1
0

WipeController.php 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OC\Core\Controller;
  8. use OC\Authentication\Token\RemoteWipe;
  9. use OCP\AppFramework\Controller;
  10. use OCP\AppFramework\Http;
  11. use OCP\AppFramework\Http\Attribute\AnonRateLimit;
  12. use OCP\AppFramework\Http\Attribute\FrontpageRoute;
  13. use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  14. use OCP\AppFramework\Http\Attribute\PublicPage;
  15. use OCP\AppFramework\Http\JSONResponse;
  16. use OCP\Authentication\Exceptions\InvalidTokenException;
  17. use OCP\IRequest;
  18. class WipeController extends Controller {
  19. public function __construct(
  20. string $appName,
  21. IRequest $request,
  22. private RemoteWipe $remoteWipe,
  23. ) {
  24. parent::__construct($appName, $request);
  25. }
  26. /**
  27. * Check if the device should be wiped
  28. *
  29. * @param string $token App password
  30. *
  31. * @return JSONResponse<Http::STATUS_OK, array{wipe: bool}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND, array<empty>, array{}>
  32. *
  33. * 200: Device should be wiped
  34. * 404: Device should not be wiped
  35. */
  36. #[PublicPage]
  37. #[NoCSRFRequired]
  38. #[AnonRateLimit(limit: 10, period: 300)]
  39. #[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
  40. public function checkWipe(string $token): JSONResponse {
  41. try {
  42. if ($this->remoteWipe->start($token)) {
  43. return new JSONResponse([
  44. 'wipe' => true
  45. ]);
  46. }
  47. return new JSONResponse([], Http::STATUS_NOT_FOUND);
  48. } catch (InvalidTokenException $e) {
  49. return new JSONResponse([], Http::STATUS_NOT_FOUND);
  50. }
  51. }
  52. /**
  53. * Finish the wipe
  54. *
  55. * @param string $token App password
  56. *
  57. * @return JSONResponse<Http::STATUS_OK|Http::STATUS_NOT_FOUND, array<empty>, array{}>
  58. *
  59. * 200: Wipe finished successfully
  60. * 404: Device should not be wiped
  61. */
  62. #[PublicPage]
  63. #[NoCSRFRequired]
  64. #[AnonRateLimit(limit: 10, period: 300)]
  65. #[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
  66. public function wipeDone(string $token): JSONResponse {
  67. try {
  68. if ($this->remoteWipe->finish($token)) {
  69. return new JSONResponse([]);
  70. }
  71. return new JSONResponse([], Http::STATUS_NOT_FOUND);
  72. } catch (InvalidTokenException $e) {
  73. return new JSONResponse([], Http::STATUS_NOT_FOUND);
  74. }
  75. }
  76. }