mirror of
https://github.com/nextcloud/server.git
synced 2025-05-04 22:11:01 +00:00
refactor(core): Replace security annotations with respective attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
This commit is contained in:
provokateurin
parent
41f7fa6840
commit
c57c3c1573
39 changed files with 225 additions and 270 deletions
core/Controller
AppPasswordController.phpAutoCompleteController.phpAvatarController.phpCSRFTokenController.phpClientFlowLoginController.phpClientFlowLoginV2Controller.phpCollaborationResourcesController.phpContactsMenuController.phpCssController.phpErrorController.phpGuestAvatarController.phpHoverCardController.phpJsController.phpLoginController.phpLostController.phpNavigationController.phpOCJSController.phpOCMController.phpOCSController.phpPreviewController.phpProfileApiController.phpProfilePageController.phpRecommendedAppsController.phpReferenceApiController.phpReferenceController.phpSearchController.phpTranslationApiController.phpTwoFactorChallengeController.phpUnifiedSearchController.phpUnsupportedBrowserController.phpUserController.phpWalledGardenController.phpWebAuthnController.phpWellKnownController.phpWhatsNewController.phpWipeController.php
cypress/fixtures/testapp/lib/Controller
lib/public/AppFramework
|
|
@ -14,6 +14,9 @@ use OC\Authentication\Token\IToken;
|
|||
use OC\User\Session;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCS\OCSForbiddenException;
|
||||
|
|
@ -45,9 +48,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @PasswordConfirmationRequired
|
||||
*
|
||||
* Create app password
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
|
||||
|
|
@ -55,6 +55,8 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: App password returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[PasswordConfirmationRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/getapppassword', root: '/core')]
|
||||
public function getAppPassword(): DataResponse {
|
||||
// We do not allow the creation of new tokens if this is an app password
|
||||
|
|
@ -98,8 +100,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Delete app password
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
|
||||
|
|
@ -107,6 +107,7 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: App password deleted successfully
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'DELETE', url: '/apppassword', root: '/core')]
|
||||
public function deleteAppPassword(): DataResponse {
|
||||
if (!$this->session->exists('app_password')) {
|
||||
|
|
@ -126,8 +127,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Rotate app password
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
|
||||
|
|
@ -135,6 +134,7 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: App password returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/apppassword/rotate', root: '/core')]
|
||||
public function rotateAppPassword(): DataResponse {
|
||||
if (!$this->session->exists('app_password')) {
|
||||
|
|
@ -160,9 +160,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
/**
|
||||
* Confirm the user password
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @BruteForceProtection(action=sudo)
|
||||
*
|
||||
* @param string $password The password of the user
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
|
||||
|
|
@ -170,6 +167,8 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|||
* 200: Password confirmation succeeded
|
||||
* 403: Password confirmation failed
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[BruteForceProtection('sudo')]
|
||||
#[UseSession]
|
||||
#[ApiRoute(verb: 'PUT', url: '/apppassword/confirm', root: '/core')]
|
||||
public function confirmUserPassword(string $password): DataResponse {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ namespace OC\Core\Controller;
|
|||
use OC\Core\ResponseDefinitions;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\Collaboration\AutoComplete\AutoCompleteEvent;
|
||||
|
|
@ -36,8 +37,6 @@ class AutoCompleteController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Autocomplete a query
|
||||
*
|
||||
* @param string $search Text to search for
|
||||
|
|
@ -51,6 +50,7 @@ class AutoCompleteController extends OCSController {
|
|||
*
|
||||
* 200: Autocomplete results returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/autocomplete/get', root: '/core')]
|
||||
public function get(string $search, ?string $itemType, ?string $itemId, ?string $sorter = null, array $shareTypes = [IShare::TYPE_USER], int $limit = 10): DataResponse {
|
||||
// if enumeration/user listings are disabled, we'll receive an empty
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ use OC\AppFramework\Utility\TimeFactory;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataDisplayResponse;
|
||||
use OCP\AppFramework\Http\FileDisplayResponse;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
|
|
@ -47,10 +50,7 @@ class AvatarController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* Get the dark avatar
|
||||
*
|
||||
|
|
@ -63,6 +63,8 @@ class AvatarController extends Controller {
|
|||
* 201: Avatar returned
|
||||
* 404: Avatar not found
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}/dark')]
|
||||
public function getAvatarDark(string $userId, int $size, bool $guestFallback = false) {
|
||||
if ($size <= 64) {
|
||||
|
|
@ -99,10 +101,7 @@ class AvatarController extends Controller {
|
|||
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* Get the avatar
|
||||
*
|
||||
|
|
@ -115,6 +114,8 @@ class AvatarController extends Controller {
|
|||
* 201: Avatar returned
|
||||
* 404: Avatar not found
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}')]
|
||||
public function getAvatar(string $userId, int $size, bool $guestFallback = false) {
|
||||
if ($size <= 64) {
|
||||
|
|
@ -149,9 +150,7 @@ class AvatarController extends Controller {
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/avatar/')]
|
||||
public function postAvatar(?string $path = null): JSONResponse {
|
||||
$files = $this->request->getUploadedFile('files');
|
||||
|
|
@ -271,9 +270,7 @@ class AvatarController extends Controller {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'DELETE', url: '/avatar/')]
|
||||
public function deleteAvatar(): JSONResponse {
|
||||
try {
|
||||
|
|
@ -287,10 +284,9 @@ class AvatarController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return JSONResponse|DataDisplayResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/avatar/tmp')]
|
||||
public function getTmpAvatar() {
|
||||
$tmpAvatar = $this->cache->get('tmpAvatar');
|
||||
|
|
@ -315,9 +311,7 @@ class AvatarController extends Controller {
|
|||
return $resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/avatar/cropped')]
|
||||
public function postCroppedAvatar(?array $crop = null): JSONResponse {
|
||||
if (is_null($crop)) {
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ use OC\Security\CSRF\CsrfTokenManager;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
|
||||
|
|
@ -27,15 +29,13 @@ class CSRFTokenController extends Controller {
|
|||
/**
|
||||
* Returns a new CSRF token.
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* @return JSONResponse<Http::STATUS_OK, array{token: string}, array{}>|JSONResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
|
||||
*
|
||||
* 200: CSRF token returned
|
||||
* 403: Strict cookie check failed
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
|
||||
public function index(): JSONResponse {
|
||||
if (!$this->request->passesStrictCookieCheck()) {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,10 @@ use OCA\OAuth2\Db\ClientMapper;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\StandaloneTemplateResponse;
|
||||
|
|
@ -82,10 +85,8 @@ class ClientFlowLoginController extends Controller {
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/flow')]
|
||||
public function showAuthPickerPage(string $clientIdentifier = '', string $user = '', int $direct = 0): StandaloneTemplateResponse {
|
||||
|
|
@ -150,10 +151,10 @@ class ClientFlowLoginController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/flow/grant')]
|
||||
public function grantPage(string $stateToken = '',
|
||||
|
|
@ -203,10 +204,9 @@ class ClientFlowLoginController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return Http\RedirectResponse|Response
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/flow')]
|
||||
public function generateAppPassword(string $stateToken,
|
||||
|
|
@ -297,9 +297,7 @@ class ClientFlowLoginController extends Controller {
|
|||
return new Http\RedirectResponse($redirectUri);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/flow/apptoken')]
|
||||
public function apptokenRedirect(string $stateToken, string $user, string $password): Response {
|
||||
if (!$this->isValidToken($stateToken)) {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,10 @@ use OC\Core\Service\LoginFlowV2Service;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -55,9 +58,6 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* Poll the login flow credentials
|
||||
*
|
||||
* @param string $token Token of the flow
|
||||
|
|
@ -66,6 +66,8 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
* 200: Login flow credentials returned
|
||||
* 404: Login flow not found or completed
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/v2/poll')]
|
||||
public function poll(string $token): JSONResponse {
|
||||
try {
|
||||
|
|
@ -77,10 +79,8 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
return new JSONResponse($creds->jsonSerialize());
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/v2/flow/{token}')]
|
||||
|
|
@ -96,10 +96,8 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/v2/flow')]
|
||||
|
|
@ -131,10 +129,10 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/v2/grant')]
|
||||
|
|
@ -170,9 +168,7 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/v2/apptoken')]
|
||||
public function apptokenRedirect(?string $stateToken, string $user, string $password) {
|
||||
if ($stateToken === null) {
|
||||
|
|
@ -217,9 +213,7 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
return $this->handleFlowDone($result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/v2/grant')]
|
||||
public function generateAppPassword(?string $stateToken): Response {
|
||||
|
|
@ -270,15 +264,14 @@ class ClientFlowLoginV2Controller extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* Init a login flow
|
||||
*
|
||||
* @return JSONResponse<Http::STATUS_OK, CoreLoginFlowV2, array{}>
|
||||
*
|
||||
* 200: Login flow init returned
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/v2')]
|
||||
public function init(): JSONResponse {
|
||||
// Get client user agent
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ use Exception;
|
|||
use OC\Core\ResponseDefinitions;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\Collaboration\Resources\CollectionException;
|
||||
|
|
@ -55,8 +56,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Get a collection
|
||||
*
|
||||
* @param int $collectionId ID of the collection
|
||||
|
|
@ -65,6 +64,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collection returned
|
||||
* 404: Collection not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/resources/collections/{collectionId}', root: '/collaboration')]
|
||||
public function listCollection(int $collectionId): DataResponse {
|
||||
try {
|
||||
|
|
@ -77,8 +77,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Search for collections
|
||||
*
|
||||
* @param string $filter Filter collections
|
||||
|
|
@ -87,6 +85,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collections returned
|
||||
* 404: Collection not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/resources/collections/search/{filter}', root: '/collaboration')]
|
||||
public function searchCollections(string $filter): DataResponse {
|
||||
try {
|
||||
|
|
@ -99,8 +98,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Add a resource to a collection
|
||||
*
|
||||
* @param int $collectionId ID of the collection
|
||||
|
|
@ -111,6 +108,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collection returned
|
||||
* 404: Collection not found or resource inaccessible
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/resources/collections/{collectionId}', root: '/collaboration')]
|
||||
public function addResource(int $collectionId, string $resourceType, string $resourceId): DataResponse {
|
||||
try {
|
||||
|
|
@ -134,8 +132,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Remove a resource from a collection
|
||||
*
|
||||
* @param int $collectionId ID of the collection
|
||||
|
|
@ -146,6 +142,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collection returned
|
||||
* 404: Collection or resource not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'DELETE', url: '/resources/collections/{collectionId}', root: '/collaboration')]
|
||||
public function removeResource(int $collectionId, string $resourceType, string $resourceId): DataResponse {
|
||||
try {
|
||||
|
|
@ -166,8 +163,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Get collections by resource
|
||||
*
|
||||
* @param string $resourceType Type of the resource
|
||||
|
|
@ -177,6 +172,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collections returned
|
||||
* 404: Resource not accessible
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/resources/{resourceType}/{resourceId}', root: '/collaboration')]
|
||||
public function getCollectionsByResource(string $resourceType, string $resourceId): DataResponse {
|
||||
try {
|
||||
|
|
@ -193,8 +189,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Create a collection for a resource
|
||||
*
|
||||
* @param string $baseResourceType Type of the base resource
|
||||
|
|
@ -206,6 +200,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 400: Creating collection is not possible
|
||||
* 404: Resource inaccessible
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/resources/{baseResourceType}/{baseResourceId}', root: '/collaboration')]
|
||||
public function createCollectionOnResource(string $baseResourceType, string $baseResourceId, string $name): DataResponse {
|
||||
if (!isset($name[0]) || isset($name[64])) {
|
||||
|
|
@ -229,8 +224,6 @@ class CollaborationResourcesController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Rename a collection
|
||||
*
|
||||
* @param int $collectionId ID of the collection
|
||||
|
|
@ -240,6 +233,7 @@ class CollaborationResourcesController extends OCSController {
|
|||
* 200: Collection returned
|
||||
* 404: Collection not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'PUT', url: '/resources/collections/{collectionId}', root: '/collaboration')]
|
||||
public function renameCollection(int $collectionId, string $collectionName): DataResponse {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ use OC\Contacts\ContactsMenu\Manager;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserSession;
|
||||
|
|
@ -24,22 +25,20 @@ class ContactsMenuController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return \JsonSerializable[]
|
||||
* @throws Exception
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/contactsmenu/contacts')]
|
||||
public function index(?string $filter = null): array {
|
||||
return $this->manager->getEntries($this->userSession->getUser(), $filter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return JSONResponse|\JsonSerializable
|
||||
* @throws Exception
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/contactsmenu/findOne')]
|
||||
public function findOne(int $shareType, string $shareWith) {
|
||||
$contact = $this->manager->findOne($this->userSession->getUser(), $shareType, $shareWith);
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ use OC\Files\AppData\Factory;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\FileDisplayResponse;
|
||||
use OCP\AppFramework\Http\NotFoundResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
|
|
@ -39,14 +41,14 @@ class CssController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
*
|
||||
* @param string $fileName css filename with extension
|
||||
* @param string $appName css folder name
|
||||
* @return FileDisplayResponse|NotFoundResponse
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/css/{appName}/{fileName}')]
|
||||
public function getCss(string $fileName, string $appName): Response {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -11,15 +11,15 @@ namespace OC\Core\Controller;
|
|||
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
class ErrorController extends \OCP\AppFramework\Controller {
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: 'error/403')]
|
||||
public function error403(): TemplateResponse {
|
||||
$response = new TemplateResponse(
|
||||
|
|
@ -32,10 +32,8 @@ class ErrorController extends \OCP\AppFramework\Controller {
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: 'error/404')]
|
||||
public function error404(): TemplateResponse {
|
||||
$response = new TemplateResponse(
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ namespace OC\Core\Controller;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\FileDisplayResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\IAvatarManager;
|
||||
|
|
@ -33,9 +35,6 @@ class GuestAvatarController extends Controller {
|
|||
/**
|
||||
* Returns a guest avatar image response
|
||||
*
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @param string $guestName The guest name, e.g. "Albert"
|
||||
* @param string $size The desired avatar size, e.g. 64 for 64x64px
|
||||
* @param bool|null $darkTheme Return dark avatar
|
||||
|
|
@ -44,6 +43,8 @@ class GuestAvatarController extends Controller {
|
|||
* 200: Custom avatar returned
|
||||
* 201: Avatar returned
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/avatar/guest/{guestName}/{size}')]
|
||||
public function getAvatar(string $guestName, string $size, ?bool $darkTheme = false) {
|
||||
$size = (int) $size;
|
||||
|
|
@ -87,9 +88,6 @@ class GuestAvatarController extends Controller {
|
|||
/**
|
||||
* Returns a dark guest avatar image response
|
||||
*
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @param string $guestName The guest name, e.g. "Albert"
|
||||
* @param string $size The desired avatar size, e.g. 64 for 64x64px
|
||||
* @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}>
|
||||
|
|
@ -97,6 +95,8 @@ class GuestAvatarController extends Controller {
|
|||
* 200: Custom avatar returned
|
||||
* 201: Avatar returned
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/avatar/guest/{guestName}/{size}/dark')]
|
||||
public function getAvatarDark(string $guestName, string $size) {
|
||||
return $this->getAvatar($guestName, $size, true);
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use OC\Contacts\ContactsMenu\Manager;
|
|||
use OC\Core\ResponseDefinitions;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserSession;
|
||||
|
|
@ -29,8 +30,6 @@ class HoverCardController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Get the account details for a hovercard
|
||||
*
|
||||
* @param string $userId ID of the user
|
||||
|
|
@ -39,6 +38,7 @@ class HoverCardController extends \OCP\AppFramework\OCSController {
|
|||
* 200: Account details returned
|
||||
* 404: Account not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/v1/{userId}', root: '/hovercard')]
|
||||
public function getUser(string $userId): DataResponse {
|
||||
$contact = $this->manager->findOne($this->userSession->getUser(), IShare::TYPE_USER, $userId);
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ use OC\Files\AppData\Factory;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\FileDisplayResponse;
|
||||
use OCP\AppFramework\Http\NotFoundResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
|
|
@ -39,14 +41,14 @@ class JsController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @NoSameSiteCookieRequired
|
||||
*
|
||||
* @param string $fileName js filename with extension
|
||||
* @param string $appName js folder name
|
||||
* @return FileDisplayResponse|NotFoundResponse
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/js/{appName}/{fileName}')]
|
||||
public function getJs(string $fileName, string $appName): Response {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -20,9 +20,12 @@ use OCA\User_LDAP\Helper;
|
|||
use OCP\App\IAppManager;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -65,10 +68,9 @@ class LoginController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return RedirectResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/logout')]
|
||||
public function logout() {
|
||||
|
|
@ -97,14 +99,13 @@ class LoginController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $redirect_url
|
||||
*
|
||||
* @return TemplateResponse|RedirectResponse
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[UseSession]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login')]
|
||||
|
|
@ -269,12 +270,11 @@ class LoginController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @BruteForceProtection(action=login)
|
||||
*
|
||||
* @return RedirectResponse
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[BruteForceProtection('login')]
|
||||
#[UseSession]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login')]
|
||||
|
|
@ -377,9 +377,6 @@ class LoginController extends Controller {
|
|||
/**
|
||||
* Confirm the user password
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @BruteForceProtection(action=sudo)
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* @param string $password The password of the user
|
||||
|
|
@ -389,6 +386,8 @@ class LoginController extends Controller {
|
|||
* 200: Password confirmation succeeded
|
||||
* 403: Password confirmation failed
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[BruteForceProtection('sudo')]
|
||||
#[UseSession]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/confirm')]
|
||||
|
|
|
|||
|
|
@ -15,8 +15,12 @@ use OC\Core\Exception\ResetPasswordException;
|
|||
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
|
||||
use OC\Security\RateLimiting\Limiter;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
|
||||
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Services\IInitialState;
|
||||
|
|
@ -74,12 +78,11 @@ class LostController extends Controller {
|
|||
|
||||
/**
|
||||
* Someone wants to reset their password:
|
||||
*
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @BruteForceProtection(action=passwordResetEmail)
|
||||
* @AnonRateThrottle(limit=10, period=300)
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[BruteForceProtection('passwordResetEmail')]
|
||||
#[AnonRateLimit(10, 300)]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/lostpassword/reset/form/{token}/{userId}')]
|
||||
public function resetform(string $token, string $userId): TemplateResponse {
|
||||
try {
|
||||
|
|
@ -140,11 +143,9 @@ class LostController extends Controller {
|
|||
return array_merge($data, ['status' => 'success']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @BruteForceProtection(action=passwordResetEmail)
|
||||
* @AnonRateThrottle(limit=10, period=300)
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[BruteForceProtection('passwordResetEmail')]
|
||||
#[AnonRateLimit(10, 300)]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/lostpassword/email')]
|
||||
public function email(string $user): JSONResponse {
|
||||
if ($this->config->getSystemValue('lost_password_link', '') !== '') {
|
||||
|
|
@ -178,11 +179,9 @@ class LostController extends Controller {
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @BruteForceProtection(action=passwordResetEmail)
|
||||
* @AnonRateThrottle(limit=10, period=300)
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[BruteForceProtection('passwordResetEmail')]
|
||||
#[AnonRateLimit(10, 300)]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/lostpassword/set/{token}/{userId}')]
|
||||
public function setPassword(string $token, string $userId, string $password, bool $proceed): JSONResponse {
|
||||
if ($this->encryptionManager->isEnabled() && !$proceed) {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ namespace OC\Core\Controller;
|
|||
use OC\Core\ResponseDefinitions;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\INavigationManager;
|
||||
|
|
@ -28,9 +30,6 @@ class NavigationController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get the apps navigation
|
||||
*
|
||||
* @param bool $absolute Rewrite URLs to absolute ones
|
||||
|
|
@ -39,6 +38,8 @@ class NavigationController extends OCSController {
|
|||
* 200: Apps navigation returned
|
||||
* 304: No apps navigation changed
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/navigation/apps', root: '/core')]
|
||||
public function getAppsNavigation(bool $absolute = false): DataResponse {
|
||||
$navigation = $this->navigationManager->getAll();
|
||||
|
|
@ -56,9 +57,6 @@ class NavigationController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get the settings navigation
|
||||
*
|
||||
* @param bool $absolute Rewrite URLs to absolute ones
|
||||
|
|
@ -67,6 +65,8 @@ class NavigationController extends OCSController {
|
|||
* 200: Apps navigation returned
|
||||
* 304: No apps navigation changed
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/navigation/settings', root: '/core')]
|
||||
public function getSettingsNavigation(bool $absolute = false): DataResponse {
|
||||
$navigation = $this->navigationManager->getAll('settings');
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ use OCP\App\IAppManager;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataDisplayResponse;
|
||||
use OCP\Defaults;
|
||||
use OCP\IConfig;
|
||||
|
|
@ -67,10 +69,10 @@ class OCJSController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @NoTwoFactorRequired
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/js/oc.js')]
|
||||
public function getConfig(): DataDisplayResponse {
|
||||
$data = $this->helper->getConfig();
|
||||
|
|
|
|||
|
|
@ -13,6 +13,8 @@ use Exception;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\Capabilities\ICapability;
|
||||
use OCP\IConfig;
|
||||
|
|
@ -39,8 +41,6 @@ class OCMController extends Controller {
|
|||
* generate a OCMProvider with local data and send it as DataResponse.
|
||||
* This replaces the old PHP file ocm-provider/index.php
|
||||
*
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @psalm-suppress MoreSpecificReturnType
|
||||
* @psalm-suppress LessSpecificReturnStatement
|
||||
* @return DataResponse<Http::STATUS_OK, array{enabled: bool, apiVersion: string, endPoint: string, resourceTypes: array{name: string, shareTypes: string[], protocols: array{webdav: string}}[]}, array{X-NEXTCLOUD-OCM-PROVIDERS: true, Content-Type: 'application/json'}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{message: string}, array{}>
|
||||
|
|
@ -48,6 +48,8 @@ class OCMController extends Controller {
|
|||
* 200: OCM Provider details returned
|
||||
* 500: OCM not supported
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/ocm-provider/')]
|
||||
public function discovery(): DataResponse {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,9 @@ use OC\CapabilitiesManager;
|
|||
use OC\Security\IdentityProof\Manager;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserManager;
|
||||
|
|
@ -27,9 +29,7 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
|||
parent::__construct($appName, $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[ApiRoute(verb: 'GET', url: '/config', root: '')]
|
||||
public function getConfig(): DataResponse {
|
||||
|
|
@ -45,14 +45,13 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*
|
||||
* Get the capabilities
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{version: array{major: int, minor: int, micro: int, string: string, edition: '', extendedSupport: bool}, capabilities: array<string, mixed>}, array{}>
|
||||
*
|
||||
* 200: Capabilities returned
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[ApiRoute(verb: 'GET', url: '/capabilities', root: '/cloud')]
|
||||
public function getCapabilities(): DataResponse {
|
||||
$result = [];
|
||||
|
|
@ -77,10 +76,8 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
|||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @BruteForceProtection(action=login)
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[BruteForceProtection('login')]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[ApiRoute(verb: 'POST', url: '/check', root: '/person')]
|
||||
public function personCheck(string $login = '', string $password = ''): DataResponse {
|
||||
|
|
@ -100,9 +97,7 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
|||
return new DataResponse([], 101);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
#[ApiRoute(verb: 'GET', url: '/key/{cloudId}', root: '/identityproof')]
|
||||
public function getIdentityProof(string $cloudId): DataResponse {
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ use OCA\Files_Sharing\SharedStorage;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\Http\FileDisplayResponse;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -36,9 +38,6 @@ class PreviewController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get a preview by file path
|
||||
*
|
||||
* @param string $file Path of the file
|
||||
|
|
@ -56,6 +55,8 @@ class PreviewController extends Controller {
|
|||
* 403: Getting preview is not allowed
|
||||
* 404: Preview not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/preview.png')]
|
||||
public function getPreview(
|
||||
string $file = '',
|
||||
|
|
@ -80,9 +81,6 @@ class PreviewController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get a preview by file ID
|
||||
*
|
||||
* @param int $fileId ID of the file
|
||||
|
|
@ -100,6 +98,8 @@ class PreviewController extends Controller {
|
|||
* 403: Getting preview is not allowed
|
||||
* 404: Preview not found
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/preview')]
|
||||
public function getPreviewByFileId(
|
||||
int $fileId = -1,
|
||||
|
|
|
|||
|
|
@ -13,6 +13,9 @@ use OC\Core\Db\ProfileConfigMapper;
|
|||
use OC\Profile\ProfileManager;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
|
||||
use OCP\AppFramework\Http\Attribute\UserRateLimit;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCS\OCSBadRequestException;
|
||||
use OCP\AppFramework\OCS\OCSForbiddenException;
|
||||
|
|
@ -34,10 +37,7 @@ class ProfileApiController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoSubAdminRequired
|
||||
* @PasswordConfirmationRequired
|
||||
* @UserRateThrottle(limit=40, period=600)
|
||||
*
|
||||
* Update the visibility of a parameter
|
||||
*
|
||||
|
|
@ -51,6 +51,9 @@ class ProfileApiController extends OCSController {
|
|||
*
|
||||
* 200: Visibility updated successfully
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[PasswordConfirmationRequired]
|
||||
#[UserRateLimit(40, 600)]
|
||||
#[ApiRoute(verb: 'PUT', url: '/{targetUserId}', root: '/profile')]
|
||||
public function setVisibility(string $targetUserId, string $paramId, string $visibility): DataResponse {
|
||||
$requestingUser = $this->userSession->getUser();
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ use OCP\AppFramework\Controller;
|
|||
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
|
||||
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UserRateLimit;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Services\IInitialState;
|
||||
|
|
@ -44,12 +46,8 @@ class ProfilePageController extends Controller {
|
|||
parent::__construct($appName, $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @NoAdminRequired
|
||||
* @NoSubAdminRequired
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')]
|
||||
#[BruteForceProtection(action: 'user')]
|
||||
#[UserRateLimit(limit: 30, period: 120)]
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ namespace OC\Core\Controller;
|
|||
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\StandaloneTemplateResponse;
|
||||
|
|
@ -28,9 +29,9 @@ class RecommendedAppsController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @return Response
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/apps/recommended')]
|
||||
public function index(): Response {
|
||||
$defaultPageUrl = $this->urlGenerator->linkToDefaultPageUrl();
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ use OC\Core\ResponseDefinitions;
|
|||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\Collaboration\Reference\IDiscoverableReferenceProvider;
|
||||
use OCP\Collaboration\Reference\IReferenceManager;
|
||||
|
|
@ -35,8 +37,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Extract references from a text
|
||||
*
|
||||
* @param string $text Text to extract from
|
||||
|
|
@ -46,6 +46,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: References returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/extract', root: '/references')]
|
||||
public function extract(string $text, bool $resolve = false, int $limit = 1): DataResponse {
|
||||
$references = $this->referenceManager->extractReferences($text);
|
||||
|
|
@ -66,8 +67,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*
|
||||
* Extract references from a text
|
||||
*
|
||||
* @param string $text Text to extract from
|
||||
|
|
@ -79,6 +78,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
* 200: References returned
|
||||
*/
|
||||
#[ApiRoute(verb: 'POST', url: '/extractPublic', root: '/references')]
|
||||
#[PublicPage]
|
||||
#[AnonRateLimit(limit: 10, period: 120)]
|
||||
public function extractPublic(string $text, string $sharingToken, bool $resolve = false, int $limit = 1): DataResponse {
|
||||
$references = $this->referenceManager->extractReferences($text);
|
||||
|
|
@ -99,8 +99,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Resolve a reference
|
||||
*
|
||||
* @param string $reference Reference to resolve
|
||||
|
|
@ -108,6 +106,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: Reference returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/resolve', root: '/references')]
|
||||
public function resolveOne(string $reference): DataResponse {
|
||||
/** @var ?CoreReference $resolvedReference */
|
||||
|
|
@ -119,8 +118,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*
|
||||
* Resolve from a public page
|
||||
*
|
||||
* @param string $reference Reference to resolve
|
||||
|
|
@ -130,6 +127,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
* 200: Reference returned
|
||||
*/
|
||||
#[ApiRoute(verb: 'GET', url: '/resolvePublic', root: '/references')]
|
||||
#[PublicPage]
|
||||
#[AnonRateLimit(limit: 10, period: 120)]
|
||||
public function resolveOnePublic(string $reference, string $sharingToken): DataResponse {
|
||||
/** @var ?CoreReference $resolvedReference */
|
||||
|
|
@ -141,8 +139,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Resolve multiple references
|
||||
*
|
||||
* @param string[] $references References to resolve
|
||||
|
|
@ -151,6 +147,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: References returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/resolve', root: '/references')]
|
||||
public function resolve(array $references, int $limit = 1): DataResponse {
|
||||
$result = [];
|
||||
|
|
@ -169,8 +166,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*
|
||||
* Resolve multiple references from a public page
|
||||
*
|
||||
* @param string[] $references References to resolve
|
||||
|
|
@ -181,6 +176,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
* 200: References returned
|
||||
*/
|
||||
#[ApiRoute(verb: 'POST', url: '/resolvePublic', root: '/references')]
|
||||
#[PublicPage]
|
||||
#[AnonRateLimit(limit: 10, period: 120)]
|
||||
public function resolvePublic(array $references, string $sharingToken, int $limit = 1): DataResponse {
|
||||
$result = [];
|
||||
|
|
@ -199,14 +195,13 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Get the providers
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, CoreReferenceProvider[], array{}>
|
||||
*
|
||||
* 200: Providers returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/providers', root: '/references')]
|
||||
public function getProvidersInfo(): DataResponse {
|
||||
$providers = $this->referenceManager->getDiscoverableProviders();
|
||||
|
|
@ -217,8 +212,6 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Touch a provider
|
||||
*
|
||||
* @param string $providerId ID of the provider
|
||||
|
|
@ -227,6 +220,7 @@ class ReferenceApiController extends \OCP\AppFramework\OCSController {
|
|||
*
|
||||
* 200: Provider touched
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'PUT', url: '/provider/{providerId}', root: '/references')]
|
||||
public function touchProvider(string $providerId, ?int $timestamp = null): DataResponse {
|
||||
if ($this->userId !== null) {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ namespace OC\Core\Controller;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\DataDownloadResponse;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\Collaboration\Reference\IReferenceManager;
|
||||
|
|
@ -30,9 +32,6 @@ class ReferenceController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get a preview for a reference
|
||||
*
|
||||
* @param string $referenceId the reference cache key
|
||||
|
|
@ -41,6 +40,8 @@ class ReferenceController extends Controller {
|
|||
* 200: Preview returned
|
||||
* 404: Reference not found
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/references/preview/{referenceId}')]
|
||||
public function preview(string $referenceId): DataDownloadResponse|DataResponse {
|
||||
$reference = $this->referenceManager->getReferenceByCacheKey($referenceId);
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ namespace OC\Core\Controller;
|
|||
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISearch;
|
||||
|
|
@ -26,9 +27,7 @@ class SearchController extends Controller {
|
|||
parent::__construct($appName, $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/core/search')]
|
||||
public function search(string $query, array $inApps = [], int $page = 1, int $size = 30): JSONResponse {
|
||||
$results = $this->searcher->searchPaged($query, $inApps, $page, $size);
|
||||
|
|
|
|||
|
|
@ -12,7 +12,10 @@ namespace OC\Core\Controller;
|
|||
|
||||
use InvalidArgumentException;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UserRateLimit;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\IL10N;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -31,14 +34,13 @@ class TranslationApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*
|
||||
* Get the list of supported languages
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{languages: array{from: string, fromLabel: string, to: string, toLabel: string}[], languageDetection: bool}, array{}>
|
||||
*
|
||||
* 200: Supported languages returned
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[ApiRoute(verb: 'GET', url: '/languages', root: '/translation')]
|
||||
public function languages(): DataResponse {
|
||||
return new DataResponse([
|
||||
|
|
@ -48,10 +50,6 @@ class TranslationApiController extends \OCP\AppFramework\OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @UserRateThrottle(limit=25, period=120)
|
||||
* @AnonRateThrottle(limit=10, period=120)
|
||||
*
|
||||
* Translate a text
|
||||
*
|
||||
* @param string $text Text to be translated
|
||||
|
|
@ -63,6 +61,9 @@ class TranslationApiController extends \OCP\AppFramework\OCSController {
|
|||
* 400: Language not detected or unable to translate
|
||||
* 412: Translating is not possible
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[UserRateLimit(25, 120)]
|
||||
#[AnonRateLimit(10, 120)]
|
||||
#[ApiRoute(verb: 'POST', url: '/translate', root: '/translation')]
|
||||
public function translate(string $text, ?string $fromLanguage, string $toLanguage): DataResponse {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ use OC\Authentication\TwoFactorAuth\Manager;
|
|||
use OC_User;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
|
|
@ -64,13 +66,13 @@ class TwoFactorChallengeController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @TwoFactorSetUpDoneRequired
|
||||
*
|
||||
* @param string $redirect_url
|
||||
* @return StandaloneTemplateResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
|
||||
public function selectChallenge($redirect_url) {
|
||||
$user = $this->userSession->getUser();
|
||||
|
|
@ -91,14 +93,14 @@ class TwoFactorChallengeController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @TwoFactorSetUpDoneRequired
|
||||
*
|
||||
* @param string $challengeProviderId
|
||||
* @param string $redirect_url
|
||||
* @return StandaloneTemplateResponse|RedirectResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
|
||||
public function showChallenge($challengeProviderId, $redirect_url) {
|
||||
|
|
@ -143,8 +145,6 @@ class TwoFactorChallengeController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @TwoFactorSetUpDoneRequired
|
||||
*
|
||||
* @UserRateThrottle(limit=5, period=100)
|
||||
|
|
@ -154,6 +154,8 @@ class TwoFactorChallengeController extends Controller {
|
|||
* @param string $redirect_url
|
||||
* @return RedirectResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/login/challenge/{challengeProviderId}')]
|
||||
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
|
||||
|
|
@ -189,10 +191,8 @@ class TwoFactorChallengeController extends Controller {
|
|||
]));
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
|
||||
public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
|
||||
$user = $this->userSession->getUser();
|
||||
|
|
@ -207,10 +207,8 @@ class TwoFactorChallengeController extends Controller {
|
|||
return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
|
||||
public function setupProvider(string $providerId, ?string $redirect_url = null) {
|
||||
$user = $this->userSession->getUser();
|
||||
|
|
@ -241,11 +239,10 @@ class TwoFactorChallengeController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
|
||||
public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute(
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@ use OC\Search\SearchQuery;
|
|||
use OC\Search\UnsupportedFilter;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -40,9 +42,6 @@ class UnifiedSearchController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Get the providers for unified search
|
||||
*
|
||||
* @param string $from the url the user is currently at
|
||||
|
|
@ -50,6 +49,8 @@ class UnifiedSearchController extends OCSController {
|
|||
*
|
||||
* 200: Providers returned
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/providers', root: '/search')]
|
||||
public function getProviders(string $from = ''): DataResponse {
|
||||
[$route, $parameters] = $this->getRouteInformation($from);
|
||||
|
|
@ -61,9 +62,6 @@ class UnifiedSearchController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Launch a search for a specific search provider.
|
||||
*
|
||||
* Additional filters are available for each provider.
|
||||
|
|
@ -81,6 +79,8 @@ class UnifiedSearchController extends OCSController {
|
|||
* 200: Search entries returned
|
||||
* 400: Searching is not possible
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/providers/{providerId}/search', root: '/search')]
|
||||
public function search(
|
||||
string $providerId,
|
||||
|
|
|
|||
|
|
@ -11,7 +11,9 @@ namespace OC\Core\Controller;
|
|||
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -24,11 +26,10 @@ class UnsupportedBrowserController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: 'unsupported')]
|
||||
public function index(): Response {
|
||||
Util::addScript('core', 'unsupported-browser');
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace OC\Core\Controller;
|
|||
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserManager;
|
||||
|
|
@ -25,12 +26,11 @@ class UserController extends Controller {
|
|||
/**
|
||||
* Lookup user display names
|
||||
*
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @param array $users
|
||||
*
|
||||
* @return JSONResponse
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/displaynames')]
|
||||
public function getDisplayNames($users) {
|
||||
$result = [];
|
||||
|
|
|
|||
|
|
@ -8,15 +8,15 @@ namespace OC\Core\Controller;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
|
||||
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
|
||||
class WalledGardenController extends Controller {
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '/204')]
|
||||
public function get(): Response {
|
||||
$resp = new Response();
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ use OC\URLGenerator;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Attribute\UseSession;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -39,10 +40,7 @@ class WebAuthnController extends Controller {
|
|||
parent::__construct($appName, $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'POST', url: 'login/webauthn/start')]
|
||||
public function startAuthentication(string $loginName): JSONResponse {
|
||||
|
|
@ -64,10 +62,7 @@ class WebAuthnController extends Controller {
|
|||
return new JSONResponse($publicKeyCredentialRequestOptions);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @PublicPage
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[UseSession]
|
||||
#[FrontpageRoute(verb: 'POST', url: 'login/webauthn/finish')]
|
||||
public function finishAuthentication(string $data): JSONResponse {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ use OC\Http\WellKnown\RequestManager;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\OpenAPI;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -27,11 +29,10 @@ class WellKnownController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[FrontpageRoute(verb: 'GET', url: '.well-known/{service}')]
|
||||
public function handle(string $service): Response {
|
||||
$response = $this->requestManager->process(
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use OC\Updater\ChangesCheck;
|
|||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\ApiRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\Defaults;
|
||||
use OCP\IConfig;
|
||||
|
|
@ -36,8 +37,6 @@ class WhatsNewController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Get the changes
|
||||
*
|
||||
* @return DataResponse<Http::STATUS_OK, array{changelogURL: string, product: string, version: string, whatsNew?: array{regular: string[], admin: string[]}}, array{}>|DataResponse<Http::STATUS_NO_CONTENT, array<empty>, array{}>
|
||||
|
|
@ -45,6 +44,7 @@ class WhatsNewController extends OCSController {
|
|||
* 200: Changes returned
|
||||
* 204: No changes
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'GET', url: '/whatsnew', root: '/core')]
|
||||
public function get():DataResponse {
|
||||
$user = $this->userSession->getUser();
|
||||
|
|
@ -81,8 +81,6 @@ class WhatsNewController extends OCSController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* Dismiss the changes
|
||||
*
|
||||
* @param string $version Version to dismiss the changes for
|
||||
|
|
@ -93,6 +91,7 @@ class WhatsNewController extends OCSController {
|
|||
*
|
||||
* 200: Changes dismissed
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[ApiRoute(verb: 'POST', url: '/whatsnew', root: '/core')]
|
||||
public function dismiss(string $version):DataResponse {
|
||||
$user = $this->userSession->getUser();
|
||||
|
|
|
|||
|
|
@ -11,7 +11,10 @@ namespace OC\Core\Controller;
|
|||
use OC\Authentication\Token\RemoteWipe;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
|
||||
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\IRequest;
|
||||
|
|
@ -26,12 +29,6 @@ class WipeController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* @AnonRateThrottle(limit=10, period=300)
|
||||
*
|
||||
* Check if the device should be wiped
|
||||
*
|
||||
* @param string $token App password
|
||||
|
|
@ -41,6 +38,9 @@ class WipeController extends Controller {
|
|||
* 200: Device should be wiped
|
||||
* 404: Device should not be wiped
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[AnonRateLimit(10, 300)]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
|
||||
public function checkWipe(string $token): JSONResponse {
|
||||
try {
|
||||
|
|
@ -58,12 +58,6 @@ class WipeController extends Controller {
|
|||
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
*
|
||||
* @AnonRateThrottle(limit=10, period=300)
|
||||
*
|
||||
* Finish the wipe
|
||||
*
|
||||
* @param string $token App password
|
||||
|
|
@ -73,6 +67,9 @@ class WipeController extends Controller {
|
|||
* 200: Wipe finished successfully
|
||||
* 404: Device should not be wiped
|
||||
*/
|
||||
#[PublicPage]
|
||||
#[NoCSRFRequired]
|
||||
#[AnonRateLimit(10, 300)]
|
||||
#[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
|
||||
public function wipeDone(string $token): JSONResponse {
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ namespace OCA\TestApp\Controller;
|
|||
|
||||
use OCA\TestApp\AppInfo\Application;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IRequest;
|
||||
|
||||
|
|
@ -17,10 +19,8 @@ class PageController extends Controller {
|
|||
parent::__construct(Application::APP_ID, $request);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
#[NoAdminRequired]
|
||||
#[NoCSRFRequired]
|
||||
public function index(): TemplateResponse {
|
||||
return new TemplateResponse(Application::APP_ID, 'main');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
*/
|
||||
namespace OCP\AppFramework;
|
||||
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
|
||||
use OCP\AppFramework\Http\Attribute\PublicPage;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
|
|
@ -51,13 +52,11 @@ abstract class ApiController extends Controller {
|
|||
* This method implements a preflighted cors response for you that you can
|
||||
* link to for the options request
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
* @since 7.0.0
|
||||
*/
|
||||
#[NoCSRFRequired]
|
||||
#[PublicPage]
|
||||
#[NoAdminRequired]
|
||||
public function preflightedCors() {
|
||||
if (isset($this->request->server['HTTP_ORIGIN'])) {
|
||||
$origin = $this->request->server['HTTP_ORIGIN'];
|
||||
|
|
|
|||
|
|
@ -46,9 +46,6 @@ abstract class AuthPublicShareController extends PublicShareController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* Show the authentication page
|
||||
* The form has to submit to the authenticate method route
|
||||
*
|
||||
|
|
@ -125,10 +122,6 @@ abstract class AuthPublicShareController extends PublicShareController {
|
|||
}
|
||||
|
||||
/**
|
||||
* @UseSession
|
||||
* @PublicPage
|
||||
* @BruteForceProtection(action=publicLinkAuth)
|
||||
*
|
||||
* Authenticate the share
|
||||
*
|
||||
* @since 14.0.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue