fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or specified explicitely. Therefore, when setting the skip-password-validation scope for user authentication from mechanisms like SAML, we also have to set the filesystem scope, otherwise they will lack access to the filesystem. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2026-05-28 04:32:30 -04:00 · 2024-06-24 13:47:12 +02:00 · 2024-06-24 13:47:12 +02:00 · bea11a744f
commit bea11a744f
parent 5afec6cd31
1 changed files with 4 additions and 1 deletions
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@ -197,7 +197,10 @@ class OC_User {
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}