upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-23 07:08:34 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

refactor(oauth2): Replace security annotations with respective attributes

Browse source 
Signed-off-by: provokateurin <kate@provokateurin.de>
This commit is contained in:
provokateurin 2024-07-25 13:14:48 +02:00 committed by Kate
parent 1082164364
commit d8adbce1be
2 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apps/oauth2/lib/Controller/LoginRedirectorController.php
View file

@ -12,6 +12,9 @@ use OCA\OAuth2\Db\ClientMapper;
use OCA\OAuth2\Exceptions\ClientNotFoundException;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IL10N;
@ -51,10 +54,6 @@ class LoginRedirectorController extends Controller {
}
/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* Authorize the user
*
* @param string $client_id Client ID
@ -65,6 +64,9 @@ class LoginRedirectorController extends Controller {
* 200: Client not found
* 303: Redirect to login URL
*/
#[PublicPage]
#[NoCSRFRequired]
#[UseSession]
public function authorize($client_id,
$state,
$response_type): TemplateResponse|RedirectResponse {

10
apps/oauth2/lib/Controller/OauthApiController.php
View file

@ -15,6 +15,9 @@ use OCA\OAuth2\Exceptions\AccessTokenNotFoundException;
use OCA\OAuth2\Exceptions\ClientNotFoundException;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\ExpiredTokenException;
@ -47,10 +50,6 @@ class OauthApiController extends Controller {
}
/**
* @PublicPage
* @NoCSRFRequired
* @BruteForceProtection(action=oauth2GetToken)
*
* Get a token
*
* @param string $grant_type Token type that should be granted
@ -64,6 +63,9 @@ class OauthApiController extends Controller {
* 200: Token returned
* 400: Getting token is not possible
*/
#[PublicPage]
#[NoCSRFRequired]
#[BruteForceProtection(action: 'oauth2GetToken')]
public function getToken(
string $grant_type, ?string $code, ?string $refresh_token,
?string $client_id, ?string $client_secret