fix: Add 401 response for non-public pages

Signed-off-by: provokateurin <[email protected]>

Author: provokateurin

generate-spec.php

@@ -465,7 +465,6 @@
 		$isIgnored = Helpers::classMethodHasAnnotationOrAttribute($methodFunction, 'IgnoreOpenAPI');
 		$isPasswordConfirmation = Helpers::classMethodHasAnnotationOrAttribute($methodFunction, 'PasswordConfirmationRequired');
 		$isExApp = Helpers::classMethodHasAnnotationOrAttribute($methodFunction, 'ExAppRequired');
-		$isCORS = Helpers::classMethodHasAnnotationOrAttribute($methodFunction, 'CORS');
 		$scopes = Helpers::getOpenAPIAttributeScopes($classMethod, $routeName);
 
 		if ($isIgnored) {
@@ -757,6 +756,15 @@
 		if ($route->isPublic) {
 			// Add empty authentication, meaning that it's optional. We can't know if there is a difference in behaviour for authenticated vs. unauthenticated access on public pages (e.g. capabilities)
 			$security[] = new stdClass();
+		} else {
+			$mergedResponses[401] ??= [
+				'description' => 'Current user is not logged in',
+				'content' => [
+					'application/json' => [
+						'schema' => Helpers::addOCSResponseWrapper(new stdClass()),
+					],
+				],
+			];
 		}
 		if (!$route->isCORS) {
 			// Bearer auth is not allowed on CORS routes

src/Helpers.php

@@ -114,32 +114,36 @@ public static function wrapOCSResponse(Route $route, ControllerMethodResponse $r
 		if ($route->isOCS
 			&& ($response->className === 'DataResponse'
 				|| (str_starts_with($response->className, 'OCS') && str_ends_with($response->className, 'Exception')))) {
-			return [
-				'type' => 'object',
-				'required' => [
-					'ocs',
-				],
-				'properties' => [
-					'ocs' => [
-						'type' => 'object',
-						'required' => [
-							'meta',
-							'data',
-						],
-						'properties' => [
-							'meta' => [
-								'$ref' => '#/components/schemas/OCSMeta',
-							],
-							'data' => $schema,
-						],
-					],
-				],
-			];
+			return self::addOCSResponseWrapper($schema);
 		}
 
 		return $schema;
 	}
 
+	public static function addOCSResponseWrapper(array|stdClass $schema): array {
+		return [
+			'type' => 'object',
+			'required' => [
+				'ocs',
+			],
+			'properties' => [
+				'ocs' => [
+					'type' => 'object',
+					'required' => [
+						'meta',
+						'data',
+					],
+					'properties' => [
+						'meta' => [
+							'$ref' => '#/components/schemas/OCSMeta',
+						],
+						'data' => $schema,
+					],
+				],
+			],
+		];
+	}
+
 	public static function cleanEmptyResponseArray(array $schema): array|stdClass {
 		if (array_key_exists('type', $schema) && $schema['type'] === 'array' && array_key_exists('maxItems', $schema) && $schema['maxItems'] === 0) {
 			return new stdClass();