Skip to content

Commit

Permalink
fix(Token): take over scope in token refresh with login by cookie
Browse files Browse the repository at this point in the history 
Signed-off-by: Arthur Schiwon <[email protected]>

[skip ci]
  • Loading branch information
@blizzz @backportbot
blizzz authored and backportbot[bot] committed Jul 22, 2024
1 parent 7826984 commit c040c70
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
3 changes: 2 additions & 1 deletion lib/private/Authentication/Token/Manager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ public function generateToken(string $token,
$password,
$name,
$type,
$remember
$remember,
$scope,
);
} catch (UniqueConstraintViolationException $e) {
// It's rare, but if two requests of the same session (e.g. env-based SAML)
Expand Down
6 changes: 6 additions & 0 deletions lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,10 @@ public function generateToken(string $token,
$dbToken->setPasswordHash($randomOldToken->getPasswordHash());
}

if ($scope !== null) {
$dbToken->setScope($scope);
}

$this->mapper->insert($dbToken);

if (!$oldTokenMatches && $password !== null) {
Expand Down Expand Up @@ -233,6 +237,8 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
$password = $this->decryptPassword($token->getPassword(), $privateKey);
}

$scope = $token->getScope() === '' ? null : $token->getScopeAsArray();
$newToken = $this->generateToken(
$sessionId,
$token->getUID(),
Expand Down

0 comments on commit c040c70

Please sign in to comment.