diff options
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 2 | ||||
| -rw-r--r-- | core/Controller/ClientFlowLoginV2Controller.php | 2 | ||||
| -rw-r--r-- | core/Controller/LostController.php | 4 | ||||
| -rw-r--r-- | core/Controller/TaskProcessingApiController.php | 42 |
4 files changed, 38 insertions, 12 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index affb60f2b2e..0e6e1fc8404 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -17,6 +17,7 @@ use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\ContentSecurityPolicy; @@ -214,6 +215,7 @@ class ClientFlowLoginController extends Controller { #[NoAdminRequired] #[UseSession] + #[PasswordConfirmationRequired(strict: false)] #[FrontpageRoute(verb: 'POST', url: '/login/flow')] public function generateAppPassword( string $stateToken, diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php index e21a0cb250d..84212002895 100644 --- a/core/Controller/ClientFlowLoginV2Controller.php +++ b/core/Controller/ClientFlowLoginV2Controller.php @@ -19,6 +19,7 @@ use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\JSONResponse; @@ -228,6 +229,7 @@ class ClientFlowLoginV2Controller extends Controller { #[NoAdminRequired] #[UseSession] + #[PasswordConfirmationRequired(strict: false)] #[FrontpageRoute(verb: 'POST', url: '/login/v2/grant')] public function generateAppPassword(?string $stateToken): Response { if ($stateToken === null) { diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index f940a3cfeee..d956f3427f2 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -64,7 +64,7 @@ class LostController extends Controller { private Defaults $defaults, private IL10N $l10n, private IConfig $config, - protected string $from, + protected string $defaultMailAddress, private IManager $encryptionManager, private IMailer $mailer, private LoggerInterface $logger, @@ -281,7 +281,7 @@ class LostController extends Controller { try { $message = $this->mailer->createMessage(); $message->setTo([$email => $user->getDisplayName()]); - $message->setFrom([$this->from => $this->defaults->getName()]); + $message->setFrom([$this->defaultMailAddress => $this->defaults->getName()]); $message->useTemplate($emailTemplate); $this->mailer->send($message); } catch (Exception $e) { diff --git a/core/Controller/TaskProcessingApiController.php b/core/Controller/TaskProcessingApiController.php index cf62b4f6b6b..e60c9ebc789 100644 --- a/core/Controller/TaskProcessingApiController.php +++ b/core/Controller/TaskProcessingApiController.php @@ -20,12 +20,12 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\Attribute\UserRateLimit; -use OCP\AppFramework\Http\DataDownloadResponse; use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Http\StreamResponse; use OCP\AppFramework\OCSController; use OCP\Files\File; -use OCP\Files\GenericFileException; use OCP\Files\IAppData; +use OCP\Files\IMimeTypeDetector; use OCP\Files\IRootFolder; use OCP\Files\NotPermittedException; use OCP\IL10N; @@ -56,6 +56,7 @@ class TaskProcessingApiController extends OCSController { private ?string $userId, private IRootFolder $rootFolder, private IAppData $appData, + private IMimeTypeDetector $mimeTypeDetector, ) { parent::__construct($appName, $request); } @@ -302,7 +303,7 @@ class TaskProcessingApiController extends OCSController { * * @param int $taskId The id of the task * @param int $fileId The file id of the file to retrieve - * @return DataDownloadResponse<Http::STATUS_OK, string, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> + * @return StreamResponse<Http::STATUS_OK, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> * * 200: File content returned * 404: Task or file not found @@ -310,12 +311,14 @@ class TaskProcessingApiController extends OCSController { #[NoAdminRequired] #[NoCSRFRequired] #[ApiRoute(verb: 'GET', url: '/tasks/{taskId}/file/{fileId}', root: '/taskprocessing')] - public function getFileContents(int $taskId, int $fileId): DataDownloadResponse|DataResponse { + public function getFileContents(int $taskId, int $fileId): StreamResponse|DataResponse { try { $task = $this->taskProcessingManager->getUserTask($taskId, $this->userId); return $this->getFileContentsInternal($task, $fileId); } catch (NotFoundException) { return new DataResponse(['message' => $this->l->t('Not found')], Http::STATUS_NOT_FOUND); + } catch (LockedException) { + return new DataResponse(['message' => $this->l->t('Node is locked')], Http::STATUS_INTERNAL_SERVER_ERROR); } catch (Exception) { return new DataResponse(['message' => $this->l->t('Internal error')], Http::STATUS_INTERNAL_SERVER_ERROR); } @@ -326,19 +329,21 @@ class TaskProcessingApiController extends OCSController { * * @param int $taskId The id of the task * @param int $fileId The file id of the file to retrieve - * @return DataDownloadResponse<Http::STATUS_OK, string, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> + * @return StreamResponse<Http::STATUS_OK, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> * * 200: File content returned * 404: Task or file not found */ #[ExAppRequired] #[ApiRoute(verb: 'GET', url: '/tasks_provider/{taskId}/file/{fileId}', root: '/taskprocessing')] - public function getFileContentsExApp(int $taskId, int $fileId): DataDownloadResponse|DataResponse { + public function getFileContentsExApp(int $taskId, int $fileId): StreamResponse|DataResponse { try { $task = $this->taskProcessingManager->getTask($taskId); return $this->getFileContentsInternal($task, $fileId); } catch (NotFoundException) { return new DataResponse(['message' => $this->l->t('Not found')], Http::STATUS_NOT_FOUND); + } catch (LockedException) { + return new DataResponse(['message' => $this->l->t('Node is locked')], Http::STATUS_INTERNAL_SERVER_ERROR); } catch (Exception) { return new DataResponse(['message' => $this->l->t('Internal error')], Http::STATUS_INTERNAL_SERVER_ERROR); } @@ -381,12 +386,11 @@ class TaskProcessingApiController extends OCSController { /** * @throws NotPermittedException * @throws NotFoundException - * @throws GenericFileException * @throws LockedException * - * @return DataDownloadResponse<Http::STATUS_OK, string, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> + * @return StreamResponse<Http::STATUS_OK, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}> */ - private function getFileContentsInternal(Task $task, int $fileId): DataDownloadResponse|DataResponse { + private function getFileContentsInternal(Task $task, int $fileId): StreamResponse|DataResponse { $ids = $this->extractFileIdsFromTask($task); if (!in_array($fileId, $ids)) { return new DataResponse(['message' => $this->l->t('Not found')], Http::STATUS_NOT_FOUND); @@ -403,7 +407,25 @@ class TaskProcessingApiController extends OCSController { } elseif (!$node instanceof File) { throw new NotFoundException('Node is not a file'); } - return new DataDownloadResponse($node->getContent(), $node->getName(), $node->getMimeType()); + + $contentType = $node->getMimeType(); + if (function_exists('mime_content_type')) { + $mimeType = mime_content_type($node->fopen('rb')); + if ($mimeType !== false) { + $mimeType = $this->mimeTypeDetector->getSecureMimeType($mimeType); + if ($mimeType !== 'application/octet-stream') { + $contentType = $mimeType; + } + } + } + + $response = new StreamResponse($node->fopen('rb')); + $response->addHeader( + 'Content-Disposition', + 'attachment; filename="' . rawurldecode($node->getName()) . '"' + ); + $response->addHeader('Content-Type', $contentType); + return $response; } /** |