fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or specified explicitely. Therefore, when setting the skip-password-validation scope for user authentication from mechanisms like SAML, we also have to set the filesystem scope, otherwise they will lack access to the filesystem. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
nextcloud · Jun 25, 2024 · 5b7c4cc · 5b7c4cc
1 parent 1da03bb
commit 5b7c4cc
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
@@ -197,7 +197,10 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}