diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index beeb2034fb7cf..9e5eab4feceb7 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -43,6 +43,7 @@ use OC_App; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\DataResponse; @@ -61,7 +62,6 @@ use OCP\Security\Bruteforce\IThrottler; use OCP\Util; -#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] class LoginController extends Controller { public const LOGIN_MSG_INVALIDPASSWORD = 'invalidpassword'; public const LOGIN_MSG_USERDISABLED = 'userdisabled'; @@ -126,6 +126,7 @@ public function logout() { * @return TemplateResponse|RedirectResponse */ #[UseSession] + #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response { if ($this->userSession->isLoggedIn()) { return new RedirectResponse($this->urlGenerator->linkToDefaultPageUrl()); @@ -274,6 +275,7 @@ private function generateRedirect(?string $redirectUrl): RedirectResponse { * @return RedirectResponse */ #[UseSession] + #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] public function tryLogin(Chain $loginChain, string $user = '', string $password = '', @@ -352,13 +354,22 @@ private function createLoginFailedResponse( } /** + * Confirm the user password + * * @NoAdminRequired * @BruteForceProtection(action=sudo) * * @license GNU AGPL version 3 or any later version * + * @param string $password The password of the user + * + * @return DataResponse|DataResponse, array{}> + * + * 200: Password confirmation succeeded + * 403: Password confirmation failed */ #[UseSession] + #[NoCSRFRequired] public function confirmPassword(string $password): DataResponse { $loginName = $this->userSession->getLoginName(); $loginResult = $this->userManager->checkPassword($loginName, $password); diff --git a/core/openapi.json b/core/openapi.json index 784cce560cd2b..9bfee0d40b937 100644 --- a/core/openapi.json +++ b/core/openapi.json @@ -919,6 +919,63 @@ } } }, + "/index.php/login/confirm": { + "post": { + "operationId": "login-confirm-password", + "summary": "Confirm the user password", + "tags": [ + "login" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "parameters": [ + { + "name": "password", + "in": "query", + "description": "The password of the user", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Password confirmation succeeded", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "lastLogin" + ], + "properties": { + "lastLogin": { + "type": "integer", + "format": "int64" + } + } + } + } + } + }, + "403": { + "description": "Password confirmation failed", + "content": { + "application/json": { + "schema": {} + } + } + } + } + } + }, "/index.php/login/v2/poll": { "post": { "operationId": "client_flow_login_v2-poll",