diff --git a/apps/federation/lib/Controller/OCSAuthAPIController.php b/apps/federation/lib/Controller/OCSAuthAPIController.php index b4849b274b892..8412868da42c8 100644 --- a/apps/federation/lib/Controller/OCSAuthAPIController.php +++ b/apps/federation/lib/Controller/OCSAuthAPIController.php @@ -10,7 +10,10 @@ use OCA\Federation\DbHandler; use OCA\Federation\TrustedServers; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCSController; @@ -63,10 +66,6 @@ public function __construct( /** * Request received to ask remote server for a shared secret, for legacy end-points * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=federationSharedSecret) - * * @param string $url URL of the server * @param string $token Token of the server * @return DataResponse, array{}> @@ -74,6 +73,9 @@ public function __construct( * * 200: Shared secret requested successfully */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'federationSharedSecret')] public function requestSharedSecretLegacy(string $url, string $token): DataResponse { return $this->requestSharedSecret($url, $token); } @@ -82,10 +84,6 @@ public function requestSharedSecretLegacy(string $url, string $token): DataRespo /** * Create shared secret and return it, for legacy end-points * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=federationSharedSecret) - * * @param string $url URL of the server * @param string $token Token of the server * @return DataResponse @@ -93,6 +91,9 @@ public function requestSharedSecretLegacy(string $url, string $token): DataRespo * * 200: Shared secret returned */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'federationSharedSecret')] public function getSharedSecretLegacy(string $url, string $token): DataResponse { return $this->getSharedSecret($url, $token); } @@ -100,10 +101,6 @@ public function getSharedSecretLegacy(string $url, string $token): DataResponse /** * Request received to ask remote server for a shared secret * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=federationSharedSecret) - * * @param string $url URL of the server * @param string $token Token of the server * @return DataResponse, array{}> @@ -111,6 +108,9 @@ public function getSharedSecretLegacy(string $url, string $token): DataResponse * * 200: Shared secret requested successfully */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'federationSharedSecret')] public function requestSharedSecret(string $url, string $token): DataResponse { if ($this->trustedServers->isTrustedServer($url) === false) { $this->throttler->registerAttempt('federationSharedSecret', $this->request->getRemoteAddress()); @@ -144,10 +144,6 @@ public function requestSharedSecret(string $url, string $token): DataResponse { /** * Create shared secret and return it * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=federationSharedSecret) - * * @param string $url URL of the server * @param string $token Token of the server * @return DataResponse @@ -155,6 +151,9 @@ public function requestSharedSecret(string $url, string $token): DataResponse { * * 200: Shared secret returned */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'federationSharedSecret')] public function getSharedSecret(string $url, string $token): DataResponse { if ($this->trustedServers->isTrustedServer($url) === false) { $this->throttler->registerAttempt('federationSharedSecret', $this->request->getRemoteAddress()); diff --git a/apps/federation/lib/Controller/SettingsController.php b/apps/federation/lib/Controller/SettingsController.php index f5cc7eae8ba2b..f5131581d94b7 100644 --- a/apps/federation/lib/Controller/SettingsController.php +++ b/apps/federation/lib/Controller/SettingsController.php @@ -7,8 +7,10 @@ */ namespace OCA\Federation\Controller; +use OCA\Federation\Settings\Admin; use OCA\Federation\TrustedServers; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting; use OCP\AppFramework\Http\DataResponse; use OCP\HintException; use OCP\IL10N; @@ -32,9 +34,9 @@ public function __construct(string $AppName, /** * Add server to the list of trusted Nextclouds. * - * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin) * @throws HintException */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function addServer(string $url): DataResponse { $this->checkServer($url); $id = $this->trustedServers->addServer($url); @@ -48,9 +50,8 @@ public function addServer(string $url): DataResponse { /** * Add server to the list of trusted Nextclouds. - * - * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin) */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function removeServer(int $id): DataResponse { $this->trustedServers->removeServer($id); return new DataResponse(); @@ -59,9 +60,9 @@ public function removeServer(int $id): DataResponse { /** * Check if the server should be added to the list of trusted servers or not. * - * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin) * @throws HintException */ + #[AuthorizedAdminSetting(settings: Admin::class)] protected function checkServer(string $url): bool { if ($this->trustedServers->isTrustedServer($url) === true) { $message = 'Server is already in the list of trusted servers.';