fix(Token): take over scope in token refresh with login by cookie

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> [skip ci]
nextcloud · Jul 22, 2024 · 0174f2c · 0174f2c
1 parent 7512b20
commit 0174f2c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
@@ -73,7 +73,8 @@ public function generateToken(string $token,
 				$password,
 				$name,
 				$type,
-				$remember
+				$remember,
+				$scope,
 			);
 		} catch (UniqueConstraintViolationException $e) {
 			// It's rare, but if two requests of the same session (e.g. env-based SAML)

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -126,6 +126,10 @@ public function generateToken(string $token,
 			$dbToken->setPasswordHash($randomOldToken->getPasswordHash());
 		}
 
+		if ($scope !== null) {
+			$dbToken->setScope($scope);
+		}
+
 		$this->mapper->insert($dbToken);
 
 		if (!$oldTokenMatches && $password !== null) {
@@ -253,6 +257,8 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
 				$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
 				$password = $this->decryptPassword($token->getPassword(), $privateKey);
 			}
+
+			$scope = $token->getScope() === '' ? null : $token->getScopeAsArray();
 			$newToken = $this->generateToken(
 				$sessionId,
 				$token->getUID(),
@@ -262,7 +268,6 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
 				IToken::TEMPORARY_TOKEN,
 				$token->getRemember()
 			);
-			$newToken->setScope($token->getScopeAsArray());
 			$this->cacheToken($newToken);
 
 			$this->cacheInvalidHash($token->getToken());