fix(login): Also check legacy annotation for ephemeral sessions

Signed-off-by: Louis Chemineau <louis@chmn.me>

lib/private/AppFramework/DependencyInjection/DIContainer.php

@@ -245,12 +245,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				)
 			);
 
-			$dispatcher->registerMiddleware(
-				new FlowV2EphemeralSessionsMiddleware(
-					$c->get(ISession::class),
-					$c->get(IUserSession::class),
-				)
-			);
+			$dispatcher->registerMiddleware($c->get(FlowV2EphemeralSessionsMiddleware::class));
 
 			$securityMiddleware = new SecurityMiddleware(
 				$c->get(IRequest::class),

lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php

@@ -7,6 +7,7 @@ declare(strict_types=1);
  */
 namespace OC\AppFramework\Middleware;
 
+use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Core\Controller\ClientFlowLoginV2Controller;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Middleware;
@@ -20,6 +21,7 @@ class FlowV2EphemeralSessionsMiddleware extends Middleware {
 	public function __construct(
 		private ISession $session,
 		private IUserSession $userSession,
+		private ControllerMethodReflector $reflector,
 	) {
 	}
 
@@ -40,6 +42,10 @@ class FlowV2EphemeralSessionsMiddleware extends Middleware {
 			return;
 		}
 
+		if ($this->reflector->hasAnnotation('PublicPage')) {
+			return;
+		}
+
 		$this->userSession->logout();
 		$this->session->close();
 	}