Skip to content

fix(Token): take over scope in token refresh with login by cookie#46640

Merged
juliusknorr merged 1 commit intomasterfrom
fix/noid/google-scope
Jul 22, 2024
Merged

fix(Token): take over scope in token refresh with login by cookie#46640
juliusknorr merged 1 commit intomasterfrom
fix/noid/google-scope

Conversation

@blizzz
Copy link
Member

@blizzz blizzz commented Jul 19, 2024
edited
Loading

Summary

When logging via cookie, the token was refreshed, but while doing so, the scope was not kept. It was applied from the old token, but not saved in session. This could be typically reproduced per:

  1. Having SAML configured
  2. In any Google browser, log in via SAML
  3. Close the browser
  4. Open the browser again

When running this query SELECT id, scope from oc_authtoken where uid ='USERID' the scope would be empty instead of '{"password-unconfirmable":true,"filesystem":true}'. So, after a while a password confirmation dialogue would open at specific actions, where it is not possible to verify it.

Checklist

@blizzz
fix(Token): take over scope in token refresh with login by cookie
99182aa 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@blizzz blizzz added this to the Nextcloud 30 milestone Jul 19, 2024
@blizzz blizzz requested review from a team, ArtificialOwl, ChristophWurst, juliusknorr, sorbaugh and yemkareems and removed request for a team July 19, 2024 13:59
@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable29

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable28

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable27

@blizzz
Copy link
Member Author

blizzz commented Jul 19, 2024

/backport to stable26

@juliusknorr juliusknorr merged commit 800dffe into master Jul 22, 2024
@juliusknorr juliusknorr deleted the fix/noid/google-scope branch July 22, 2024 06:49
This was referenced Jul 22, 2024
Merged
Merged
Merged
Merged
@blizzz blizzz mentioned this pull request Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@yemkareems yemkareems Awaiting requested review from yemkareems yemkareems is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: authentication

Projects

None yet

Milestone

Nextcloud 30

Development

Successfully merging this pull request may close these issues.

3 participants

@blizzz @ChristophWurst @juliusknorr