refactor(Token): introduce scope constants

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
author: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-03-15 12:51:31 +0100
committer: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-06-05 19:01:14 +0200
commit: f6d6efef3a26fc5524988cdfba780dce035cd61b (patch)
tree: ea3caeb6b4a9e10b013eb1562135eb6a1973f607 /lib/private
parent: 340939e688fab5c52061bc9e358587fbd8ec9fc8 (diff)
download: nextcloud-server-f6d6efef3a26fc5524988cdfba780dce035cd61b.tar.gz
nextcloud-server-f6d6efef3a26fc5524988cdfba780dce035cd61b.zip
5 files changed, 10 insertions, 6 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 9fa4aedd401..5ff9d7386da 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -15,6 +15,7 @@ use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Exceptions\ExpiredTokenException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IToken;
 use OCP\ISession;
 use OCP\IUserSession;
 use OCP\Session\Exceptions\SessionNotAvailableException;
@@ -85,7 +86,7 @@ class PasswordConfirmationMiddleware extends Middleware {
 				return;
 			}
 			$scope = $token->getScopeAsArray();
-			if (isset($scope['sso-based-login']) && $scope['sso-based-login'] === true) {
+			if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
 				// Users logging in from SSO backends cannot confirm their password by design
 				return;
 			}
diff --git a/lib/private/Authentication/Token/PublicKeyToken.php b/lib/private/Authentication/Token/PublicKeyToken.php
index 0b7a2589f3e..961b7191d84 100644
--- a/lib/private/Authentication/Token/PublicKeyToken.php
+++ b/lib/private/Authentication/Token/PublicKeyToken.php
@@ -9,6 +9,7 @@ declare(strict_types=1);
 namespace OC\Authentication\Token;
 
 use OCP\AppFramework\Db\Entity;
+use OCP\Authentication\Token\IToken;
 
 /**
  * @method void setId(int $id)
@@ -162,7 +163,7 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
 		$scope = json_decode($this->getScope(), true);
 		if (!$scope) {
 			return [
-				'filesystem' => true
+				IToken::SCOPE_FILESYSTEM => true
 			];
 		}
 		return $scope;
diff --git a/lib/private/Lockdown/LockdownManager.php b/lib/private/Lockdown/LockdownManager.php
index 779b1ea2650..3b45709d5c9 100644
--- a/lib/private/Lockdown/LockdownManager.php
+++ b/lib/private/Lockdown/LockdownManager.php
@@ -5,7 +5,7 @@
  */
 namespace OC\Lockdown;
 
-use OC\Authentication\Token\IToken;
+use OCP\Authentication\Token\IToken;
 use OCP\ISession;
 use OCP\Lockdown\ILockdownManager;
 
@@ -60,6 +60,6 @@ class LockdownManager implements ILockdownManager {
 
 	public function canAccessFilesystem() {
 		$scope = $this->getScopeAsArray();
-		return !$scope || $scope['filesystem'];
+		return !$scope || $scope[IToken::SCOPE_FILESYSTEM];
 	}
 }
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index 5c38ae4cc72..a41e99ae8c4 100644
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -16,6 +16,7 @@ use OCP\App\IAppManager;
 use OCP\Authentication\Exceptions\ExpiredTokenException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IToken;
 use OCP\Constants;
 use OCP\Defaults;
 use OCP\Files\FileInfo;
@@ -286,6 +287,6 @@ class JSConfigHelper {
 			return true;
 		}
 		$scope = $token->getScopeAsArray();
-		return !isset($scope['sso-based-login']) || $scope['sso-based-login'] === false;
+		return !isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) || $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === false;
 	}
 }
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index 66d28771ae1..f9f751f7b14 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -7,6 +7,7 @@
  */
 use OC\Authentication\Token\IProvider;
 use OC\User\LoginException;
+use OCP\Authentication\Token\IToken;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IGroupManager;
 use OCP\ISession;
@@ -171,7 +172,7 @@ class OC_User {
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['sso-based-login' => true]);
+					$token->setScope([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
 					$tokenProvider->updateToken($token);
 				}
author	Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-03-15 12:51:31 +0100
committer	Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:14 +0200
commit	f6d6efef3a26fc5524988cdfba780dce035cd61b (patch)
tree	ea3caeb6b4a9e10b013eb1562135eb6a1973f607 /lib/private
parent	340939e688fab5c52061bc9e358587fbd8ec9fc8 (diff)
download	nextcloud-server-f6d6efef3a26fc5524988cdfba780dce035cd61b.tar.gz nextcloud-server-f6d6efef3a26fc5524988cdfba780dce035cd61b.zip