From f016e7e35032357fb952a512819b4d1f9b3da800 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Mon, 24 Jun 2024 13:47:12 +0200
Subject: [PATCH] fix(Token): add FILESYSTEM scope with
 SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 lib/private/legacy/OC_User.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
index 0be87804eed54..3d95881498869 100644
--- a/lib/private/legacy/OC_User.php
+++ b/lib/private/legacy/OC_User.php
@@ -200,7 +200,10 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['password-unconfirmable' => true]);
+					$token->setScope([
+						'password-unconfirmable' => true,
+						'filesystem' => true,
+					]);
 					$tokenProvider->updateToken($token);
 				}