Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(user_ldap): Replace security annotations with respective attributes #46822

Merged
merged 1 commit into from
Jul 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 7 additions & 5 deletions apps/user_ldap/lib/Controller/ConfigAPIController.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@
use OCA\User_LDAP\Configuration;
use OCA\User_LDAP\ConnectionFactory;
use OCA\User_LDAP\Helper;
use OCA\User_LDAP\Settings\Admin;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
Expand Down Expand Up @@ -46,12 +48,12 @@ public function __construct(
/**
* Create a new (empty) configuration and return the resulting prefix
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}>
* @throws OCSException
*
* 200: Config created successfully
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function create() {
try {
$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
Expand All @@ -68,14 +70,14 @@ public function create() {
/**
* Delete a LDAP configuration
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
* @throws OCSException
* @throws OCSNotFoundException Config not found
*
* 200: Config deleted successfully
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function delete($configID) {
try {
$this->ensureConfigIDExists($configID);
Expand All @@ -95,7 +97,6 @@ public function delete($configID) {
/**
* Modify a configuration
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @param array<string, mixed> $configData New config
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
Expand All @@ -105,6 +106,7 @@ public function delete($configID) {
*
* 200: Config returned
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function modify($configID, $configData) {
try {
$this->ensureConfigIDExists($configID);
Expand Down Expand Up @@ -200,7 +202,6 @@ public function modify($configID, $configData) {
* </data>
* </ocs>
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID ID of the config
* @param bool $showPassword Whether to show the password
* @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>
Expand All @@ -209,6 +210,7 @@ public function modify($configID, $configData) {
*
* 200: Config returned
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function show($configID, $showPassword = false) {
try {
$this->ensureConfigIDExists($configID);
Expand Down Expand Up @@ -237,10 +239,10 @@ public function show($configID, $showPassword = false) {
/**
* If the given config ID is not available, an exception is thrown
*
* @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
* @param string $configID
* @throws OCSNotFoundException
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
private function ensureConfigIDExists($configID): void {
$prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
if (!in_array($configID, $prefixes, true)) {
Expand Down
27 changes: 13 additions & 14 deletions apps/user_ldap/lib/Controller/RenewPasswordController.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@
namespace OCA\User_LDAP\Controller;

use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\HintException;
Expand Down Expand Up @@ -49,24 +52,22 @@ public function __construct($appName, IRequest $request, IUserManager $userManag
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @return RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function cancel() {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
}

/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @param string $user
*
* @return TemplateResponse|RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
#[UseSession]
public function showRenewPasswordForm($user) {
if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
Expand Down Expand Up @@ -102,15 +103,14 @@ public function showRenewPasswordForm($user) {
}

/**
* @PublicPage
* @UseSession
*
* @param string $user
* @param string $oldPassword
* @param string $newPassword
*
* @return RedirectResponse
*/
#[PublicPage]
#[UseSession]
public function tryRenewPassword($user, $oldPassword, $newPassword) {
if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
Expand Down Expand Up @@ -146,12 +146,11 @@ public function tryRenewPassword($user, $oldPassword, $newPassword) {
}

/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @return RedirectResponse
*/
#[PublicPage]
#[NoCSRFRequired]
#[UseSession]
public function showLoginFormInvalidPassword($user) {
$args = !is_null($user) ? ['user' => $user] : [];
$this->session->set('loginMessages', [
Expand Down
Loading