Add security section to admin menu

Currently it only allows the admin to enable or disable the HTTPS
enforcement, but in the future it could be expanded to further options.

The HTTPS enforcement only allows the admin to enforce it, if he is
connected via HTTPS. (To prevent admins to enable it without a proper
SSL setup)

diff --git a/settings/admin.php b/settings/admin.php
index 0490539113844be1b241ffb5c29e2d031c17fff6..4d9685ab9208cff5bbde353d98016cc8a143f4fb 100755 (executable)
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -33,6 +33,16 @@ $tmpl->assign('internetconnectionworking', OC_Util::isinternetconnectionworking(
 $tmpl->assign('islocaleworking', OC_Util::issetlocaleworking());
 $tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax'));
 $tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enabled', 'yes'));
+
+// Check if connected using HTTPS
+if (OC_Request::serverProtocol() == 'https') {
+       $connectedHTTPS = true; 
+} else {
+       $connectedHTTPS = false;
+} 
+$tmpl->assign('isConnectedViaHTTPS', $connectedHTTPS);
+$tmpl->assign('enforceHTTPSEnabled', OC_Config::getValue( "forcessl", false)); 
+
 $tmpl->assign('allowLinks', OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes'));
 $tmpl->assign('allowResharing', OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes'));
 $tmpl->assign('sharePolicy', OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global'));

diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php
new file mode 100644 (file)
index 0000000..16a85aa
--- /dev/null
+++ b/settings/ajax/setsecurity.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Copyright (c) 2013, Lukas Reschke <lukas@statuscode.ch>
+ * This file is licensed under the Affero General Public License version 3 or later.
+ * See the COPYING-README file.
+ */
+
+OC_Util::checkAdminUser();
+OCP\JSON::callCheck();
+
+OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN));
+
+echo 'true';
\ No newline at end of file

diff --git a/settings/js/admin.js b/settings/js/admin.js
index 95b7a503c27dfe42840c3def4f30fd0847d862bf..ab218377fb3c6d548d93ca3ff9f81810f2f0ef34 100644 (file)
--- a/settings/js/admin.js
+++ b/settings/js/admin.js
@@ -30,4 +30,8 @@ $(document).ready(function(){
                }
                OC.AppConfig.setValue('core', $(this).attr('name'), value);
        });
+
+       $('#security').change(function(){
+               $.post(OC.filePath('settings','ajax','setsecurity.php'), { enforceHTTPS: $('#enforceHTTPSEnabled').val() },function(){} );
+       });
 });

diff --git a/settings/routes.php b/settings/routes.php
index 8239fe005db425bf350d76dcb290db8ec4e6aa0e..595b83c313e689cba615cb85ecc94ad3d5fa3c27 100644 (file)
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -58,6 +58,8 @@ $this->create('settings_ajax_getlog', '/settings/ajax/getlog.php')
        ->actionInclude('settings/ajax/getlog.php');
 $this->create('settings_ajax_setloglevel', '/settings/ajax/setloglevel.php')
        ->actionInclude('settings/ajax/setloglevel.php');
+$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php')
+       ->actionInclude('settings/ajax/setsecurity.php');
 
 // apps/user_openid
 $this->create('settings_ajax_openid', '/settings/ajax/openid.php')

diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 26335063d4be98c773d00faf81898ddb9fb6480a..94df359b052fe0a58863e0e7c3db66c684cf5069 100644 (file)
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -132,6 +132,33 @@ if (!$_['internetconnectionworking']) {
     </table>
 </fieldset>
 
+<fieldset class="personalblock" id="security">
+    <legend><strong><?php echo $l->t('Security');?></strong></legend>
+    <table class="nostyle">
+        <tr>
+            <td id="enable">
+                <input type="checkbox" name="forcessl"  id="enforceHTTPSEnabled"
+                    <?php if ($_['enforceHTTPSEnabled']) {
+                        echo 'checked="checked" ';
+                        echo 'value="false"';
+                    }  else {
+                        echo 'value="true"';
+                    }
+                    ?> 
+                    <?php if (!$_['isConnectedViaHTTPS']) echo 'disabled'; ?> />
+                <label for="forcessl"><?php echo $l->t('Enforce HTTPS');?></label><br/>
+                <em><?php echo $l->t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?></em>
+                <?php if (!$_['isConnectedViaHTTPS']) {
+                    echo "<br/><em>"; 
+                    echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.'); 
+                    echo "</em>"; 
+                } 
+                ?></em>
+            </td>
+        </tr>
+    </table>
+</fieldset>
+
 <fieldset class="personalblock">
     <legend><strong><?php echo $l->t('Log');?></strong></legend>
     <?php echo $l->t('Log level');?> <select name='loglevel' id='loglevel'>