[Bug]: New users are created with the federated scope by default

[oleua]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Today I have discovered that all new users are created with the federated scope by default. So, if you occasionally forget to disable federation and your cloud is open occasionally than all other users can find you just knowing the domain name. I think this is completely wrong and the scope should be local until changed.

Steps to reproduce

1. Run sql query select * from oc_accounts where uid="test_user"; in your nc database.
2. Observe:

| test_user | {"displayname":{"value":"Test user","scope":"v2-federated","verified":"0"},"address":{"value":"","scope":"v2-local","verified":"0"},"website":{"value":"","scope":"v2-local","verified":"0"},"email":{"value":"test@mydomain.tld","scope":"v2-federated","verified":"0"},"avatar":{"value":"","scope":"v2-federated","verified":"0"},"phone":{"value":"","scope":"v2-local","verified":"0"},"twitter":{"value":"","scope":"v2-local","verified":"0"},"fediverse":{"value":"","scope":"v2-local","verified":"0"},"organisation":{"value":"","scope":"v2-local","verified":"0"},"role":{"value":"","scope":"v2-local","verified":"0"},"headline":{"value":"","scope":"v2-local","verified":"0"},"biography":{"value":"","scope":"v2-local","verified":"0"},"profile_enabled":{"value":"0","scope":"v2-local","verified":"0"}} |

So, the displayame, email are of federated scope.

Expected behavior

The default values for the newly created users should be local. If needed, a user can make it federated or whatever.

Nextcloud Server version

32

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

List of activated Apps

Nextcloud Signing status

Nextcloud Logs

Additional info

No response

[provokateurin]

CC @AndyScherzinger

[AndyScherzinger]

cc @tobiasKaminsky @sorbaugh

[AndyScherzinger]

So, if you occasionally forget to disable federation and your cloud is open occasionally than all other users can find you just knowing the domain name.

What do you mean by that @oleua - what you actually need to reference the user in the federated scenario would still be to no the federation ID of that user, so just the domain doesn't give you a federated user, the federated user ID would.
Can you elaborate a bit on this one please? 🙏

[oleua]

So, if you occasionally forget to disable federation and your cloud is open occasionally than all other users can find you just knowing the domain name.

What do you mean by that @oleua - what you actually need to reference the user in the federated scenario would still be to no the federation ID of that user, so just the domain doesn't give you a federated user, the federated user ID would. Can you elaborate a bit on this one please? 🙏

My concern is that by default the federation is enabled, and all users are created with the federated scope. So, I may assume that the newly created cloud without proper tuning and settings is open to the world. Of course, you have to know the names of users, eg Alice and John + domainname, will it be enough? Servers can exchange with the lists of users in case the federation is enabled, is it true? If both yes, then any social manipulation can open the way to get access to the users of your cloud.

I am convinced, that your cloud should be by default closed and isolated, and you accept all risks when you decide to extend the local scope.