fix(core): Document CSRF token endpoint

Signed-off-by: provokateurin <kate@provokateurin.de>

diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php
index 9a87fe51c47547e2ca546b6db286d7d7d823ade6..c4e7b81279ffb8fd4f695ef0ee05ad37036667ac 100644 (file)
--- a/core/Controller/CSRFTokenController.php
+++ b/core/Controller/CSRFTokenController.php
@@ -12,11 +12,9 @@ use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\FrontpageRoute;
-use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IRequest;
 
-#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
 class CSRFTokenController extends Controller {
        public function __construct(
                string $appName,
@@ -27,9 +25,16 @@ class CSRFTokenController extends Controller {
        }
 
        /**
+        * Returns a new CSRF token.
+        *
         * @NoAdminRequired
         * @NoCSRFRequired
         * @PublicPage
+        *
+        * @return JSONResponse<Http::STATUS_OK, array{token: string}, array{}>|JSONResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
+        *
+        * 200: CSRF token returned
+        * 403: Strict cookie check failed
         */
        #[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
        public function index(): JSONResponse {

diff --git a/core/openapi-full.json b/core/openapi-full.json
index e52b62d6fa60d4552d7f3d377f07aaf5e6d3d1fb..dbeb48dbe354aeda764518fe3722c886546cf508 100644 (file)
--- a/core/openapi-full.json
+++ b/core/openapi-full.json
@@ -7731,6 +7731,52 @@
                 }
             }
         },
+        "/index.php/csrftoken": {
+            "get": {
+                "operationId": "csrf_token-index",
+                "summary": "Returns a new CSRF token.",
+                "tags": [
+                    "csrf_token"
+                ],
+                "security": [
+                    {},
+                    {
+                        "bearer_auth": []
+                    },
+                    {
+                        "basic_auth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "CSRF token returned",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "required": [
+                                        "token"
+                                    ],
+                                    "properties": {
+                                        "token": {
+                                            "type": "string"
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    },
+                    "403": {
+                        "description": "Strict cookie check failed",
+                        "content": {
+                            "application/json": {
+                                "schema": {}
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/index.php/login/v2/poll": {
             "post": {
                 "operationId": "client_flow_login_v2-poll",

diff --git a/core/openapi.json b/core/openapi.json
index d597796f94e24e3e9dc15aa160373b21d1082c52..abe21707db3cc74fa5560f8fbbde1fa89323826f 100644 (file)
--- a/core/openapi.json
+++ b/core/openapi.json
@@ -7731,6 +7731,52 @@
                 }
             }
         },
+        "/index.php/csrftoken": {
+            "get": {
+                "operationId": "csrf_token-index",
+                "summary": "Returns a new CSRF token.",
+                "tags": [
+                    "csrf_token"
+                ],
+                "security": [
+                    {},
+                    {
+                        "bearer_auth": []
+                    },
+                    {
+                        "basic_auth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "CSRF token returned",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "required": [
+                                        "token"
+                                    ],
+                                    "properties": {
+                                        "token": {
+                                            "type": "string"
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    },
+                    "403": {
+                        "description": "Strict cookie check failed",
+                        "content": {
+                            "application/json": {
+                                "schema": {}
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/index.php/login/v2/poll": {
             "post": {
                 "operationId": "client_flow_login_v2-poll",