refactor(federatedfilesharing): Replace security annotations with respective attributes

author provokateurin <kate@provokateurin.de>

Thu, 25 Jul 2024 11:14:45 +0000 (13:14 +0200)

committer provokateurin <kate@provokateurin.de>

Sat, 27 Jul 2024 20:45:55 +0000 (22:45 +0200)
author provokateurin <kate@provokateurin.de>
Thu, 25 Jul 2024 11:14:45 +0000 (13:14 +0200)
committer provokateurin <kate@provokateurin.de>
Sat, 27 Jul 2024 20:45:55 +0000 (22:45 +0200)
diff --git a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php

index e34ee77a550c60d2409645dda3a2f14e8e32d50f..b5b5806d335d6e846db55549fd40010d2b149842 100644 (file)
--- a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php
+++ b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php
@@ -11,7 +11,11 @@ use OCA\FederatedFileSharing\AddressHandler;
  use OCA\FederatedFileSharing\FederatedShareProvider;
  use OCP\AppFramework\Controller;
  use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
  use OCP\AppFramework\Http\JSONResponse;
  use OCP\Constants;
  use OCP\Federation\ICloudIdManager;
@@ -56,10 +60,6 @@ class MountPublicLinkController extends Controller {
         /**
          * send federated share to a user of a public link
          *
-        * @NoCSRFRequired
-        * @PublicPage
-        * @BruteForceProtection(action=publicLink2FederatedShare)
-        *
          * @param string $shareWith Username to share with
          * @param string $token Token of the share
          * @param string $password Password of the share
@@ -67,6 +67,9 @@ class MountPublicLinkController extends Controller {
          * 200: Remote URL returned
          * 400: Creating share is not possible
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
+       #[BruteForceProtection(action: 'publicLink2FederatedShare')]
         public function createFederatedShare($shareWith, $token, $password = '') {
                 if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
                         return new JSONResponse(
@@ -125,8 +128,6 @@ class MountPublicLinkController extends Controller {
         /**
          * ask other server to get a federated share
          *
-        * @NoAdminRequired
-        *
          * @param string $token
          * @param string $remote
          * @param string $password
@@ -135,6 +136,7 @@ class MountPublicLinkController extends Controller {
          * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
          * @return JSONResponse
          */
+       #[NoAdminRequired]
         public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
                 // check if server admin allows to mount public links from other servers
                 if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
diff --git a/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php b/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php

index c0fc7123a14c46173d6c6fed9be95ce6306bf4b9..5edb80b016b3336ebc8341841b9a329d62efa1d0 100644 (file)
--- a/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php
+++ b/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php
@@ -12,7 +12,9 @@ use OCA\FederatedFileSharing\FederatedShareProvider;
  use OCA\FederatedFileSharing\Notifications;
  use OCP\App\IAppManager;
  use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
  use OCP\AppFramework\OCS\OCSBadRequestException;
  use OCP\AppFramework\OCS\OCSException;
  use OCP\AppFramework\OCSController;
@@ -100,9 +102,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * create a new share
          *
          * @param string|null $remote Address of the remote
@@ -119,6 +118,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share created successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function createShare(
                 ?string $remote = null,
                 ?string $token = null,
@@ -173,9 +174,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * create re-share on behalf of another user
          *
          * @param int $id ID of the share
@@ -188,6 +186,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Remote share returned
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function reShare(int $id, ?string $token = null, ?string $shareWith = null, ?int $remoteId = 0) {
                 if ($token === null ||
                         $shareWith === null ||
@@ -223,9 +223,6 @@ class RequestHandlerController extends OCSController {
  
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * accept server-to-server share
          *
          * @param int $id ID of the remote share
@@ -237,6 +234,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share accepted successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function acceptShare(int $id, ?string $token = null) {
                 $notification = [
                         'sharedSecret' => $token,
@@ -259,9 +258,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * decline server-to-server share
          *
          * @param int $id ID of the remote share
@@ -271,6 +267,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share declined successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function declineShare(int $id, ?string $token = null) {
                 $notification = [
                         'sharedSecret' => $token,
@@ -293,9 +291,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * remove server-to-server share if it was unshared by the owner
          *
          * @param int $id ID of the share
@@ -305,6 +300,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share unshared successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function unshare(int $id, ?string $token = null) {
                 if (!$this->isS2SEnabled()) {
                         throw new OCSException('Server does not support federated cloud sharing', 503);
@@ -330,9 +327,6 @@ class RequestHandlerController extends OCSController {
  
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * federated share was revoked, either by the owner or the re-sharer
          *
          * @param int $id ID of the share
@@ -342,6 +336,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share revoked successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function revoke(int $id, ?string $token = null) {
                 try {
                         $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
@@ -372,9 +368,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * update share information to keep federated re-shares in sync
          *
          * @param int $id ID of the share
@@ -385,6 +378,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Permissions updated successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function updatePermissions(int $id, ?string $token = null, ?int $permissions = null) {
                 $ncPermissions = $permissions;
  
@@ -428,9 +423,6 @@ class RequestHandlerController extends OCSController {
         }
  
         /**
-        * @NoCSRFRequired
-        * @PublicPage
-        *
          * change the owner of a server-to-server share
          *
          * @param int $id ID of the share
@@ -442,6 +434,8 @@ class RequestHandlerController extends OCSController {
          *
          * 200: Share moved successfully
          */
+       #[NoCSRFRequired]
+       #[PublicPage]
         public function move(int $id, ?string $token = null, ?string $remote = null, ?string $remote_id = null) {
                 if (!$this->isS2SEnabled()) {
                         throw new OCSException('Server does not support federated cloud sharing', 503);
author	provokateurin <kate@provokateurin.de>
	Thu, 25 Jul 2024 11:14:45 +0000 (13:14 +0200)
committer	provokateurin <kate@provokateurin.de>
	Sat, 27 Jul 2024 20:45:55 +0000 (22:45 +0200)
apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php		patch \| blob \| history
apps/federatedfilesharing/lib/Controller/RequestHandlerController.php		patch \| blob \| history