fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or specified explicitely. Therefore, when setting the skip-password-validation scope for user authentication from mechanisms like SAML, we also have to set the filesystem scope, otherwise they will lack access to the filesystem. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
author: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-06-24 13:47:12 +0200
committer: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-06-24 16:03:36 +0200
commit: 4ccc5905b778a56b996cd8a20ea384c12244a431 (patch)
tree: da90e94993a88b6e7d227bbf917a482508d550ab
parent: 4b1050686dceec4e6054a8b853f023dc6b4bbdf4 (diff)
download: nextcloud-server-4ccc5905b778a56b996cd8a20ea384c12244a431.tar.gz
nextcloud-server-4ccc5905b778a56b996cd8a20ea384c12244a431.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index 7f2dd195ecc..8555258604d 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -202,7 +202,10 @@ class OC_User {
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}
author	Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-24 13:47:12 +0200
committer	Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-24 16:03:36 +0200
commit	4ccc5905b778a56b996cd8a20ea384c12244a431 (patch)
tree	da90e94993a88b6e7d227bbf917a482508d550ab
parent	4b1050686dceec4e6054a8b853f023dc6b4bbdf4 (diff)
download	nextcloud-server-4ccc5905b778a56b996cd8a20ea384c12244a431.tar.gz nextcloud-server-4ccc5905b778a56b996cd8a20ea384c12244a431.zip