fix(accounts): default property scopes to local instead of federated

apps/files/src/components/FilesAppSettings/FilesAppSettingsGeneral.vue

@@ -37,6 +37,7 @@ const store = useUserConfigStore()
 		</NcFormBox>
 		<NcRadioGroup
 			v-model="store.userConfig.default_view"
+			name="default_view"
 			:label="t('files', 'Default view')"
 			@update:modelValue="store.update('default_view', $event)">
 			<NcRadioGroupButton :label="t('files', 'All files')" value="files">

core/Migrations/Version33000Date20250819110529.php

@@ -31,7 +31,7 @@ public function changeSchema(IOutput $output, Closure $schemaClosure, array $opt
 		if (!$schema->hasTable('preview_locations')) {
 			$table = $schema->createTable('preview_locations');
 			$table->addColumn('id', Types::BIGINT, ['autoincrement' => true, 'notnull' => true, 'length' => 20, 'unsigned' => true]);
-			$table->addColumn('bucket_name', Types::STRING, ['notnull' => true, 'length' => 40]);
+			$table->addColumn('bucket_name', Types::STRING, ['notnull' => true, 'length' => 63]);
 			$table->addColumn('object_store_name', Types::STRING, ['notnull' => true, 'length' => 40]);
 			$table->setPrimaryKey(['id']);
 		}

core/Migrations/Version33000Date20260306120000.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OC\Core\Migrations;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\Attributes\ModifyColumn;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use Override;
+
+/**
+ * Increase bucket_name column length to 63 to match AWS bucket naming rules
+ */
+#[ModifyColumn(table: 'preview_locations', name: 'bucket_name', description: 'Increase column length to 63 to match AWS bucket naming rules')]
+class Version33000Date20260306120000 extends SimpleMigrationStep {
+
+	#[Override]
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		if ($schema->hasTable('preview_locations')) {
+			$table = $schema->getTable('preview_locations');
+			$column = $table->getColumn('bucket_name');
+
+			if ($column->getLength() < 63) {
+				$column->setLength(63);
+			}
+		}
+
+		return $schema;
+	}
+}

lib/composer/composer/autoload_classmap.php

@@ -2072,6 +2072,7 @@
     'OC\\Repair\\NC29\\SanitizeAccountProperties' => $baseDir . '/lib/private/Repair/NC29/SanitizeAccountProperties.php',
     'OC\\Repair\\NC29\\SanitizeAccountPropertiesJob' => $baseDir . '/lib/private/Repair/NC29/SanitizeAccountPropertiesJob.php',
     'OC\\Repair\\NC30\\RemoveLegacyDatadirFile' => $baseDir . '/lib/private/Repair/NC30/RemoveLegacyDatadirFile.php',
+    'OC\\Repair\\NC33\\FixDefaultAccountScopesToLocal' => $baseDir . '/lib/private/Repair/NC33/FixDefaultAccountScopesToLocal.php',
     'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
     'OC\\Repair\\Owncloud\\CleanPreviews' => $baseDir . '/lib/private/Repair/Owncloud/CleanPreviews.php',
     'OC\\Repair\\Owncloud\\CleanPreviewsBackgroundJob' => $baseDir . '/lib/private/Repair/Owncloud/CleanPreviewsBackgroundJob.php',

lib/composer/composer/autoload_static.php

@@ -2113,6 +2113,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Repair\\NC29\\SanitizeAccountProperties' => __DIR__ . '/../../..' . '/lib/private/Repair/NC29/SanitizeAccountProperties.php',
         'OC\\Repair\\NC29\\SanitizeAccountPropertiesJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC29/SanitizeAccountPropertiesJob.php',
         'OC\\Repair\\NC30\\RemoveLegacyDatadirFile' => __DIR__ . '/../../..' . '/lib/private/Repair/NC30/RemoveLegacyDatadirFile.php',
+        'OC\\Repair\\NC33\\FixDefaultAccountScopesToLocal' => __DIR__ . '/../../..' . '/lib/private/Repair/NC33/FixDefaultAccountScopesToLocal.php',
         'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
         'OC\\Repair\\Owncloud\\CleanPreviews' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/CleanPreviews.php',
         'OC\\Repair\\Owncloud\\CleanPreviewsBackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/CleanPreviewsBackgroundJob.php',

lib/private/Accounts/AccountManager.php

@@ -66,16 +66,16 @@ class AccountManager implements IAccountManager {
 	 */
 	public const DEFAULT_SCOPES = [
 		self::PROPERTY_ADDRESS => self::SCOPE_LOCAL,
-		self::PROPERTY_AVATAR => self::SCOPE_FEDERATED,
+		self::PROPERTY_AVATAR => self::SCOPE_LOCAL,
 		self::PROPERTY_BIOGRAPHY => self::SCOPE_LOCAL,
 		self::PROPERTY_BIRTHDATE => self::SCOPE_LOCAL,
-		self::PROPERTY_DISPLAYNAME => self::SCOPE_FEDERATED,
-		self::PROPERTY_EMAIL => self::SCOPE_FEDERATED,
+		self::PROPERTY_DISPLAYNAME => self::SCOPE_LOCAL,
+		self::PROPERTY_EMAIL => self::SCOPE_LOCAL,
 		self::PROPERTY_FEDIVERSE => self::SCOPE_LOCAL,
 		self::PROPERTY_HEADLINE => self::SCOPE_LOCAL,
 		self::PROPERTY_ORGANISATION => self::SCOPE_LOCAL,
 		self::PROPERTY_PHONE => self::SCOPE_LOCAL,
-		self::PROPERTY_PRONOUNS => self::SCOPE_FEDERATED,
+		self::PROPERTY_PRONOUNS => self::SCOPE_LOCAL,
 		self::PROPERTY_ROLE => self::SCOPE_LOCAL,
 		self::PROPERTY_TWITTER => self::SCOPE_LOCAL,
 		self::PROPERTY_BLUESKY => self::SCOPE_LOCAL,

lib/private/Repair.php

@@ -42,6 +42,7 @@
 use OC\Repair\NC25\AddMissingSecretJob;
 use OC\Repair\NC29\SanitizeAccountProperties;
 use OC\Repair\NC30\RemoveLegacyDatadirFile;
+use OC\Repair\NC33\FixDefaultAccountScopesToLocal;
 use OC\Repair\OldGroupMembershipShares;
 use OC\Repair\Owncloud\CleanPreviews;
 use OC\Repair\Owncloud\DropAccountTermsTable;
@@ -189,6 +190,7 @@ public static function getRepairSteps(): array {
 			Server::get(SanitizeAccountProperties::class),
 			Server::get(AddMovePreviewJob::class),
 			Server::get(ConfigKeyMigration::class),
+			Server::get(FixDefaultAccountScopesToLocal::class),
 		];
 	}
 

lib/private/Repair/NC33/FixDefaultAccountScopesToLocal.php

@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OC\Repair\NC33;
+
+use OCP\Accounts\IAccountManager;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+/**
+ * Fix default account property scopes from federated to local.
+ *
+ * Previously, properties like displayname, email, avatar, and pronouns
+ * defaulted to SCOPE_FEDERATED, which exposed user information to
+ * federated servers without explicit user consent.
+ *
+ * This repair step changes those properties to SCOPE_LOCAL for existing
+ * users who still have the old default federated scope on properties
+ * that were previously defaulting to federated.
+ *
+ * @see https://github.com/nextcloud/server/issues/58646
+ */
+class FixDefaultAccountScopesToLocal implements IRepairStep {
+
+	/**
+	 * Properties whose default scope was changed from federated to local.
+	 */
+	private const AFFECTED_PROPERTIES = [
+		IAccountManager::PROPERTY_DISPLAYNAME,
+		IAccountManager::PROPERTY_EMAIL,
+		IAccountManager::PROPERTY_AVATAR,
+		IAccountManager::PROPERTY_PRONOUNS,
+	];
+
+	public function __construct(
+		private IDBConnection $connection,
+	) {
+	}
+
+	public function getName(): string {
+		return 'Fix default account property scopes from federated to local';
+	}
+
+	public function run(IOutput $output): void {
+		$updated = 0;
+		$processed = 0;
+
+		$select = $this->connection->getQueryBuilder();
+		$select->select('uid', 'data')
+			->from('accounts');
+
+		$update = $this->connection->getQueryBuilder();
+		$update->update('accounts')
+			->set('data', $update->createParameter('data'))
+			->where($update->expr()->eq('uid', $update->createParameter('uid')));
+
+		$result = $select->executeQuery();
+		while ($row = $result->fetch()) {
+			$processed++;
+			$data = json_decode($row['data'], true);
+			if (!is_array($data)) {
+				continue;
+			}
+
+			$changed = false;
+			foreach (self::AFFECTED_PROPERTIES as $property) {
+				if (isset($data[$property]['scope'])
+					&& $data[$property]['scope'] === IAccountManager::SCOPE_FEDERATED
+				) {
+					$data[$property]['scope'] = IAccountManager::SCOPE_LOCAL;
+					$changed = true;
+				}
+			}
+
+			if ($changed) {
+				$update->setParameter('data', json_encode($data));
+				$update->setParameter('uid', $row['uid']);
+				$update->executeStatement();
+				$updated++;
+			}
+		}
+		$result->closeCursor();
+
+		$output->info("Processed $processed accounts, updated $updated accounts with local scope defaults.");
+	}
+}

tests/lib/Accounts/AccountManagerTest.php

@@ -532,14 +532,14 @@ public function testAddMissingDefaults(): void {
 			[
 				'name' => IAccountManager::PROPERTY_DISPLAYNAME,
 				'value' => 'bob',
-				'scope' => IAccountManager::SCOPE_FEDERATED,
+				'scope' => IAccountManager::SCOPE_LOCAL,
 				'verified' => IAccountManager::NOT_VERIFIED,
 			],
 
 			[
 				'name' => IAccountManager::PROPERTY_EMAIL,
 				'value' => 'bob@bob.bob',
-				'scope' => IAccountManager::SCOPE_FEDERATED,
+				'scope' => IAccountManager::SCOPE_LOCAL,
 				'verified' => IAccountManager::NOT_VERIFIED,
 			],
 
@@ -559,7 +559,7 @@ public function testAddMissingDefaults(): void {
 
 			[
 				'name' => IAccountManager::PROPERTY_AVATAR,
-				'scope' => IAccountManager::SCOPE_FEDERATED
+				'scope' => IAccountManager::SCOPE_LOCAL,
 			],
 
 			[
@@ -628,7 +628,7 @@ public function testAddMissingDefaults(): void {
 			[
 				'name' => IAccountManager::PROPERTY_PRONOUNS,
 				'value' => '',
-				'scope' => IAccountManager::SCOPE_FEDERATED,
+				'scope' => IAccountManager::SCOPE_LOCAL,
 			],
 		];
 		$this->config->expects($this->once())->method('getSystemValue')->with('account_manager.default_property_scope', [])->willReturn([]);
@@ -1014,10 +1014,12 @@ public static function dataSetDefaultPropertyScopes(): array {
 			[
 				[],
 				[
-					IAccountManager::PROPERTY_DISPLAYNAME => IAccountManager::SCOPE_FEDERATED,
+					IAccountManager::PROPERTY_DISPLAYNAME => IAccountManager::SCOPE_LOCAL,
 					IAccountManager::PROPERTY_ADDRESS => IAccountManager::SCOPE_LOCAL,
-					IAccountManager::PROPERTY_EMAIL => IAccountManager::SCOPE_FEDERATED,
+					IAccountManager::PROPERTY_EMAIL => IAccountManager::SCOPE_LOCAL,
 					IAccountManager::PROPERTY_ROLE => IAccountManager::SCOPE_LOCAL,
+					IAccountManager::PROPERTY_AVATAR => IAccountManager::SCOPE_LOCAL,
+					IAccountManager::PROPERTY_PRONOUNS => IAccountManager::SCOPE_LOCAL,
 				]
 			],
 			[
@@ -1039,7 +1041,7 @@ public static function dataSetDefaultPropertyScopes(): array {
 				],
 				[
 					IAccountManager::PROPERTY_ADDRESS => IAccountManager::SCOPE_LOCAL,
-					IAccountManager::PROPERTY_EMAIL => IAccountManager::SCOPE_FEDERATED,
+					IAccountManager::PROPERTY_EMAIL => IAccountManager::SCOPE_LOCAL,
 					IAccountManager::PROPERTY_ROLE => IAccountManager::SCOPE_PRIVATE,
 				]
 			],