diff options
| author | provokateurin <kate@provokateurin.de> | 2024-07-25 13:14:44 +0200 |
|---|---|---|
| committer | provokateurin <kate@provokateurin.de> | 2024-07-27 22:47:40 +0200 |
| commit | 8db6cfca1ce4baf457191e558ed240b365b9a85e (patch) | |
| tree | 02202aed5c653894b9ef85d3e05d7e41b8caa178 /apps/cloud_federation_api/lib/Controller | |
| parent | 212a621697cd32b65ea78fa90015cec9d9d1dfe3 (diff) | |
| download | nextcloud-server-8db6cfca1ce4baf457191e558ed240b365b9a85e.tar.gz nextcloud-server-8db6cfca1ce4baf457191e558ed240b365b9a85e.zip | |
refactor(cloud_federation_api): Replace security annotations with respective attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'apps/cloud_federation_api/lib/Controller')
| -rw-r--r-- | apps/cloud_federation_api/lib/Controller/RequestHandlerController.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php index 5623ab93086..02b8725afe2 100644 --- a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php +++ b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php @@ -9,7 +9,10 @@ use OCA\CloudFederationAPI\Config; use OCA\CloudFederationAPI\ResponseDefinitions; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\JSONResponse; use OCP\Federation\Exceptions\ActionNotSupportedException; use OCP\Federation\Exceptions\AuthenticationFailedException; @@ -55,10 +58,6 @@ class RequestHandlerController extends Controller { /** * Add share * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=receiveFederatedShare) - * * @param string $shareWith The user who the share will be shared with * @param string $name The resource name (e.g. document.odt) * @param string|null $description Share description @@ -76,6 +75,9 @@ class RequestHandlerController extends Controller { * 400: Bad request due to invalid parameters, e.g. when `shareWith` is not found or required properties are missing * 501: Share type or the resource type is not supported */ + #[PublicPage] + #[NoCSRFRequired] + #[BruteForceProtection(action: 'receiveFederatedShare')] public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) { // check if all required parameters are set if ($shareWith === null || @@ -185,10 +187,6 @@ class RequestHandlerController extends Controller { /** * Send a notification about an existing share * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=receiveFederatedShareNotification) - * * @param string $notificationType Notification type, e.g. SHARE_ACCEPTED * @param string $resourceType calendar, file, contact,... * @param string|null $providerId ID of the share @@ -200,6 +198,9 @@ class RequestHandlerController extends Controller { * 403: Getting resource is not allowed * 501: The resource type is not supported */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'receiveFederatedShareNotification')] public function receiveNotification($notificationType, $resourceType, $providerId, ?array $notification) { // check if all required parameters are set if ($notificationType === null || |