Skip to content

fix(accounts): default property scopes to local instead of federated#58759

Open
boris324 wants to merge 3 commits intonextcloud:masterfrom
boris324:fix/default-account-scope-to-local
Open

fix(accounts): default property scopes to local instead of federated#58759
boris324 wants to merge 3 commits intonextcloud:masterfrom
boris324:fix/default-account-scope-to-local

Conversation

@boris324
Copy link

@boris324 boris324 commented Mar 6, 2026

Summary

  • Changes default account property scopes from SCOPE_FEDERATED to SCOPE_LOCAL for all properties (displayname, email, avatar, pronouns were previously federated by default)
  • Adds a repair step (FixDefaultAccountScopesToLocal) that migrates existing users who still have the old federated defaults on the affected properties back to local scope
  • Updates tests to reflect the new default scope values

Background

New users were created with displayname, email, avatar, and pronouns set to v2-federated scope by default. This exposed personal information to federated servers without explicit user consent. The privacy-respecting default should be v2-local, keeping user data visible only to users on the same instance.

Administrators who want to restore the old behavior can use the account_manager.default_property_scope system config option to override individual property scopes.

Fixes: #58646

Test plan

  • Create a new user account and verify all properties default to v2-local scope in the oc_accounts table
  • Run occ maintenance:repair and verify the repair step updates existing accounts from v2-federated to v2-local for the affected properties
  • Verify that accounts with v2-published or v2-private scopes are not modified by the repair step
  • Verify that non-affected properties (phone, website, address, etc.) retain their existing federated scope if set by the user
  • Verify that the account_manager.default_property_scope config override still works to set federated scope if desired

🤖 Generated with Claude Code

root and others added 3 commits March 6, 2026 15:58
@claude
fix(files): add name attribute to default view radio group
d66d118 
Add name="default_view" to the NcRadioGroup component so the
underlying radio buttons are properly grouped. This enables
keyboard navigation between radio options using arrow keys,
improving accessibility.

Fixes nextcloud#58729

Signed-off-by: boris324 <boris324@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@claude
fix: increase bucket_name column length to 63 chars
8ea6b7e 
AWS allows bucket names up to 63 characters per their naming rules,
but the bucket_name column in oc_preview_locations was varchar(40).

This updates the initial migration to use length 63 for fresh installs
and adds a new migration to alter the column for existing installs.

Fixes: nextcloud#58755

Signed-off-by: boris324 <boris324@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@claude
fix(accounts): change default account property scopes from federated …
275f57a 
…to local

New users were created with displayname, email, avatar, and pronouns
set to federated scope by default, exposing personal information to
federated servers without explicit user consent. This changes all
default property scopes to local, so user data stays private until
the user explicitly opts into federation.

Includes a repair step to migrate existing users who still have the
old federated defaults on the affected properties.

Fixes: nextcloud#58646
Signed-off-by: boris324 <boris324@users.noreply.github.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@boris324 boris324 requested review from a team and skjnldsv as code owners March 6, 2026 18:46
@boris324 boris324 requested review from artonge, icewind1991, leftybournes, salmart-dev and szaimen and removed request for a team March 6, 2026 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skjnldsv skjnldsv Awaiting requested review from skjnldsv skjnldsv is a code owner

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-frontend

@szaimen szaimen Awaiting requested review from szaimen szaimen is a code owner automatically assigned from nextcloud/server-frontend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: New users are created with the federated scope by default

1 participant

@boris324