Skip to content

Commit b5bc4f3

Browse files
provokateurinprovokateurin
authored
Merge pull request #46744 from nextcloud/refactor/cloud_federation_api/security-attributes
2 parents 3133aba + 8db6cfc commit b5bc4f3

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

apps/cloud_federation_api/lib/Controller/RequestHandlerController.php

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,10 @@
99
use OCA\CloudFederationAPI\ResponseDefinitions;
1010
use OCP\AppFramework\Controller;
1111
use OCP\AppFramework\Http;
12+
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
13+
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
1214
use OCP\AppFramework\Http\Attribute\OpenAPI;
15+
use OCP\AppFramework\Http\Attribute\PublicPage;
1316
use OCP\AppFramework\Http\JSONResponse;
1417
use OCP\Federation\Exceptions\ActionNotSupportedException;
1518
use OCP\Federation\Exceptions\AuthenticationFailedException;
@@ -55,10 +58,6 @@ public function __construct(
5558
/**
5659
* Add share
5760
*
58-
* @NoCSRFRequired
59-
* @PublicPage
60-
* @BruteForceProtection(action=receiveFederatedShare)
61-
*
6261
* @param string $shareWith The user who the share will be shared with
6362
* @param string $name The resource name (e.g. document.odt)
6463
* @param string|null $description Share description
@@ -76,6 +75,9 @@ public function __construct(
7675
* 400: Bad request due to invalid parameters, e.g. when `shareWith` is not found or required properties are missing
7776
* 501: Share type or the resource type is not supported
7877
*/
78+
#[PublicPage]
79+
#[NoCSRFRequired]
80+
#[BruteForceProtection(action: 'receiveFederatedShare')]
7981
public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {
8082
// check if all required parameters are set
8183
if ($shareWith === null ||
@@ -185,10 +187,6 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $
185187
/**
186188
* Send a notification about an existing share
187189
*
188-
* @NoCSRFRequired
189-
* @PublicPage
190-
* @BruteForceProtection(action=receiveFederatedShareNotification)
191-
*
192190
* @param string $notificationType Notification type, e.g. SHARE_ACCEPTED
193191
* @param string $resourceType calendar, file, contact,...
194192
* @param string|null $providerId ID of the share
@@ -200,6 +198,9 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $
200198
* 403: Getting resource is not allowed
201199
* 501: The resource type is not supported
202200
*/
201+
#[NoCSRFRequired]
202+
#[PublicPage]
203+
#[BruteForceProtection(action: 'receiveFederatedShareNotification')]
203204
public function receiveNotification($notificationType, $resourceType, $providerId, ?array $notification) {
204205
// check if all required parameters are set
205206
if ($notificationType === null ||

0 commit comments

Comments
 (0)