diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2020-11-03 00:00:05 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2020-11-03 10:06:33 +0100 |
| commit | 1c496a5a356249dc5bd7c1bbb64ae262b2f8fdab (patch) | |
| tree | 0d20e7cd3e0126ad4aca0f4084a3aa2d0f8dafdc /apps/settings/lib | |
| parent | 54b9f639a6cec14236f432c9907edb18d323d94d (diff) | |
| download | nextcloud-server-1c496a5a356249dc5bd7c1bbb64ae262b2f8fdab.tar.gz nextcloud-server-1c496a5a356249dc5bd7c1bbb64ae262b2f8fdab.zip | |
Add a background job that checks for potential user imported SSL certificates and shows a warning in the admin settings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Diffstat (limited to 'apps/settings/lib')
| -rw-r--r-- | apps/settings/lib/Controller/CheckSetupController.php | 4 | ||||
| -rw-r--r-- | apps/settings/lib/SetupChecks/CheckUserCertificates.php | 80 |
2 files changed, 84 insertions, 0 deletions
diff --git a/apps/settings/lib/Controller/CheckSetupController.php b/apps/settings/lib/Controller/CheckSetupController.php index 76b97eb9dc4..0f9dd84febb 100644 --- a/apps/settings/lib/Controller/CheckSetupController.php +++ b/apps/settings/lib/Controller/CheckSetupController.php @@ -53,6 +53,7 @@ use OC\DB\SchemaWrapper; use OC\IntegrityCheck\Checker; use OC\Lock\NoopLockingProvider; use OC\MemoryInfo; +use OCA\Settings\SetupChecks\CheckUserCertificates; use OCA\Settings\SetupChecks\LegacySSEKeyFormat; use OCA\Settings\SetupChecks\PhpDefaultCharset; use OCA\Settings\SetupChecks\PhpOutputBuffering; @@ -692,6 +693,8 @@ Raw output $phpDefaultCharset = new PhpDefaultCharset(); $phpOutputBuffering = new PhpOutputBuffering(); $legacySSEKeyFormat = new LegacySSEKeyFormat($this->l10n, $this->config, $this->urlGenerator); + $checkUserCertificates = new CheckUserCertificates($this->l10n, $this->config, $this->urlGenerator); + return new DataResponse( [ 'isGetenvServerWorking' => !empty(getenv('PATH')), @@ -734,6 +737,7 @@ Raw output PhpDefaultCharset::class => ['pass' => $phpDefaultCharset->run(), 'description' => $phpDefaultCharset->description(), 'severity' => $phpDefaultCharset->severity()], PhpOutputBuffering::class => ['pass' => $phpOutputBuffering->run(), 'description' => $phpOutputBuffering->description(), 'severity' => $phpOutputBuffering->severity()], LegacySSEKeyFormat::class => ['pass' => $legacySSEKeyFormat->run(), 'description' => $legacySSEKeyFormat->description(), 'severity' => $legacySSEKeyFormat->severity(), 'linkToDocumentation' => $legacySSEKeyFormat->linkToDocumentation()], + CheckUserCertificates::class => ['pass' => $checkUserCertificates->run(), 'description' => $checkUserCertificates->description(), 'severity' => $checkUserCertificates->severity(), 'elements' => $checkUserCertificates->elements()], ] ); } diff --git a/apps/settings/lib/SetupChecks/CheckUserCertificates.php b/apps/settings/lib/SetupChecks/CheckUserCertificates.php new file mode 100644 index 00000000000..cbe6c91996a --- /dev/null +++ b/apps/settings/lib/SetupChecks/CheckUserCertificates.php @@ -0,0 +1,80 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2020 Morris Jobke <hey@morrisjobke.de> + * + * @author Morris Jobke <hey@morrisjobke.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Settings\SetupChecks; + +use OCP\IConfig; +use OCP\IL10N; +use OCP\IURLGenerator; + +class CheckUserCertificates { + /** @var IL10N */ + private $l10n; + /** @var string */ + private $configValue; + /** @var IURLGenerator */ + private $urlGenerator; + + public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) { + $this->l10n = $l10n; + $configValue = $config->getAppValue('files_external', 'user_certificate_scan', false); + if (!is_string($configValue)) { + $configValue = ''; + } + $this->configValue = $configValue; + $this->urlGenerator = $urlGenerator; + } + + public function description(): string { + if ($this->configValue === '') { + return ''; + } + if ($this->configValue === 'not-run-yet') { + return $this->l10n->t('A background job is pending that checks for user imported SSL certificates. Please check back later.'); + } + return $this->l10n->t('There are some user imported SSL certificates present, that are not used anymore with Nextcloud 21. They can be imported on the command line via "occ security:certificates:import" command. Their paths inside the data directory are shown below.'); + } + + public function severity(): string { + return 'warning'; + } + + public function run(): bool { + // all fine if neither "not-run-yet" nor a result + return $this->configValue === ''; + } + + public function elements(): array { + if ($this->configValue === '' || $this->configValue === 'not-run-yet') { + return []; + } + $data = json_decode($this->configValue); + if (!is_array($data)) { + return []; + } + return $data; + } +} |