fix(Http): Only allow valid HTTP status code values via template

Signed-off-by: provokateurin <kate@provokateurin.de>

Author: provokateurin

lib/private/AppFramework/OCS/BaseResponse.php

@@ -33,10 +33,10 @@
 
 /**
  * @psalm-import-type DataResponseType from DataResponse
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template-covariant T of DataResponseType
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 abstract class BaseResponse extends Response {
 	/** @var array */

lib/private/AppFramework/OCS/V1Response.php

@@ -31,17 +31,17 @@
 
 /**
  * @psalm-import-type DataResponseType from DataResponse
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template-covariant T of DataResponseType
  * @template H of array<string, mixed>
- * @template-extends BaseResponse<int, DataResponseType, array<string, mixed>>
+ * @template-extends BaseResponse<Http::STATUS_*, DataResponseType, array<string, mixed>>
  */
 class V1Response extends BaseResponse {
 	/**
 	 * The V1 endpoint has very limited http status codes basically everything
 	 * is status 200 except 401
 	 *
-	 * @return int
+	 * @return Http::STATUS_*
 	 */
 	public function getStatus() {
 		$status = parent::getStatus();

lib/private/AppFramework/OCS/V2Response.php

@@ -30,17 +30,17 @@
 
 /**
  * @psalm-import-type DataResponseType from DataResponse
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template-covariant T of DataResponseType
  * @template H of array<string, mixed>
- * @template-extends BaseResponse<int, DataResponseType, array<string, mixed>>
+ * @template-extends BaseResponse<Http::STATUS_*, DataResponseType, array<string, mixed>>
  */
 class V2Response extends BaseResponse {
 	/**
 	 * The V2 endpoint just passes on status codes.
 	 * Of course we have to map the OCS specific codes to proper HTTP status codes
 	 *
-	 * @return int
+	 * @return Http::STATUS_*
 	 */
 	public function getStatus() {
 		$status = parent::getStatus();

lib/public/AppFramework/Http/DataDisplayResponse.php

@@ -31,9 +31,9 @@
  * Class DataDisplayResponse
  *
  * @since 8.1.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class DataDisplayResponse extends Response {
 	/**

lib/public/AppFramework/Http/DataDownloadResponse.php

@@ -30,10 +30,10 @@
  * Class DataDownloadResponse
  *
  * @since 8.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template C of string
  * @template H of array<string, mixed>
- * @template-extends DownloadResponse<int, string, array<string, mixed>>
+ * @template-extends DownloadResponse<Http::STATUS_*, string, array<string, mixed>>
  */
 class DataDownloadResponse extends DownloadResponse {
 	/**

lib/public/AppFramework/Http/DataResponse.php

@@ -32,10 +32,10 @@
  * for responders to transform
  * @since 8.0.0
  * @psalm-type DataResponseType = array|int|float|string|bool|object|null|\stdClass|\JsonSerializable
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template-covariant T of DataResponseType
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class DataResponse extends Response {
 	/**

lib/public/AppFramework/Http/DownloadResponse.php

@@ -31,10 +31,10 @@
 /**
  * Prompts the user to download the a file
  * @since 7.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template C of string
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class DownloadResponse extends Response {
 	/**

lib/public/AppFramework/Http/FileDisplayResponse.php

@@ -32,9 +32,9 @@
  * Class FileDisplayResponse
  *
  * @since 11.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class FileDisplayResponse extends Response implements ICallbackResponse {
 	/** @var File|ISimpleFile */

lib/public/AppFramework/Http/JSONResponse.php

@@ -33,10 +33,10 @@
 /**
  * A renderer for JSON calls
  * @since 6.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template-covariant T of null|string|int|float|bool|array|\stdClass|\JsonSerializable
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class JSONResponse extends Response {
 	/**

lib/public/AppFramework/Http/NotFoundResponse.php

@@ -30,9 +30,9 @@
 /**
  * A generic 404 response showing an 404 error page as well to the end-user
  * @since 8.1.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends TemplateResponse<int, array<string, mixed>>
+ * @template-extends TemplateResponse<Http::STATUS_*, array<string, mixed>>
  */
 class NotFoundResponse extends TemplateResponse {
 	/**

lib/public/AppFramework/Http/RedirectResponse.php

@@ -31,9 +31,9 @@
 /**
  * Redirects to a different URL
  * @since 7.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class RedirectResponse extends Response {
 	private $redirectURL;

lib/public/AppFramework/Http/RedirectToDefaultAppResponse.php

@@ -35,9 +35,9 @@
  *
  * @since 16.0.0
  * @deprecated 23.0.0 Use RedirectResponse() with IURLGenerator::linkToDefaultPageUrl() instead
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends RedirectResponse<int, array<string, mixed>>
+ * @template-extends RedirectResponse<Http::STATUS_*, array<string, mixed>>
  */
 class RedirectToDefaultAppResponse extends RedirectResponse {
 	/**

lib/public/AppFramework/Http/Response.php

@@ -42,7 +42,7 @@
  *
  * It handles headers, HTTP status code, last modified and ETag.
  * @since 6.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
  */
 class Response {

lib/public/AppFramework/Http/StandaloneTemplateResponse.php

@@ -26,16 +26,18 @@
  */
 namespace OCP\AppFramework\Http;
 
+use OCP\AppFramework\Http;
+
 /**
  * A template response that does not emit the loadAdditionalScripts events.
  *
  * This is useful for pages that are authenticated but do not yet show the
  * full nextcloud UI. Like the 2FA page, or the grant page in the login flow.
  *
  * @since 16.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends TemplateResponse<int, array<string, mixed>>
+ * @template-extends TemplateResponse<Http::STATUS_*, array<string, mixed>>
  */
 class StandaloneTemplateResponse extends TemplateResponse {
 }

lib/public/AppFramework/Http/StreamResponse.php

@@ -33,9 +33,9 @@
  * Class StreamResponse
  *
  * @since 8.1.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class StreamResponse extends Response implements ICallbackResponse {
 	/** @var string */

lib/public/AppFramework/Http/Template/PublicTemplateResponse.php

@@ -34,8 +34,8 @@
  *
  * @since 14.0.0
  * @template H of array<string, mixed>
- * @template S of int
- * @template-extends TemplateResponse<int, array<string, mixed>>
+ * @template S of Http::STATUS_*
+ * @template-extends TemplateResponse<Http::STATUS_*, array<string, mixed>>
  */
 class PublicTemplateResponse extends TemplateResponse {
 	private $headerTitle = '';

lib/public/AppFramework/Http/TemplateResponse.php

@@ -35,9 +35,9 @@
  * Response for a normal template
  * @since 6.0.0
  *
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class TemplateResponse extends Response {
 	/**

lib/public/AppFramework/Http/TextPlainResponse.php

@@ -31,9 +31,9 @@
 /**
  * A renderer for text responses
  * @since 22.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class TextPlainResponse extends Response {
 	/** @var string */

lib/public/AppFramework/Http/TooManyRequestsResponse.php

@@ -32,9 +32,9 @@
 /**
  * A generic 429 response showing an 404 error page as well to the end-user
  * @since 19.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class TooManyRequestsResponse extends Response {
 	/**

lib/public/AppFramework/Http/ZipResponse.php

@@ -37,9 +37,9 @@
  * Public library to send several files in one zip archive.
  *
  * @since 15.0.0
- * @template S of int
+ * @template S of Http::STATUS_*
  * @template H of array<string, mixed>
- * @template-extends Response<int, array<string, mixed>>
+ * @template-extends Response<Http::STATUS_*, array<string, mixed>>
  */
 class ZipResponse extends Response implements ICallbackResponse {
 	/** @var array{internalName: string, resource: resource, size: int, time: int}[] Files to be added to the zip response */