Merge pull request #1106 from nextcloud/backport/1100/stable4.6

kesselb · web-flow · commit d21ee3d62034 · 2025-11-05T16:16:46.000+01:00
[stable4.6] fix: add check for user for signing terms
diff --git a/lib/Controller/SigningController.php b/lib/Controller/SigningController.php
@@ -102,13 +102,18 @@ public function signTerms(int $termId): DataResponse {
 	/**
 	 * As a guest sign the terms
 	 *
-	 * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
+	 * @return DataResponse<Http::STATUS_OK|Http::STATUS_NOT_ACCEPTABLE, list<empty>, array{}>
 	 *
 	 * 200: Signed successfully
+	 * 406: The user is already authenticated and therefore not allowed to sign the terms through this endpoint
 	 */
 	#[PublicPage]
 	#[UseSession]
 	public function signTermsPublic(): DataResponse {
+		if ($this->userId !== null) {
+			return new DataResponse([], Http::STATUS_NOT_ACCEPTABLE);
+		}
+
 		$uuid = $this->config->getAppValue(Application::APPNAME, 'term_uuid', '');
 		$this->session->set('term_uuid', $uuid);
 
diff --git a/openapi-full.json b/openapi-full.json
@@ -542,6 +542,34 @@
                                 }
                             }
                         }
+                    },
+                    "406": {
+                        "description": "The user is already authenticated and therefore not allowed to sign the terms through this endpoint",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "required": [
+                                        "ocs"
+                                    ],
+                                    "properties": {
+                                        "ocs": {
+                                            "type": "object",
+                                            "required": [
+                                                "meta",
+                                                "data"
+                                            ],
+                                            "properties": {
+                                                "meta": {
+                                                    "$ref": "#/components/schemas/OCSMeta"
+                                                },
+                                                "data": {}
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
                     }
                 }
             }
diff --git a/openapi.json b/openapi.json
@@ -323,6 +323,34 @@
                                 }
                             }
                         }
+                    },
+                    "406": {
+                        "description": "The user is already authenticated and therefore not allowed to sign the terms through this endpoint",
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "required": [
+                                        "ocs"
+                                    ],
+                                    "properties": {
+                                        "ocs": {
+                                            "type": "object",
+                                            "required": [
+                                                "meta",
+                                                "data"
+                                            ],
+                                            "properties": {
+                                                "meta": {
+                                                    "$ref": "#/components/schemas/OCSMeta"
+                                                },
+                                                "data": {}
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
                     }
                 }
             }
