fix(Token): make new scope future compatible

- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <[email protected]>

lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php

@@ -103,7 +103,7 @@ public function beforeController($controller, $methodName) {
 				return;
 			}
 			$scope = $token->getScopeAsArray();
-			if (isset($scope['sso-based-login']) && $scope['sso-based-login'] === true) {
+			if (isset($scope['password-unconfirmable']) && $scope['password-unconfirmable'] === true) {
 				// Users logging in from SSO backends cannot confirm their password by design
 				return;
 			}

lib/private/Template/JSConfigHelper.php

@@ -309,6 +309,6 @@ protected function canUserValidatePassword(): bool {
 			return true;
 		}
 		$scope = $token->getScopeAsArray();
-		return !isset($scope['sso-based-login']) || $scope['sso-based-login'] === false;
+		return !isset($scope['password-unconfirmable']) || $scope['password-unconfirmable'] === false;
 	}
 }

lib/private/legacy/OC_User.php

@@ -197,7 +197,7 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				if (empty($password)) {
 					$tokenProvider = \OC::$server->get(IProvider::class);
 					$token = $tokenProvider->getToken($userSession->getSession()->getId());
-					$token->setScope(['sso-based-login' => true]);
+					$token->setScope(['password-unconfirmable' => true]);
 					$tokenProvider->updateToken($token);
 				}
 

tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php

@@ -198,7 +198,7 @@ public function testSSO() {
 
 		$token = $this->createMock(IToken::class);
 		$token->method('getScopeAsArray')
-			->willReturn(['sso-based-login' => true]);
+			->willReturn(['password-unconfirmable' => true]);
 		$this->tokenProvider->expects($this->once())
 			->method('getToken')
 			->with($sessionId)