nextcloud · redblom · Jan 30, 2026 · Jan 30, 2026
@@ -20,12 +20,6 @@
 			'verb' => 'POST',
 			'root' => '/ocm',
 		],
-		[
-			'name' => 'RequestHandler#inviteAccepted',
-			'url' => '/invite-accepted',
-			'verb' => 'POST',
-			'root' => '/ocm',
-		],
 
 		// needs to be kept at the bottom of the list
 		[

@@ -22,7 +22,6 @@ public function __construct() {
 	}
 
 	public function register(IRegistrationContext $context): void {
-		$context->registerCapability(Capabilities::class);
 	}
 
 	public function boot(IBootContext $context): void {

@@ -67,8 +67,6 @@ public function __construct(
 		private IURLGenerator $urlGenerator,
 		private ICloudFederationProviderManager $cloudFederationProviderManager,
 		private Config $config,
-		private IEventDispatcher $dispatcher,
-		private FederatedInviteMapper $federatedInviteMapper,
 		private readonly AddressHandler $addressHandler,
 		private readonly IAppConfig $appConfig,
 		private ICloudFederationFactory $factory,
@@ -225,101 +223,6 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $
 		return new JSONResponse($responseData, Http::STATUS_CREATED);
 	}
 
-	/**
-	 * Inform the sender that an invitation was accepted to start sharing
-	 *
-	 * Inform about an accepted invitation so the user on the sender provider's side
-	 * can initiate the OCM share creation. To protect the identity of the parties,
-	 * for shares created following an OCM invitation, the user id MAY be hashed,
-	 * and recipients implementing the OCM invitation workflow MAY refuse to process
-	 * shares coming from unknown parties.
-	 * @link https://cs3org.github.io/OCM-API/docs.html?branch=v1.1.0&repo=OCM-API&user=cs3org#/paths/~1invite-accepted/post
-	 *
-	 * @param string $recipientProvider The address of the recipent's provider
-	 * @param string $token The token used for the invitation
-	 * @param string $userID The userID of the recipient at the recipient's provider
-	 * @param string $email The email address of the recipient
-	 * @param string $name The display name of the recipient
-	 *
-	 * @return JSONResponse<Http::STATUS_OK, array{userID: string, email: string, name: string}, array{}>|JSONResponse<Http::STATUS_FORBIDDEN|Http::STATUS_BAD_REQUEST|Http::STATUS_CONFLICT, array{message: string, error: true}, array{}>
-	 *
-	 * Note: Not implementing 404 Invitation token does not exist, instead using 400
-	 * 200: Invitation accepted
-	 * 400: Invalid token
-	 * 403: Invitation token does not exist
-	 * 409: User is already known by the OCM provider
-	 */
-	#[PublicPage]
-	#[NoCSRFRequired]
-	#[BruteForceProtection(action: 'inviteAccepted')]
-	public function inviteAccepted(string $recipientProvider, string $token, string $userID, string $email, string $name): JSONResponse {
-		$this->logger->debug('Processing share invitation for ' . $userID . ' with token ' . $token . ' and email ' . $email . ' and name ' . $name);
-
-		$updated = $this->timeFactory->getTime();
-
-		if ($token === '') {
-			$response = new JSONResponse(['message' => 'Invalid or non existing token', 'error' => true], Http::STATUS_BAD_REQUEST);
-			$response->throttle();
-			return $response;
-		}
-
-		try {
-			$invitation = $this->federatedInviteMapper->findByToken($token);
-		} catch (DoesNotExistException) {
-			$response = ['message' => 'Invalid or non existing token', 'error' => true];
-			$status = Http::STATUS_BAD_REQUEST;
-			$response = new JSONResponse($response, $status);
-			$response->throttle();
-			return $response;
-		}
-
-		if ($invitation->isAccepted() === true) {
-			$response = ['message' => 'Invite already accepted', 'error' => true];
-			$status = Http::STATUS_CONFLICT;
-			return new JSONResponse($response, $status);
-		}
-
-		if ($invitation->getExpiredAt() !== null && $updated > $invitation->getExpiredAt()) {
-			$response = ['message' => 'Invitation expired', 'error' => true];
-			$status = Http::STATUS_BAD_REQUEST;
-			return new JSONResponse($response, $status);
-		}
-		$localUser = $this->userManager->get($invitation->getUserId());
-		if ($localUser === null) {
-			$response = ['message' => 'Invalid or non existing token', 'error' => true];
-			$status = Http::STATUS_BAD_REQUEST;
-			$response = new JSONResponse($response, $status);
-			$response->throttle();
-			return $response;
-		}
-
-		$sharedFromEmail = $localUser->getEMailAddress();
-		if ($sharedFromEmail === null) {
-			$response = ['message' => 'Invalid or non existing token', 'error' => true];
-			$status = Http::STATUS_BAD_REQUEST;
-			$response = new JSONResponse($response, $status);
-			$response->throttle();
-			return $response;
-		}
-		$sharedFromDisplayName = $localUser->getDisplayName();
-
-		$response = ['userID' => $localUser->getUID(), 'email' => $sharedFromEmail, 'name' => $sharedFromDisplayName];
-		$status = Http::STATUS_OK;
-
-		$invitation->setAccepted(true);
-		$invitation->setRecipientEmail($email);
-		$invitation->setRecipientName($name);
-		$invitation->setRecipientProvider($recipientProvider);
-		$invitation->setRecipientUserId($userID);
-		$invitation->setAcceptedAt($updated);
-		$invitation = $this->federatedInviteMapper->update($invitation);
-
-		$event = new FederatedInviteAcceptedEvent($invitation);
-		$this->dispatcher->dispatchTyped($event);
-
-		return new JSONResponse($response, $status);
-	}
-
 	/**
 	 * Send a notification about an existing share
 	 *
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,7 +22,6 @@ public function __construct() { @@
     	}
     	public function register(IRegistrationContext $context): void {
-    		$context->registerCapability(Capabilities::class);
     	}
     	public function boot(IBootContext $context): void {
@@ Expand Down @@