From 4ec174197f3ee47631193f7941ef656ce6b06be1 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Wed, 12 Jun 2024 11:05:43 +0200
Subject: [PATCH] fix(Token): make new scope future compatible

- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 .../Middleware/Security/PasswordConfirmationMiddleware.php      | 2 +-
 lib/private/Template/JSConfigHelper.php                         | 2 +-
 lib/private/legacy/OC_User.php                                  | 2 +-
 .../Middleware/Security/PasswordConfirmationMiddlewareTest.php  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index 27328e17b03..8d00f6b7423 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -103,7 +103,7 @@ class PasswordConfirmationMiddleware extends Middleware {
 				return;
 			}
 			$scope = $token->getScopeAsArray();
-			if (isset($scope['sso-based-login']) && $scope['sso-based-login'] === true) {
+			if (isset($scope['password-unconfirmable']) && $scope['password-unconfirmable'] === true) {
 				// Users logging in from SSO backends cannot confirm their password by design
 				return;
 			}
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index cca3d646544..f255da9fd66 100644
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -310,6 +310,6 @@ class JSConfigHelper {
 			return true;
 		}
 		$scope = $token->getScopeAsArray();
-		return !isset($scope['sso-based-login']) || $scope['sso-based-login'] === false;
+		return !isset($scope['password-unconfirmable']) || $scope['password-unconfirmable'] === false;
 	}
 }
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index 7cf0b3487a9..0be87804eed 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -200,7 +200,7 @@ class OC_User {
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['sso-based-login' => true]);
+					$token->setScope(['password-unconfirmable' => true]);
 					$tokenProvider->updateToken($token);
 				}
 
diff --git a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
index ed51837acbf..280a10fe90a 100644
--- a/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php
@@ -198,7 +198,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
 
 		$token = $this->createMock(IToken::class);
 		$token->method('getScopeAsArray')
-			->willReturn(['sso-based-login' => true]);
+			->willReturn(['password-unconfirmable' => true]);
 		$this->tokenProvider->expects($this->once())
 			->method('getToken')
 			->with($sessionId)