aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/AppPasswordController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/AppPasswordController.php')
-rw-r--r--core/Controller/AppPasswordController.php56
1 files changed, 18 insertions, 38 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 11aca8ef329..e5edc165bf5 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -3,28 +3,8 @@
declare(strict_types=1);
/**
- * @copyright Copyright (c) 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Kate Döen <kate.doeen@nextcloud.com>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\Core\Controller;
@@ -34,9 +14,13 @@ use OC\Authentication\Token\IToken;
use OC\User\Session;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSForbiddenException;
+use OCP\AppFramework\OCSController;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\PasswordUnavailableException;
@@ -48,7 +32,7 @@ use OCP\IUserManager;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ISecureRandom;
-class AppPasswordController extends \OCP\AppFramework\OCSController {
+class AppPasswordController extends OCSController {
public function __construct(
string $appName,
IRequest $request,
@@ -65,9 +49,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
}
/**
- * @NoAdminRequired
- * @PasswordConfirmationRequired
- *
* Create app password
*
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
@@ -75,6 +56,8 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
*
* 200: App password returned
*/
+ #[NoAdminRequired]
+ #[PasswordConfirmationRequired]
#[ApiRoute(verb: 'GET', url: '/getapppassword', root: '/core')]
public function getAppPassword(): DataResponse {
// We do not allow the creation of new tokens if this is an app password
@@ -94,9 +77,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
$password = null;
}
- $userAgent = $this->request->getHeader('USER_AGENT');
+ $userAgent = $this->request->getHeader('user-agent');
- $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+ $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
$generatedToken = $this->tokenProvider->generateToken(
$token,
@@ -118,15 +101,14 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
}
/**
- * @NoAdminRequired
- *
* Delete app password
*
- * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
+ * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
* @throws OCSForbiddenException Deleting app password is not allowed
*
* 200: App password deleted successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'DELETE', url: '/apppassword', root: '/core')]
public function deleteAppPassword(): DataResponse {
if (!$this->session->exists('app_password')) {
@@ -146,8 +128,6 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
}
/**
- * @NoAdminRequired
- *
* Rotate app password
*
* @return DataResponse<Http::STATUS_OK, array{apppassword: string}, array{}>
@@ -155,6 +135,7 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
*
* 200: App password returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'POST', url: '/apppassword/rotate', root: '/core')]
public function rotateAppPassword(): DataResponse {
if (!$this->session->exists('app_password')) {
@@ -169,7 +150,7 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
throw new OCSForbiddenException('could not rotate apptoken');
}
- $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+ $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
$this->tokenProvider->rotate($token, $appPassword, $newToken);
return new DataResponse([
@@ -180,16 +161,15 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
/**
* Confirm the user password
*
- * @NoAdminRequired
- * @BruteForceProtection(action=sudo)
- *
* @param string $password The password of the user
*
- * @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
+ * @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, list<empty>, array{}>
*
* 200: Password confirmation succeeded
* 403: Password confirmation failed
*/
+ #[NoAdminRequired]
+ #[BruteForceProtection(action: 'sudo')]
#[UseSession]
#[ApiRoute(verb: 'PUT', url: '/apppassword/confirm', root: '/core')]
public function confirmUserPassword(string $password): DataResponse {
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 14:12:53 +0000