diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-04-24 17:13:18 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-04-25 14:50:32 +0200 |
| commit | ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d (patch) | |
| tree | c07f24f3837a96ea963e45092b08a73658c10ace /lib/public/AppFramework/AuthPublicShareController.php | |
| parent | 2abefff2899952ea422d708fbda611f1695125fd (diff) | |
| download | nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.tar.gz nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.zip | |
feat(security): Add PHP \Attribute for remaining security annotations
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/public/AppFramework/AuthPublicShareController.php')
| -rw-r--r-- | lib/public/AppFramework/AuthPublicShareController.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php index 00834506b05..78dd45551ed 100644 --- a/lib/public/AppFramework/AuthPublicShareController.php +++ b/lib/public/AppFramework/AuthPublicShareController.php @@ -28,6 +28,10 @@ declare(strict_types=1); */ namespace OCP\AppFramework; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\PublicPage; +use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\IRequest; @@ -70,6 +74,8 @@ abstract class AuthPublicShareController extends PublicShareController { * * @since 14.0.0 */ + #[NoCSRFRequired] + #[PublicPage] public function showAuthenticate(): TemplateResponse { return new TemplateResponse('core', 'publicshareauth', [], 'guest'); } @@ -129,7 +135,7 @@ abstract class AuthPublicShareController extends PublicShareController { } /** - * Function called after successfull authentication + * Function called after successful authentication * * You can use this to do some logging for example * @@ -147,6 +153,9 @@ abstract class AuthPublicShareController extends PublicShareController { * * @since 14.0.0 */ + #[BruteForceProtection(action: 'publicLinkAuth')] + #[PublicPage] + #[UseSession] final public function authenticate(string $password = '', string $passwordRequest = 'no', string $identityToken = '') { // Already authenticated if ($this->isAuthenticated()) { |