From df12869381e64645f19df3ecbbbd14840c44bc45 Mon Sep 17 00:00:00 2001
From: Marcel Klehr <mklehr@gmx.net>
Date: Thu, 28 Aug 2025 09:15:48 +0200
Subject: [PATCH 1/3] fix(TaskProcessingApiController): Don't allow anonymous
 access anymore

Signed-off-by: Marcel Klehr <mklehr@gmx.net>

[skip ci]
---
 core/Controller/TaskProcessingApiController.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/core/Controller/TaskProcessingApiController.php b/core/Controller/TaskProcessingApiController.php
index cba538509b2..3b0a54d8cd2 100644
--- a/core/Controller/TaskProcessingApiController.php
+++ b/core/Controller/TaskProcessingApiController.php
@@ -13,7 +13,6 @@ namespace OC\Core\Controller;
 use OC\Core\ResponseDefinitions;
 use OC\Files\SimpleFS\SimpleFile;
 use OCP\AppFramework\Http;
-use OCP\AppFramework\Http\Attribute\AnonRateLimit;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
 use OCP\AppFramework\Http\Attribute\ExAppRequired;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
@@ -64,7 +63,7 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 *
 	 * 200: Task types returned
 	 */
-	#[PublicPage]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/tasktypes', root: '/taskprocessing')]
 	public function taskTypes(): DataResponse {
 		$taskTypes = array_map(function (array $tt) {
@@ -115,9 +114,8 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 * 412: Scheduling task is not possible
 	 * 401: Cannot schedule task because it references files in its input that the user doesn't have access to
 	 */
-	#[PublicPage]
 	#[UserRateLimit(limit: 20, period: 120)]
-	#[AnonRateLimit(limit: 5, period: 120)]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'POST', url: '/schedule', root: '/taskprocessing')]
 	public function schedule(
 		array $input, string $type, string $appId, string $customId = '',
@@ -158,7 +156,7 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController {
 	 * 200: Task returned
 	 * 404: Task not found
 	 */
-	#[PublicPage]
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/task/{id}', root: '/taskprocessing')]
 	public function getTask(int $id): DataResponse {
 		try {

From b26676af9801ecdb7343e7f14e2ffabec6355717 Mon Sep 17 00:00:00 2001
From: Marcel Klehr <mklehr@gmx.net>
Date: Fri, 29 Aug 2025 09:35:54 +0200
Subject: [PATCH 2/3] fix: Update openapi specs

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
---
 core/openapi-full.json | 3 ---
 core/openapi.json      | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/core/openapi-full.json b/core/openapi-full.json
index 36ff35d55b9..9271d05b329 100644
--- a/core/openapi-full.json
+++ b/core/openapi-full.json
@@ -3837,7 +3837,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -3910,7 +3909,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -4180,7 +4178,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
diff --git a/core/openapi.json b/core/openapi.json
index 582b01fd050..8a8225c9b04 100644
--- a/core/openapi.json
+++ b/core/openapi.json
@@ -3837,7 +3837,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -3910,7 +3909,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },
@@ -4180,7 +4178,6 @@
                     "task_processing_api"
                 ],
                 "security": [
-                    {},
                     {
                         "bearer_auth": []
                     },

From 1f70dc3c28fe1ba0e2d2777ee89a313a2cb64b49 Mon Sep 17 00:00:00 2001
From: Marcel Klehr <mklehr@gmx.net>
Date: Fri, 29 Aug 2025 09:52:40 +0200
Subject: [PATCH 3/3] fix: Run cs:fix

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
---
 core/Controller/TaskProcessingApiController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core/Controller/TaskProcessingApiController.php b/core/Controller/TaskProcessingApiController.php
index 3b0a54d8cd2..8da55cebffb 100644
--- a/core/Controller/TaskProcessingApiController.php
+++ b/core/Controller/TaskProcessingApiController.php
@@ -16,7 +16,6 @@ use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
 use OCP\AppFramework\Http\Attribute\ExAppRequired;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
-use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\DataDownloadResponse;
 use OCP\AppFramework\Http\DataResponse;