mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 993 Wiki Activity
Browse Source

All setup messages are now properly types

tags/v8.2beta1
Roeland Jago Douma 8 years ago
parent
5d15051da4
commit
8bde72c4bd
3 changed files with 143 additions and 57 deletions
Split View Show Diff Stats
  1. 45
    26
      core/js/setupchecks.js
  2. 88
    17
      core/js/tests/specs/setupchecksSpec.js
  3. 10
    14
      settings/js/admin.js

+ 45
- 26
core/js/setupchecks.js View File

@@ -26,9 +26,10 @@
var afterCall = function(xhr) {
var messages = [];
if (xhr.status !== 207 && xhr.status !== 401) {
messages.push(
t('core', 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.')
);
messages.push({
msg: t('core', 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
deferred.resolve(messages);
};
@@ -56,31 +57,40 @@
var messages = [];
if (xhr.status === 200 && data) {
if (!data.serverHasInternetConnection) {
messages.push(
t('core', 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.')
);
messages.push({
msg: t('core', 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.'),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(!data.dataDirectoryProtected) {
messages.push(
t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.')
);
messages.push({
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
if(!data.isMemcacheConfigured) {
messages.push({
msg: t('core', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.memcacheDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_TIP
type: OC.SetupChecks.MESSAGE_TYPE_INFO
});
}
if(!data.isUrandomAvailable) {
messages.push(
t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.securityDocs})
);
messages.push({
msg: t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.securityDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(data.isUsedTlsLibOutdated) {
messages.push(data.isUsedTlsLibOutdated);
messages.push({
msg: data.isUsedTlsLibOutdated,
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
deferred.resolve(messages);
};
@@ -136,13 +146,17 @@

for (var header in securityHeaders) {
if(!xhr.getResponseHeader(header) || xhr.getResponseHeader(header).toLowerCase() !== securityHeaders[header].toLowerCase()) {
messages.push(
t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security or privacy risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]})
);
messages.push({
msg: t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security or privacy risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}

return messages;
@@ -172,17 +186,22 @@

var minimumSeconds = 15768000;
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
messages.push(
t('core', 'The "Strict-Transport-Security" HTTP header is not configured to least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'})
);
messages.push({
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push(
t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'})
);
messages.push({
msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}

return messages;

+ 88
- 17
core/js/tests/specs/setupchecksSpec.js View File

@@ -29,7 +29,10 @@ describe('OC.SetupChecks tests', function() {
suite.server.requests[0].respond(200);

async.done(function( data, s, x ){
expect(data).toEqual(['Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.']);
expect(data).toEqual([{
msg: 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@@ -71,9 +74,13 @@ describe('OC.SetupChecks tests', function() {

async.done(function( data, s, x ){
expect(data).toEqual([
'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}, {
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]);
@@ -94,11 +101,17 @@ describe('OC.SetupChecks tests', function() {

async.done(function( data, s, x ){
expect(data).toEqual([
'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
},
{
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
},
{
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_TIP
type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]);
done();
});
@@ -116,7 +129,15 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.']);
expect(data).toEqual([
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
},
{
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@@ -133,7 +154,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html">documentation</a>.']);
expect(data).toEqual([{
msg: '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -150,7 +174,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@@ -168,7 +195,13 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup', 'Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
},{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@@ -186,7 +219,21 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.']);
expect(data).toEqual([
{
msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING

}, {
msg: 'The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -205,7 +252,13 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.']);
expect(data).toEqual([{
msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING,
}, {
msg: 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -246,7 +299,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -262,7 +318,13 @@ describe('OC.SetupChecks tests', function() {
JSON.stringify({data: {serverHasInternetConnection: false, dataDirectoryProtected: false}})
);
async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup', 'Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}, {
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@@ -281,7 +343,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -301,7 +366,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@@ -321,7 +389,10 @@ describe('OC.SetupChecks tests', function() {
);

async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});

+ 10
- 14
settings/js/admin.js View File

@@ -175,20 +175,16 @@ $(document).ready(function(){
var $warningsEl = $el.find('.warnings');
var $infoEl = $el.find('.info');
for (var i = 0; i < messages.length; i++ ) {
if ($.isPlainObject(messages[i])) {
switch(messages[i].type) {
case OC.SetupChecks.MESSAGE_TYPE_INFO:
$tipsEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_WARNING:
$warningsEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_ERROR:
default:
$errorsEl.append('<li>' + messages[i].msg + '</li>');
}
} else {
$errorsEl.append('<li>' + messages[i] + '</li>');
switch(messages[i].type) {
case OC.SetupChecks.MESSAGE_TYPE_INFO:
$infoEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_WARNING:
$warningsEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_ERROR:
default:
$errorsEl.append('<li>' + messages[i].msg + '</li>');
}
}
if ($errorsEl.find('li').length > 0) {

Write Preview
Loading…
Cancel
Save