refactor(federation): Replace security annotations with respective attributes

apps/federation/lib/Controller/OCSAuthAPIController.php

@@ -10,7 +10,10 @@
 use OCA\Federation\DbHandler;
 use OCA\Federation\TrustedServers;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCSController;
@@ -63,17 +66,16 @@ public function __construct(
  /**
  * Request received to ask remote server for a shared secret, for legacy end-points
  *
- * @NoCSRFRequired
- * @PublicPage
- * @BruteForceProtection(action=federationSharedSecret)
- *
  * @param string $url URL of the server
  * @param string $token Token of the server
  * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  * @throws OCSForbiddenException Requesting shared secret is not allowed
  *
  * 200: Shared secret requested successfully
  */
+ #[NoCSRFRequired]
+ #[PublicPage]
+ #[BruteForceProtection(action: 'federationSharedSecret')]
  public function requestSharedSecretLegacy(string $url, string $token): DataResponse {
  return $this->requestSharedSecret($url, $token);
  }
@@ -82,35 +84,33 @@ public function requestSharedSecretLegacy(string $url, string $token): DataRespo
  /**
  * Create shared secret and return it, for legacy end-points
  *
- * @NoCSRFRequired
- * @PublicPage
- * @BruteForceProtection(action=federationSharedSecret)
- *
  * @param string $url URL of the server
  * @param string $token Token of the server
  * @return DataResponse<Http::STATUS_OK, array{sharedSecret: string}, array{}>
  * @throws OCSForbiddenException Getting shared secret is not allowed
  *
  * 200: Shared secret returned
  */
+ #[NoCSRFRequired]
+ #[PublicPage]
+ #[BruteForceProtection(action: 'federationSharedSecret')]
  public function getSharedSecretLegacy(string $url, string $token): DataResponse {
  return $this->getSharedSecret($url, $token);
  }
 
  /**
  * Request received to ask remote server for a shared secret
  *
- * @NoCSRFRequired
- * @PublicPage
- * @BruteForceProtection(action=federationSharedSecret)
- *
  * @param string $url URL of the server
  * @param string $token Token of the server
  * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  * @throws OCSForbiddenException Requesting shared secret is not allowed
  *
  * 200: Shared secret requested successfully
  */
+ #[NoCSRFRequired]
+ #[PublicPage]
+ #[BruteForceProtection(action: 'federationSharedSecret')]
  public function requestSharedSecret(string $url, string $token): DataResponse {
  if ($this->trustedServers->isTrustedServer($url) === false) {
  $this->throttler->registerAttempt('federationSharedSecret', $this->request->getRemoteAddress());
@@ -144,17 +144,16 @@ public function requestSharedSecret(string $url, string $token): DataResponse {
  /**
  * Create shared secret and return it
  *
- * @NoCSRFRequired
- * @PublicPage
- * @BruteForceProtection(action=federationSharedSecret)
- *
  * @param string $url URL of the server
  * @param string $token Token of the server
  * @return DataResponse<Http::STATUS_OK, array{sharedSecret: string}, array{}>
  * @throws OCSForbiddenException Getting shared secret is not allowed
  *
  * 200: Shared secret returned
  */
+ #[NoCSRFRequired]
+ #[PublicPage]
+ #[BruteForceProtection(action: 'federationSharedSecret')]
  public function getSharedSecret(string $url, string $token): DataResponse {
  if ($this->trustedServers->isTrustedServer($url) === false) {
  $this->throttler->registerAttempt('federationSharedSecret', $this->request->getRemoteAddress());

apps/federation/lib/Controller/SettingsController.php

@@ -7,8 +7,10 @@
  */
 namespace OCA\Federation\Controller;
 
+use OCA\Federation\Settings\Admin;
 use OCA\Federation\TrustedServers;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\HintException;
 use OCP\IL10N;
@@ -32,9 +34,9 @@ public function __construct(string $AppName,
  /**
  * Add server to the list of trusted Nextclouds.
  *
- * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin)
  * @throws HintException
  */
+ #[AuthorizedAdminSetting(settings: Admin::class)]
  public function addServer(string $url): DataResponse {
  $this->checkServer($url);
  $id = $this->trustedServers->addServer($url);
@@ -48,9 +50,8 @@ public function addServer(string $url): DataResponse {
 
  /**
  * Add server to the list of trusted Nextclouds.
- *
- * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin)
  */
+ #[AuthorizedAdminSetting(settings: Admin::class)]
  public function removeServer(int $id): DataResponse {
  $this->trustedServers->removeServer($id);
  return new DataResponse();
@@ -59,9 +60,9 @@ public function removeServer(int $id): DataResponse {
  /**
  * Check if the server should be added to the list of trusted servers or not.
  *
- * @AuthorizedAdminSetting(settings=OCA\Federation\Settings\Admin)
  * @throws HintException
  */
+ #[AuthorizedAdminSetting(settings: Admin::class)]
  protected function checkServer(string $url): bool {
  if ($this->trustedServers->isTrustedServer($url) === true) {
  $message = 'Server is already in the list of trusted servers.';