use OC\User\Session;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSForbiddenException;
}
/**
- * @NoAdminRequired
- * @PasswordConfirmationRequired
- *
* Create app password
*
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
*
* 200: App password returned
*/
+ #[NoAdminRequired]
+ #[PasswordConfirmationRequired]
#[ApiRoute(verb: 'GET', url: '/getapppassword', root: '/core')]
public function getAppPassword(): DataResponse {
// We do not allow the creation of new tokens if this is an app password
}
/**
- * @NoAdminRequired
- *
* Delete app password
*
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
*
* 200: App password deleted successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'DELETE', url: '/apppassword', root: '/core')]
public function deleteAppPassword(): DataResponse {
if (!$this->session->exists('app_password')) {
}
/**
- * @NoAdminRequired
- *
* Rotate app password
*
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
*
* 200: App password returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/apppassword/rotate', root: '/core')]
public function rotateAppPassword(): DataResponse {
if (!$this->session->exists('app_password')) {
/**
* Confirm the user password
*
- * @NoAdminRequired
- * @BruteForceProtection(action=sudo)
- *
* @param string $password The password of the user
*
* @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
* 200: Password confirmation succeeded
* 403: Password confirmation failed
*/
+ #[NoAdminRequired]
+ #[BruteForceProtection('sudo')]
#[UseSession]
#[ApiRoute(verb: 'PUT', url: '/apppassword/confirm', root: '/core')]
public function confirmUserPassword(string $password): DataResponse {
use OC\Core\ResponseDefinitions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\Collaboration\AutoComplete\AutoCompleteEvent;
}
/**
- * @NoAdminRequired
- *
* Autocomplete a query
*
* @param string $search Text to search for
*
* 200: Autocomplete results returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/autocomplete/get', root: '/core')]
public function get(string $search, ?string $itemType, ?string $itemId, ?string $sorter = null, array $shareTypes = [IShare::TYPE_USER], int $limit = 10): DataResponse {
// if enumeration/user listings are disabled, we'll receive an empty
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Http\JSONResponse;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
- * @PublicPage
*
* Get the dark avatar
*
* 201: Avatar returned
* 404: Avatar not found
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
#[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}/dark')]
public function getAvatarDark(string $userId, int $size, bool $guestFallback = false) {
if ($size <= 64) {
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
- * @PublicPage
*
* Get the avatar
*
* 201: Avatar returned
* 404: Avatar not found
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
#[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}')]
public function getAvatar(string $userId, int $size, bool $guestFallback = false) {
if ($size <= 64) {
return $response;
}
- /**
- * @NoAdminRequired
- */
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'POST', url: '/avatar/')]
public function postAvatar(?string $path = null): JSONResponse {
$files = $this->request->getUploadedFile('files');
}
}
- /**
- * @NoAdminRequired
- */
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'DELETE', url: '/avatar/')]
public function deleteAvatar(): JSONResponse {
try {
}
/**
- * @NoAdminRequired
- *
* @return JSONResponse|DataDisplayResponse
*/
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'GET', url: '/avatar/tmp')]
public function getTmpAvatar() {
$tmpAvatar = $this->cache->get('tmpAvatar');
return $resp;
}
- /**
- * @NoAdminRequired
- */
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'POST', url: '/avatar/cropped')]
public function postCroppedAvatar(?array $crop = null): JSONResponse {
if (is_null($crop)) {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
/**
* Returns a new CSRF token.
*
- * @NoAdminRequired
- * @NoCSRFRequired
- * @PublicPage
- *
* @return JSONResponse<Http::STATUS_OK, array{token: string}, array{}>|JSONResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
*
* 200: CSRF token returned
* 403: Strict cookie check failed
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
public function index(): JSONResponse {
if (!$this->request->passesStrictCookieCheck()) {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse;
return $response;
}
- /**
- * @PublicPage
- * @NoCSRFRequired
- */
+ #[PublicPage]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/flow')]
public function showAuthPickerPage(string $clientIdentifier = '', string $user = '', int $direct = 0): StandaloneTemplateResponse {
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/flow/grant')]
public function grantPage(string $stateToken = '',
}
/**
- * @NoAdminRequired
- *
* @return Http\RedirectResponse|Response
*/
+ #[NoAdminRequired]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: '/login/flow')]
public function generateAppPassword(string $stateToken,
return new Http\RedirectResponse($redirectUri);
}
- /**
- * @PublicPage
- */
+ #[PublicPage]
#[FrontpageRoute(verb: 'POST', url: '/login/flow/apptoken')]
public function apptokenRedirect(string $stateToken, string $user, string $password): Response {
if (!$this->isValidToken($stateToken)) {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\RedirectResponse;
}
/**
- * @NoCSRFRequired
- * @PublicPage
- *
* Poll the login flow credentials
*
* @param string $token Token of the flow
* 200: Login flow credentials returned
* 404: Login flow not found or completed
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
#[FrontpageRoute(verb: 'POST', url: '/login/v2/poll')]
public function poll(string $token): JSONResponse {
try {
return new JSONResponse($creds->jsonSerialize());
}
- /**
- * @NoCSRFRequired
- * @PublicPage
- */
+ #[NoCSRFRequired]
+ #[PublicPage]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/v2/flow/{token}')]
);
}
- /**
- * @NoCSRFRequired
- * @PublicPage
- */
+ #[NoCSRFRequired]
+ #[PublicPage]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/v2/flow')]
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/v2/grant')]
);
}
- /**
- * @PublicPage
- */
+ #[PublicPage]
#[FrontpageRoute(verb: 'POST', url: '/login/v2/apptoken')]
public function apptokenRedirect(?string $stateToken, string $user, string $password) {
if ($stateToken === null) {
return $this->handleFlowDone($result);
}
- /**
- * @NoAdminRequired
- */
+ #[NoAdminRequired]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: '/login/v2/grant')]
public function generateAppPassword(?string $stateToken): Response {
}
/**
- * @NoCSRFRequired
- * @PublicPage
- *
* Init a login flow
*
* @return JSONResponse<Http::STATUS_OK, CoreLoginFlowV2, array{}>
*
* 200: Login flow init returned
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
#[FrontpageRoute(verb: 'POST', url: '/login/v2')]
public function init(): JSONResponse {
// Get client user agent
use OC\Core\ResponseDefinitions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\Collaboration\Resources\CollectionException;
}
/**
- * @NoAdminRequired
- *
* Get a collection
*
* @param int $collectionId ID of the collection
* 200: Collection returned
* 404: Collection not found
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/resources/collections/{collectionId}', root: '/collaboration')]
public function listCollection(int $collectionId): DataResponse {
try {
}
/**
- * @NoAdminRequired
- *
* Search for collections
*
* @param string $filter Filter collections
* 200: Collections returned
* 404: Collection not found
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/resources/collections/search/{filter}', root: '/collaboration')]
public function searchCollections(string $filter): DataResponse {
try {
}
/**
- * @NoAdminRequired
- *
* Add a resource to a collection
*
* @param int $collectionId ID of the collection
* 200: Collection returned
* 404: Collection not found or resource inaccessible
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/resources/collections/{collectionId}', root: '/collaboration')]
public function addResource(int $collectionId, string $resourceType, string $resourceId): DataResponse {
try {
}
/**
- * @NoAdminRequired
- *
* Remove a resource from a collection
*
* @param int $collectionId ID of the collection
* 200: Collection returned
* 404: Collection or resource not found
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'DELETE', url: '/resources/collections/{collectionId}', root: '/collaboration')]
public function removeResource(int $collectionId, string $resourceType, string $resourceId): DataResponse {
try {
}
/**
- * @NoAdminRequired
- *
* Get collections by resource
*
* @param string $resourceType Type of the resource
* 200: Collections returned
* 404: Resource not accessible
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/resources/{resourceType}/{resourceId}', root: '/collaboration')]
public function getCollectionsByResource(string $resourceType, string $resourceId): DataResponse {
try {
}
/**
- * @NoAdminRequired
- *
* Create a collection for a resource
*
* @param string $baseResourceType Type of the base resource
* 400: Creating collection is not possible
* 404: Resource inaccessible
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/resources/{baseResourceType}/{baseResourceId}', root: '/collaboration')]
public function createCollectionOnResource(string $baseResourceType, string $baseResourceId, string $name): DataResponse {
if (!isset($name[0]) || isset($name[64])) {
}
/**
- * @NoAdminRequired
- *
* Rename a collection
*
* @param int $collectionId ID of the collection
* 200: Collection returned
* 404: Collection not found
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/resources/collections/{collectionId}', root: '/collaboration')]
public function renameCollection(int $collectionId, string $collectionName): DataResponse {
try {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
use OCP\IUserSession;
}
/**
- * @NoAdminRequired
- *
* @return \JsonSerializable[]
* @throws Exception
*/
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'POST', url: '/contactsmenu/contacts')]
public function index(?string $filter = null): array {
return $this->manager->getEntries($this->userSession->getUser(), $filter);
}
/**
- * @NoAdminRequired
- *
* @return JSONResponse|\JsonSerializable
* @throws Exception
*/
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'POST', url: '/contactsmenu/findOne')]
public function findOne(int $shareType, string $shareWith) {
$contact = $this->manager->findOne($this->userSession->getUser(), $shareType, $shareWith);
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\Response;
}
/**
- * @PublicPage
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
*
* @param string $fileName css filename with extension
* @param string $appName css folder name
* @return FileDisplayResponse|NotFoundResponse
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/css/{appName}/{fileName}')]
public function getCss(string $fileName, string $appName): Response {
try {
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\TemplateResponse;
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
class ErrorController extends \OCP\AppFramework\Controller {
- /**
- * @PublicPage
- * @NoCSRFRequired
- */
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'error/403')]
public function error403(): TemplateResponse {
$response = new TemplateResponse(
return $response;
}
- /**
- * @PublicPage
- * @NoCSRFRequired
- */
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'error/404')]
public function error404(): TemplateResponse {
$response = new TemplateResponse(
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Http\Response;
use OCP\IAvatarManager;
/**
* Returns a guest avatar image response
*
- * @PublicPage
- * @NoCSRFRequired
- *
* @param string $guestName The guest name, e.g. "Albert"
* @param string $size The desired avatar size, e.g. 64 for 64x64px
* @param bool|null $darkTheme Return dark avatar
* 200: Custom avatar returned
* 201: Avatar returned
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/avatar/guest/{guestName}/{size}')]
public function getAvatar(string $guestName, string $size, ?bool $darkTheme = false) {
$size = (int) $size;
/**
* Returns a dark guest avatar image response
*
- * @PublicPage
- * @NoCSRFRequired
- *
* @param string $guestName The guest name, e.g. "Albert"
* @param string $size The desired avatar size, e.g. 64 for 64x64px
* @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}>
* 200: Custom avatar returned
* 201: Avatar returned
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/avatar/guest/{guestName}/{size}/dark')]
public function getAvatarDark(string $guestName, string $size) {
return $this->getAvatar($guestName, $size, true);
use OC\Core\ResponseDefinitions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
use OCP\IUserSession;
}
/**
- * @NoAdminRequired
- *
* Get the account details for a hovercard
*
* @param string $userId ID of the user
* 200: Account details returned
* 404: Account not found
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/v1/{userId}', root: '/hovercard')]
public function getUser(string $userId): DataResponse {
$contact = $this->manager->findOne($this->userSession->getUser(), IShare::TYPE_USER, $userId);
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\Response;
}
/**
- * @PublicPage
- * @NoCSRFRequired
* @NoSameSiteCookieRequired
*
* @param string $fileName js filename with extension
* @param string $appName js folder name
* @return FileDisplayResponse|NotFoundResponse
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/js/{appName}/{fileName}')]
public function getJs(string $fileName, string $appName): Response {
try {
use OCP\App\IAppManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\RedirectResponse;
}
/**
- * @NoAdminRequired
- *
* @return RedirectResponse
*/
+ #[NoAdminRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/logout')]
public function logout() {
}
/**
- * @PublicPage
- * @NoCSRFRequired
- *
* @param string $user
* @param string $redirect_url
*
* @return TemplateResponse|RedirectResponse
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
#[UseSession]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[FrontpageRoute(verb: 'GET', url: '/login')]
}
/**
- * @PublicPage
- * @NoCSRFRequired
- * @BruteForceProtection(action=login)
- *
* @return RedirectResponse
*/
+ #[NoCSRFRequired]
+ #[PublicPage]
+ #[BruteForceProtection('login')]
#[UseSession]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[FrontpageRoute(verb: 'POST', url: '/login')]
/**
* Confirm the user password
*
- * @NoAdminRequired
- * @BruteForceProtection(action=sudo)
- *
* @license GNU AGPL version 3 or any later version
*
* @param string $password The password of the user
* 200: Password confirmation succeeded
* 403: Password confirmation failed
*/
+ #[NoAdminRequired]
+ #[BruteForceProtection('sudo')]
#[UseSession]
#[NoCSRFRequired]
#[FrontpageRoute(verb: 'POST', url: '/login/confirm')]
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
/**
* Someone wants to reset their password:
- *
- * @PublicPage
- * @NoCSRFRequired
- * @BruteForceProtection(action=passwordResetEmail)
- * @AnonRateThrottle(limit=10, period=300)
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
+ #[BruteForceProtection('passwordResetEmail')]
+ #[AnonRateLimit(10, 300)]
#[FrontpageRoute(verb: 'GET', url: '/lostpassword/reset/form/{token}/{userId}')]
public function resetform(string $token, string $userId): TemplateResponse {
try {
return array_merge($data, ['status' => 'success']);
}
- /**
- * @PublicPage
- * @BruteForceProtection(action=passwordResetEmail)
- * @AnonRateThrottle(limit=10, period=300)
- */
+ #[PublicPage]
+ #[BruteForceProtection('passwordResetEmail')]
+ #[AnonRateLimit(10, 300)]
#[FrontpageRoute(verb: 'POST', url: '/lostpassword/email')]
public function email(string $user): JSONResponse {
if ($this->config->getSystemValue('lost_password_link', '') !== '') {
return $response;
}
- /**
- * @PublicPage
- * @BruteForceProtection(action=passwordResetEmail)
- * @AnonRateThrottle(limit=10, period=300)
- */
+ #[PublicPage]
+ #[BruteForceProtection('passwordResetEmail')]
+ #[AnonRateLimit(10, 300)]
#[FrontpageRoute(verb: 'POST', url: '/lostpassword/set/{token}/{userId}')]
public function setPassword(string $token, string $userId, string $password, bool $proceed): JSONResponse {
if ($this->encryptionManager->isEnabled() && !$proceed) {
use OC\Core\ResponseDefinitions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\INavigationManager;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Get the apps navigation
*
* @param bool $absolute Rewrite URLs to absolute ones
* 200: Apps navigation returned
* 304: No apps navigation changed
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[ApiRoute(verb: 'GET', url: '/navigation/apps', root: '/core')]
public function getAppsNavigation(bool $absolute = false): DataResponse {
$navigation = $this->navigationManager->getAll();
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Get the settings navigation
*
* @param bool $absolute Rewrite URLs to absolute ones
* 200: Apps navigation returned
* 304: No apps navigation changed
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[ApiRoute(verb: 'GET', url: '/navigation/settings', root: '/core')]
public function getSettingsNavigation(bool $absolute = false): DataResponse {
$navigation = $this->navigationManager->getAll('settings');
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\Defaults;
use OCP\IConfig;
}
/**
- * @NoCSRFRequired
* @NoTwoFactorRequired
- * @PublicPage
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/js/oc.js')]
public function getConfig(): DataDisplayResponse {
$data = $this->helper->getConfig();
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataResponse;
use OCP\Capabilities\ICapability;
use OCP\IConfig;
* generate a OCMProvider with local data and send it as DataResponse.
* This replaces the old PHP file ocm-provider/index.php
*
- * @PublicPage
- * @NoCSRFRequired
* @psalm-suppress MoreSpecificReturnType
* @psalm-suppress LessSpecificReturnStatement
* @return DataResponse<Http::STATUS_OK, array{enabled: bool, apiVersion: string, endPoint: string, resourceTypes: array{name: string, shareTypes: string[], protocols: array{webdav: string}}[]}, array{X-NEXTCLOUD-OCM-PROVIDERS: true, Content-Type: 'application/json'}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{message: string}, array{}>
* 200: OCM Provider details returned
* 500: OCM not supported
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/ocm-provider/')]
public function discovery(): DataResponse {
try {
use OC\Security\IdentityProof\Manager;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
use OCP\IUserManager;
parent::__construct($appName, $request);
}
- /**
- * @PublicPage
- */
+ #[PublicPage]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[ApiRoute(verb: 'GET', url: '/config', root: '')]
public function getConfig(): DataResponse {
}
/**
- * @PublicPage
- *
* Get the capabilities
*
* @return DataResponse<Http::STATUS_OK, array{version: array{major: int, minor: int, micro: int, string: string, edition: '', extendedSupport: bool}, capabilities: array<string, mixed>}, array{}>
*
* 200: Capabilities returned
*/
+ #[PublicPage]
#[ApiRoute(verb: 'GET', url: '/capabilities', root: '/cloud')]
public function getCapabilities(): DataResponse {
$result = [];
return $response;
}
- /**
- * @PublicPage
- * @BruteForceProtection(action=login)
- */
+ #[PublicPage]
+ #[BruteForceProtection('login')]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[ApiRoute(verb: 'POST', url: '/check', root: '/person')]
public function personCheck(string $login = '', string $password = ''): DataResponse {
return new DataResponse([], 101);
}
- /**
- * @PublicPage
- */
+ #[PublicPage]
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
#[ApiRoute(verb: 'GET', url: '/key/{cloudId}', root: '/identityproof')]
public function getIdentityProof(string $cloudId): DataResponse {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Http\RedirectResponse;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Get a preview by file path
*
* @param string $file Path of the file
* 403: Getting preview is not allowed
* 404: Preview not found
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/preview.png')]
public function getPreview(
string $file = '',
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Get a preview by file ID
*
* @param int $fileId ID of the file
* 403: Getting preview is not allowed
* 404: Preview not found
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/preview')]
public function getPreviewByFileId(
int $fileId = -1,
use OC\Profile\ProfileManager;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSForbiddenException;
}
/**
- * @NoAdminRequired
* @NoSubAdminRequired
- * @PasswordConfirmationRequired
- * @UserRateThrottle(limit=40, period=600)
*
* Update the visibility of a parameter
*
*
* 200: Visibility updated successfully
*/
+ #[NoAdminRequired]
+ #[PasswordConfirmationRequired]
+ #[UserRateLimit(40, 600)]
#[ApiRoute(verb: 'PUT', url: '/{targetUserId}', root: '/profile')]
public function setVisibility(string $targetUserId, string $paramId, string $visibility): DataResponse {
$requestingUser = $this->userSession->getUser();
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
parent::__construct($appName, $request);
}
- /**
- * @PublicPage
- * @NoCSRFRequired
- * @NoAdminRequired
- * @NoSubAdminRequired
- */
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/u/{targetUserId}')]
#[BruteForceProtection(action: 'user')]
#[UserRateLimit(limit: 30, period: 120)]
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse;
}
/**
- * @NoCSRFRequired
* @return Response
*/
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/apps/recommended')]
public function index(): Response {
$defaultPageUrl = $this->urlGenerator->linkToDefaultPageUrl();
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataResponse;
use OCP\Collaboration\Reference\IDiscoverableReferenceProvider;
use OCP\Collaboration\Reference\IReferenceManager;
}
/**
- * @NoAdminRequired
- *
* Extract references from a text
*
* @param string $text Text to extract from
*
* 200: References returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/extract', root: '/references')]
public function extract(string $text, bool $resolve = false, int $limit = 1): DataResponse {
$references = $this->referenceManager->extractReferences($text);
}
/**
- * @PublicPage
- *
* Extract references from a text
*
* @param string $text Text to extract from
* 200: References returned
*/
#[ApiRoute(verb: 'POST', url: '/extractPublic', root: '/references')]
+ #[PublicPage]
#[AnonRateLimit(limit: 10, period: 120)]
public function extractPublic(string $text, string $sharingToken, bool $resolve = false, int $limit = 1): DataResponse {
$references = $this->referenceManager->extractReferences($text);
}
/**
- * @NoAdminRequired
- *
* Resolve a reference
*
* @param string $reference Reference to resolve
*
* 200: Reference returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/resolve', root: '/references')]
public function resolveOne(string $reference): DataResponse {
/** @var ?CoreReference $resolvedReference */
}
/**
- * @PublicPage
- *
* Resolve from a public page
*
* @param string $reference Reference to resolve
* 200: Reference returned
*/
#[ApiRoute(verb: 'GET', url: '/resolvePublic', root: '/references')]
+ #[PublicPage]
#[AnonRateLimit(limit: 10, period: 120)]
public function resolveOnePublic(string $reference, string $sharingToken): DataResponse {
/** @var ?CoreReference $resolvedReference */
}
/**
- * @NoAdminRequired
- *
* Resolve multiple references
*
* @param string[] $references References to resolve
*
* 200: References returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/resolve', root: '/references')]
public function resolve(array $references, int $limit = 1): DataResponse {
$result = [];
}
/**
- * @PublicPage
- *
* Resolve multiple references from a public page
*
* @param string[] $references References to resolve
* 200: References returned
*/
#[ApiRoute(verb: 'POST', url: '/resolvePublic', root: '/references')]
+ #[PublicPage]
#[AnonRateLimit(limit: 10, period: 120)]
public function resolvePublic(array $references, string $sharingToken, int $limit = 1): DataResponse {
$result = [];
}
/**
- * @NoAdminRequired
- *
* Get the providers
*
* @return DataResponse<Http::STATUS_OK, CoreReferenceProvider[], array{}>
*
* 200: Providers returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/providers', root: '/references')]
public function getProvidersInfo(): DataResponse {
$providers = $this->referenceManager->getDiscoverableProviders();
}
/**
- * @NoAdminRequired
- *
* Touch a provider
*
* @param string $providerId ID of the provider
*
* 200: Provider touched
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/provider/{providerId}', root: '/references')]
public function touchProvider(string $providerId, ?int $timestamp = null): DataResponse {
if ($this->userId !== null) {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\DataDownloadResponse;
use OCP\AppFramework\Http\DataResponse;
use OCP\Collaboration\Reference\IReferenceManager;
}
/**
- * @PublicPage
- * @NoCSRFRequired
- *
* Get a preview for a reference
*
* @param string $referenceId the reference cache key
* 200: Preview returned
* 404: Reference not found
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/references/preview/{referenceId}')]
public function preview(string $referenceId): DataDownloadResponse|DataResponse {
$reference = $this->referenceManager->getReferenceByCacheKey($referenceId);
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
use OCP\ISearch;
parent::__construct($appName, $request);
}
- /**
- * @NoAdminRequired
- */
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'GET', url: '/core/search')]
public function search(string $query, array $inApps = [], int $page = 1, int $size = 30): JSONResponse {
$results = $this->searcher->searchPaged($query, $inApps, $page, $size);
use InvalidArgumentException;
use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\PublicPage;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
use OCP\AppFramework\Http\DataResponse;
use OCP\IL10N;
use OCP\IRequest;
}
/**
- * @PublicPage
- *
* Get the list of supported languages
*
* @return DataResponse<Http::STATUS_OK, array{languages: array{from: string, fromLabel: string, to: string, toLabel: string}[], languageDetection: bool}, array{}>
*
* 200: Supported languages returned
*/
+ #[PublicPage]
#[ApiRoute(verb: 'GET', url: '/languages', root: '/translation')]
public function languages(): DataResponse {
return new DataResponse([
}
/**
- * @PublicPage
- * @UserRateThrottle(limit=25, period=120)
- * @AnonRateThrottle(limit=10, period=120)
- *
* Translate a text
*
* @param string $text Text to be translated
* 400: Language not detected or unable to translate
* 412: Translating is not possible
*/
+ #[PublicPage]
+ #[UserRateLimit(25, 120)]
+ #[AnonRateLimit(10, 120)]
#[ApiRoute(verb: 'POST', url: '/translate', root: '/translation')]
public function translate(string $text, ?string $fromLanguage, string $toLanguage): DataResponse {
try {
use OC_User;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $redirect_url
* @return StandaloneTemplateResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
public function selectChallenge($redirect_url) {
$user = $this->userSession->getUser();
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $challengeProviderId
* @param string $redirect_url
* @return StandaloneTemplateResponse|RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
public function showChallenge($challengeProviderId, $redirect_url) {
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @UserRateThrottle(limit=5, period=100)
* @param string $redirect_url
* @return RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: '/login/challenge/{challengeProviderId}')]
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
]));
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
$user = $this->userSession->getUser();
return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
public function setupProvider(string $providerId, ?string $redirect_url = null) {
$user = $this->userSession->getUser();
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
return new RedirectResponse($this->urlGenerator->linkToRoute(
use OC\Search\UnsupportedFilter;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Get the providers for unified search
*
* @param string $from the url the user is currently at
*
* 200: Providers returned
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[ApiRoute(verb: 'GET', url: '/providers', root: '/search')]
public function getProviders(string $from = ''): DataResponse {
[$route, $parameters] = $this->getRouteInformation($from);
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* Launch a search for a specific search provider.
*
* Additional filters are available for each provider.
* 200: Search entries returned
* 400: Searching is not possible
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[ApiRoute(verb: 'GET', url: '/providers/{providerId}/search', root: '/search')]
public function search(
string $providerId,
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IRequest;
}
/**
- * @PublicPage
- * @NoCSRFRequired
- *
* @return Response
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'unsupported')]
public function index(): Response {
Util::addScript('core', 'unsupported-browser');
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
use OCP\IUserManager;
/**
* Lookup user display names
*
- * @NoAdminRequired
- *
* @param array $users
*
* @return JSONResponse
*/
+ #[NoAdminRequired]
#[FrontpageRoute(verb: 'POST', url: '/displaynames')]
public function getDisplayNames($users) {
$result = [];
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Response;
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
class WalledGardenController extends Controller {
- /**
- * @PublicPage
- * @NoCSRFRequired
- */
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/204')]
public function get(): Response {
$resp = new Response();
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
parent::__construct($appName, $request);
}
- /**
- * @NoAdminRequired
- * @PublicPage
- */
+ #[PublicPage]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: 'login/webauthn/start')]
public function startAuthentication(string $loginName): JSONResponse {
return new JSONResponse($publicKeyCredentialRequestOptions);
}
- /**
- * @NoAdminRequired
- * @PublicPage
- */
+ #[PublicPage]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: 'login/webauthn/finish')]
public function finishAuthentication(string $data): JSONResponse {
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\Response;
use OCP\IRequest;
}
/**
- * @PublicPage
- * @NoCSRFRequired
- *
* @return Response
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '.well-known/{service}')]
public function handle(string $service): Response {
$response = $this->requestManager->process(
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\Defaults;
use OCP\IConfig;
}
/**
- * @NoAdminRequired
- *
* Get the changes
*
* @return DataResponse<Http::STATUS_OK, array{changelogURL: string, product: string, version: string, whatsNew?: array{regular: string[], admin: string[]}}, array{}>|DataResponse<Http::STATUS_NO_CONTENT, array<empty>, array{}>
* 200: Changes returned
* 204: No changes
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/whatsnew', root: '/core')]
public function get():DataResponse {
$user = $this->userSession->getUser();
}
/**
- * @NoAdminRequired
- *
* Dismiss the changes
*
* @param string $version Version to dismiss the changes for
*
* 200: Changes dismissed
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/whatsnew', root: '/core')]
public function dismiss(string $version):DataResponse {
$user = $this->userSession->getUser();
use OC\Authentication\Token\RemoteWipe;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IRequest;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- * @PublicPage
- *
- * @AnonRateThrottle(limit=10, period=300)
- *
* Check if the device should be wiped
*
* @param string $token App password
* 200: Device should be wiped
* 404: Device should not be wiped
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
+ #[AnonRateLimit(10, 300)]
#[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
public function checkWipe(string $token): JSONResponse {
try {
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- * @PublicPage
- *
- * @AnonRateThrottle(limit=10, period=300)
- *
* Finish the wipe
*
* @param string $token App password
* 200: Wipe finished successfully
* 404: Device should not be wiped
*/
+ #[PublicPage]
+ #[NoCSRFRequired]
+ #[AnonRateLimit(10, 300)]
#[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
public function wipeDone(string $token): JSONResponse {
try {
use OCA\TestApp\AppInfo\Application;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IRequest;
parent::__construct(Application::APP_ID, $request);
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
public function index(): TemplateResponse {
return new TemplateResponse(Application::APP_ID, 'main');
}
*/
namespace OCP\AppFramework;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Response;
* This method implements a preflighted cors response for you that you can
* link to for the options request
*
- * @NoAdminRequired
- * @NoCSRFRequired
- * @PublicPage
* @since 7.0.0
*/
#[NoCSRFRequired]
#[PublicPage]
+ #[NoAdminRequired]
public function preflightedCors() {
if (isset($this->request->server['HTTP_ORIGIN'])) {
$origin = $this->request->server['HTTP_ORIGIN'];
}
/**
- * @PublicPage
- * @NoCSRFRequired
- *
* Show the authentication page
* The form has to submit to the authenticate method route
*
}
/**
- * @UseSession
- * @PublicPage
- * @BruteForceProtection(action=publicLinkAuth)
- *
* Authenticate the share
*
* @since 14.0.0
projects / nextcloud-server.git / commitdiff