mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36881 Commits
427 Branches
Tree: 202509251c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '202509251c'
${ noResults }
nextcloud/settings/Controller/CheckSetupController.php

CheckSetupController.php 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Joas Schilling <coding@schilljs.com>

  6.  * @author Lukas Reschke <lukas@statuscode.ch>

  7.  * @author Morris Jobke <hey@morrisjobke.de>

  8.  * @author Robin McCorkell <robin@mccorkell.me.uk>

  9.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  10.  *

  11.  * @license AGPL-3.0

  12.  *

  13.  * This code is free software: you can redistribute it and/or modify

  14.  * it under the terms of the GNU Affero General Public License, version 3,

  15.  * as published by the Free Software Foundation.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU Affero General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU Affero General Public License, version 3,

  23.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  24.  *

  25.  */

  26. 

  27. namespace OC\Settings\Controller;

  28. 

  29. use GuzzleHttp\Exception\ClientException;

  30. use OC\AppFramework\Http;

  31. use OC\IntegrityCheck\Checker;

  32. use OCP\AppFramework\Controller;

  33. use OCP\AppFramework\Http\DataDisplayResponse;

  34. use OCP\AppFramework\Http\DataResponse;

  35. use OCP\AppFramework\Http\RedirectResponse;

  36. use OCP\Http\Client\IClientService;

  37. use OCP\IConfig;

  38. use OCP\IL10N;

  39. use OCP\ILogger;

  40. use OCP\IRequest;

  41. use OC_Util;

  42. use OCP\IURLGenerator;

  43. 

  44. /**

  45.  * @package OC\Settings\Controller

  46.  */

  47. class CheckSetupController extends Controller {

  48. 	/** @var IConfig */

  49. 	private $config;

  50. 	/** @var IClientService */

  51. 	private $clientService;

  52. 	/** @var \OC_Util */

  53. 	private $util;

  54. 	/** @var IURLGenerator */

  55. 	private $urlGenerator;

  56. 	/** @var IL10N */

  57. 	private $l10n;

  58. 	/** @var Checker */

  59. 	private $checker;

  60. 	/** @var ILogger */

  61. 	private $logger;

  62. 

  63. 	/**

  64. 	 * @param string $AppName

  65. 	 * @param IRequest $request

  66. 	 * @param IConfig $config

  67. 	 * @param IClientService $clientService

  68. 	 * @param IURLGenerator $urlGenerator

  69. 	 * @param \OC_Util $util

  70. 	 * @param IL10N $l10n

  71. 	 * @param Checker $checker

  72. 	 * @param ILogger $logger

  73. 	 */

  74. 	public function __construct($AppName,

  75. 								IRequest $request,

  76. 								IConfig $config,

  77. 								IClientService $clientService,

  78. 								IURLGenerator $urlGenerator,

  79. 								\OC_Util $util,

  80. 								IL10N $l10n,

  81. 								Checker $checker,

  82. 								ILogger $logger) {

  83. 		parent::__construct($AppName, $request);

  84. 		$this->config = $config;

  85. 		$this->clientService = $clientService;

  86. 		$this->util = $util;

  87. 		$this->urlGenerator = $urlGenerator;

  88. 		$this->l10n = $l10n;

  89. 		$this->checker = $checker;

  90. 		$this->logger = $logger;

  91. 	}

  92. 

  93. 	/**

  94. 	 * Checks if the ownCloud server can connect to the internet using HTTPS and HTTP

  95. 	 * @return bool

  96. 	 */

  97. 	private function isInternetConnectionWorking() {

  98. 		if ($this->config->getSystemValue('has_internet_connection', true) === false) {

  99. 			return false;

  100. 		}

  101. 

  102. 		$siteArray = ['www.nextcloud.com',

  103. 						'www.google.com',

  104. 						'www.github.com'];

  105. 

  106. 		foreach($siteArray as $site) {

  107. 			if ($this->isSiteReachable($site)) {

  108. 				return true;

  109. 			}

  110. 		}

  111. 		return false;

  112. 	}

  113. 

  114. 	/**

  115. 	* Chceks if the ownCloud server can connect to a specific URL using both HTTPS and HTTP

  116. 	* @return bool

  117. 	*/

  118. 	private function isSiteReachable($sitename) {

  119. 		$httpSiteName = 'http://' . $sitename . '/';

  120. 		$httpsSiteName = 'https://' . $sitename . '/';

  121. 

  122. 		try {

  123. 			$client = $this->clientService->newClient();

  124. 			$client->get($httpSiteName);

  125. 			$client->get($httpsSiteName);

  126. 		} catch (\Exception $e) {

  127. 			$this->logger->logException($e, ['app' => 'internet_connection_check']);

  128. 			return false;

  129. 		}

  130. 		return true;

  131. 	}

  132. 

  133. 	/**

  134. 	 * Checks whether a local memcache is installed or not

  135. 	 * @return bool

  136. 	 */

  137. 	private function isMemcacheConfigured() {

  138. 		return $this->config->getSystemValue('memcache.local', null) !== null;

  139. 	}

  140. 

  141. 	/**

  142. 	 * Whether /dev/urandom is available to the PHP controller

  143. 	 *

  144. 	 * @return bool

  145. 	 */

  146. 	private function isUrandomAvailable() {

  147. 		if(@file_exists('/dev/urandom')) {

  148. 			$file = fopen('/dev/urandom', 'rb');

  149. 			if($file) {

  150. 				fclose($file);

  151. 				return true;

  152. 			}

  153. 		}

  154. 

  155. 		return false;

  156. 	}

  157. 

  158. 	/**

  159. 	 * Public for the sake of unit-testing

  160. 	 *

  161. 	 * @return array

  162. 	 */

  163. 	protected function getCurlVersion() {

  164. 		return curl_version();

  165. 	}

  166. 

  167. 	/**

  168. 	 * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do

  169. 	 * have multiple bugs which likely lead to problems in combination with

  170. 	 * functionality required by ownCloud such as SNI.

  171. 	 *

  172. 	 * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546

  173. 	 * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172

  174. 	 * @return string

  175. 	 */

  176. 	private function isUsedTlsLibOutdated() {

  177. 		// Don't run check when:

  178. 		// 1. Server has `has_internet_connection` set to false

  179. 		// 2. AppStore AND S2S is disabled

  180. 		if(!$this->config->getSystemValue('has_internet_connection', true)) {

  181. 			return '';

  182. 		}

  183. 		if(!$this->config->getSystemValue('appstoreenabled', true)

  184. 			&& $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'

  185. 			&& $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {

  186. 			return '';

  187. 		}

  188. 

  189. 		$versionString = $this->getCurlVersion();

  190. 		if(isset($versionString['ssl_version'])) {

  191. 			$versionString = $versionString['ssl_version'];

  192. 		} else {

  193. 			return '';

  194. 		}

  195. 

  196. 		$features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');

  197. 		if(!$this->config->getSystemValue('appstoreenabled', true)) {

  198. 			$features = (string)$this->l10n->t('Federated Cloud Sharing');

  199. 		}

  200. 

  201. 		// Check if at least OpenSSL after 1.01d or 1.0.2b

  202. 		if(strpos($versionString, 'OpenSSL/') === 0) {

  203. 			$majorVersion = substr($versionString, 8, 5);

  204. 			$patchRelease = substr($versionString, 13, 6);

  205. 

  206. 			if(($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||

  207. 				($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {

  208. 				return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['OpenSSL', $versionString, $features]);

  209. 			}

  210. 		}

  211. 

  212. 		// Check if NSS and perform heuristic check

  213. 		if(strpos($versionString, 'NSS/') === 0) {

  214. 			try {

  215. 				$firstClient = $this->clientService->newClient();

  216. 				$firstClient->get('https://www.owncloud.org/');

  217. 

  218. 				$secondClient = $this->clientService->newClient();

  219. 				$secondClient->get('https://owncloud.org/');

  220. 			} catch (ClientException $e) {

  221. 				if($e->getResponse()->getStatusCode() === 400) {

  222. 					return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['NSS', $versionString, $features]);

  223. 				}

  224. 			}

  225. 		}

  226. 

  227. 		return '';

  228. 	}

  229. 

  230. 	/**

  231. 	 * Whether the version is outdated

  232. 	 *

  233. 	 * @return bool

  234. 	 */

  235. 	protected function isPhpOutdated() {

  236. 		if (version_compare(PHP_VERSION, '5.5.0') === -1) {

  237. 			return true;

  238. 		}

  239. 

  240. 		return false;

  241. 	}

  242. 

  243. 	/**

  244. 	 * Whether the php version is still supported (at time of release)

  245. 	 * according to: https://secure.php.net/supported-versions.php

  246. 	 *

  247. 	 * @return array

  248. 	 */

  249. 	private function isPhpSupported() {

  250. 		return ['eol' => $this->isPhpOutdated(), 'version' => PHP_VERSION];

  251. 	}

  252. 

  253. 	/**

  254. 	 * Check if the reverse proxy configuration is working as expected

  255. 	 *

  256. 	 * @return bool

  257. 	 */

  258. 	private function forwardedForHeadersWorking() {

  259. 		$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);

  260. 		$remoteAddress = $this->request->getRemoteAddress();

  261. 

  262. 		if (is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {

  263. 			return false;

  264. 		}

  265. 

  266. 		// either not enabled or working correctly

  267. 		return true;

  268. 	}

  269. 

  270. 	/**

  271. 	 * Checks if the correct memcache module for PHP is installed. Only

  272. 	 * fails if memcached is configured and the working module is not installed.

  273. 	 *

  274. 	 * @return bool

  275. 	 */

  276. 	private function isCorrectMemcachedPHPModuleInstalled() {

  277. 		if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {

  278. 			return true;

  279. 		}

  280. 

  281. 		// there are two different memcached modules for PHP

  282. 		// we only support memcached and not memcache

  283. 		// https://code.google.com/p/memcached/wiki/PHPClientComparison

  284. 		return !(!extension_loaded('memcached') && extension_loaded('memcache'));

  285. 	}

  286. 

  287. 	/**

  288. 	 * @return RedirectResponse

  289. 	 */

  290. 	public function rescanFailedIntegrityCheck() {

  291. 		$this->checker->runInstanceVerification();

  292. 		return new RedirectResponse(

  293. 			$this->urlGenerator->linkToRoute('settings.AdminSettings.index')

  294. 		);

  295. 	}

  296. 

  297. 	/**

  298. 	 * @NoCSRFRequired

  299. 	 * @return DataResponse

  300. 	 */

  301. 	public function getFailedIntegrityCheckFiles() {

  302. 		if(!$this->checker->isCodeCheckEnforced()) {

  303. 			return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');

  304. 		}

  305. 

  306. 		$completeResults = $this->checker->getResults();

  307. 

  308. 		if(!empty($completeResults)) {

  309. 			$formattedTextResponse = 'Technical information

  310. =====================

  311. The following list covers which files have failed the integrity check. Please read

  312. the previous linked documentation to learn more about the errors and how to fix

  313. them.

  314. 

  315. Results

  316. =======

  317. ';

  318. 			foreach($completeResults as $context => $contextResult) {

  319. 				$formattedTextResponse .= "- $context\n";

  320. 

  321. 				foreach($contextResult as $category => $result) {

  322. 					$formattedTextResponse .= "\t- $category\n";

  323. 					if($category !== 'EXCEPTION') {

  324. 						foreach ($result as $key => $results) {

  325. 							$formattedTextResponse .= "\t\t- $key\n";

  326. 						}

  327. 					} else {

  328. 						foreach ($result as $key => $results) {

  329. 							$formattedTextResponse .= "\t\t- $results\n";

  330. 						}

  331. 					}

  332. 

  333. 				}

  334. 			}

  335. 

  336. 			$formattedTextResponse .= '

  337. Raw output

  338. ==========

  339. ';

  340. 			$formattedTextResponse .= print_r($completeResults, true);

  341. 		} else {

  342. 			$formattedTextResponse = 'No errors have been found.';

  343. 		}

  344. 

  345. 

  346. 		$response = new DataDisplayResponse(

  347. 			$formattedTextResponse,

  348. 			Http::STATUS_OK,

  349. 			[

  350. 				'Content-Type' => 'text/plain',

  351. 			]

  352. 		);

  353. 

  354. 		return $response;

  355. 	}

  356. 

  357. 	/**

  358. 	 * @return DataResponse

  359. 	 */

  360. 	public function check() {

  361. 		return new DataResponse(

  362. 			[

  363. 				'serverHasInternetConnection' => $this->isInternetConnectionWorking(),

  364. 				'isMemcacheConfigured' => $this->isMemcacheConfigured(),

  365. 				'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),

  366. 				'isUrandomAvailable' => $this->isUrandomAvailable(),

  367. 				'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),

  368. 				'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),

  369. 				'phpSupported' => $this->isPhpSupported(),

  370. 				'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),

  371. 				'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),

  372. 				'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),

  373. 				'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),

  374. 				'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),

  375. 			]

  376. 		);

  377. 	}

  378. }