diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-04-24 12:54:48 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-04-24 12:54:48 +0200 |
| commit | a51ebee5a24619c15981a0b6abd08f790ad659df (patch) | |
| tree | 004872b187318949445258b7446e27a6decebc32 | |
| parent | 5625c65c9ea3b053f1d943046a1f75e401526af2 (diff) | |
fix(controllers): Migrate to BruteForceProtection attribute
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/Controller/FilesIntegrationController.php | 3 | ||||
| -rw-r--r-- | lib/Controller/PageController.php | 9 | ||||
| -rw-r--r-- | lib/Controller/RecordingController.php | 7 | ||||
| -rw-r--r-- | lib/Controller/RoomController.php | 11 | ||||
| -rw-r--r-- | lib/Controller/SignalingController.php | 7 |
5 files changed, 20 insertions, 17 deletions
diff --git a/lib/Controller/FilesIntegrationController.php b/lib/Controller/FilesIntegrationController.php index be50a1165..ba011c635 100644 --- a/lib/Controller/FilesIntegrationController.php +++ b/lib/Controller/FilesIntegrationController.php @@ -31,6 +31,7 @@ use OCA\Talk\Room; use OCA\Talk\Service\RoomService; use OCA\Talk\TalkSession; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSException; @@ -149,7 +150,6 @@ class FilesIntegrationController extends OCSController { /** * @PublicPage - * @BruteForceProtection(action=shareinfo) * * Returns the token of the room associated to the file id of the given * share token. @@ -180,6 +180,7 @@ class FilesIntegrationController extends OCSController { * or "404 Not found" if the given share token was invalid. */ #[UseSession] + #[BruteForceProtection(action: 'shareinfo')] public function getRoomByShareToken(string $shareToken): DataResponse { if ($this->config->getAppValue('spreed', 'conversations_files', '1') !== '1' || $this->config->getAppValue('spreed', 'conversations_files_public_shares', '1') !== '1') { diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index c4a3f0d50..1efe8c198 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -40,6 +40,7 @@ use OCA\Viewer\Event\LoadViewer; use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\NotFoundResponse; @@ -127,13 +128,13 @@ class PageController extends Controller { /** * @PublicPage * @NoCSRFRequired - * @BruteForceProtection(action=talkRoomToken) * * @param string $token * @return Response * @throws HintException */ #[UseSession] + #[BruteForceProtection(action: 'talkRoomToken')] public function showCall(string $token): Response { // This is the entry point from the `/call/{token}` URL which is hardcoded in the server. return $this->index($token); @@ -142,7 +143,6 @@ class PageController extends Controller { /** * @PublicPage * @NoCSRFRequired - * @BruteForceProtection(action=talkRoomPassword) * * @param string $token * @param string $password @@ -150,6 +150,7 @@ class PageController extends Controller { * @throws HintException */ #[UseSession] + #[BruteForceProtection(action: 'talkRoomPassword')] public function authenticatePassword(string $token, string $password = ''): Response { // This is the entry point from the `/call/{token}` URL which is hardcoded in the server. return $this->index($token, '', $password); @@ -178,7 +179,6 @@ class PageController extends Controller { /** * @PublicPage * @NoCSRFRequired - * @BruteForceProtection(action=talkRoomToken) * * @param string $token * @param string $callUser @@ -186,6 +186,7 @@ class PageController extends Controller { * @return TemplateResponse|RedirectResponse * @throws HintException */ + #[BruteForceProtection(action: 'talkRoomToken')] #[UseSession] public function index(string $token = '', string $callUser = '', string $password = ''): Response { $bruteForceToken = $token; @@ -309,11 +310,11 @@ class PageController extends Controller { /** * @PublicPage * @NoCSRFRequired - * @BruteForceProtection(action=talkRoomToken) * * @param string $token * @return TemplateResponse|NotFoundResponse */ + #[BruteForceProtection(action: 'talkRoomToken')] public function recording(string $token): Response { try { $room = $this->manager->getRoomByToken($token); diff --git a/lib/Controller/RecordingController.php b/lib/Controller/RecordingController.php index 702f9bbc3..b016e00c4 100644 --- a/lib/Controller/RecordingController.php +++ b/lib/Controller/RecordingController.php @@ -36,6 +36,7 @@ use OCA\Talk\Service\ParticipantService; use OCA\Talk\Service\RecordingService; use OCA\Talk\Service\RoomService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\DataResponse; use OCP\Http\Client\IClientService; use OCP\IRequest; @@ -132,10 +133,10 @@ class RecordingController extends AEnvironmentAwareController { * Backend API to update recording status by backends. * * @PublicPage - * @BruteForceProtection(action=talkRecordingSecret) * * @return DataResponse */ + #[BruteForceProtection(action: 'talkRecordingSecret')] public function backend(): DataResponse { $json = $this->getInputStream(); if (!$this->validateBackendRequest($json)) { @@ -292,10 +293,8 @@ class RecordingController extends AEnvironmentAwareController { /** * @PublicPage * @RequireRoom - * @BruteForceProtection(action=talkRecordingSecret) - * - * @return DataResponse */ + #[BruteForceProtection(action: 'talkRecordingSecret')] public function store(string $owner): DataResponse { $data = $this->room->getToken(); if (!$this->validateBackendRequest($data)) { diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php index 0656d038c..c8121437e 100644 --- a/lib/Controller/RoomController.php +++ b/lib/Controller/RoomController.php @@ -53,6 +53,7 @@ use OCA\Talk\TalkSession; use OCA\Talk\Webinary; use OCP\App\IAppManager; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\EventDispatcher\IEventDispatcher; @@ -284,10 +285,10 @@ class RoomController extends AEnvironmentAwareController { * * @NoAdminRequired * @RequireLoggedInParticipant - * @BruteForceProtection(action=talkRoomToken) * * @return DataResponse */ + #[BruteForceProtection(action: 'talkRoomToken')] public function getBreakoutRooms(): DataResponse { try { $rooms = $this->breakoutRoomService->getBreakoutRooms($this->room, $this->participant); @@ -312,11 +313,11 @@ class RoomController extends AEnvironmentAwareController { /** * @PublicPage - * @BruteForceProtection(action=talkRoomToken) * * @param string $token * @return DataResponse */ + #[BruteForceProtection(action: 'talkRoomToken')] public function getSingleRoom(string $token): DataResponse { try { $isSIPBridgeRequest = $this->validateSIPBridgeRequest($token); @@ -1222,13 +1223,13 @@ class RoomController extends AEnvironmentAwareController { /** * @PublicPage - * @BruteForceProtection(action=talkRoomPassword) * * @param string $token * @param string $password * @param bool $force * @return DataResponse */ + #[BruteForceProtection(action: 'talkRoomPassword')] public function joinRoom(string $token, string $password = '', bool $force = true): DataResponse { $sessionId = $this->session->getSessionForRoom($token); try { @@ -1305,11 +1306,11 @@ class RoomController extends AEnvironmentAwareController { /** * @PublicPage * @RequireRoom - * @BruteForceProtection(action=talkSipBridgeSecret) * * @param string $pin * @return DataResponse */ + #[BruteForceProtection(action: 'talkSipBridgeSecret')] public function getParticipantByDialInPin(string $pin): DataResponse { try { if (!$this->validateSIPBridgeRequest($this->room->getToken())) { @@ -1335,10 +1336,10 @@ class RoomController extends AEnvironmentAwareController { /** * @PublicPage * @RequireRoom - * @BruteForceProtection(action=talkSipBridgeSecret) * * @return DataResponse */ + #[BruteForceProtection(action: 'talkSipBridgeSecret')] public function createGuestByDialIn(): DataResponse { try { if (!$this->validateSIPBridgeRequest($this->room->getToken())) { diff --git a/lib/Controller/SignalingController.php b/lib/Controller/SignalingController.php index 40a8acd8a..1652672fa 100644 --- a/lib/Controller/SignalingController.php +++ b/lib/Controller/SignalingController.php @@ -40,6 +40,7 @@ use OCA\Talk\Service\SessionService; use OCA\Talk\Signaling\Messages; use OCA\Talk\TalkSession; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCSController; use OCP\AppFramework\Utility\ITimeFactory; @@ -145,11 +146,11 @@ class SignalingController extends OCSController { /** * @PublicPage - * @BruteForceProtection(action=talkRoomToken) * * @param string $token * @return DataResponse */ + #[BruteForceProtection(action: 'talkRoomToken')] public function getSettings(string $token = ''): DataResponse { $isRecordingRequest = false; @@ -176,7 +177,7 @@ class SignalingController extends OCSController { } } catch (RoomNotFoundException $e) { $response = new DataResponse([], Http::STATUS_NOT_FOUND); - $response->throttle(['token' => $token]); + $response->throttle(['token' => $token, 'action' => 'talkRoomToken']); return $response; } @@ -526,10 +527,10 @@ class SignalingController extends OCSController { * https://nextcloud-spreed-signaling.readthedocs.io/en/latest/standalone-signaling-api-v1/#backend-requests * * @PublicPage - * @BruteForceProtection(action=talkSignalingSecret) * * @return DataResponse */ + #[BruteForceProtection(action: 'talkSignalingSecret')] public function backend(): DataResponse { $json = $this->getInputStream(); if (!$this->validateBackendRequest($json)) { |