From 5b7c4cc5dc27a0d0761c08db6dea642f8d4d2bc0 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Mon, 24 Jun 2024 13:47:12 +0200
Subject: [PATCH] fix(Token): add FILESYSTEM scope with
 SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 lib/private/legacy/OC_User.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index ec0b7e69c8ae1..7943be9d1c57d 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -197,7 +197,10 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}