Skip to content

Commit c8a12a5

Browse files
marcelklehrmarcelklehr
authored
Merge pull request #54690 from nextcloud/fix/taskprocessing-no-anonymous-use
fix(TaskProcessingApiController): Don't allow anonymous access anymore
2 parents c1b3b3c + 6c85500 commit c8a12a5

File tree

4 files changed

+294
-63
lines changed

4 files changed

+294
-63
lines changed

core/Controller/TaskProcessingApiController.php

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,10 @@
1313
use OC\Core\ResponseDefinitions;
1414
use OC\Files\SimpleFS\SimpleFile;
1515
use OCP\AppFramework\Http;
16-
use OCP\AppFramework\Http\Attribute\AnonRateLimit;
1716
use OCP\AppFramework\Http\Attribute\ApiRoute;
1817
use OCP\AppFramework\Http\Attribute\ExAppRequired;
1918
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
2019
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
21-
use OCP\AppFramework\Http\Attribute\PublicPage;
2220
use OCP\AppFramework\Http\Attribute\UserRateLimit;
2321
use OCP\AppFramework\Http\DataResponse;
2422
use OCP\AppFramework\Http\StreamResponse;
@@ -67,7 +65,7 @@ public function __construct(
6765
*
6866
* 200: Task types returned
6967
*/
70-
#[PublicPage]
68+
#[NoAdminRequired]
7169
#[ApiRoute(verb: 'GET', url: '/tasktypes', root: '/taskprocessing')]
7270
public function taskTypes(): DataResponse {
7371
/** @var array<string, CoreTaskProcessingTaskType> $taskTypes */
@@ -157,9 +155,8 @@ public function taskTypes(): DataResponse {
157155
* 412: Scheduling task is not possible
158156
* 401: Cannot schedule task because it references files in its input that the user doesn't have access to
159157
*/
160-
#[PublicPage]
161158
#[UserRateLimit(limit: 20, period: 120)]
162-
#[AnonRateLimit(limit: 5, period: 120)]
159+
#[NoAdminRequired]
163160
#[ApiRoute(verb: 'POST', url: '/schedule', root: '/taskprocessing')]
164161
public function schedule(
165162
array $input, string $type, string $appId, string $customId = '',
@@ -200,7 +197,7 @@ public function schedule(
200197
* 200: Task returned
201198
* 404: Task not found
202199
*/
203-
#[PublicPage]
200+
#[NoAdminRequired]
204201
#[ApiRoute(verb: 'GET', url: '/task/{id}', root: '/taskprocessing')]
205202
public function getTask(int $id): DataResponse {
206203
try {

core/openapi-full.json

Lines changed: 97 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4761,7 +4761,6 @@
47614761
"task_processing_api"
47624762
],
47634763
"security": [
4764-
{},
47654764
{
47664765
"bearer_auth": []
47674766
},
@@ -4822,6 +4821,34 @@
48224821
}
48234822
}
48244823
}
4824+
},
4825+
"401": {
4826+
"description": "Current user is not logged in",
4827+
"content": {
4828+
"application/json": {
4829+
"schema": {
4830+
"type": "object",
4831+
"required": [
4832+
"ocs"
4833+
],
4834+
"properties": {
4835+
"ocs": {
4836+
"type": "object",
4837+
"required": [
4838+
"meta",
4839+
"data"
4840+
],
4841+
"properties": {
4842+
"meta": {
4843+
"$ref": "#/components/schemas/OCSMeta"
4844+
},
4845+
"data": {}
4846+
}
4847+
}
4848+
}
4849+
}
4850+
}
4851+
}
48254852
}
48264853
}
48274854
}
@@ -4834,7 +4861,6 @@
48344861
"task_processing_api"
48354862
],
48364863
"security": [
4837-
{},
48384864
{
48394865
"bearer_auth": []
48404866
},
@@ -5061,35 +5087,60 @@
50615087
"content": {
50625088
"application/json": {
50635089
"schema": {
5064-
"type": "object",
5065-
"required": [
5066-
"ocs"
5067-
],
5068-
"properties": {
5069-
"ocs": {
5090+
"anyOf": [
5091+
{
50705092
"type": "object",
50715093
"required": [
5072-
"meta",
5073-
"data"
5094+
"ocs"
50745095
],
50755096
"properties": {
5076-
"meta": {
5077-
"$ref": "#/components/schemas/OCSMeta"
5078-
},
5079-
"data": {
5097+
"ocs": {
50805098
"type": "object",
50815099
"required": [
5082-
"message"
5100+
"meta",
5101+
"data"
50835102
],
50845103
"properties": {
5085-
"message": {
5086-
"type": "string"
5104+
"meta": {
5105+
"$ref": "#/components/schemas/OCSMeta"
5106+
},
5107+
"data": {
5108+
"type": "object",
5109+
"required": [
5110+
"message"
5111+
],
5112+
"properties": {
5113+
"message": {
5114+
"type": "string"
5115+
}
5116+
}
50875117
}
50885118
}
50895119
}
50905120
}
5121+
},
5122+
{
5123+
"type": "object",
5124+
"required": [
5125+
"ocs"
5126+
],
5127+
"properties": {
5128+
"ocs": {
5129+
"type": "object",
5130+
"required": [
5131+
"meta",
5132+
"data"
5133+
],
5134+
"properties": {
5135+
"meta": {
5136+
"$ref": "#/components/schemas/OCSMeta"
5137+
},
5138+
"data": {}
5139+
}
5140+
}
5141+
}
50915142
}
5092-
}
5143+
]
50935144
}
50945145
}
50955146
}
@@ -5106,7 +5157,6 @@
51065157
"task_processing_api"
51075158
],
51085159
"security": [
5109-
{},
51105160
{
51115161
"bearer_auth": []
51125162
},
@@ -5250,6 +5300,34 @@
52505300
}
52515301
}
52525302
}
5303+
},
5304+
"401": {
5305+
"description": "Current user is not logged in",
5306+
"content": {
5307+
"application/json": {
5308+
"schema": {
5309+
"type": "object",
5310+
"required": [
5311+
"ocs"
5312+
],
5313+
"properties": {
5314+
"ocs": {
5315+
"type": "object",
5316+
"required": [
5317+
"meta",
5318+
"data"
5319+
],
5320+
"properties": {
5321+
"meta": {
5322+
"$ref": "#/components/schemas/OCSMeta"
5323+
},
5324+
"data": {}
5325+
}
5326+
}
5327+
}
5328+
}
5329+
}
5330+
}
52535331
}
52545332
}
52555333
},

core/openapi.json

Lines changed: 97 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4761,7 +4761,6 @@
47614761
"task_processing_api"
47624762
],
47634763
"security": [
4764-
{},
47654764
{
47664765
"bearer_auth": []
47674766
},
@@ -4822,6 +4821,34 @@
48224821
}
48234822
}
48244823
}
4824+
},
4825+
"401": {
4826+
"description": "Current user is not logged in",
4827+
"content": {
4828+
"application/json": {
4829+
"schema": {
4830+
"type": "object",
4831+
"required": [
4832+
"ocs"
4833+
],
4834+
"properties": {
4835+
"ocs": {
4836+
"type": "object",
4837+
"required": [
4838+
"meta",
4839+
"data"
4840+
],
4841+
"properties": {
4842+
"meta": {
4843+
"$ref": "#/components/schemas/OCSMeta"
4844+
},
4845+
"data": {}
4846+
}
4847+
}
4848+
}
4849+
}
4850+
}
4851+
}
48254852
}
48264853
}
48274854
}
@@ -4834,7 +4861,6 @@
48344861
"task_processing_api"
48354862
],
48364863
"security": [
4837-
{},
48384864
{
48394865
"bearer_auth": []
48404866
},
@@ -5061,35 +5087,60 @@
50615087
"content": {
50625088
"application/json": {
50635089
"schema": {
5064-
"type": "object",
5065-
"required": [
5066-
"ocs"
5067-
],
5068-
"properties": {
5069-
"ocs": {
5090+
"anyOf": [
5091+
{
50705092
"type": "object",
50715093
"required": [
5072-
"meta",
5073-
"data"
5094+
"ocs"
50745095
],
50755096
"properties": {
5076-
"meta": {
5077-
"$ref": "#/components/schemas/OCSMeta"
5078-
},
5079-
"data": {
5097+
"ocs": {
50805098
"type": "object",
50815099
"required": [
5082-
"message"
5100+
"meta",
5101+
"data"
50835102
],
50845103
"properties": {
5085-
"message": {
5086-
"type": "string"
5104+
"meta": {
5105+
"$ref": "#/components/schemas/OCSMeta"
5106+
},
5107+
"data": {
5108+
"type": "object",
5109+
"required": [
5110+
"message"
5111+
],
5112+
"properties": {
5113+
"message": {
5114+
"type": "string"
5115+
}
5116+
}
50875117
}
50885118
}
50895119
}
50905120
}
5121+
},
5122+
{
5123+
"type": "object",
5124+
"required": [
5125+
"ocs"
5126+
],
5127+
"properties": {
5128+
"ocs": {
5129+
"type": "object",
5130+
"required": [
5131+
"meta",
5132+
"data"
5133+
],
5134+
"properties": {
5135+
"meta": {
5136+
"$ref": "#/components/schemas/OCSMeta"
5137+
},
5138+
"data": {}
5139+
}
5140+
}
5141+
}
50915142
}
5092-
}
5143+
]
50935144
}
50945145
}
50955146
}
@@ -5106,7 +5157,6 @@
51065157
"task_processing_api"
51075158
],
51085159
"security": [
5109-
{},
51105160
{
51115161
"bearer_auth": []
51125162
},
@@ -5250,6 +5300,34 @@
52505300
}
52515301
}
52525302
}
5303+
},
5304+
"401": {
5305+
"description": "Current user is not logged in",
5306+
"content": {
5307+
"application/json": {
5308+
"schema": {
5309+
"type": "object",
5310+
"required": [
5311+
"ocs"
5312+
],
5313+
"properties": {
5314+
"ocs": {
5315+
"type": "object",
5316+
"required": [
5317+
"meta",
5318+
"data"
5319+
],
5320+
"properties": {
5321+
"meta": {
5322+
"$ref": "#/components/schemas/OCSMeta"
5323+
},
5324+
"data": {}
5325+
}
5326+
}
5327+
}
5328+
}
5329+
}
5330+
}
52535331
}
52545332
}
52555333
},

0 commit comments

Comments
 (0)