techdebt(controllers): Migrate controllers to Attributes

lib/Controller/FilesIntegrationController.php

@@ -31,6 +31,8 @@
 use OCA\Talk\Service\RoomService;
 use OCA\Talk\TalkSession;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\UseSession;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
@@ -148,8 +150,6 @@ public function getRoomByFileId(string $fileId): DataResponse {
 
 	/**
 	 * @PublicPage
-	 * @UseSession
-	 * @BruteForceProtection(action=shareinfo)
 	 *
 	 * Returns the token of the room associated to the file id of the given
 	 * share token.
@@ -173,12 +173,14 @@ public function getRoomByFileId(string $fileId): DataResponse {
 	 * Besides the token of the room this also returns the current user ID and
 	 * display name, if any; this is needed by the Talk sidebar to know the
 	 * actual current user, as the public share page uses the incognito mode and
-	 * thus logged in users as seen as guests.
+	 * thus logged-in users as seen as guests.
 	 *
 	 * @param string $shareToken
 	 * @return DataResponse the status code is "200 OK" if a room is returned,
 	 *         or "404 Not found" if the given share token was invalid.
 	 */
+	#[UseSession]
+	#[BruteForceProtection(action: 'shareinfo')]
 	public function getRoomByShareToken(string $shareToken): DataResponse {
 		if ($this->config->getAppValue('spreed', 'conversations_files', '1') !== '1' ||
 			$this->config->getAppValue('spreed', 'conversations_files_public_shares', '1') !== '1') {
@@ -195,7 +197,7 @@ public function getRoomByShareToken(string $shareToken): DataResponse {
 			}
 		} catch (ShareNotFound $e) {
 			$response = new DataResponse([], Http::STATUS_NOT_FOUND);
-			$response->throttle(['token' => $shareToken]);
+			$response->throttle(['token' => $shareToken, 'action' => 'shareinfo']);
 			return $response;
 		}
 

lib/Controller/PageController.php

@@ -40,6 +40,8 @@
 use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\UseSession;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\NotFoundResponse;
 use OCP\AppFramework\Http\RedirectResponse;
@@ -126,13 +128,13 @@ public function __construct(
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=talkRoomToken)
 	 *
 	 * @param string $token
 	 * @return Response
 	 * @throws HintException
 	 */
+	#[UseSession]
+	#[BruteForceProtection(action: 'talkRoomToken')]
 	public function showCall(string $token): Response {
 		// This is the entry point from the `/call/{token}` URL which is hardcoded in the server.
 		return $this->index($token);
@@ -141,14 +143,14 @@ public function showCall(string $token): Response {
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=talkRoomPassword)
 	 *
 	 * @param string $token
 	 * @param string $password
 	 * @return Response
 	 * @throws HintException
 	 */
+	#[UseSession]
+	#[BruteForceProtection(action: 'talkRoomPassword')]
 	public function authenticatePassword(string $token, string $password = ''): Response {
 		// This is the entry point from the `/call/{token}` URL which is hardcoded in the server.
 		return $this->index($token, '', $password);
@@ -177,15 +179,15 @@ public function duplicateSession(): Response {
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=talkRoomToken)
 	 *
 	 * @param string $token
 	 * @param string $callUser
 	 * @param string $password
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws HintException
 	 */
+	#[BruteForceProtection(action: 'talkRoomToken')]
+	#[UseSession]
 	public function index(string $token = '', string $callUser = '', string $password = ''): Response {
 		$bruteForceToken = $token;
 		$user = $this->userSession->getUser();
@@ -256,7 +258,7 @@ public function index(string $token = '', string $callUser = '', string $passwor
 							$response = new RedirectResponse($passwordVerification['url']);
 						}
 
-						$response->throttle(['token' => $token]);
+						$response->throttle(['token' => $token, 'action' => 'talkRoomPassword']);
 						return $response;
 					}
 				}
@@ -300,25 +302,25 @@ public function index(string $token = '', string $callUser = '', string $passwor
 		$response->setContentSecurityPolicy($csp);
 		if ($throttle) {
 			// Logged-in user tried to access a chat they can not access
-			$response->throttle(['token' => $bruteForceToken]);
+			$response->throttle(['token' => $bruteForceToken, 'action' => 'talkRoomToken']);
 		}
 		return $response;
 	}
 
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=talkRoomToken)
 	 *
 	 * @param string $token
 	 * @return TemplateResponse|NotFoundResponse
 	 */
+	#[BruteForceProtection(action: 'talkRoomToken')]
 	public function recording(string $token): Response {
 		try {
 			$room = $this->manager->getRoomByToken($token);
 		} catch (RoomNotFoundException $e) {
 			$response = new NotFoundResponse();
-			$response->throttle(['token' => $token]);
+			$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
 
 			return $response;
 		}
@@ -375,7 +377,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
 			$response = new RedirectResponse($this->url->linkToRoute('core.login.showLoginForm', [
 				'redirect_url' => $redirectUrl,
 			]));
-			$response->throttle(['token' => $token]);
+			$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
 			return $response;
 		}
 
@@ -399,7 +401,7 @@ protected function guestEnterRoom(string $token, string $password): Response {
 				} else {
 					$response = new RedirectResponse($passwordVerification['url']);
 				}
-				$response->throttle(['token' => $token]);
+				$response->throttle(['token' => $token, 'action' => 'talkRoomPassword']);
 				return $response;
 			}
 		}

lib/Controller/RecordingController.php

@@ -36,6 +36,7 @@
 use OCA\Talk\Service\RecordingService;
 use OCA\Talk\Service\RoomService;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\Http\Client\IClientService;
 use OCP\IRequest;
@@ -132,10 +133,10 @@ protected function getInputStream(): string {
 	 * Backend API to update recording status by backends.
 	 *
 	 * @PublicPage
-	 * @BruteForceProtection(action=talkRecordingSecret)
 	 *
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkRecordingSecret')]
 	public function backend(): DataResponse {
 		$json = $this->getInputStream();
 		if (!$this->validateBackendRequest($json)) {
@@ -146,7 +147,7 @@ public function backend(): DataResponse {
 					'message' => 'The request could not be authenticated.',
 				],
 			], Http::STATUS_FORBIDDEN);
-			$response->throttle();
+			$response->throttle(['action' => 'talkRecordingSecret']);
 			return $response;
 		}
 
@@ -292,10 +293,8 @@ public function stop(): DataResponse {
 	/**
 	 * @PublicPage
 	 * @RequireRoom
-	 * @BruteForceProtection(action=talkRecordingSecret)
-	 *
-	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkRecordingSecret')]
 	public function store(string $owner): DataResponse {
 		$data = $this->room->getToken();
 		if (!$this->validateBackendRequest($data)) {
@@ -306,7 +305,7 @@ public function store(string $owner): DataResponse {
 					'message' => 'The request could not be authenticated.',
 				],
 			], Http::STATUS_UNAUTHORIZED);
-			$response->throttle();
+			$response->throttle(['action' => 'talkRecordingSecret']);
 			return $response;
 		}
 

lib/Controller/RoomController.php

@@ -53,6 +53,7 @@
 use OCA\Talk\Webinary;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -284,10 +285,10 @@ public function getListedRooms(string $searchTerm = ''): DataResponse {
 	 *
 	 * @NoAdminRequired
 	 * @RequireLoggedInParticipant
-	 * @BruteForceProtection(action=talkRoomToken)
 	 *
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkRoomToken')]
 	public function getBreakoutRooms(): DataResponse {
 		try {
 			$rooms = $this->breakoutRoomService->getBreakoutRooms($this->room, $this->participant);
@@ -312,20 +313,19 @@ public function getBreakoutRooms(): DataResponse {
 
 	/**
 	 * @PublicPage
-	 * @BruteForceProtection(action=talkRoomToken)
 	 *
 	 * @param string $token
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkRoomToken')]
+	#[BruteForceProtection(action: 'talkSipBridgeSecret')]
 	public function getSingleRoom(string $token): DataResponse {
 		try {
 			$isSIPBridgeRequest = $this->validateSIPBridgeRequest($token);
 		} catch (UnauthorizedException $e) {
-			$ip = $this->request->getRemoteAddress();
-			$action = 'talkSipBridgeSecret';
-			$this->throttler->sleepDelay($ip, $action);
-			$this->throttler->registerAttempt($action, $ip);
-			return new DataResponse([], Http::STATUS_UNAUTHORIZED);
+			$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
+			$response->throttle(['action' => 'talkSipBridgeSecret']);
+			return $response;
 		}
 
 		// The SIP bridge only needs room details (public, sip enabled, lobby state, etc)
@@ -365,7 +365,7 @@ public function getSingleRoom(string $token): DataResponse {
 			return new DataResponse($this->formatRoom($room, $participant, $statuses, $isSIPBridgeRequest), Http::STATUS_OK, $this->getTalkHashHeader());
 		} catch (RoomNotFoundException $e) {
 			$response = new DataResponse([], Http::STATUS_NOT_FOUND);
-			$response->throttle(['token' => $token]);
+			$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
 			return $response;
 		}
 	}
@@ -1222,13 +1222,14 @@ public function setPassword(string $password): DataResponse {
 
 	/**
 	 * @PublicPage
-	 * @BruteForceProtection(action=talkRoomPassword)
 	 *
 	 * @param string $token
 	 * @param string $password
 	 * @param bool $force
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkRoomPassword')]
+	#[BruteForceProtection(action: 'talkRoomToken')]
 	public function joinRoom(string $token, string $password = '', bool $force = true): DataResponse {
 		$sessionId = $this->session->getSessionForRoom($token);
 		try {
@@ -1284,11 +1285,11 @@ public function joinRoom(string $token, string $password = '', bool $force = tru
 			$this->throttler->resetDelay($this->request->getRemoteAddress(), 'talkRoomToken', ['token' => $token]);
 		} catch (InvalidPasswordException $e) {
 			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle(['token' => $token]);
+			$response->throttle(['token' => $token, 'action' => 'talkRoomPassword']);
 			return $response;
 		} catch (UnauthorizedException $e) {
 			$response = new DataResponse([], Http::STATUS_NOT_FOUND);
-			$response->throttle(['token' => $token]);
+			$response->throttle(['token' => $token, 'action' => 'talkRoomToken']);
 			return $response;
 		}
 
@@ -1305,21 +1306,21 @@ public function joinRoom(string $token, string $password = '', bool $force = tru
 	/**
 	 * @PublicPage
 	 * @RequireRoom
-	 * @BruteForceProtection(action=talkSipBridgeSecret)
 	 *
 	 * @param string $pin
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkSipBridgeSecret')]
 	public function getParticipantByDialInPin(string $pin): DataResponse {
 		try {
 			if (!$this->validateSIPBridgeRequest($this->room->getToken())) {
 				$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
-				$response->throttle();
+				$response->throttle(['action' => 'talkSipBridgeSecret']);
 				return $response;
 			}
 		} catch (UnauthorizedException $e) {
 			$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
-			$response->throttle();
+			$response->throttle(['action' => 'talkSipBridgeSecret']);
 			return $response;
 		}
 
@@ -1335,20 +1336,20 @@ public function getParticipantByDialInPin(string $pin): DataResponse {
 	/**
 	 * @PublicPage
 	 * @RequireRoom
-	 * @BruteForceProtection(action=talkSipBridgeSecret)
 	 *
 	 * @return DataResponse
 	 */
+	#[BruteForceProtection(action: 'talkSipBridgeSecret')]
 	public function createGuestByDialIn(): DataResponse {
 		try {
 			if (!$this->validateSIPBridgeRequest($this->room->getToken())) {
 				$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
-				$response->throttle();
+				$response->throttle(['action' => 'talkSipBridgeSecret']);
 				return $response;
 			}
 		} catch (UnauthorizedException $e) {
 			$response = new DataResponse([], Http::STATUS_UNAUTHORIZED);
-			$response->throttle();
+			$response->throttle(['action' => 'talkSipBridgeSecret']);
 			return $response;
 		}