Merge pull request #54701 from nextcloud/backport/54690/stable30

[stable30] fix(TaskProcessingApiController): Don't allow anonymous access anymore

core/Controller/TaskProcessingApiController.php

@@ -13,11 +13,9 @@ namespace OC\Core\Controller;
 use OC\Core\ResponseDefinitions;
 use OC\Files\SimpleFS\SimpleFile;
 use OCP\AppFramework\Http;
-use OCP\AppFramework\Http\Attribute\AnonRateLimit;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
 use OCP\AppFramework\Http\Attribute\ExAppRequired;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
-use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\DataDownloadResponse;
 use OCP\AppFramework\Http\DataResponse;
@@ -64,7 +62,7 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 *
 	 * 200: Task types returned
 	 */
-	#[PublicPage]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/tasktypes', root: '/taskprocessing')]
 	public function taskTypes(): DataResponse {
 		$taskTypes = array_map(function (array $tt) {
@@ -115,9 +113,8 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 * 412: Scheduling task is not possible
 	 * 401: Cannot schedule task because it references files in its input that the user doesn't have access to
 	 */
-	#[PublicPage]
 	#[UserRateLimit(limit: 20, period: 120)]
-	#[AnonRateLimit(limit: 5, period: 120)]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'POST', url: '/schedule', root: '/taskprocessing')]
 	public function schedule(
 		array $input, string $type, string $appId, string $customId = '',
@@ -158,7 +155,7 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 * 200: Task returned
 	 * 404: Task not found
 	 */
-	#[PublicPage]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/task/{id}', root: '/taskprocessing')]
 	public function getTask(int $id): DataResponse {
 		try {

core/openapi-full.json

@@ -3837,7 +3837,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -3910,7 +3909,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -4180,7 +4178,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },

core/openapi.json

@@ -3837,7 +3837,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -3910,7 +3909,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -4180,7 +4178,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },