diff options
| author | Kate <26026535+provokateurin@users.noreply.github.com> | 2024-08-14 09:38:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-14 09:38:28 +0200 |
| commit | ca9752482c8d36a4528972ef82ad87004034cdc8 (patch) | |
| tree | 5bf7667a56540eb8e79a61f0e9ee08e317882264 /apps | |
| parent | 4673e1a391bf22648ba957059ac0d0ba7da6004f (diff) | |
| parent | d8adbce1be3fe3d6db56cf7546cde2cdc5527f3b (diff) | |
| download | nextcloud-server-ca9752482c8d36a4528972ef82ad87004034cdc8.tar.gz nextcloud-server-ca9752482c8d36a4528972ef82ad87004034cdc8.zip | |
Merge pull request #46814 from nextcloud/refactor/oauth2/security-attributes
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/oauth2/lib/Controller/LoginRedirectorController.php | 10 | ||||
| -rw-r--r-- | apps/oauth2/lib/Controller/OauthApiController.php | 10 |
2 files changed, 12 insertions, 8 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php index f326b821a60..d9a9ed5c5d0 100644 --- a/apps/oauth2/lib/Controller/LoginRedirectorController.php +++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php @@ -12,6 +12,9 @@ use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Exceptions\ClientNotFoundException; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\PublicPage; +use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\IL10N; @@ -51,10 +54,6 @@ class LoginRedirectorController extends Controller { } /** - * @PublicPage - * @NoCSRFRequired - * @UseSession - * * Authorize the user * * @param string $client_id Client ID @@ -65,6 +64,9 @@ class LoginRedirectorController extends Controller { * 200: Client not found * 303: Redirect to login URL */ + #[PublicPage] + #[NoCSRFRequired] + #[UseSession] public function authorize($client_id, $state, $response_type): TemplateResponse|RedirectResponse { diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 389bc73811b..ec54e867314 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -15,6 +15,9 @@ use OCA\OAuth2\Exceptions\AccessTokenNotFoundException; use OCA\OAuth2\Exceptions\ClientNotFoundException; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Authentication\Exceptions\ExpiredTokenException; @@ -47,10 +50,6 @@ class OauthApiController extends Controller { } /** - * @PublicPage - * @NoCSRFRequired - * @BruteForceProtection(action=oauth2GetToken) - * * Get a token * * @param string $grant_type Token type that should be granted @@ -64,6 +63,9 @@ class OauthApiController extends Controller { * 200: Token returned * 400: Getting token is not possible */ + #[PublicPage] + #[NoCSRFRequired] + #[BruteForceProtection(action: 'oauth2GetToken')] public function getToken( string $grant_type, ?string $code, ?string $refresh_token, ?string $client_id, ?string $client_secret |