From 47bd75a052cd79ce43a1ffcf1e816661a8bb087f Mon Sep 17 00:00:00 2001
From: Louis Chemineau <louis@chmn.me>
Date: Thu, 27 Feb 2025 13:12:55 +0100
Subject: [PATCH] fix(login): Also check legacy annotation for ephemeral
 sessions

Signed-off-by: Louis Chemineau <louis@chmn.me>
---
 .../AppFramework/DependencyInjection/DIContainer.php       | 7 +------
 .../Middleware/FlowV2EphemeralSessionsMiddleware.php       | 6 ++++++
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index e1a2fefc55ab8..b6e2df4ce7b49 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -217,12 +217,7 @@ public function __construct(string $appName, array $urlParams = [], ?ServerConta
 				)
 			);
 
-			$dispatcher->registerMiddleware(
-				new FlowV2EphemeralSessionsMiddleware(
-					$c->get(ISession::class),
-					$c->get(IUserSession::class),
-				)
-			);
+			$dispatcher->registerMiddleware($c->get(FlowV2EphemeralSessionsMiddleware::class));
 
 			$securityMiddleware = new SecurityMiddleware(
 				$c->get(IRequest::class),
diff --git a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
index b3e406adf22fc..461a8f9188402 100644
--- a/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
+++ b/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
@@ -7,6 +7,7 @@
  */
 namespace OC\AppFramework\Middleware;
 
+use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Core\Controller\ClientFlowLoginV2Controller;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Middleware;
@@ -20,6 +21,7 @@ class FlowV2EphemeralSessionsMiddleware extends Middleware {
 	public function __construct(
 		private ISession $session,
 		private IUserSession $userSession,
+		private ControllerMethodReflector $reflector,
 	) {
 	}
 
@@ -40,6 +42,10 @@ public function beforeController(Controller $controller, string $methodName) {
 			return;
 		}
 
+		if ($this->reflector->hasAnnotation('PublicPage')) {
+			return;
+		}
+
 		$this->userSession->logout();
 		$this->session->close();
 	}