summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2013-01-11 14:18:51 +0100
committerLukas Reschke <lukas@statuscode.ch>2013-01-11 14:18:51 +0100
commit466cdab680d74cad2cbb902efa3e3c2f9e35f767 (patch)
tree3d1b553668b16a57c68721ee325ee734df886906
parent60489764f37a6f344fa20e361a26c7a6006f9c97 (diff)
downloadnextcloud-server-466cdab680d74cad2cbb902efa3e3c2f9e35f767.tar.gz
nextcloud-server-466cdab680d74cad2cbb902efa3e3c2f9e35f767.zip
Add security section to admin menu
Currently it only allows the admin to enable or disable the HTTPS enforcement, but in the future it could be expanded to further options. The HTTPS enforcement only allows the admin to enforce it, if he is connected via HTTPS. (To prevent admins to enable it without a proper SSL setup)
-rwxr-xr-xsettings/admin.php10
-rw-r--r--settings/ajax/setsecurity.php13
-rw-r--r--settings/js/admin.js4
-rw-r--r--settings/routes.php2
-rw-r--r--settings/templates/admin.php27
5 files changed, 56 insertions, 0 deletions
diff --git a/settings/admin.php b/settings/admin.php
index 04905391138..4d9685ab920 100755
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -33,6 +33,16 @@ $tmpl->assign('internetconnectionworking', OC_Util::isinternetconnectionworking(
$tmpl->assign('islocaleworking', OC_Util::issetlocaleworking());
$tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax'));
$tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enabled', 'yes'));
+
+// Check if connected using HTTPS
+if (OC_Request::serverProtocol() == 'https') {
+ $connectedHTTPS = true;
+} else {
+ $connectedHTTPS = false;
+}
+$tmpl->assign('isConnectedViaHTTPS', $connectedHTTPS);
+$tmpl->assign('enforceHTTPSEnabled', OC_Config::getValue( "forcessl", false));
+
$tmpl->assign('allowLinks', OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes'));
$tmpl->assign('allowResharing', OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes'));
$tmpl->assign('sharePolicy', OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global'));
diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php
new file mode 100644
index 00000000000..16a85aade81
--- /dev/null
+++ b/settings/ajax/setsecurity.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Copyright (c) 2013, Lukas Reschke <lukas@statuscode.ch>
+ * This file is licensed under the Affero General Public License version 3 or later.
+ * See the COPYING-README file.
+ */
+
+OC_Util::checkAdminUser();
+OCP\JSON::callCheck();
+
+OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN));
+
+echo 'true'; \ No newline at end of file
diff --git a/settings/js/admin.js b/settings/js/admin.js
index 95b7a503c27..ab218377fb3 100644
--- a/settings/js/admin.js
+++ b/settings/js/admin.js
@@ -30,4 +30,8 @@ $(document).ready(function(){
}
OC.AppConfig.setValue('core', $(this).attr('name'), value);
});
+
+ $('#security').change(function(){
+ $.post(OC.filePath('settings','ajax','setsecurity.php'), { enforceHTTPS: $('#enforceHTTPSEnabled').val() },function(){} );
+ });
});
diff --git a/settings/routes.php b/settings/routes.php
index 8239fe005db..595b83c313e 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -58,6 +58,8 @@ $this->create('settings_ajax_getlog', '/settings/ajax/getlog.php')
->actionInclude('settings/ajax/getlog.php');
$this->create('settings_ajax_setloglevel', '/settings/ajax/setloglevel.php')
->actionInclude('settings/ajax/setloglevel.php');
+$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php')
+ ->actionInclude('settings/ajax/setsecurity.php');
// apps/user_openid
$this->create('settings_ajax_openid', '/settings/ajax/openid.php')
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 26335063d4b..94df359b052 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -132,6 +132,33 @@ if (!$_['internetconnectionworking']) {
</table>
</fieldset>
+<fieldset class="personalblock" id="security">
+ <legend><strong><?php echo $l->t('Security');?></strong></legend>
+ <table class="nostyle">
+ <tr>
+ <td id="enable">
+ <input type="checkbox" name="forcessl" id="enforceHTTPSEnabled"
+ <?php if ($_['enforceHTTPSEnabled']) {
+ echo 'checked="checked" ';
+ echo 'value="false"';
+ } else {
+ echo 'value="true"';
+ }
+ ?>
+ <?php if (!$_['isConnectedViaHTTPS']) echo 'disabled'; ?> />
+ <label for="forcessl"><?php echo $l->t('Enforce HTTPS');?></label><br/>
+ <em><?php echo $l->t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?></em>
+ <?php if (!$_['isConnectedViaHTTPS']) {
+ echo "<br/><em>";
+ echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.');
+ echo "</em>";
+ }
+ ?></em>
+ </td>
+ </tr>
+ </table>
+</fieldset>
+
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('Log');?></strong></legend>
<?php echo $l->t('Log level');?> <select name='loglevel' id='loglevel'>