From 895ed634af5385e44ed81310e1218c47a86c309b Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Mon, 24 Jun 2024 13:47:12 +0200
Subject: [PATCH] fix(Token): add FILESYSTEM scope with
 SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 lib/private/legacy/OC_User.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index f9f751f7b1454..d2978f6ad217f 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -172,7 +172,10 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
+					$token->setScope([
+						IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true,
+						IToken::SCOPE_FILESYSTEM => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}