatewaysvc = "{{grpc_address}}"
+
+[grpc]
+address = "{{grpc_address}}"
+
+[grpc.services.gateway]
+authregistrysvc = "{{grpc_address}}"
+userprovidersvc = "{{grpc_address}}"
+ocminvitemanagersvc = "{{grpc_address}}"
+ocmproviderauthorizersvc = "{{grpc_address}}"
+ocmshareprovidersvc = "{{grpc_address}}"
+ocmcoresvc = "{{grpc_address}}"
+
+[grpc.services.authregistry]
+driver = "static"
+
+[grpc.services.authregistry.drivers.static.rules]
+basic = "{{grpc_address}}"
+
+[grpc.services.ocminvitemanager]
+driver = "json"
+
+[grpc.services.ocminvitemanager.drivers.json]
+file = "{{invite_token_file}}"
+
+[grpc.services.ocmproviderauthorizer]
+driver = "json"
+
+[grpc.services.ocmproviderauthorizer.drivers.json]
+providers = "{{file_providers}}"
+
+[grpc.services.ocmshareprovider]
+driver = "json"
+
+[grpc.services.ocmshareprovider.drivers.json]
+file = "{{ocm_share_cesnet_file}}"
+
+[grpc.services.ocmcore]
+driver = "json"
+
+[grpc.services.ocmcore.drivers.json]
+file = "{{ocm_share_cesnet_file}}"
+
+[grpc.services.authprovider]
+auth_manager = "json"
+
+[grpc.services.authprovider.auth_managers.json]
+users = "fixtures/ocm-users.demo.json"
+
+[grpc.services.userprovider]
+driver = "json"
+
+[grpc.services.userprovider.drivers.json]
+users = "fixtures/ocm-users.demo.json"
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-http.toml b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-http.toml
new file mode 100644
index 00000000000..ce607e3648b
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-server-cesnet-http.toml
@@ -0,0 +1,20 @@
+[log]
+mode = "json"
+
+[shared]
+gatewaysvc = "{{cesnetgw_address}}"
+
+[http]
+address = "{{grpc_address}}"
+
+[http.services.ocmd]
+
+[http.services.sciencemesh]
+
+[http.middlewares.cors]
+
+[http.middlewares.providerauthorizer]
+driver = "json"
+
+[http.middlewares.providerauthorizer.drivers.json]
+providers = "fixtures/ocm-providers.demo.json"
\ No newline at end of file
diff --git a/tests/integration/grpc/fixtures/ocm-share/ocm-users.demo.json b/tests/integration/grpc/fixtures/ocm-share/ocm-users.demo.json
new file mode 100644
index 00000000000..2b836ff1aa0
--- /dev/null
+++ b/tests/integration/grpc/fixtures/ocm-share/ocm-users.demo.json
@@ -0,0 +1,62 @@
+[
+	{
+		"id": {
+			"opaque_id": "4c510ada-c86b-4815-8820-42cdf82c3d51",
+			"idp": "cernbox.cern.ch",
+			"type": 1
+		},
+		"username": "einstein",
+		"secret": "relativity",
+		"mail": "einstein@cern.ch",
+		"display_name": "Albert Einstein",
+		"groups": [
+			"sailing-lovers",
+			"violin-haters",
+			"physics-lovers"
+		],
+		"opaque": {
+			"map": {
+				"gid": {
+					"_comment": "decodes to 987",
+					"decoder": "plain",
+					"value": "OTg3"
+				},
+				"uid": {
+					"_comment": "decodes to 123",
+					"decoder": "plain",
+					"value": "MTIz"
+				}
+			}
+		}
+	},
+	{
+		"id": {
+			"opaque_id": "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+			"idp": "cesnet.cz",
+			"type": 1
+		},
+		"username": "marie",
+		"secret": "radioactivity",
+		"mail": "marie@cesnet.cz",
+		"display_name": "Marie Curie",
+		"groups": [
+			"radium-lovers",
+			"polonium-lovers",
+			"physics-lovers"
+		],
+		"opaque": {
+			"map": {
+				"gid": {
+					"_comment": "decodes to 987",
+					"decoder": "plain",
+					"value": "OTg3"
+				},
+				"uid": {
+					"_comment": "decodes to 456",
+					"decoder": "plain",
+					"value": "NDU2"
+				}
+			}
+		}
+	}
+]
\ No newline at end of file
diff --git a/tests/integration/grpc/ocm_share_test.go b/tests/integration/grpc/ocm_share_test.go
new file mode 100644
index 00000000000..1179474bea0
--- /dev/null
+++ b/tests/integration/grpc/ocm_share_test.go
@@ -0,0 +1,436 @@
+package grpc_test
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+
+	gatewaypb "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
+	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	invitev1beta1 "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
+	ocmproviderpb "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
+	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+	ocmv1beta1 "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
+	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/internal/http/services/datagateway"
+	"github.com/cs3org/reva/internal/http/services/owncloud/ocdav"
+	"github.com/cs3org/reva/internal/http/services/owncloud/ocs/conversions"
+	"github.com/cs3org/reva/pkg/ocm/client"
+	"github.com/cs3org/reva/pkg/ocm/share"
+	"github.com/cs3org/reva/pkg/rgrpc/todo/pool"
+	"github.com/cs3org/reva/pkg/rhttp"
+	jwt "github.com/cs3org/reva/pkg/token/manager/jwt"
+	"github.com/cs3org/reva/tests/helpers"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"github.com/pkg/errors"
+	"github.com/studio-b12/gowebdav"
+)
+
+var _ = Describe("ocm share", func() {
+	var (
+		revads = map[string]*Revad{}
+
+		variables = map[string]string{}
+
+		ctxEinstein context.Context
+		ctxMarie    context.Context
+		cernboxgw   gatewaypb.GatewayAPIClient
+		cesnetgw    gatewaypb.GatewayAPIClient
+		cernbox     = &ocmproviderpb.ProviderInfo{
+			Name:         "cernbox",
+			FullName:     "CERNBox",
+			Description:  "CERNBox provides cloud data storage to all CERN users.",
+			Organization: "CERN",
+			Domain:       "cernbox.cern.ch",
+			Homepage:     "https://cernbox.web.cern.ch",
+			Services: []*ocmproviderpb.Service{
+				{
+					Endpoint: &ocmproviderpb.ServiceEndpoint{
+						Type: &ocmproviderpb.ServiceType{
+							Name:        "OCM",
+							Description: "CERNBox Open Cloud Mesh API",
+						},
+						Name:        "CERNBox - OCM API",
+						Path:        "http://127.0.0.1:19001/ocm/",
+						IsMonitored: true,
+					},
+					Host:       "127.0.0.1:19001",
+					ApiVersion: "0.0.1",
+				},
+			},
+		}
+		einstein = &userpb.User{
+			Id: &userpb.UserId{
+				OpaqueId: "4c510ada-c86b-4815-8820-42cdf82c3d51",
+				Idp:      "cernbox.cern.ch",
+				Type:     userpb.UserType_USER_TYPE_PRIMARY,
+			},
+			Username:    "einstein",
+			Mail:        "einstein@cern.ch",
+			DisplayName: "Albert Einstein",
+		}
+		marie = &userpb.User{
+			Id: &userpb.UserId{
+				OpaqueId: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",
+				Idp:      "cesnet.cz",
+				Type:     userpb.UserType_USER_TYPE_PRIMARY,
+			},
+			Username:    "marie",
+			Mail:        "marie@cesnet.cz",
+			DisplayName: "Marie Curie",
+		}
+	)
+
+	JustBeforeEach(func() {
+		tokenManager, err := jwt.New(map[string]interface{}{"secret": "changemeplease"})
+		Expect(err).ToNot(HaveOccurred())
+		ctxEinstein = ctxWithAuthToken(tokenManager, einstein)
+		ctxMarie = ctxWithAuthToken(tokenManager, marie)
+		revads, err = startRevads(map[string]string{
+			"cernboxgw":     "ocm-share/ocm-server-cernbox-grpc.toml",
+			"cernboxwebdav": "ocm-share/cernbox-webdav-server.toml",
+			"cernboxhttp":   "ocm-share/ocm-server-cernbox-http.toml",
+			"cesnetgw":      "ocm-share/ocm-server-cesnet-grpc.toml",
+			"cesnethttp":    "ocm-share/ocm-server-cesnet-http.toml",
+		}, map[string]string{
+			"providers": "ocm-providers.demo.json",
+		}, map[string]Resource{
+			"ocm_share_cernbox_file": File{Content: "{}"},
+			"ocm_share_cesnet_file":  File{Content: "{}"},
+			"invite_token_file":      File{Content: "{}"},
+			"localhome_root":         Folder{},
+		}, variables)
+		Expect(err).ToNot(HaveOccurred())
+		cernboxgw, err = pool.GetGatewayServiceClient(pool.Endpoint(revads["cernboxgw"].GrpcAddress))
+		Expect(err).ToNot(HaveOccurred())
+		cesnetgw, err = pool.GetGatewayServiceClient(pool.Endpoint(revads["cesnetgw"].GrpcAddress))
+		Expect(err).ToNot(HaveOccurred())
+		cernbox.Services[0].Endpoint.Path = "http://" + revads["cernboxhttp"].GrpcAddress + "/ocm"
+
+		createHomeResp, err := cernboxgw.CreateHome(ctxEinstein, &provider.CreateHomeRequest{})
+		Expect(err).ToNot(HaveOccurred())
+		Expect(createHomeResp.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+	})
+
+	AfterEach(func() {
+		for _, r := range revads {
+			Expect(r.Cleanup(CurrentGinkgoTestDescription().Failed)).To(Succeed())
+		}
+	})
+
+	Describe("marie has already accepted the invitation workflow", func() {
+		JustBeforeEach(func() {
+			tknRes, err := cernboxgw.GenerateInviteToken(ctxEinstein, &invitev1beta1.GenerateInviteTokenRequest{})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(tknRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+			_, err = client.New(&client.Config{}).InviteAccepted(ctxMarie, cernbox.Services[0].Endpoint.Path, &client.InviteAcceptedRequest{
+				UserID:            marie.Id.OpaqueId,
+				Email:             marie.Mail,
+				RecipientProvider: "cernbox.cern.ch",
+				Name:              marie.DisplayName,
+				Token:             tknRes.InviteToken.Token,
+			})
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		Context("einstein shares a file with view permissions", func() {
+			It("marie is able to see the content of the file", func() {
+				fileToShare := &provider.Reference{
+					Path: "/home/new-file",
+				}
+				By("creating a file")
+				Expect(helpers.CreateFile(ctxEinstein, cernboxgw, fileToShare.Path, []byte("test"))).To(Succeed())
+
+				By("share the file with marie")
+				info, err := stat(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewViewerRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				By("marie access the share")
+				listRes, err := cesnetgw.ListReceivedOCMShares(ctxMarie, &ocmv1beta1.ListReceivedOCMSharesRequest{})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(listRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				Expect(listRes.Shares).To(HaveLen(1))
+
+				share := listRes.Shares[0]
+				Expect(share.Protocols).To(HaveLen(1))
+
+				protocol := share.Protocols[0]
+				webdav, ok := protocol.Term.(*ocmv1beta1.Protocol_WebdavOptions)
+				Expect(ok).To(BeTrue())
+
+				webdavClient := gowebdav.NewClient(webdav.WebdavOptions.Uri, "", "")
+				webdavClient.SetHeader("Authorization", "Bearer "+webdav.WebdavOptions.SharedSecret)
+				d, err := webdavClient.Read(".")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(d).To(Equal([]byte("test")))
+
+				// TODO: enable once we don't send anymore the owner token
+				// err = webdavClient.Write(".", []byte("will-never-be-writter"), 0)
+				// Expect(err).To(HaveOccurred())
+			})
+		})
+
+		Context("einstein shares a file with editor permissions", func() {
+			It("marie is able to modify the content of the file", func() {
+				fileToShare := &provider.Reference{
+					Path: "/home/new-file",
+				}
+				By("creating a file")
+				Expect(helpers.CreateFile(ctxEinstein, cernboxgw, fileToShare.Path, []byte("test"))).To(Succeed())
+
+				By("share the file with marie")
+				info, err := stat(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				By("marie access the share and modify the content of the file")
+				listRes, err := cesnetgw.ListReceivedOCMShares(ctxMarie, &ocmv1beta1.ListReceivedOCMSharesRequest{})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(listRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				Expect(listRes.Shares).To(HaveLen(1))
+
+				share := listRes.Shares[0]
+				Expect(share.Protocols).To(HaveLen(1))
+
+				protocol := share.Protocols[0]
+				webdav, ok := protocol.Term.(*ocmv1beta1.Protocol_WebdavOptions)
+				Expect(ok).To(BeTrue())
+
+				u := strings.TrimSuffix(webdav.WebdavOptions.Uri, "/new-file")
+				webdavClient := gowebdav.NewClient(u, "", "")
+				data := []byte("new-content")
+				webdavClient.SetHeader("Authorization", "Bearer "+webdav.WebdavOptions.SharedSecret)
+				webdavClient.SetHeader(ocdav.HeaderUploadLength, strconv.Itoa(len(data)))
+				err = webdavClient.Write("new-file", data, 0)
+				Expect(err).ToNot(HaveOccurred())
+
+				By("check that the file was modified")
+				newContent, err := download(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(newContent).To(Equal([]byte("new-content")))
+			})
+		})
+
+		Context("einstein shares a folder with view permissions", func() {
+			It("marie is able to see the content of the folder", func() {
+				structure := helpers.Folder{
+					"foo": helpers.File{
+						Content: "foo",
+					},
+					"dir": helpers.Folder{},
+				}
+				fileToShare := &provider.Reference{Path: "/home/ocm-share-folder"}
+				Expect(helpers.CreateStructure(ctxEinstein, cernboxgw, fileToShare.Path, structure)).To(Succeed())
+
+				By("share the file with marie")
+
+				info, err := stat(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewViewerRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				By("marie see the content of the folder")
+				listRes, err := cesnetgw.ListReceivedOCMShares(ctxMarie, &ocmv1beta1.ListReceivedOCMSharesRequest{})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(listRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				Expect(listRes.Shares).To(HaveLen(1))
+
+				share := listRes.Shares[0]
+				Expect(share.Protocols).To(HaveLen(1))
+
+				protocol := share.Protocols[0]
+				webdav, ok := protocol.Term.(*ocmv1beta1.Protocol_WebdavOptions)
+				Expect(ok).To(BeTrue())
+
+				webdavClient := gowebdav.NewClient(webdav.WebdavOptions.Uri, "", "")
+				webdavClient.SetHeader("Authorization", "Bearer "+webdav.WebdavOptions.SharedSecret)
+
+				ok, err = helpers.SameContentWebDAV(webdavClient, fileToShare.Path, structure)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(ok).To(BeTrue())
+
+				// By("check that marie does not have permissions to create files")
+				// Expect(webdavClient.Write("new-file", []byte("new-file"), 0)).ToNot(Succeed())
+			})
+		})
+
+		Context("einstein shares a folder with editor permissions", func() {
+			It("marie is able to see the content and upload resources", func() {
+				structure := helpers.Folder{
+					"foo": helpers.File{
+						Content: "foo",
+					},
+					"dir": helpers.Folder{},
+				}
+				fileToShare := &provider.Reference{Path: "/home/ocm-share-folder"}
+
+				Expect(helpers.CreateStructure(ctxEinstein, cernboxgw, fileToShare.Path, structure)).To(Succeed())
+
+				By("share the file with marie")
+
+				info, err := stat(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				By("marie can upload a file")
+				listRes, err := cesnetgw.ListReceivedOCMShares(ctxMarie, &ocmv1beta1.ListReceivedOCMSharesRequest{})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(listRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				Expect(listRes.Shares).To(HaveLen(1))
+
+				share := listRes.Shares[0]
+				Expect(share.Protocols).To(HaveLen(1))
+
+				protocol := share.Protocols[0]
+				webdav, ok := protocol.Term.(*ocmv1beta1.Protocol_WebdavOptions)
+				Expect(ok).To(BeTrue())
+
+				webdavClient := gowebdav.NewClient(webdav.WebdavOptions.Uri, "", "")
+				data := []byte("new-content")
+				webdavClient.SetHeader("Authorization", "Bearer "+webdav.WebdavOptions.SharedSecret)
+				webdavClient.SetHeader(ocdav.HeaderUploadLength, strconv.Itoa(len(data)))
+				err = webdavClient.Write("new-file", data, 0)
+				Expect(err).ToNot(HaveOccurred())
+
+				Expect(webdavClient.Write("new-file", []byte("new-file"), 0)).To(Succeed())
+				Expect(helpers.SameContentWebDAV(webdavClient, fileToShare.Path, helpers.Folder{
+					"foo": helpers.File{
+						Content: "foo",
+					},
+					"dir": helpers.Folder{},
+					"new-file": helpers.File{
+						Content: "new-file",
+					},
+				}))
+			})
+		})
+
+	})
+})
+
+func stat(ctx context.Context, gw gatewaypb.GatewayAPIClient, ref *provider.Reference) (*provider.ResourceInfo, error) {
+	statRes, err := gw.Stat(ctx, &provider.StatRequest{Ref: ref})
+	if err != nil {
+		return nil, err
+	}
+	if statRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+		return nil, errors.New(statRes.Status.Message)
+	}
+	return statRes.Info, nil
+}
+
+func download(ctx context.Context, gw gatewaypb.GatewayAPIClient, ref *provider.Reference) ([]byte, error) {
+	initRes, err := gw.InitiateFileDownload(ctx, &provider.InitiateFileDownloadRequest{Ref: ref})
+	if err != nil {
+		return nil, err
+	}
+
+	var token, endpoint string
+	for _, p := range initRes.Protocols {
+		if p.Protocol == "simple" {
+			token, endpoint = p.Token, p.DownloadEndpoint
+		}
+	}
+	httpReq, err := rhttp.NewRequest(ctx, http.MethodGet, endpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	httpReq.Header.Set(datagateway.TokenTransportHeader, token)
+
+	httpRes, err := http.DefaultClient.Do(httpReq)
+	if err != nil {
+		return nil, err
+	}
+	defer httpRes.Body.Close()
+
+	return io.ReadAll(httpRes.Body)
+}

From 719e37ea91ab9e47287ab0a0685e838f41bc6be4 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 13:20:52 +0100
Subject: [PATCH 35/44] fixes in other tests

---
 tests/integration/grpc/ocm_invitation_test.go  | 2 +-
 tests/integration/grpc/storageprovider_test.go | 2 +-
 tests/integration/grpc/userprovider_test.go    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/integration/grpc/ocm_invitation_test.go b/tests/integration/grpc/ocm_invitation_test.go
index 3e5d5065dad..f44f6dbd876 100644
--- a/tests/integration/grpc/ocm_invitation_test.go
+++ b/tests/integration/grpc/ocm_invitation_test.go
@@ -129,7 +129,7 @@ var _ = Describe("ocm invitation workflow", func() {
 			"cesnethttp":  "ocm-server-cesnet-http.toml",
 		}, map[string]string{
 			"providers": "ocm-providers.demo.json",
-		}, variables)
+		}, nil, variables)
 		Expect(err).ToNot(HaveOccurred())
 		cernboxgw, err = pool.GetGatewayServiceClient(pool.Endpoint(revads["cernboxgw"].GrpcAddress))
 		Expect(err).ToNot(HaveOccurred())
diff --git a/tests/integration/grpc/storageprovider_test.go b/tests/integration/grpc/storageprovider_test.go
index 51b53959489..ae705b4e7f3 100644
--- a/tests/integration/grpc/storageprovider_test.go
+++ b/tests/integration/grpc/storageprovider_test.go
@@ -87,7 +87,7 @@ var _ = Describe("storage providers", func() {
 		ctx = metadata.AppendToOutgoingContext(ctx, ctxpkg.TokenHeader, t)
 		ctx = ctxpkg.ContextSetUser(ctx, user)
 
-		revads, err = startRevads(dependencies, nil, variables)
+		revads, err = startRevads(dependencies, nil, nil, variables)
 		Expect(err).ToNot(HaveOccurred())
 		serviceClient, err = pool.GetStorageProviderServiceClient(pool.Endpoint(revads["storage"].GrpcAddress))
 		Expect(err).ToNot(HaveOccurred())
diff --git a/tests/integration/grpc/userprovider_test.go b/tests/integration/grpc/userprovider_test.go
index 6dff965ada5..5e9eda0818f 100644
--- a/tests/integration/grpc/userprovider_test.go
+++ b/tests/integration/grpc/userprovider_test.go
@@ -65,7 +65,7 @@ var _ = Describe("user providers", func() {
 		ctx = metadata.AppendToOutgoingContext(ctx, ctxpkg.TokenHeader, t)
 		ctx = ctxpkg.ContextSetUser(ctx, user)
 
-		revads, err = startRevads(dependencies, nil, map[string]string{})
+		revads, err = startRevads(dependencies, nil, nil, map[string]string{})
 		Expect(err).ToNot(HaveOccurred())
 		serviceClient, err = pool.GetUserProviderServiceClient(pool.Endpoint(revads["users"].GrpcAddress))
 		Expect(err).ToNot(HaveOccurred())

From f5a0ad5860650bced51048f76713087722207f00 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 13:34:03 +0100
Subject: [PATCH 36/44] use fork for go cs3 bindings

---
 go.mod |  6 +++---
 go.sum | 22 ++++++++--------------
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 0294243afc4..ca5a0026385 100644
--- a/go.mod
+++ b/go.mod
@@ -23,6 +23,7 @@ require (
 	github.com/glpatcern/go-mime v0.0.0-20221026162842-2a8d71ad17a9
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/go-ldap/ldap/v3 v3.4.4
+	github.com/go-playground/validator/v10 v10.11.2
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/protobuf v1.5.2
@@ -62,6 +63,7 @@ require (
 	go.opentelemetry.io/otel/exporters/jaeger v1.11.2
 	go.opentelemetry.io/otel/sdk v1.11.2
 	go.opentelemetry.io/otel/trace v1.11.2
+	go.step.sm/crypto v0.23.2
 	golang.org/x/crypto v0.5.0
 	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
@@ -96,7 +98,6 @@ require (
 	github.com/go-openapi/strfmt v0.21.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.11.2 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
@@ -154,7 +155,6 @@ require (
 	go.etcd.io/bbolt v1.3.6 // indirect
 	go.mongodb.org/mongo-driver v1.8.3 // indirect
 	go.opentelemetry.io/otel/metric v0.34.0 // indirect
-	go.step.sm/crypto v0.23.2 // indirect
 	golang.org/x/net v0.5.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -168,7 +168,7 @@ require (
 go 1.19
 
 replace (
-	github.com/cs3org/go-cs3apis => /home/gianmaria/Documents/CERN/go-cs3apis
+	github.com/cs3org/go-cs3apis => github.com/gmgigi96/go-cs3apis v0.0.0-20230208123149-2678adc8f59e
 	github.com/eventials/go-tus => github.com/andrewmostello/go-tus v0.0.0-20200314041820-904a9904af9a
 	github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1
 )
diff --git a/go.sum b/go.sum
index 006acec9228..b5fe938c42c 100644
--- a/go.sum
+++ b/go.sum
@@ -33,8 +33,8 @@ cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2Z
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
 cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
-cloud.google.com/go v0.104.0 h1:gSmWO7DY1vOm0MVU6DNXM11BWHHsTUmsC5cv1fuW5X8=
 cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA=
+cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
 cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI=
 cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4=
 cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ=
@@ -55,9 +55,9 @@ cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJW
 cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
 cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
-cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
 cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
 cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs=
 cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM=
 cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo=
@@ -207,9 +207,6 @@ github.com/aws/aws-sdk-go v1.37.27/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2z
 github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.114/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.44.175 h1:c0NzHHnPXV5kJoTUFQxFN5cUPpX1SxO635XnwL5/oIY=
-github.com/aws/aws-sdk-go v1.44.175/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go v1.44.185/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go v1.44.192 h1:KL54vCxRd5v5XBGjnF3FelzXXwl+aWHDmDTihFmRNgM=
 github.com/aws/aws-sdk-go v1.44.192/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
@@ -287,8 +284,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e h1:tqSPWQeueWTKnJVMJffz4pz0o1WuQxJ28+5x5JgaHD8=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
-github.com/cs3org/go-cs3apis v0.0.0-20230124153659-5dc78d32c9b7 h1:QShkOi9aBptnhYN4W0lueiWTlNtc7O69D6GRpYfZodg=
-github.com/cs3org/go-cs3apis v0.0.0-20230124153659-5dc78d32c9b7/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -346,6 +341,8 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/glpatcern/go-mime v0.0.0-20221026162842-2a8d71ad17a9 h1:3um08ooi0/lyRmK2eE1XTKmRQHDzPu0IvpCPMljyMZ8=
 github.com/glpatcern/go-mime v0.0.0-20221026162842-2a8d71ad17a9/go.mod h1:EJaddanP+JfU3UkVvn0rYYF3b/gD7eZRejbTHqiQExA=
+github.com/gmgigi96/go-cs3apis v0.0.0-20230208123149-2678adc8f59e h1:Vickon2JEEHSnMso1yMQ25pmKqSKCItzD6PH4BW/SPk=
+github.com/gmgigi96/go-cs3apis v0.0.0-20230208123149-2678adc8f59e/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
 github.com/go-acme/lego/v4 v4.4.0/go.mod h1:l3+tFUFZb590dWcqhWZegynUthtaHJbG2fevUpoOOE0=
 github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
 github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
@@ -400,6 +397,7 @@ github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
@@ -622,8 +620,6 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
-github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -687,8 +683,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -940,6 +936,7 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/cors v1.8.3 h1:O+qNyWn7Z+F9M0ILBHgMVPuB1xTOucVd5gtaYyXBpRo=
 github.com/rs/cors v1.8.3/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
@@ -973,6 +970,7 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
+github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
@@ -1267,7 +1265,6 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j
 golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
 golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
-golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
@@ -1675,7 +1672,6 @@ google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+S
 google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
 google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
 google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
-google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 h1:mmbq5q8M1t7dhkLw320YK4PsOXm6jdnUAkErImaIqOg=
 google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw=
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
@@ -1716,8 +1712,6 @@ google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu
 google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
 google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
 google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=

From 770d91914c770ee246a7a875eca8a03db836e582 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 14:16:46 +0100
Subject: [PATCH 37/44] fix typo

---
 tests/integration/grpc/ocm_share_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/grpc/ocm_share_test.go b/tests/integration/grpc/ocm_share_test.go
index 1179474bea0..cf5a25f2750 100644
--- a/tests/integration/grpc/ocm_share_test.go
+++ b/tests/integration/grpc/ocm_share_test.go
@@ -191,7 +191,7 @@ var _ = Describe("ocm share", func() {
 				Expect(d).To(Equal([]byte("test")))
 
 				// TODO: enable once we don't send anymore the owner token
-				// err = webdavClient.Write(".", []byte("will-never-be-writter"), 0)
+				// err = webdavClient.Write(".", []byte("will-never-be-written"), 0)
 				// Expect(err).To(HaveOccurred())
 			})
 		})

From a4ec227a058a5ad541077b455ed0b71dcb9db973 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 14:23:44 +0100
Subject: [PATCH 38/44] fix linter

---
 internal/http/services/ocmd/protocols.go      | 27 ++++++++++++++++++
 internal/http/services/ocmd/protocols_test.go | 18 ++++++++++++
 internal/http/services/ocmd/shares.go         | 10 +++----
 pkg/ocm/share/repository/json/json.go         |  1 -
 .../share/repository/nextcloud/nextcloud.go   | 11 --------
 pkg/ocm/share/utils.go                        | 28 +++++++++++++++++--
 tests/integration/grpc/grpc_suite_test.go     |  1 -
 tests/integration/grpc/ocm_share_test.go      | 18 ++++++++++++
 8 files changed, 94 insertions(+), 20 deletions(-)

diff --git a/internal/http/services/ocmd/protocols.go b/internal/http/services/ocmd/protocols.go
index 1238b08d82d..1d76dc5ac68 100644
--- a/internal/http/services/ocmd/protocols.go
+++ b/internal/http/services/ocmd/protocols.go
@@ -1,3 +1,21 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
 package ocmd
 
 import (
@@ -11,9 +29,13 @@ import (
 	ocmshare "github.com/cs3org/reva/pkg/ocm/share"
 )
 
+// Protocols is the list of protocols.
 type Protocols []Protocol
 
+// Protocol represents the way of access the resource
+// in the OCM share.
 type Protocol interface {
+	// ToOCMProtocol convert the protocol to a ocm Protocol struct
 	ToOCMProtocol() *ocm.Protocol
 }
 
@@ -26,6 +48,7 @@ type WebDAV struct {
 	URL          string   `json:"url" validate:"required"`
 }
 
+// ToOCMProtocol convert the protocol to a ocm Protocol struct.
 func (w *WebDAV) ToOCMProtocol() *ocm.Protocol {
 	perms := &ocm.SharePermissions{
 		Permissions: &providerv1beta1.ResourcePermissions{},
@@ -52,6 +75,7 @@ type Webapp struct {
 	URITemplate string `json:"uriTemplate" validate:"required"`
 }
 
+// ToOCMProtocol convert the protocol to a ocm Protocol struct.
 func (w *Webapp) ToOCMProtocol() *ocm.Protocol {
 	return ocmshare.NewWebappProtocol(w.URITemplate)
 }
@@ -63,6 +87,7 @@ type Datatx struct {
 	Size         uint64 `json:"size" validate:"required"`
 }
 
+// ToOCMProtocol convert the protocol to a ocm Protocol struct.
 func (w *Datatx) ToOCMProtocol() *ocm.Protocol {
 	return ocmshare.NewTransferProtocol(w.SourceURI, w.SharedSecret, w.Size)
 }
@@ -73,6 +98,7 @@ var protocolImpl = map[string]reflect.Type{
 	"datatx": reflect.TypeOf(Datatx{}),
 }
 
+// UnmarshalJSON implements the Unmarshaler interface.
 func (p *Protocols) UnmarshalJSON(data []byte) error {
 	var prot map[string]json.RawMessage
 	if err := json.Unmarshal(data, &prot); err != nil {
@@ -98,6 +124,7 @@ func (p *Protocols) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+// MarshalJSON implements the Marshaler interface.
 func (p Protocols) MarshalJSON() ([]byte, error) {
 	d := make(map[string]Protocol)
 	for _, prot := range p {
diff --git a/internal/http/services/ocmd/protocols_test.go b/internal/http/services/ocmd/protocols_test.go
index f397bb9fd48..f6bbecb6cd2 100644
--- a/internal/http/services/ocmd/protocols_test.go
+++ b/internal/http/services/ocmd/protocols_test.go
@@ -1,3 +1,21 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
 package ocmd
 
 import (
diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go
index 96a1b2e0762..e8dec02fede 100644
--- a/internal/http/services/ocmd/shares.go
+++ b/internal/http/services/ocmd/shares.go
@@ -85,7 +85,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, meshProvider, err := getIdAndMeshProvider(req.Sender)
+	_, meshProvider, err := getIDAndMeshProvider(req.Sender)
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
@@ -117,7 +117,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	shareWith, _, err := getIdAndMeshProvider(req.ShareWith)
+	shareWith, _, err := getIDAndMeshProvider(req.ShareWith)
 	if err != nil {
 		reqres.WriteError(w, r, reqres.APIErrorInvalidParameter, err.Error(), nil)
 		return
@@ -188,7 +188,7 @@ func (h *sharesHandler) CreateShare(w http.ResponseWriter, r *http.Request) {
 }
 
 func getUserIDFromOCMUser(user string) (*userpb.UserId, error) {
-	id, idp, err := getIdAndMeshProvider(user)
+	id, idp, err := getIDAndMeshProvider(user)
 	if err != nil {
 		return nil, err
 	}
@@ -200,7 +200,7 @@ func getUserIDFromOCMUser(user string) (*userpb.UserId, error) {
 	}, nil
 }
 
-func getIdAndMeshProvider(user string) (string, string, error) {
+func getIDAndMeshProvider(user string) (string, string, error) {
 	// the user is in the form of dimitri@apiwise.nl
 	split := strings.Split(user, "@")
 	if len(split) < 2 {
@@ -245,7 +245,7 @@ func getOCMShareType(t string) ocm.ShareType {
 }
 
 func getProtocols(p Protocols) []*ocm.Protocol {
-	var prot []*ocm.Protocol
+	prot := make([]*ocm.Protocol, 0, len(p))
 	for _, data := range p {
 		prot = append(prot, data.ToOCMProtocol())
 	}
diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 60cb0e1e4a5..97a064ccc78 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -367,7 +367,6 @@ func receivedShareEqual(ref *ocm.ShareReference, s *ocm.ReceivedShare) bool {
 			return true
 		}
 	} else if ref.GetKey() != nil {
-
 		if (utils.UserEqual(ref.GetKey().Owner, s.Owner) || utils.UserEqual(ref.GetKey().Owner, s.Creator)) &&
 			utils.ResourceIDEqual(ref.GetKey().ResourceId, s.ResourceId) && utils.GranteeEqual(ref.GetKey().Grantee, s.Grantee) {
 			return true
diff --git a/pkg/ocm/share/repository/nextcloud/nextcloud.go b/pkg/ocm/share/repository/nextcloud/nextcloud.go
index 7fc07f11618..d9b973c4e03 100644
--- a/pkg/ocm/share/repository/nextcloud/nextcloud.go
+++ b/pkg/ocm/share/repository/nextcloud/nextcloud.go
@@ -29,13 +29,11 @@ import (
 	"strings"
 
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
-	ctxpkg "github.com/cs3org/reva/pkg/ctx"
 
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/pkg/appctx"
-	"github.com/cs3org/reva/pkg/errtypes"
 	"github.com/cs3org/reva/pkg/ocm/share"
 	"github.com/cs3org/reva/pkg/ocm/share/repository/registry"
 	"github.com/cs3org/reva/pkg/utils"
@@ -108,15 +106,6 @@ func parseConfig(m map[string]interface{}) (*ShareManagerConfig, error) {
 	return c, nil
 }
 
-func getUser(ctx context.Context) (*userpb.User, error) {
-	u, ok := ctxpkg.ContextGetUser(ctx)
-	if !ok {
-		err := errors.Wrap(errtypes.UserRequired(""), "nextcloud storage driver: error getting user from ctx")
-		return nil, err
-	}
-	return u, nil
-}
-
 // New returns a share manager implementation that verifies against a Nextcloud backend.
 func New(m map[string]interface{}) (share.Repository, error) {
 	c, err := parseConfig(m)
diff --git a/pkg/ocm/share/utils.go b/pkg/ocm/share/utils.go
index 7e10193f292..f18bd7ce4f5 100644
--- a/pkg/ocm/share/utils.go
+++ b/pkg/ocm/share/utils.go
@@ -1,3 +1,21 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
 package share
 
 import (
@@ -6,6 +24,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 )
 
+// NewWebDAVProtocol is an abstraction for creating a WebDAV protocol.
 func NewWebDAVProtocol(uri, shareSecred string, perms *ocm.SharePermissions) *ocm.Protocol {
 	return &ocm.Protocol{
 		Term: &ocm.Protocol_WebdavOptions{
@@ -18,6 +37,7 @@ func NewWebDAVProtocol(uri, shareSecred string, perms *ocm.SharePermissions) *oc
 	}
 }
 
+// NewWebappProtocol is an abstraction for creating a Webapp protocol.
 func NewWebappProtocol(uriTemplate string) *ocm.Protocol {
 	return &ocm.Protocol{
 		Term: &ocm.Protocol_WebappOptions{
@@ -28,11 +48,12 @@ func NewWebappProtocol(uriTemplate string) *ocm.Protocol {
 	}
 }
 
-func NewTransferProtocol(sourceUri, sharedSecret string, size uint64) *ocm.Protocol {
+// NewTransferProtocol is an abstraction for creating a Transfer protocol.
+func NewTransferProtocol(sourceURI, sharedSecret string, size uint64) *ocm.Protocol {
 	return &ocm.Protocol{
 		Term: &ocm.Protocol_TransferOptions{
 			TransferOptions: &ocm.TransferProtocol{
-				SourceUri:    sourceUri,
+				SourceUri:    sourceURI,
 				SharedSecret: sharedSecret,
 				Size:         size,
 			},
@@ -40,6 +61,7 @@ func NewTransferProtocol(sourceUri, sharedSecret string, size uint64) *ocm.Proto
 	}
 }
 
+// NewWebDavAccessMethod is an abstraction for creating a WebDAV access method.
 func NewWebDavAccessMethod(perms *provider.ResourcePermissions) *ocm.AccessMethod {
 	return &ocm.AccessMethod{
 		Term: &ocm.AccessMethod_WebdavOptions{
@@ -50,6 +72,7 @@ func NewWebDavAccessMethod(perms *provider.ResourcePermissions) *ocm.AccessMetho
 	}
 }
 
+// NewWebappAccessMethod is an abstraction for creating a Webapp access method.
 func NewWebappAccessMethod(mode appprovider.ViewMode) *ocm.AccessMethod {
 	return &ocm.AccessMethod{
 		Term: &ocm.AccessMethod_WebappOptions{
@@ -60,6 +83,7 @@ func NewWebappAccessMethod(mode appprovider.ViewMode) *ocm.AccessMethod {
 	}
 }
 
+// NewTransferAccessMethod is an abstraction for creating a Transfer access method.
 func NewTransferAccessMethod() *ocm.AccessMethod {
 	return &ocm.AccessMethod{
 		Term: &ocm.AccessMethod_TransferOptions{
diff --git a/tests/integration/grpc/grpc_suite_test.go b/tests/integration/grpc/grpc_suite_test.go
index a02caa23eb2..1ccb128ad3c 100644
--- a/tests/integration/grpc/grpc_suite_test.go
+++ b/tests/integration/grpc/grpc_suite_test.go
@@ -132,7 +132,6 @@ func startRevads(configs map[string]string, externalFiles map[string]string, new
 		filesPath[name] = newFilePath
 	}
 	for name, resource := range newResources {
-
 		tmpResourcePath := filepath.Join(tmpRoot, name)
 
 		switch r := resource.(type) {
diff --git a/tests/integration/grpc/ocm_share_test.go b/tests/integration/grpc/ocm_share_test.go
index cf5a25f2750..bfb52c95a69 100644
--- a/tests/integration/grpc/ocm_share_test.go
+++ b/tests/integration/grpc/ocm_share_test.go
@@ -1,3 +1,21 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
 package grpc_test
 
 import (

From 0a2f57a6862f9fab077476352b6c863fc6d23473 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 14:36:29 +0100
Subject: [PATCH 39/44] add changelog

---
 changelog/unreleased/ocm-shares.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 changelog/unreleased/ocm-shares.md

diff --git a/changelog/unreleased/ocm-shares.md b/changelog/unreleased/ocm-shares.md
new file mode 100644
index 00000000000..dfacec70e28
--- /dev/null
+++ b/changelog/unreleased/ocm-shares.md
@@ -0,0 +1,4 @@
+Enhancement: Update OCM shares to last version of CS3APIs
+
+https://github.com/cs3org/reva/pull/3646
+https://github.com/cs3org/cs3apis/pull/199
\ No newline at end of file

From c50d4252d3cacd38548d8ef612c76a8eb4bdfa86 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 14:41:50 +0100
Subject: [PATCH 40/44] fix linter x2

---
 pkg/ocm/share/repository/nextcloud/nextcloud.go | 3 ++-
 pkg/ocm/share/repository/registry/registry.go   | 2 +-
 pkg/ocm/share/share.go                          | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/ocm/share/repository/nextcloud/nextcloud.go b/pkg/ocm/share/repository/nextcloud/nextcloud.go
index d9b973c4e03..b1f3dcd9ba2 100644
--- a/pkg/ocm/share/repository/nextcloud/nextcloud.go
+++ b/pkg/ocm/share/repository/nextcloud/nextcloud.go
@@ -147,6 +147,7 @@ func (sm *Manager) SetHTTPClient(c *http.Client) {
 	sm.client = c
 }
 
+// StoreShare stores a share.
 func (sm *Manager) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error) {
 	encShare, err := utils.MarshalProtoV1ToJSON(share)
 	if err != nil {
@@ -273,7 +274,7 @@ func (sm *Manager) ListShares(ctx context.Context, user *userpb.User, filters []
 	return lst, nil
 }
 
-// StoreShare stores a share.
+// StoreReceivedShare stores a received share.
 func (sm *Manager) StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error) {
 	data, err := utils.MarshalProtoV1ToJSON(share)
 	if err != nil {
diff --git a/pkg/ocm/share/repository/registry/registry.go b/pkg/ocm/share/repository/registry/registry.go
index c4a9b76b348..38ac750b24c 100644
--- a/pkg/ocm/share/repository/registry/registry.go
+++ b/pkg/ocm/share/repository/registry/registry.go
@@ -20,7 +20,7 @@ package registry
 
 import "github.com/cs3org/reva/pkg/ocm/share"
 
-// NewShareRepositoryFunc is the function that share repositories
+// NewFunc is the function that share repositories
 // should register at init time.
 type NewFunc func(map[string]interface{}) (share.Repository, error)
 
diff --git a/pkg/ocm/share/share.go b/pkg/ocm/share/share.go
index a850a1055f7..d4c5f3be7c6 100644
--- a/pkg/ocm/share/share.go
+++ b/pkg/ocm/share/share.go
@@ -29,7 +29,7 @@ import (
 
 // Repository is the interface that manipulates the OCM shares repository.
 type Repository interface {
-	// StoreShare // TODO
+	// StoreShare stores a share.
 	StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error)
 
 	// GetShare gets the information for a share by the given ref.
@@ -45,7 +45,7 @@ type Repository interface {
 	// it returns only shares attached to the given resource.
 	ListShares(ctx context.Context, user *userpb.User, filters []*ocm.ListOCMSharesRequest_Filter) ([]*ocm.Share, error)
 
-	// StoreShare stores a share.
+	// StoreReceivedShare stores a received share.
 	StoreReceivedShare(ctx context.Context, share *ocm.ReceivedShare) (*ocm.ReceivedShare, error)
 
 	// ListReceivedShares returns the list of shares the user has access.

From 1a1b2e75576699c09b0b264b3ad6b54038abf8e1 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 17:17:12 +0100
Subject: [PATCH 41/44] return correct errors according to specs

---
 .../ocmshareprovider/ocmshareprovider.go      | 105 ++++++++++++------
 pkg/ocm/share/share.go                        |   8 ++
 2 files changed, 81 insertions(+), 32 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index 508dc505cec..b7c902c255f 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -28,9 +28,9 @@ import (
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	ocmprovider "github.com/cs3org/go-cs3apis/cs3/ocm/provider/v1beta1"
-	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+	rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
-	providerv1beta1 "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	providerpb "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	typespb "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/internal/http/services/ocmd"
 	ctxpkg "github.com/cs3org/reva/pkg/ctx"
@@ -153,11 +153,11 @@ func formatOCMUser(u *userpb.UserId) string {
 	return fmt.Sprintf("%s@%s", u.OpaqueId, u.Idp)
 }
 
-func getResourceType(info *providerv1beta1.ResourceInfo) string {
+func getResourceType(info *providerpb.ResourceInfo) string {
 	switch info.Type {
-	case providerv1beta1.ResourceType_RESOURCE_TYPE_FILE:
+	case providerpb.ResourceType_RESOURCE_TYPE_FILE:
 		return "file"
-	case providerv1beta1.ResourceType_RESOURCE_TYPE_CONTAINER:
+	case providerpb.ResourceType_RESOURCE_TYPE_CONTAINER:
 		return "folder"
 	}
 	return "unknown"
@@ -173,7 +173,7 @@ func (s *service) webdavURL(ctx context.Context, path string) string {
 	return p
 }
 
-func (s *service) getWebdavProtocol(ctx context.Context, info *providerv1beta1.ResourceInfo, m *ocm.AccessMethod_WebdavOptions) *ocmd.WebDAV {
+func (s *service) getWebdavProtocol(ctx context.Context, info *providerpb.ResourceInfo, m *ocm.AccessMethod_WebdavOptions) *ocmd.WebDAV {
 	var perms []string
 	if m.WebdavOptions.Permissions.InitiateFileDownload {
 		perms = append(perms, "read")
@@ -189,7 +189,7 @@ func (s *service) getWebdavProtocol(ctx context.Context, info *providerv1beta1.R
 	}
 }
 
-func (s *service) getProtocols(ctx context.Context, info *providerv1beta1.ResourceInfo, methods []*ocm.AccessMethod) ocmd.Protocols {
+func (s *service) getProtocols(ctx context.Context, info *providerpb.ResourceInfo, methods []*ocm.AccessMethod) ocmd.Protocols {
 	var p ocmd.Protocols
 	for _, m := range methods {
 		switch t := m.Term.(type) {
@@ -205,8 +205,8 @@ func (s *service) getProtocols(ctx context.Context, info *providerv1beta1.Resour
 }
 
 func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareRequest) (*ocm.CreateOCMShareResponse, error) {
-	statRes, err := s.gateway.Stat(ctx, &providerv1beta1.StatRequest{
-		Ref: &providerv1beta1.Reference{
+	statRes, err := s.gateway.Stat(ctx, &providerpb.StatRequest{
+		Ref: &providerpb.Reference{
 			ResourceId: req.ResourceId,
 		},
 	})
@@ -216,8 +216,12 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		}, err
 	}
 
-	if statRes.Status.Code != rpcv1beta1.Code_CODE_OK {
-		// TODO: review error codes
+	if statRes.Status.Code != rpc.Code_CODE_OK {
+		if statRes.Status.Code == rpc.Code_CODE_NOT_FOUND {
+			return &ocm.CreateOCMShareResponse{
+				Status: status.NewNotFound(ctx, statRes.Status.Message),
+			}, nil
+		}
 		return &ocm.CreateOCMShareResponse{
 			Status: status.NewInternal(ctx, errors.New(statRes.Status.Message), statRes.Status.Message),
 		}, nil
@@ -232,7 +236,7 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		Nanos:   uint32(now % 1000000000),
 	}
 
-	share := &ocm.Share{
+	ocmshare := &ocm.Share{
 		Token:         tkn,
 		Name:          filepath.Base(info.Path),
 		ResourceId:    req.ResourceId,
@@ -246,9 +250,13 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 		AccessMethods: req.AccessMethods,
 	}
 
-	share, err = s.repo.StoreShare(ctx, share)
+	ocmshare, err = s.repo.StoreShare(ctx, ocmshare)
 	if err != nil {
-		// TODO: err
+		if errors.Is(err, share.ErrShareAlreadyExisting) {
+			return &ocm.CreateOCMShareResponse{
+				Status: status.NewAlreadyExists(ctx, err, "share already exists"),
+			}, nil
+		}
 		return &ocm.CreateOCMShareResponse{
 			Status: status.NewInternal(ctx, err, err.Error()),
 		}, nil
@@ -256,15 +264,14 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 
 	ocmEndpoint, err := getOCMEndpoint(req.RecipientMeshProvider)
 	if err != nil {
-		// TODO: err
 		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, err, err.Error()),
+			Status: status.NewInvalidArg(ctx, "the selected provider does not have an OCM endpoint"),
 		}, nil
 	}
 
 	newShareReq := &client.NewShareRequest{
 		ShareWith:         formatOCMUser(req.Grantee.GetUserId()),
-		Name:              share.Name,
+		Name:              ocmshare.Name,
 		ResourceID:        fmt.Sprintf("%s:%s", req.ResourceId.StorageId, req.ResourceId.OpaqueId),
 		Owner:             formatOCMUser(info.Owner),
 		Sender:            formatOCMUser(user.Id),
@@ -280,15 +287,25 @@ func (s *service) CreateOCMShare(ctx context.Context, req *ocm.CreateOCMShareReq
 
 	newShareRes, err := s.client.NewShare(ctx, ocmEndpoint, newShareReq)
 	if err != nil {
-		// TODO: err
-		return &ocm.CreateOCMShareResponse{
-			Status: status.NewInternal(ctx, err, err.Error()),
-		}, nil
+		switch {
+		case errors.Is(err, client.ErrInvalidParameters):
+			return &ocm.CreateOCMShareResponse{
+				Status: status.NewInvalidArg(ctx, err.Error()),
+			}, nil
+		case errors.Is(err, client.ErrServiceNotTrusted):
+			return &ocm.CreateOCMShareResponse{
+				Status: status.NewInvalidArg(ctx, err.Error()),
+			}, nil
+		default:
+			return &ocm.CreateOCMShareResponse{
+				Status: status.NewInternal(ctx, err, err.Error()),
+			}, nil
+		}
 	}
 
 	res := &ocm.CreateOCMShareResponse{
 		Status:               status.NewOK(ctx),
-		Share:                share,
+		Share:                ocmshare,
 		RecipientDisplayName: newShareRes.RecipientDisplayName,
 	}
 	return res, nil
@@ -299,7 +316,12 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 	// https://cs3org.github.io/OCM-API/docs.html?branch=develop&repo=OCM-API&user=cs3org#/paths/~1notifications/post
 	user := ctxpkg.ContextMustGetUser(ctx)
 	if err := s.repo.DeleteShare(ctx, user, req.Ref); err != nil {
-		// TODO: error
+		if errors.Is(err, share.ErrShareNotFound) {
+			return &ocm.RemoveOCMShareResponse{
+				Status: status.NewNotFound(ctx, "share does not exist"),
+			}, nil
+
+		}
 		return &ocm.RemoveOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error removing share"),
 		}, nil
@@ -312,9 +334,14 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 
 func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest) (*ocm.GetOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	share, err := s.repo.GetShare(ctx, user, req.Ref)
+	ocmshare, err := s.repo.GetShare(ctx, user, req.Ref)
 	if err != nil {
-		// TODO: error
+		if errors.Is(err, share.ErrShareNotFound) {
+			return &ocm.GetOCMShareResponse{
+				Status: status.NewNotFound(ctx, "share does not exist"),
+			}, nil
+
+		}
 		return &ocm.GetOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting share"),
 		}, nil
@@ -322,7 +349,7 @@ func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest)
 
 	return &ocm.GetOCMShareResponse{
 		Status: status.NewOK(ctx),
-		Share:  share,
+		Share:  ocmshare,
 	}, nil
 }
 
@@ -346,7 +373,12 @@ func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareReq
 	user := ctxpkg.ContextMustGetUser(ctx)
 	_, err := s.repo.UpdateShare(ctx, user, req.Ref, req.Field.GetPermissions()) // TODO(labkode): check what to update
 	if err != nil {
-		// TODO: error
+		if errors.Is(err, share.ErrShareNotFound) {
+			return &ocm.UpdateOCMShareResponse{
+				Status: status.NewNotFound(ctx, "share does not exist"),
+			}, nil
+
+		}
 		return &ocm.UpdateOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating share"),
 		}, nil
@@ -362,7 +394,6 @@ func (s *service) ListReceivedOCMShares(ctx context.Context, req *ocm.ListReceiv
 	user := ctxpkg.ContextMustGetUser(ctx)
 	shares, err := s.repo.ListReceivedShares(ctx, user)
 	if err != nil {
-		// TODO: error
 		return &ocm.ListReceivedOCMSharesResponse{
 			Status: status.NewInternal(ctx, err, "error listing received shares"),
 		}, nil
@@ -379,7 +410,12 @@ func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateRec
 	user := ctxpkg.ContextMustGetUser(ctx)
 	_, err := s.repo.UpdateReceivedShare(ctx, user, req.Share, req.UpdateMask) // TODO(labkode): check what to update
 	if err != nil {
-		// TODO: error
+		if errors.Is(err, share.ErrShareNotFound) {
+			return &ocm.UpdateReceivedOCMShareResponse{
+				Status: status.NewNotFound(ctx, "share does not exist"),
+			}, nil
+
+		}
 		return &ocm.UpdateReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating received share"),
 		}, nil
@@ -393,9 +429,14 @@ func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateRec
 
 func (s *service) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedOCMShareRequest) (*ocm.GetReceivedOCMShareResponse, error) {
 	user := ctxpkg.ContextMustGetUser(ctx)
-	share, err := s.repo.GetReceivedShare(ctx, user, req.Ref)
+	ocmshare, err := s.repo.GetReceivedShare(ctx, user, req.Ref)
 	if err != nil {
-		// TODO: error
+		if errors.Is(err, share.ErrShareNotFound) {
+			return &ocm.GetReceivedOCMShareResponse{
+				Status: status.NewNotFound(ctx, "share does not exist"),
+			}, nil
+
+		}
 		return &ocm.GetReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting received share"),
 		}, nil
@@ -403,7 +444,7 @@ func (s *service) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedO
 
 	res := &ocm.GetReceivedOCMShareResponse{
 		Status: status.NewOK(ctx),
-		Share:  share,
+		Share:  ocmshare,
 	}
 	return res, nil
 }
diff --git a/pkg/ocm/share/share.go b/pkg/ocm/share/share.go
index d4c5f3be7c6..e49be2415f1 100644
--- a/pkg/ocm/share/share.go
+++ b/pkg/ocm/share/share.go
@@ -24,6 +24,7 @@ import (
 	userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	ocm "github.com/cs3org/go-cs3apis/cs3/sharing/ocm/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
+	"github.com/cs3org/reva/pkg/errtypes"
 	"google.golang.org/genproto/protobuf/field_mask"
 )
 
@@ -67,3 +68,10 @@ func ResourceIDFilter(id *provider.ResourceId) *ocm.ListOCMSharesRequest_Filter
 		},
 	}
 }
+
+// ErrShareAlreadyExisting is the error returned when the share already exists
+// for the 3-tuple consisting of (owner, resource, grantee).
+var ErrShareAlreadyExisting = errtypes.AlreadyExists("share already exists")
+
+// ErrShareNotFound is the error returned where the share does not exist.
+var ErrShareNotFound = errtypes.NotFound("share not found")

From 174c2473cdad807466dc9ade9a6bfd37966e7295 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 17:50:14 +0100
Subject: [PATCH 42/44] add other tests and bugfixes

---
 pkg/ocm/share/repository/json/json.go    | 29 +++++----
 tests/integration/grpc/ocm_share_test.go | 75 ++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 12 deletions(-)

diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 97a064ccc78..0b6862e0e23 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -229,7 +229,7 @@ func genID() string {
 	return uuid.New().String()
 }
 
-func (m *mgr) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, error) {
+func (m *mgr) StoreShare(ctx context.Context, ocmshare *ocm.Share) (*ocm.Share, error) {
 	m.Lock()
 	defer m.Unlock()
 
@@ -237,14 +237,22 @@ func (m *mgr) StoreShare(ctx context.Context, share *ocm.Share) (*ocm.Share, err
 		return nil, err
 	}
 
-	share.Id = &ocm.ShareId{OpaqueId: genID()}
-	m.model.Shares[share.Id.OpaqueId] = cloneShare(share)
+	if _, err := m.getByKey(ctx, &ocm.ShareKey{
+		Owner:      ocmshare.Owner,
+		ResourceId: ocmshare.ResourceId,
+		Grantee:    ocmshare.Grantee,
+	}); err == nil {
+		return nil, share.ErrShareAlreadyExisting
+	}
+
+	ocmshare.Id = &ocm.ShareId{OpaqueId: genID()}
+	m.model.Shares[ocmshare.Id.OpaqueId] = cloneShare(ocmshare)
 
 	if err := m.save(); err != nil {
 		return nil, errors.Wrap(err, "error saving share")
 	}
 
-	return share, nil
+	return ocmshare, nil
 }
 
 func cloneShare(s *ocm.Share) *ocm.Share {
@@ -272,6 +280,9 @@ func cloneReceivedShare(s *ocm.ReceivedShare) *ocm.ReceivedShare {
 }
 
 func (m *mgr) GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) (*ocm.Share, error) {
+	m.Lock()
+	defer m.Unlock()
+
 	var (
 		s   *ocm.Share
 		err error
@@ -299,13 +310,10 @@ func (m *mgr) GetShare(ctx context.Context, user *userpb.User, ref *ocm.ShareRef
 		return s, nil
 	}
 
-	return nil, errtypes.NotFound(ref.String())
+	return nil, share.ErrShareNotFound
 }
 
 func (m *mgr) getByID(ctx context.Context, id *ocm.ShareId) (*ocm.Share, error) {
-	m.Lock()
-	defer m.Unlock()
-
 	if share, ok := m.model.Shares[id.OpaqueId]; ok {
 		return share, nil
 	}
@@ -313,16 +321,13 @@ func (m *mgr) getByID(ctx context.Context, id *ocm.ShareId) (*ocm.Share, error)
 }
 
 func (m *mgr) getByKey(ctx context.Context, key *ocm.ShareKey) (*ocm.Share, error) {
-	m.Lock()
-	defer m.Unlock()
-
 	for _, share := range m.model.Shares {
 		if (utils.UserEqual(key.Owner, share.Owner) || utils.UserEqual(key.Owner, share.Creator)) &&
 			utils.ResourceIDEqual(key.ResourceId, share.ResourceId) && utils.GranteeEqual(key.Grantee, share.Grantee) {
 			return share, nil
 		}
 	}
-	return nil, errtypes.NotFound(key.String())
+	return nil, share.ErrShareNotFound
 }
 
 func (m *mgr) DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.ShareReference) error {
diff --git a/tests/integration/grpc/ocm_share_test.go b/tests/integration/grpc/ocm_share_test.go
index bfb52c95a69..da74e0788a8 100644
--- a/tests/integration/grpc/ocm_share_test.go
+++ b/tests/integration/grpc/ocm_share_test.go
@@ -411,6 +411,81 @@ var _ = Describe("ocm share", func() {
 			})
 		})
 
+		Context("einstein creates twice the share to marie", func() {
+			It("fail with already existing error", func() {
+				fileToShare := &provider.Reference{Path: "/home/double-share"}
+				Expect(helpers.CreateFolder(ctxEinstein, cernboxgw, fileToShare.Path)).To(Succeed())
+
+				By("share the file with marie")
+
+				info, err := stat(ctxEinstein, cernboxgw, fileToShare)
+				Expect(err).ToNot(HaveOccurred())
+
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				By("resharing the same file with marie")
+
+				createShareRes2, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: info.Id,
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes2.Status.Code).To(Equal(rpcv1beta1.Code_CODE_ALREADY_EXISTS))
+			})
+		})
+
+		Context("einstein creates a share on a not existing resource", func() {
+			It("fail with not found error", func() {
+				cesnet, err := cernboxgw.GetInfoByDomain(ctxEinstein, &ocmproviderpb.GetInfoByDomainRequest{
+					Domain: "cesnet.cz",
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(cesnet.Status.Code).To(Equal(rpcv1beta1.Code_CODE_OK))
+
+				createShareRes, err := cernboxgw.CreateOCMShare(ctxEinstein, &ocmv1beta1.CreateOCMShareRequest{
+					ResourceId: &provider.ResourceId{StorageId: "123e4567-e89b-12d3-a456-426655440000", OpaqueId: "NON_EXISTING_FILE"},
+					Grantee: &provider.Grantee{
+						Id: &provider.Grantee_UserId{
+							UserId: marie.Id,
+						},
+					},
+					AccessMethods: []*ocmv1beta1.AccessMethod{
+						share.NewWebDavAccessMethod(conversions.NewEditorRole().CS3ResourcePermissions()),
+					},
+					RecipientMeshProvider: cesnet.ProviderInfo,
+				})
+				Expect(err).ToNot(HaveOccurred())
+				Expect(createShareRes.Status.Code).To(Equal(rpcv1beta1.Code_CODE_NOT_FOUND))
+			})
+		})
+
 	})
 })
 

From e3d00d66a5065934fa19101d7cec545fc268de43 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 17:57:14 +0100
Subject: [PATCH 43/44] fix linter

---
 internal/grpc/services/ocmshareprovider/ocmshareprovider.go | 5 -----
 pkg/ocm/share/repository/json/json.go                       | 5 +----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
index b7c902c255f..389ef80c7cf 100644
--- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
+++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go
@@ -320,7 +320,6 @@ func (s *service) RemoveOCMShare(ctx context.Context, req *ocm.RemoveOCMShareReq
 			return &ocm.RemoveOCMShareResponse{
 				Status: status.NewNotFound(ctx, "share does not exist"),
 			}, nil
-
 		}
 		return &ocm.RemoveOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error removing share"),
@@ -340,7 +339,6 @@ func (s *service) GetOCMShare(ctx context.Context, req *ocm.GetOCMShareRequest)
 			return &ocm.GetOCMShareResponse{
 				Status: status.NewNotFound(ctx, "share does not exist"),
 			}, nil
-
 		}
 		return &ocm.GetOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting share"),
@@ -377,7 +375,6 @@ func (s *service) UpdateOCMShare(ctx context.Context, req *ocm.UpdateOCMShareReq
 			return &ocm.UpdateOCMShareResponse{
 				Status: status.NewNotFound(ctx, "share does not exist"),
 			}, nil
-
 		}
 		return &ocm.UpdateOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating share"),
@@ -414,7 +411,6 @@ func (s *service) UpdateReceivedOCMShare(ctx context.Context, req *ocm.UpdateRec
 			return &ocm.UpdateReceivedOCMShareResponse{
 				Status: status.NewNotFound(ctx, "share does not exist"),
 			}, nil
-
 		}
 		return &ocm.UpdateReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error updating received share"),
@@ -435,7 +431,6 @@ func (s *service) GetReceivedOCMShare(ctx context.Context, req *ocm.GetReceivedO
 			return &ocm.GetReceivedOCMShareResponse{
 				Status: status.NewNotFound(ctx, "share does not exist"),
 			}, nil
-
 		}
 		return &ocm.GetReceivedOCMShareResponse{
 			Status: status.NewInternal(ctx, err, "error getting received share"),
diff --git a/pkg/ocm/share/repository/json/json.go b/pkg/ocm/share/repository/json/json.go
index 0b6862e0e23..cd999682003 100644
--- a/pkg/ocm/share/repository/json/json.go
+++ b/pkg/ocm/share/repository/json/json.go
@@ -342,10 +342,7 @@ func (m *mgr) DeleteShare(ctx context.Context, user *userpb.User, ref *ocm.Share
 		if sharesEqual(ref, share) {
 			if utils.UserEqual(user.Id, share.Owner) || utils.UserEqual(user.Id, share.Creator) {
 				delete(m.model.Shares, id)
-				if err := m.save(); err != nil {
-					return err
-				}
-				return nil
+				return m.save()
 			}
 		}
 	}

From 7880fdbfcb6d54d5b437339ab4b70345ea0707b0 Mon Sep 17 00:00:00 2001
From: Gianmaria Del Monte <g.macmount@gmail.com>
Date: Wed, 8 Feb 2023 18:47:07 +0100
Subject: [PATCH 44/44] fix cmd for creating ocm shares

---
 cmd/reva/ocm-share-create.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/reva/ocm-share-create.go b/cmd/reva/ocm-share-create.go
index 54e5e0081c6..1e8fa87a39d 100644
--- a/cmd/reva/ocm-share-create.go
+++ b/cmd/reva/ocm-share-create.go
@@ -118,7 +118,7 @@ func ocmShareCreateCommand() *command {
 				Type: gt,
 				// For now, we only support user shares.
 				// TODO (ishank011): To be updated once this is decided.
-				Id: &provider.Grantee_UserId{UserId: u},
+				Id: &provider.Grantee_UserId{UserId: remoteUserRes.RemoteUser.Id},
 			},
 			RecipientMeshProvider: providerInfo.ProviderInfo,
 			AccessMethods:         am,