feat: move csrf validation out of requestdept-remove-csrf-dependency-from-request

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

2 files changed, 25 insertions, 0 deletions

diff --git a/lib/public/IRequest.php b/lib/public/IRequest.php
index 18efd7a6d16..db82d72891e 100644
--- a/lib/public/IRequest.php
+++ b/lib/public/IRequest.php
@@ -177,6 +177,7 @@ interface IRequest {
 	 *
 	 * @return bool true if CSRF check passed
 	 * @since 6.0.0
+	 * @deprecated 30.0.0 use \OCP\Security\CSRF\ICsrfValidator::validate instead
 	 */
 	public function passesCSRFCheck(): bool;
 
diff --git a/lib/public/Security/CSRF/ICsrfValidator.php b/lib/public/Security/CSRF/ICsrfValidator.php
new file mode 100644
index 00000000000..2c64c825f04
--- /dev/null
+++ b/lib/public/Security/CSRF/ICsrfValidator.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCP\Security\CSRF;
+
+use OCP\IRequest;
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+/**
+ * @since 31.0.0
+ */
+interface ICsrfValidator {
+	/**
+	 * Check if a request uses a valid csrf token.
+	 *
+	 * @since 31.0.0
+	 */
+	public function validate(IRequest $request): bool;
+}