1 files changed, 13 insertions, 14 deletions

diff --git a/core/Controller/WipeController.php b/core/Controller/WipeController.php
index 44f80dc5510..1b57be71aa0 100644
--- a/core/Controller/WipeController.php
+++ b/core/Controller/WipeController.php
@@ -11,11 +11,16 @@ namespace OC\Core\Controller;
 use OC\Authentication\Token\RemoteWipe;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\AnonRateLimit;
 use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\IRequest;
 
+#[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)]
 class WipeController extends Controller {
 	public function __construct(
 		string $appName,
@@ -26,21 +31,18 @@ class WipeController extends Controller {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * @AnonRateThrottle(limit=10, period=300)
-	 *
 	 * Check if the device should be wiped
 	 *
 	 * @param string $token App password
 	 *
-	 * @return JSONResponse<Http::STATUS_OK, array{wipe: bool}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND, array<empty>, array{}>
+	 * @return JSONResponse<Http::STATUS_OK, array{wipe: bool}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND, list<empty>, array{}>
 	 *
 	 * 200: Device should be wiped
 	 * 404: Device should not be wiped
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[AnonRateLimit(limit: 10, period: 300)]
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
 	public function checkWipe(string $token): JSONResponse {
 		try {
@@ -58,21 +60,18 @@ class WipeController extends Controller {
 
 
 	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * @AnonRateThrottle(limit=10, period=300)
-	 *
 	 * Finish the wipe
 	 *
 	 * @param string $token App password
 	 *
-	 * @return JSONResponse<Http::STATUS_OK|Http::STATUS_NOT_FOUND, array<empty>, array{}>
+	 * @return JSONResponse<Http::STATUS_OK|Http::STATUS_NOT_FOUND, list<empty>, array{}>
 	 *
 	 * 200: Wipe finished successfully
 	 * 404: Device should not be wiped
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[AnonRateLimit(limit: 10, period: 300)]
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
 	public function wipeDone(string $token): JSONResponse {
 		try {