fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or specified explicitely. Therefore, when setting the skip-password-validation scope for user authentication from mechanisms like SAML, we also have to set the filesystem scope, otherwise they will lack access to the filesystem. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
author: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-06-24 13:47:12 +0200
committer: backportbot[bot] <backportbot[bot]@users.noreply.github.com> 2024-06-25 07:39:20 +0000
commit: f016e7e35032357fb952a512819b4d1f9b3da800 (patch)
tree: f542e3803351280cf05273d1500a5f0fca9ff123 /lib/private
parent: 93dcf8cbc4e87e521228bc96cde6cdeecf92502a (diff)
download: nextcloud-server-f016e7e35032357fb952a512819b4d1f9b3da800.tar.gz
nextcloud-server-f016e7e35032357fb952a512819b4d1f9b3da800.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index 0be87804eed..3d958814988 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -200,7 +200,10 @@ class OC_User {
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}
author	Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-24 13:47:12 +0200
committer	backportbot[bot] <backportbot[bot]@users.noreply.github.com>	2024-06-25 07:39:20 +0000
commit	f016e7e35032357fb952a512819b4d1f9b3da800 (patch)
tree	f542e3803351280cf05273d1500a5f0fca9ff123 /lib/private
parent	93dcf8cbc4e87e521228bc96cde6cdeecf92502a (diff)
download	nextcloud-server-f016e7e35032357fb952a512819b4d1f9b3da800.tar.gz nextcloud-server-f016e7e35032357fb952a512819b4d1f9b3da800.zip