1
0

CSRFTokenController.php 1.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OC\Core\Controller;
  8. use OC\Security\CSRF\CsrfTokenManager;
  9. use OCP\AppFramework\Controller;
  10. use OCP\AppFramework\Http;
  11. use OCP\AppFramework\Http\Attribute\FrontpageRoute;
  12. use OCP\AppFramework\Http\Attribute\OpenAPI;
  13. use OCP\AppFramework\Http\JSONResponse;
  14. use OCP\IRequest;
  15. #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
  16. class CSRFTokenController extends Controller {
  17. public function __construct(
  18. string $appName,
  19. IRequest $request,
  20. private CsrfTokenManager $tokenManager,
  21. ) {
  22. parent::__construct($appName, $request);
  23. }
  24. /**
  25. * @NoAdminRequired
  26. * @NoCSRFRequired
  27. * @PublicPage
  28. */
  29. #[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
  30. public function index(): JSONResponse {
  31. if (!$this->request->passesStrictCookieCheck()) {
  32. return new JSONResponse([], Http::STATUS_FORBIDDEN);
  33. }
  34. $requestToken = $this->tokenManager->getToken();
  35. return new JSONResponse([
  36. 'token' => $requestToken->getEncryptedValue(),
  37. ]);
  38. }
  39. }