refactor(user_ldap): Replace security annotations with respective att…

…ributes Signed-off-by: provokateurin <kate@provokateurin.de>
nextcloud · Jul 27, 2024 · c2e9c1b · c2e9c1b
1 parent 212a621
commit c2e9c1b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 19 deletions.
diff --git a/apps/user_ldap/lib/Controller/ConfigAPIController.php b/apps/user_ldap/lib/Controller/ConfigAPIController.php
@@ -11,7 +11,9 @@
 use OCA\User_LDAP\Configuration;
 use OCA\User_LDAP\ConnectionFactory;
 use OCA\User_LDAP\Helper;
+use OCA\User_LDAP\Settings\Admin;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSException;
@@ -46,12 +48,12 @@ public function __construct(
 	/**
 	 * Create a new (empty) configuration and return the resulting prefix
 	 *
-	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
 	 * @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}>
 	 * @throws OCSException
 	 *
 	 * 200: Config created successfully
 	 */
+	#[AuthorizedAdminSetting(Admin::class)]
 	public function create() {
 		try {
 			$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
@@ -68,14 +70,14 @@ public function create() {
 	/**
 	 * Delete a LDAP configuration
 	 *
-	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
 	 * @param string $configID ID of the config
 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
 	 * @throws OCSException
 	 * @throws OCSNotFoundException Config not found
 	 *
 	 * 200: Config deleted successfully
 	 */
+	#[AuthorizedAdminSetting(Admin::class)]
 	public function delete($configID) {
 		try {
 			$this->ensureConfigIDExists($configID);
@@ -95,7 +97,6 @@ public function delete($configID) {
 	/**
 	 * Modify a configuration
 	 *
-	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
 	 * @param string $configID ID of the config
 	 * @param array<string, mixed> $configData New config
 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
@@ -105,6 +106,7 @@ public function delete($configID) {
 	 *
 	 * 200: Config returned
 	 */
+	#[AuthorizedAdminSetting(Admin::class)]
 	public function modify($configID, $configData) {
 		try {
 			$this->ensureConfigIDExists($configID);
@@ -200,7 +202,6 @@ public function modify($configID, $configData) {
 	 *   </data>
 	 * </ocs>
 	 *
-	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
 	 * @param string $configID ID of the config
 	 * @param bool $showPassword Whether to show the password
 	 * @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>
@@ -209,6 +210,7 @@ public function modify($configID, $configData) {
 	 *
 	 * 200: Config returned
 	 */
+	#[AuthorizedAdminSetting(Admin::class)]
 	public function show($configID, $showPassword = false) {
 		try {
 			$this->ensureConfigIDExists($configID);
@@ -237,10 +239,10 @@ public function show($configID, $showPassword = false) {
 	/**
 	 * If the given config ID is not available, an exception is thrown
 	 *
-	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
 	 * @param string $configID
 	 * @throws OCSNotFoundException
 	 */
+	#[AuthorizedAdminSetting(Admin::class)]
 	private function ensureConfigIDExists($configID): void {
 		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
 		if (!in_array($configID, $prefixes, true)) {

diff --git a/apps/user_ldap/lib/Controller/RenewPasswordController.php b/apps/user_ldap/lib/Controller/RenewPasswordController.php
@@ -6,7 +6,10 @@
 namespace OCA\User_LDAP\Controller;
 
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
+use OCP\AppFramework\Http\Attribute\UseSession;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\HintException;
@@ -49,24 +52,22 @@ public function __construct($appName, IRequest $request, IUserManager $userManag
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * @return RedirectResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function cancel() {
 		return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
 	 * @param string $user
 	 *
 	 * @return TemplateResponse|RedirectResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[UseSession]
 	public function showRenewPasswordForm($user) {
 		if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
 			return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
@@ -102,15 +103,14 @@ public function showRenewPasswordForm($user) {
 	}
 
 	/**
-	 * @PublicPage
-	 * @UseSession
-	 *
 	 * @param string $user
 	 * @param string $oldPassword
 	 * @param string $newPassword
 	 *
 	 * @return RedirectResponse
 	 */
+	#[PublicPage]
+	#[UseSession]
 	public function tryRenewPassword($user, $oldPassword, $newPassword) {
 		if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
 			return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
@@ -146,12 +146,11 @@ public function tryRenewPassword($user, $oldPassword, $newPassword) {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
 	 * @return RedirectResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[UseSession]
 	public function showLoginFormInvalidPassword($user) {
 		$args = !is_null($user) ? ['user' => $user] : [];
 		$this->session->set('loginMessages', [