diff options
Diffstat (limited to 'core/Controller/AvatarController.php')
| -rw-r--r-- | core/Controller/AvatarController.php | 69 |
1 files changed, 34 insertions, 35 deletions
diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php index f29c9c5ab4f..b577b2fd460 100644 --- a/core/Controller/AvatarController.php +++ b/core/Controller/AvatarController.php @@ -8,18 +8,25 @@ namespace OC\Core\Controller; use OC\AppFramework\Utility\TimeFactory; +use OC\NotSquareException; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\FrontpageRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\FileDisplayResponse; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\Response; use OCP\Files\File; use OCP\Files\IRootFolder; +use OCP\Files\NotPermittedException; use OCP\IAvatarManager; use OCP\ICache; use OCP\IL10N; +use OCP\Image; use OCP\IRequest; use OCP\IUserManager; use Psr\Log\LoggerInterface; @@ -47,23 +54,23 @@ class AvatarController extends Controller { } /** - * @NoAdminRequired - * @NoCSRFRequired * @NoSameSiteCookieRequired - * @PublicPage * * Get the dark avatar * * @param string $userId ID of the user - * @param int $size Size of the avatar + * @param 64|512 $size Size of the avatar * @param bool $guestFallback Fallback to guest avatar if not found - * @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|JSONResponse<Http::STATUS_NOT_FOUND, array<empty>, array{}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}> + * @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|JSONResponse<Http::STATUS_NOT_FOUND, list<empty>, array{}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}> * * 200: Avatar returned * 201: Avatar returned * 404: Avatar not found */ + #[NoCSRFRequired] + #[PublicPage] #[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}/dark')] + #[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)] public function getAvatarDark(string $userId, int $size, bool $guestFallback = false) { if ($size <= 64) { if ($size !== 64) { @@ -87,7 +94,7 @@ class AvatarController extends Controller { ); } catch (\Exception $e) { if ($guestFallback) { - return $this->guestAvatarController->getAvatarDark($userId, (string)$size); + return $this->guestAvatarController->getAvatarDark($userId, $size); } return new JSONResponse([], Http::STATUS_NOT_FOUND); } @@ -99,23 +106,23 @@ class AvatarController extends Controller { /** - * @NoAdminRequired - * @NoCSRFRequired * @NoSameSiteCookieRequired - * @PublicPage * * Get the avatar * * @param string $userId ID of the user - * @param int $size Size of the avatar + * @param 64|512 $size Size of the avatar * @param bool $guestFallback Fallback to guest avatar if not found - * @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|JSONResponse<Http::STATUS_NOT_FOUND, array<empty>, array{}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}> + * @return FileDisplayResponse<Http::STATUS_OK|Http::STATUS_CREATED, array{Content-Type: string, X-NC-IsCustomAvatar: int}>|JSONResponse<Http::STATUS_NOT_FOUND, list<empty>, array{}>|Response<Http::STATUS_INTERNAL_SERVER_ERROR, array{}> * * 200: Avatar returned * 201: Avatar returned * 404: Avatar not found */ + #[NoCSRFRequired] + #[PublicPage] #[FrontpageRoute(verb: 'GET', url: '/avatar/{userId}/{size}')] + #[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)] public function getAvatar(string $userId, int $size, bool $guestFallback = false) { if ($size <= 64) { if ($size !== 64) { @@ -139,7 +146,7 @@ class AvatarController extends Controller { ); } catch (\Exception $e) { if ($guestFallback) { - return $this->guestAvatarController->getAvatar($userId, (string)$size); + return $this->guestAvatarController->getAvatar($userId, $size); } return new JSONResponse([], Http::STATUS_NOT_FOUND); } @@ -149,9 +156,7 @@ class AvatarController extends Controller { return $response; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'POST', url: '/avatar/')] public function postAvatar(?string $path = null): JSONResponse { $files = $this->request->getUploadedFile('files'); @@ -180,7 +185,7 @@ class AvatarController extends Controller { try { $content = $node->getContent(); - } catch (\OCP\Files\NotPermittedException $e) { + } catch (NotPermittedException $e) { return new JSONResponse( ['data' => ['message' => $this->l10n->t('The selected file cannot be read.')]], Http::STATUS_BAD_REQUEST @@ -188,9 +193,8 @@ class AvatarController extends Controller { } } elseif (!is_null($files)) { if ( - $files['error'][0] === 0 && - is_uploaded_file($files['tmp_name'][0]) && - !\OC\Files\Filesystem::isFileBlacklisted($files['tmp_name'][0]) + $files['error'][0] === 0 + && is_uploaded_file($files['tmp_name'][0]) ) { if ($files['size'][0] > 20 * 1024 * 1024) { return new JSONResponse( @@ -228,7 +232,7 @@ class AvatarController extends Controller { } try { - $image = new \OCP\Image(); + $image = new Image(); $image->loadFromData($content); $image->readExif($content); $image->fixOrientation(); @@ -272,9 +276,7 @@ class AvatarController extends Controller { } } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'DELETE', url: '/avatar/')] public function deleteAvatar(): JSONResponse { try { @@ -288,21 +290,20 @@ class AvatarController extends Controller { } /** - * @NoAdminRequired - * * @return JSONResponse|DataDisplayResponse */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'GET', url: '/avatar/tmp')] public function getTmpAvatar() { $tmpAvatar = $this->cache->get('tmpAvatar'); if (is_null($tmpAvatar)) { return new JSONResponse(['data' => [ - 'message' => $this->l10n->t("No temporary profile picture available, try again") + 'message' => $this->l10n->t('No temporary profile picture available, try again') ]], Http::STATUS_NOT_FOUND); } - $image = new \OCP\Image(); + $image = new Image(); $image->loadFromData($tmpAvatar); $resp = new DataDisplayResponse( @@ -316,30 +317,28 @@ class AvatarController extends Controller { return $resp; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[FrontpageRoute(verb: 'POST', url: '/avatar/cropped')] public function postCroppedAvatar(?array $crop = null): JSONResponse { if (is_null($crop)) { - return new JSONResponse(['data' => ['message' => $this->l10n->t("No crop data provided")]], + return new JSONResponse(['data' => ['message' => $this->l10n->t('No crop data provided')]], Http::STATUS_BAD_REQUEST); } if (!isset($crop['x'], $crop['y'], $crop['w'], $crop['h'])) { - return new JSONResponse(['data' => ['message' => $this->l10n->t("No valid crop data provided")]], + return new JSONResponse(['data' => ['message' => $this->l10n->t('No valid crop data provided')]], Http::STATUS_BAD_REQUEST); } $tmpAvatar = $this->cache->get('tmpAvatar'); if (is_null($tmpAvatar)) { return new JSONResponse(['data' => [ - 'message' => $this->l10n->t("No temporary profile picture available, try again") + 'message' => $this->l10n->t('No temporary profile picture available, try again') ]], Http::STATUS_BAD_REQUEST); } - $image = new \OCP\Image(); + $image = new Image(); $image->loadFromData($tmpAvatar); $image->crop($crop['x'], $crop['y'], (int)round($crop['w']), (int)round($crop['h'])); try { @@ -348,7 +347,7 @@ class AvatarController extends Controller { // Clean up $this->cache->remove('tmpAvatar'); return new JSONResponse(['status' => 'success']); - } catch (\OC\NotSquareException $e) { + } catch (NotSquareException $e) { return new JSONResponse(['data' => ['message' => $this->l10n->t('Crop is not square')]], Http::STATUS_BAD_REQUEST); } catch (\Exception $e) { |