Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: SAML users without file access in 29.0.3rcX, 28.0.7rcX, 27.1.11rcX #46070

Closed
4 of 8 tasks
blizzz opened this issue Jun 24, 2024 · 0 comments · Fixed by #46071
Closed
4 of 8 tasks

[Bug]: SAML users without file access in 29.0.3rcX, 28.0.7rcX, 27.1.11rcX #46070

blizzz opened this issue Jun 24, 2024 · 0 comments · Fixed by #46071
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug

Comments

@blizzz
Copy link
Member

blizzz commented Jun 24, 2024

⚠️ This issue respects the following points: ⚠️

Bug description

The regression was introduced with adding a second scope in the scope-mechanism. The related PR is #43942

We have a LockdownManager and it has a logic that double checks whether file access exists in: https://github.com/nextcloud/server/blob/master/lib/private/Lockdown/LockdownManager.php#L61-L64

It's conditions are:

  1. Either no scope is set
  2. Or filesystem is set in the scope

In the login logic, when auth succeed without a password, we set the SCOPE_SKIP_PASSWORD_VALIDATION only.

A quick workaround is to set the filesystem access there as well.

Steps to reproduce

  1. Login via user_saml
  2. Go to Files, but see no Files
  3. Trying to upload files fails

Expected behavior

Files are present and accessible

Installation method

None

Nextcloud Server version

master

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response
@blizzz blizzz added bug 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Jun 24, 2024
@blizzz blizzz changed the title [Bug]: SAML users without fileaccess in 29.0.3rcX, 28.0.7rcX, 27.1.11rcX [Bug]: SAML users without file access in 29.0.3rcX, 28.0.7rcX, 27.1.11rcX Jun 24, 2024
@blizzz blizzz mentioned this issue Jun 24, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION nextcloud/server
2 participants
@blizzz @szaimen