aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorprovokateurin <kate@provokateurin.de>2024-07-25 17:52:47 +0200
committerprovokateurin <kate@provokateurin.de>2024-07-25 18:04:46 +0200
commit90e108e54852d65c7ca92ad70c5874236ccf3136 (patch)
tree5eab0c243c7187ae0bcea9541ec21e9dec412fef
parentd5bb37ab0d872fb4bdb1ec61809c575a46341a25 (diff)
downloadnextcloud-server-90e108e54852d65c7ca92ad70c5874236ccf3136.tar.gz
nextcloud-server-90e108e54852d65c7ca92ad70c5874236ccf3136.zip
fix(core): Document CSRF token endpoint
Signed-off-by: provokateurin <kate@provokateurin.de>
-rw-r--r--core/Controller/CSRFTokenController.php9
-rw-r--r--core/openapi-full.json46
-rw-r--r--core/openapi.json46
3 files changed, 99 insertions, 2 deletions
diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php
index 9a87fe51c47..c4e7b81279f 100644
--- a/core/Controller/CSRFTokenController.php
+++ b/core/Controller/CSRFTokenController.php
@@ -12,11 +12,9 @@ use OC\Security\CSRF\CsrfTokenManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
-use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
-#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
class CSRFTokenController extends Controller {
public function __construct(
string $appName,
@@ -27,9 +25,16 @@ class CSRFTokenController extends Controller {
}
/**
+ * Returns a new CSRF token.
+ *
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
+ *
+ * @return JSONResponse<Http::STATUS_OK, array{token: string}, array{}>|JSONResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
+ *
+ * 200: CSRF token returned
+ * 403: Strict cookie check failed
*/
#[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
public function index(): JSONResponse {
diff --git a/core/openapi-full.json b/core/openapi-full.json
index e52b62d6fa6..dbeb48dbe35 100644
--- a/core/openapi-full.json
+++ b/core/openapi-full.json
@@ -7731,6 +7731,52 @@
}
}
},
+ "/index.php/csrftoken": {
+ "get": {
+ "operationId": "csrf_token-index",
+ "summary": "Returns a new CSRF token.",
+ "tags": [
+ "csrf_token"
+ ],
+ "security": [
+ {},
+ {
+ "bearer_auth": []
+ },
+ {
+ "basic_auth": []
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "CSRF token returned",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "required": [
+ "token"
+ ],
+ "properties": {
+ "token": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ },
+ "403": {
+ "description": "Strict cookie check failed",
+ "content": {
+ "application/json": {
+ "schema": {}
+ }
+ }
+ }
+ }
+ }
+ },
"/index.php/login/v2/poll": {
"post": {
"operationId": "client_flow_login_v2-poll",
diff --git a/core/openapi.json b/core/openapi.json
index d597796f94e..abe21707db3 100644
--- a/core/openapi.json
+++ b/core/openapi.json
@@ -7731,6 +7731,52 @@
}
}
},
+ "/index.php/csrftoken": {
+ "get": {
+ "operationId": "csrf_token-index",
+ "summary": "Returns a new CSRF token.",
+ "tags": [
+ "csrf_token"
+ ],
+ "security": [
+ {},
+ {
+ "bearer_auth": []
+ },
+ {
+ "basic_auth": []
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "CSRF token returned",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "object",
+ "required": [
+ "token"
+ ],
+ "properties": {
+ "token": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ },
+ "403": {
+ "description": "Strict cookie check failed",
+ "content": {
+ "application/json": {
+ "schema": {}
+ }
+ }
+ }
+ }
+ }
+ },
"/index.php/login/v2/poll": {
"post": {
"operationId": "client_flow_login_v2-poll",