Merge pull request #49797 from nextcloud/fix/user_status/harden-api

Harden user_status API

4 files changed, 36 insertions, 10 deletions

diff --git a/apps/user_status/lib/Controller/StatusesController.php b/apps/user_status/lib/Controller/StatusesController.php
index e27a0fabbed..44688c39023 100644
--- a/apps/user_status/lib/Controller/StatusesController.php
+++ b/apps/user_status/lib/Controller/StatusesController.php
@@ -46,7 +46,7 @@ class StatusesController extends OCSController {
 	 * Find statuses of users
 	 *
 	 * @param int|null $limit Maximum number of statuses to find
-	 * @param int|null $offset Offset for finding statuses
+	 * @param non-negative-int|null $offset Offset for finding statuses
 	 * @return DataResponse<Http::STATUS_OK, list<UserStatusPublic>, array{}>
 	 *
 	 * 200: Statuses returned
diff --git a/apps/user_status/lib/Controller/UserStatusController.php b/apps/user_status/lib/Controller/UserStatusController.php
index a65f9a75c9f..9b3807ce86e 100644
--- a/apps/user_status/lib/Controller/UserStatusController.php
+++ b/apps/user_status/lib/Controller/UserStatusController.php
@@ -36,7 +36,7 @@ class UserStatusController extends OCSController {
 	public function __construct(
 		string $appName,
 		IRequest $request,
-		private string $userId,
+		private ?string $userId,
 		private LoggerInterface $logger,
 		private StatusService $service,
 		private CalendarStatusService $calendarStatusService,
@@ -123,6 +123,7 @@ class UserStatusController extends OCSController {
 	 * @param int|null $clearAt When the message should be cleared
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
 	 * @throws OCSBadRequestException The clearAt or icon is invalid or the message is too long
+	 * @throws OCSNotFoundException No status for the current user
 	 *
 	 * 200: The message was updated successfully
 	 */
@@ -149,6 +150,8 @@ class UserStatusController extends OCSController {
 		} catch (StatusMessageTooLongException $ex) {
 			$this->logger->debug('New user-status for "' . $this->userId . '" was rejected due to a too long status message.');
 			throw new OCSBadRequestException($ex->getMessage(), $ex);
+		} catch (DoesNotExistException $ex) {
+			throw new OCSNotFoundException('No status for the current user');
 		}
 	}
 
diff --git a/apps/user_status/lib/ResponseDefinitions.php b/apps/user_status/lib/ResponseDefinitions.php
index 6668c40b917..82f606dd301 100644
--- a/apps/user_status/lib/ResponseDefinitions.php
+++ b/apps/user_status/lib/ResponseDefinitions.php
@@ -22,7 +22,6 @@ namespace OCA\UserStatus;
  *     icon: string,
  *     message: string,
  *     clearAt: ?UserStatusClearAt,
- *     visible: ?bool,
  * }
  *
  * @psalm-type UserStatusType = "online"|"away"|"dnd"|"busy"|"offline"|"invisible"
diff --git a/apps/user_status/openapi.json b/apps/user_status/openapi.json
index 8b631156709..a0d30693e37 100644
--- a/apps/user_status/openapi.json
+++ b/apps/user_status/openapi.json
@@ -111,8 +111,7 @@
                     "id",
                     "icon",
                     "message",
-                    "clearAt",
-                    "visible"
+                    "clearAt"
                 ],
                 "properties": {
                     "id": {
@@ -127,10 +126,6 @@
                     "clearAt": {
                         "$ref": "#/components/schemas/ClearAt",
                         "nullable": true
-                    },
-                    "visible": {
-                        "type": "boolean",
-                        "nullable": true
                     }
                 }
             },
@@ -442,7 +437,8 @@
                         "schema": {
                             "type": "integer",
                             "format": "int64",
-                            "nullable": true
+                            "nullable": true,
+                            "minimum": 0
                         }
                     },
                     {
@@ -1015,6 +1011,34 @@
                                 }
                             }
                         }
+                    },
+                    "404": {
+                        "description": "No status for the current user",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "required": [
+                                        "ocs"
+                                    ],
+                                    "properties": {
+                                        "ocs": {
+                                            "type": "object",
+                                            "required": [
+                                                "meta",
+                                                "data"
+                                            ],
+                                            "properties": {
+                                                "meta": {
+                                                    "$ref": "#/components/schemas/OCSMeta"
+                                                },
+                                                "data": {}
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
                     }
                 }
             }