diff options
| author | Robin McCorkell <rmccorkell@karoshi.org.uk> | 2015-07-25 19:18:32 +0100 |
|---|---|---|
| committer | Robin McCorkell <rmccorkell@owncloud.com> | 2015-08-10 23:28:16 +0100 |
| commit | 2579999373e628c1d6d4d08d1d89412f1fd68fe3 (patch) | |
| tree | 3baf6873ad32a70ebd572862eb890be5d3fb65d3 /core/js | |
| parent | 8944af57cbd1fd2962b6adeaed76c6cd41712453 (diff) | |
| download | nextcloud-server-2579999373e628c1d6d4d08d1d89412f1fd68fe3.tar.gz nextcloud-server-2579999373e628c1d6d4d08d1d89412f1fd68fe3.zip | |
Add setup check for reverse proxy header configuration
Diffstat (limited to 'core/js')
| -rw-r--r-- | core/js/setupchecks.js | 5 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 66 |
2 files changed, 66 insertions, 5 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 5a5c12c85e6..fd192e6563b 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -77,6 +77,11 @@ t('core', 'Your PHP version ({version}) is no longer <a href="{phpLink}">supported by PHP</a>. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.', {version: data.phpSupported.version, phpLink: 'https://secure.php.net/supported-versions.php'}) ); } + if(!data.forwardedForHeadersWorking) { + messages.push( + t('core', 'The reverse proxy headers configuration is incorrect, or you are accessing ownCloud from a trusted proxy. If you are not accessing ownCloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to ownCloud. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.reverseProxyDocs}) + ); + } } else { messages.push(t('core', 'Error occurred while checking server setup')); } diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index fe12aa4544c..d0efcf4b284 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -66,7 +66,12 @@ describe('OC.SetupChecks tests', function() { { 'Content-Type': 'application/json' }, - JSON.stringify({isUrandomAvailable: true, serverHasInternetConnection: false, memcacheDocs: 'https://doc.owncloud.org/server/go.php?to=admin-performance'}) + JSON.stringify({ + isUrandomAvailable: true, + serverHasInternetConnection: false, + memcacheDocs: 'https://doc.owncloud.org/server/go.php?to=admin-performance', + forwardedForHeadersWorking: true + }) ); async.done(function( data, s, x ){ @@ -83,7 +88,13 @@ describe('OC.SetupChecks tests', function() { { 'Content-Type': 'application/json' }, - JSON.stringify({isUrandomAvailable: true, serverHasInternetConnection: false, dataDirectoryProtected: false, memcacheDocs: 'https://doc.owncloud.org/server/go.php?to=admin-performance'}) + JSON.stringify({ + isUrandomAvailable: true, + serverHasInternetConnection: false, + dataDirectoryProtected: false, + memcacheDocs: 'https://doc.owncloud.org/server/go.php?to=admin-performance', + forwardedForHeadersWorking: true + }) ); async.done(function( data, s, x ){ @@ -100,7 +111,13 @@ describe('OC.SetupChecks tests', function() { { 'Content-Type': 'application/json', }, - JSON.stringify({isUrandomAvailable: true, serverHasInternetConnection: false, dataDirectoryProtected: false, isMemcacheConfigured: true}) + JSON.stringify({ + isUrandomAvailable: true, + serverHasInternetConnection: false, + dataDirectoryProtected: false, + isMemcacheConfigured: true, + forwardedForHeadersWorking: true + }) ); async.done(function( data, s, x ){ @@ -117,7 +134,14 @@ describe('OC.SetupChecks tests', function() { { 'Content-Type': 'application/json', }, - JSON.stringify({isUrandomAvailable: false, securityDocs: 'https://docs.owncloud.org/myDocs.html', serverHasInternetConnection: true, dataDirectoryProtected: true, isMemcacheConfigured: true}) + JSON.stringify({ + isUrandomAvailable: false, + securityDocs: 'https://docs.owncloud.org/myDocs.html', + serverHasInternetConnection: true, + dataDirectoryProtected: true, + isMemcacheConfigured: true, + forwardedForHeadersWorking: true + }) ); async.done(function( data, s, x ){ @@ -126,6 +150,30 @@ describe('OC.SetupChecks tests', function() { }); }); + it('should return an error if the forwarded for headers are not working', function(done) { + var async = OC.SetupChecks.checkSetup(); + + suite.server.requests[0].respond( + 200, + { + 'Content-Type': 'application/json', + }, + JSON.stringify({ + isUrandomAvailable: true, + serverHasInternetConnection: true, + dataDirectoryProtected: true, + isMemcacheConfigured: true, + forwardedForHeadersWorking: false, + reverseProxyDocs: 'https://docs.owncloud.org/foo/bar.html' + }) + ); + + async.done(function( data, s, x ){ + expect(data).toEqual(['The reverse proxy headers configuration is incorrect, or you are accessing ownCloud from a trusted proxy. If you are not accessing ownCloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to ownCloud. Further information can be found in our <a href="https://docs.owncloud.org/foo/bar.html">documentation</a>.']); + done(); + }); + }); + it('should return an error if the response has no statuscode 200', function(done) { var async = OC.SetupChecks.checkSetup(); @@ -151,7 +199,15 @@ describe('OC.SetupChecks tests', function() { { 'Content-Type': 'application/json', }, - JSON.stringify({isUrandomAvailable: true, securityDocs: 'https://docs.owncloud.org/myDocs.html', serverHasInternetConnection: true, dataDirectoryProtected: true, isMemcacheConfigured: true, phpSupported: {eol: true, version: '5.4.0'}}) + JSON.stringify({ + isUrandomAvailable: true, + securityDocs: 'https://docs.owncloud.org/myDocs.html', + serverHasInternetConnection: true, + dataDirectoryProtected: true, + isMemcacheConfigured: true, + forwardedForHeadersWorking: true, + phpSupported: {eol: true, version: '5.4.0'} + }) ); async.done(function( data, s, x ){ |