diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2013-01-11 14:18:51 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2013-01-11 14:18:51 +0100 |
commit | 466cdab680d74cad2cbb902efa3e3c2f9e35f767 (patch) | |
tree | 3d1b553668b16a57c68721ee325ee734df886906 | |
parent | 60489764f37a6f344fa20e361a26c7a6006f9c97 (diff) | |
download | nextcloud-server-466cdab680d74cad2cbb902efa3e3c2f9e35f767.tar.gz nextcloud-server-466cdab680d74cad2cbb902efa3e3c2f9e35f767.zip |
Add security section to admin menu
Currently it only allows the admin to enable or disable the HTTPS
enforcement, but in the future it could be expanded to further options.
The HTTPS enforcement only allows the admin to enforce it, if he is
connected via HTTPS. (To prevent admins to enable it without a proper
SSL setup)
-rwxr-xr-x | settings/admin.php | 10 | ||||
-rw-r--r-- | settings/ajax/setsecurity.php | 13 | ||||
-rw-r--r-- | settings/js/admin.js | 4 | ||||
-rw-r--r-- | settings/routes.php | 2 | ||||
-rw-r--r-- | settings/templates/admin.php | 27 |
5 files changed, 56 insertions, 0 deletions
diff --git a/settings/admin.php b/settings/admin.php index 04905391138..4d9685ab920 100755 --- a/settings/admin.php +++ b/settings/admin.php @@ -33,6 +33,16 @@ $tmpl->assign('internetconnectionworking', OC_Util::isinternetconnectionworking( $tmpl->assign('islocaleworking', OC_Util::issetlocaleworking()); $tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax')); $tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enabled', 'yes')); + +// Check if connected using HTTPS +if (OC_Request::serverProtocol() == 'https') { + $connectedHTTPS = true; +} else { + $connectedHTTPS = false; +} +$tmpl->assign('isConnectedViaHTTPS', $connectedHTTPS); +$tmpl->assign('enforceHTTPSEnabled', OC_Config::getValue( "forcessl", false)); + $tmpl->assign('allowLinks', OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes')); $tmpl->assign('allowResharing', OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes')); $tmpl->assign('sharePolicy', OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global')); diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php new file mode 100644 index 00000000000..16a85aade81 --- /dev/null +++ b/settings/ajax/setsecurity.php @@ -0,0 +1,13 @@ +<?php +/** + * Copyright (c) 2013, Lukas Reschke <lukas@statuscode.ch> + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ + +OC_Util::checkAdminUser(); +OCP\JSON::callCheck(); + +OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); + +echo 'true';
\ No newline at end of file diff --git a/settings/js/admin.js b/settings/js/admin.js index 95b7a503c27..ab218377fb3 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -30,4 +30,8 @@ $(document).ready(function(){ } OC.AppConfig.setValue('core', $(this).attr('name'), value); }); + + $('#security').change(function(){ + $.post(OC.filePath('settings','ajax','setsecurity.php'), { enforceHTTPS: $('#enforceHTTPSEnabled').val() },function(){} ); + }); }); diff --git a/settings/routes.php b/settings/routes.php index 8239fe005db..595b83c313e 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -58,6 +58,8 @@ $this->create('settings_ajax_getlog', '/settings/ajax/getlog.php') ->actionInclude('settings/ajax/getlog.php'); $this->create('settings_ajax_setloglevel', '/settings/ajax/setloglevel.php') ->actionInclude('settings/ajax/setloglevel.php'); +$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php') + ->actionInclude('settings/ajax/setsecurity.php'); // apps/user_openid $this->create('settings_ajax_openid', '/settings/ajax/openid.php') diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 26335063d4b..94df359b052 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -132,6 +132,33 @@ if (!$_['internetconnectionworking']) { </table> </fieldset> +<fieldset class="personalblock" id="security"> + <legend><strong><?php echo $l->t('Security');?></strong></legend> + <table class="nostyle"> + <tr> + <td id="enable"> + <input type="checkbox" name="forcessl" id="enforceHTTPSEnabled" + <?php if ($_['enforceHTTPSEnabled']) { + echo 'checked="checked" '; + echo 'value="false"'; + } else { + echo 'value="true"'; + } + ?> + <?php if (!$_['isConnectedViaHTTPS']) echo 'disabled'; ?> /> + <label for="forcessl"><?php echo $l->t('Enforce HTTPS');?></label><br/> + <em><?php echo $l->t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?></em> + <?php if (!$_['isConnectedViaHTTPS']) { + echo "<br/><em>"; + echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.'); + echo "</em>"; + } + ?></em> + </td> + </tr> + </table> +</fieldset> + <fieldset class="personalblock"> <legend><strong><?php echo $l->t('Log');?></strong></legend> <?php echo $l->t('Log level');?> <select name='loglevel' id='loglevel'> |