diff options
| -rw-r--r-- | apps/settings/composer/composer/autoload_classmap.php | 1 | ||||
| -rw-r--r-- | apps/settings/composer/composer/autoload_static.php | 1 | ||||
| -rw-r--r-- | apps/settings/lib/AppInfo/Application.php | 2 | ||||
| -rw-r--r-- | apps/settings/lib/SetupChecks/OcxProviders.php | 2 | ||||
| -rw-r--r-- | apps/settings/lib/SetupChecks/SecurityHeaders.php | 160 | ||||
| -rw-r--r-- | apps/settings/src/admin.js | 5 | ||||
| -rw-r--r-- | apps/settings/tests/SetupChecks/OcxProvicersTest.php | 14 | ||||
| -rw-r--r-- | apps/settings/tests/SetupChecks/SecurityHeadersTest.php | 224 | ||||
| -rw-r--r-- | core/js/setupchecks.js | 138 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 603 | ||||
| -rw-r--r-- | dist/settings-legacy-admin.js | 4 | ||||
| -rw-r--r-- | dist/settings-legacy-admin.js.map | 2 |
12 files changed, 401 insertions, 755 deletions
diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php index b9709c8ad28..17e47f62a7d 100644 --- a/apps/settings/composer/composer/autoload_classmap.php +++ b/apps/settings/composer/composer/autoload_classmap.php @@ -117,6 +117,7 @@ return array( 'OCA\\Settings\\SetupChecks\\PushService' => $baseDir . '/../lib/SetupChecks/PushService.php', 'OCA\\Settings\\SetupChecks\\RandomnessSecure' => $baseDir . '/../lib/SetupChecks/RandomnessSecure.php', 'OCA\\Settings\\SetupChecks\\ReadOnlyConfig' => $baseDir . '/../lib/SetupChecks/ReadOnlyConfig.php', + 'OCA\\Settings\\SetupChecks\\SecurityHeaders' => $baseDir . '/../lib/SetupChecks/SecurityHeaders.php', 'OCA\\Settings\\SetupChecks\\SupportedDatabase' => $baseDir . '/../lib/SetupChecks/SupportedDatabase.php', 'OCA\\Settings\\SetupChecks\\SystemIs64bit' => $baseDir . '/../lib/SetupChecks/SystemIs64bit.php', 'OCA\\Settings\\SetupChecks\\TempSpaceAvailable' => $baseDir . '/../lib/SetupChecks/TempSpaceAvailable.php', diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php index 67808ad23f2..1dccc69b923 100644 --- a/apps/settings/composer/composer/autoload_static.php +++ b/apps/settings/composer/composer/autoload_static.php @@ -132,6 +132,7 @@ class ComposerStaticInitSettings 'OCA\\Settings\\SetupChecks\\PushService' => __DIR__ . '/..' . '/../lib/SetupChecks/PushService.php', 'OCA\\Settings\\SetupChecks\\RandomnessSecure' => __DIR__ . '/..' . '/../lib/SetupChecks/RandomnessSecure.php', 'OCA\\Settings\\SetupChecks\\ReadOnlyConfig' => __DIR__ . '/..' . '/../lib/SetupChecks/ReadOnlyConfig.php', + 'OCA\\Settings\\SetupChecks\\SecurityHeaders' => __DIR__ . '/..' . '/../lib/SetupChecks/SecurityHeaders.php', 'OCA\\Settings\\SetupChecks\\SupportedDatabase' => __DIR__ . '/..' . '/../lib/SetupChecks/SupportedDatabase.php', 'OCA\\Settings\\SetupChecks\\SystemIs64bit' => __DIR__ . '/..' . '/../lib/SetupChecks/SystemIs64bit.php', 'OCA\\Settings\\SetupChecks\\TempSpaceAvailable' => __DIR__ . '/..' . '/../lib/SetupChecks/TempSpaceAvailable.php', diff --git a/apps/settings/lib/AppInfo/Application.php b/apps/settings/lib/AppInfo/Application.php index 0977da398b0..9f7ec3036f4 100644 --- a/apps/settings/lib/AppInfo/Application.php +++ b/apps/settings/lib/AppInfo/Application.php @@ -86,6 +86,7 @@ use OCA\Settings\SetupChecks\PhpOutputBuffering; use OCA\Settings\SetupChecks\PushService; use OCA\Settings\SetupChecks\RandomnessSecure; use OCA\Settings\SetupChecks\ReadOnlyConfig; +use OCA\Settings\SetupChecks\SecurityHeaders; use OCA\Settings\SetupChecks\SupportedDatabase; use OCA\Settings\SetupChecks\SystemIs64bit; use OCA\Settings\SetupChecks\TempSpaceAvailable; @@ -214,6 +215,7 @@ class Application extends App implements IBootstrap { $context->registerSetupCheck(PhpOutputBuffering::class); $context->registerSetupCheck(RandomnessSecure::class); $context->registerSetupCheck(ReadOnlyConfig::class); + $context->registerSetupCheck(SecurityHeaders::class); $context->registerSetupCheck(SupportedDatabase::class); $context->registerSetupCheck(SystemIs64bit::class); $context->registerSetupCheck(TempSpaceAvailable::class); diff --git a/apps/settings/lib/SetupChecks/OcxProviders.php b/apps/settings/lib/SetupChecks/OcxProviders.php index d24f2843829..f387fe23a32 100644 --- a/apps/settings/lib/SetupChecks/OcxProviders.php +++ b/apps/settings/lib/SetupChecks/OcxProviders.php @@ -68,7 +68,7 @@ class OcxProviders implements ISetupCheck { ]; foreach ($providers as $provider) { - foreach ($this->runHEAD($this->urlGenerator->getWebroot() . $provider) as $response) { + foreach ($this->runRequest('HEAD', $this->urlGenerator->getWebroot() . $provider, ['httpErrors' => false]) as $response) { $testedProviders[$provider] = true; if ($response->getStatusCode() === 200) { $workingProviders[] = $provider; diff --git a/apps/settings/lib/SetupChecks/SecurityHeaders.php b/apps/settings/lib/SetupChecks/SecurityHeaders.php new file mode 100644 index 00000000000..f62c4c55308 --- /dev/null +++ b/apps/settings/lib/SetupChecks/SecurityHeaders.php @@ -0,0 +1,160 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2023 Côme Chilliet <come.chilliet@nextcloud.com> + * + * @author Côme Chilliet <come.chilliet@nextcloud.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Settings\SetupChecks; + +use OCP\Http\Client\IClientService; +use OCP\IConfig; +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\SetupCheck\ISetupCheck; +use OCP\SetupCheck\SetupResult; +use Psr\Log\LoggerInterface; + +class SecurityHeaders implements ISetupCheck { + + use CheckServerResponseTrait; + + public function __construct( + protected IL10N $l10n, + protected IConfig $config, + protected IURLGenerator $urlGenerator, + protected IClientService $clientService, + protected LoggerInterface $logger, + ) { + } + + public function getCategory(): string { + return 'security'; + } + + public function getName(): string { + return $this->l10n->t('HTTP headers'); + } + + public function run(): SetupResult { + $urls = [ + ['get', $this->urlGenerator->linkToRoute('heartbeat'), [200]], + ]; + $securityHeaders = [ + 'X-Content-Type-Options' => ['nosniff', null], + 'X-Robots-Tag' => ['noindex,nofollow', null], + 'X-Frame-Options' => ['sameorigin', 'deny'], + 'X-Permitted-Cross-Domain-Policies' => ['none', null], + ]; + + foreach ($urls as [$verb,$url,$validStatuses]) { + $works = null; + foreach ($this->runRequest($verb, $url, ['httpErrors' => false]) as $response) { + // Check that the response status matches + if (!in_array($response->getStatusCode(), $validStatuses)) { + $works = false; + continue; + } + $msg = ''; + $msgParameters = []; + foreach ($securityHeaders as $header => [$expected, $accepted]) { + /* Convert to lowercase and remove spaces after comas */ + $value = preg_replace('/,\s+/', ',', strtolower($response->getHeader($header))); + if ($value !== $expected) { + if ($accepted !== null && $value === $accepted) { + $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. Some features might not work correctly, as it is recommended to adjust this setting accordingly.', [$header, $expected])."\n"; + } else { + $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', [$header, $expected])."\n"; + } + } + } + + $xssfields = array_map('trim', explode(';', $response->getHeader('X-XSS-Protection'))); + if (!in_array('1', $xssfields) || !in_array('mode=block', $xssfields)) { + $msg .= $this->l10n->t('- The `%1$s` HTTP header does not contain `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', ['X-XSS-Protection', '1; mode=block'])."\n"; + } + + $referrerPolicy = $response->getHeader('Referrer-Policy'); + if (!preg_match('/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/', $referrerPolicy)) { + $msg .= $this->l10n->t( + '- The `%1$s` HTTP header is not set to `%2$s`, `%3$s`, `%4$s`, `%5$s` or `%6$s`. This can leak referer information. See the {w3c-recommendation}.', + [ + 'Referrer-Policy', + 'no-referrer', + 'no-referrer-when-downgrade', + 'strict-origin', + 'strict-origin-when-cross-origin', + 'same-origin', + ] + )."\n"; + $msgParameters['w3c-recommendation'] = [ + 'type' => 'highlight', + 'id' => 'w3c-recommendation', + 'name' => 'W3C Recommendation', + 'link' => 'https://www.w3.org/TR/referrer-policy/', + ]; + } + + $transportSecurityValidity = $response->getHeader('Strict-Transport-Security'); + $minimumSeconds = 15552000; + if (preg_match('/^max-age=(\d+)(;.*)?$/', $transportSecurityValidity, $m)) { + $transportSecurityValidity = (int)$m[1]; + if ($transportSecurityValidity < $minimumSeconds) { + $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set to at least `%d` seconds (current value: `%d`). For enhanced security, it is recommended to use a long HSTS policy.', [$minimumSeconds, $transportSecurityValidity])."\n"; + } + } elseif (!empty($transportSecurityValidity)) { + $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is malformed: `%s`. For enhanced security, it is recommended to enable HSTS.', [$transportSecurityValidity])."\n"; + } else { + $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set (should be at least `%d` seconds). For enhanced security, it is recommended to enable HSTS.', [$minimumSeconds])."\n"; + } + + if (!empty($msg)) { + return SetupResult::warning( + $this->l10n->t('Some headers are not set correctly on your instance')."\n".$msg, + $this->urlGenerator->linkToDocs('admin-security'), + $msgParameters, + ); + } + // Skip the other requests if one works + $works = true; + break; + } + // If 'works' is null then we could not connect to the server + if ($works === null) { + return SetupResult::info( + $this->l10n->t('Could not check that your web server serves security headers correctly. Please check manually.'), + $this->urlGenerator->linkToDocs('admin-security'), + ); + } + // Otherwise if we fail we can abort here + if ($works === false) { + return SetupResult::warning( + $this->l10n->t("Could not check that your web server serves security headers correctly, unable to query `%s`", [$url]), + $this->urlGenerator->linkToDocs('admin-security'), + ); + } + } + return SetupResult::success( + $this->l10n->t('Your server is correctly configured to send security headers.') + ); + } +} diff --git a/apps/settings/src/admin.js b/apps/settings/src/admin.js index 09034495529..8b5ae1080e3 100644 --- a/apps/settings/src/admin.js +++ b/apps/settings/src/admin.js @@ -103,9 +103,8 @@ window.addEventListener('DOMContentLoaded', () => { $.when( OC.SetupChecks.checkWebDAV(), OC.SetupChecks.checkSetup(), - OC.SetupChecks.checkGeneric(), - ).then((check1, check2, check3) => { - const messages = [].concat(check1, check2, check3) + ).then((check1, check2) => { + const messages = [].concat(check1, check2) const $el = $('#postsetupchecks') $('#security-warning-state-loading').addClass('hidden') diff --git a/apps/settings/tests/SetupChecks/OcxProvicersTest.php b/apps/settings/tests/SetupChecks/OcxProvicersTest.php index f0f504af027..2cc6ac6de07 100644 --- a/apps/settings/tests/SetupChecks/OcxProvicersTest.php +++ b/apps/settings/tests/SetupChecks/OcxProvicersTest.php @@ -62,7 +62,7 @@ class OcxProvicersTest extends TestCase { $this->logger = $this->createMock(LoggerInterface::class); $this->setupcheck = $this->getMockBuilder(OcxProviders::class) - ->onlyMethods(['runHEAD']) + ->onlyMethods(['runRequest']) ->setConstructorArgs([ $this->l10n, $this->config, @@ -79,7 +79,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([$response]), $this->generate([$response])); $result = $this->setupcheck->run(); @@ -94,7 +94,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([$response1, $response1, $response1]), $this->generate([$response2])); // only one response out of two $result = $this->setupcheck->run(); @@ -107,7 +107,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([]), $this->generate([])); // No responses $result = $this->setupcheck->run(); @@ -121,7 +121,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([$response]), $this->generate([])); // only one response out of two $result = $this->setupcheck->run(); @@ -135,7 +135,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([$response]), $this->generate([$response])); // only one response out of two $result = $this->setupcheck->run(); @@ -151,7 +151,7 @@ class OcxProvicersTest extends TestCase { $this->setupcheck ->expects($this->exactly(2)) - ->method('runHEAD') + ->method('runRequest') ->willReturnOnConsecutiveCalls($this->generate([$response1]), $this->generate([$response2])); $result = $this->setupcheck->run(); diff --git a/apps/settings/tests/SetupChecks/SecurityHeadersTest.php b/apps/settings/tests/SetupChecks/SecurityHeadersTest.php new file mode 100644 index 00000000000..fb8eb757460 --- /dev/null +++ b/apps/settings/tests/SetupChecks/SecurityHeadersTest.php @@ -0,0 +1,224 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2024 Côme Chilliet <come.chilliet@nextcloud.com> + * + * @author Côme Chilliet <come.chilliet@nextcloud.com> + * + * @license AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OCA\Settings\Tests; + +use OCA\Settings\SetupChecks\SecurityHeaders; +use OCP\Http\Client\IClientService; +use OCP\Http\Client\IResponse; +use OCP\IConfig; +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\SetupCheck\SetupResult; +use PHPUnit\Framework\MockObject\MockObject; +use Psr\Log\LoggerInterface; +use Test\TestCase; + +class SecurityHeadersTest extends TestCase { + private IL10N|MockObject $l10n; + private IConfig|MockObject $config; + private IURLGenerator|MockObject $urlGenerator; + private IClientService|MockObject $clientService; + private LoggerInterface|MockObject $logger; + private SecurityHeaders|MockObject $setupcheck; + + protected function setUp(): void { + parent::setUp(); + + /** @var IL10N|MockObject */ + $this->l10n = $this->getMockBuilder(IL10N::class) + ->disableOriginalConstructor()->getMock(); + $this->l10n->expects($this->any()) + ->method('t') + ->willReturnCallback(function ($message, array $replace) { + return vsprintf($message, $replace); + }); + + $this->config = $this->createMock(IConfig::class); + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->clientService = $this->createMock(IClientService::class); + $this->logger = $this->createMock(LoggerInterface::class); + + $this->setupcheck = $this->getMockBuilder(SecurityHeaders::class) + ->onlyMethods(['runRequest']) + ->setConstructorArgs([ + $this->l10n, + $this->config, + $this->urlGenerator, + $this->clientService, + $this->logger, + ]) + ->getMock(); + } + + public function testInvalidStatusCode(): void { + $this->setupResponse(500, []); + + $result = $this->setupcheck->run(); + $this->assertMatchesRegularExpression('/^Could not check that your web server serves security headers correctly/', $result->getDescription()); + $this->assertEquals(SetupResult::WARNING, $result->getSeverity()); + } + + public function testAllHeadersMissing(): void { + $this->setupResponse(200, []); + + $result = $this->setupcheck->run(); + $this->assertMatchesRegularExpression('/^Some headers are not set correctly on your instance/', $result->getDescription()); + $this->assertEquals(SetupResult::WARNING, $result->getSeverity()); + } + + public function testSomeHeadersMissing(): void { + $this->setupResponse( + 200, + [ + 'X-Robots-Tag' => 'noindex, nofollow', + 'X-Frame-Options' => 'SAMEORIGIN', + 'Strict-Transport-Security' => 'max-age=15768000;preload', + 'X-Permitted-Cross-Domain-Policies' => 'none', + 'Referrer-Policy' => 'no-referrer', + ] + ); + + $result = $this->setupcheck->run(); + $this->assertEquals( + "Some headers are not set correctly on your instance\n- The `X-Content-Type-Options` HTTP header is not set to `nosniff`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.\n- The `X-XSS-Protection` HTTP header does not contain `1; mode=block`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.\n", + $result->getDescription() + ); + $this->assertEquals(SetupResult::WARNING, $result->getSeverity()); + } + + public function dataSuccess(): array { + return [ + // description => modifiedHeaders + 'basic' => [[]], + 'extra-xss-protection' => [['X-XSS-Protection' => '1; mode=block; report=https://example.com']], + 'no-space-in-x-robots' => [['X-Robots-Tag' => 'noindex,nofollow']], + 'strict-origin-when-cross-origin' => [['Referrer-Policy' => 'strict-origin-when-cross-origin']], + 'referrer-no-referrer-when-downgrade' => [['Referrer-Policy' => 'no-referrer-when-downgrade']], + 'referrer-strict-origin' => [['Referrer-Policy' => 'strict-origin']], + 'referrer-strict-origin-when-cross-origin' => [['Referrer-Policy' => 'strict-origin-when-cross-origin']], + 'referrer-same-origin' => [['Referrer-Policy' => 'same-origin']], + 'hsts-minimum' => [['Strict-Transport-Security' => 'max-age=15552000']], + 'hsts-include-subdomains' => [['Strict-Transport-Security' => 'max-age=99999999; includeSubDomains']], + 'hsts-include-subdomains-preload' => [['Strict-Transport-Security' => 'max-age=99999999; preload; includeSubDomains']], + ]; + } + + /** + * @dataProvider dataSuccess + */ + public function testSuccess($headers): void { + $headers = array_merge( + [ + 'X-XSS-Protection' => '1; mode=block', + 'X-Content-Type-Options' => 'nosniff', + 'X-Robots-Tag' => 'noindex, nofollow', + 'X-Frame-Options' => 'SAMEORIGIN', + 'Strict-Transport-Security' => 'max-age=15768000', + 'X-Permitted-Cross-Domain-Policies' => 'none', + 'Referrer-Policy' => 'no-referrer', + ], + $headers + ); + $this->setupResponse( + 200, + $headers + ); + + $result = $this->setupcheck->run(); + $this->assertEquals( + 'Your server is correctly configured to send security headers.', + $result->getDescription() + ); + $this->assertEquals(SetupResult::SUCCESS, $result->getSeverity()); + } + + public function dataFailure(): array { + return [ + // description => modifiedHeaders + 'x-robots-none' => [['X-Robots-Tag' => 'none'], "- The `X-Robots-Tag` HTTP header is not set to `noindex,nofollow`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.\n"], + 'xss-protection-1' => [['X-XSS-Protection' => '1'], "- The `X-XSS-Protection` HTTP header does not contain `1; mode=block`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.\n"], + 'xss-protection-0' => [['X-XSS-Protection' => '0'], "- The `X-XSS-Protection` HTTP header does not contain `1; mode=block`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.\n"], + 'referrer-origin' => [['Referrer-Policy' => 'origin'], "- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the {w3c-recommendation}.\n"], + 'referrer-origin-when-cross-origin' => [['Referrer-Policy' => 'origin-when-cross-origin'], "- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the {w3c-recommendation}.\n"], + 'referrer-unsafe-url' => [['Referrer-Policy' => 'unsafe-url'], "- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the {w3c-recommendation}.\n"], + 'hsts-missing' => [['Strict-Transport-Security' => ''], "- The `Strict-Transport-Security` HTTP header is not set (should be at least `15552000` seconds). For enhanced security, it is recommended to enable HSTS.\n"], + 'hsts-too-low' => [['Strict-Transport-Security' => 'max-age=15551999'], "- The `Strict-Transport-Security` HTTP header is not set to at least `15552000` seconds (current value: `15551999`). For enhanced security, it is recommended to use a long HSTS policy.\n"], + 'hsts-malformed' => [['Strict-Transport-Security' => 'iAmABogusHeader342'], "- The `Strict-Transport-Security` HTTP header is malformed: `iAmABogusHeader342`. For enhanced security, it is recommended to enable HSTS.\n"], + ]; + } + + /** + * @dataProvider dataFailure + */ + public function testFailure(array $headers, string $msg): void { + $headers = array_merge( + [ + 'X-XSS-Protection' => '1; mode=block', + 'X-Content-Type-Options' => 'nosniff', + 'X-Robots-Tag' => 'noindex, nofollow', + 'X-Frame-Options' => 'SAMEORIGIN', + 'Strict-Transport-Security' => 'max-age=15768000', + 'X-Permitted-Cross-Domain-Policies' => 'none', + 'Referrer-Policy' => 'no-referrer', + ], + $headers + ); + $this->setupResponse( + 200, + $headers + ); + + $result = $this->setupcheck->run(); + $this->assertEquals( + 'Some headers are not set correctly on your instance'."\n$msg", + $result->getDescription() + ); + $this->assertEquals(SetupResult::WARNING, $result->getSeverity()); + } + + protected function setupResponse(int $statuscode, array $headers): void { + $response = $this->createMock(IResponse::class); + $response->expects($this->atLeastOnce())->method('getStatusCode')->willReturn($statuscode); + $response->expects($this->any())->method('getHeader') + ->willReturnCallback( + fn (string $header): string => $headers[$header] ?? '' + ); + + $this->setupcheck + ->expects($this->atLeastOnce()) + ->method('runRequest') + ->willReturnOnConsecutiveCalls($this->generate([$response])); + } + + /** + * Helper function creates a nicer interface for mocking Generator behavior + */ + protected function generate(array $yield_values) { + return $this->returnCallback(function () use ($yield_values) { + yield from $yield_values; + }); + } +} diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 00120d678a8..0c0e673eae7 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -156,143 +156,5 @@ }) } }, - - /** - * Runs generic checks on the server side, the difference to dedicated - * methods is that we use the same XHR object for all checks to save - * requests. - * - * @return $.Deferred object resolved with an array of error messages - */ - checkGeneric: function() { - var self = this; - var deferred = $.Deferred(); - var afterCall = function(data, statusText, xhr) { - var messages = []; - messages = messages.concat(self._checkSecurityHeaders(xhr)); - messages = messages.concat(self._checkSSL(xhr)); - deferred.resolve(messages); - }; - - $.ajax({ - type: 'GET', - url: OC.generateUrl('heartbeat'), - allowAuthErrors: true - }).then(afterCall, afterCall); - - return deferred.promise(); - }, - - /** - * Runs check for some generic security headers on the server side - * - * @param {Object} xhr - * @return {Array} Array with error messages - */ - _checkSecurityHeaders: function(xhr) { - var messages = []; - - if (xhr.status === 200) { - var securityHeaders = { - 'X-Content-Type-Options': ['nosniff'], - 'X-Robots-Tag': ['noindex, nofollow'], - 'X-Frame-Options': ['SAMEORIGIN', 'DENY'], - 'X-Permitted-Cross-Domain-Policies': ['none'], - }; - for (var header in securityHeaders) { - var option = securityHeaders[header][0]; - if(!xhr.getResponseHeader(header) || xhr.getResponseHeader(header).replace(/, /, ',').toLowerCase() !== option.replace(/, /, ',').toLowerCase()) { - var msg = t('core', 'The "{header}" HTTP header is not set to "{expected}". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', {header: header, expected: option}); - if(xhr.getResponseHeader(header) && securityHeaders[header].length > 1 && xhr.getResponseHeader(header).toLowerCase() === securityHeaders[header][1].toLowerCase()) { - msg = t('core', 'The "{header}" HTTP header is not set to "{expected}". Some features might not work correctly, as it is recommended to adjust this setting accordingly.', {header: header, expected: option}); - } - messages.push({ - msg: msg, - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }); - } - } - - var xssfields = xhr.getResponseHeader('X-XSS-Protection') ? xhr.getResponseHeader('X-XSS-Protection').split(';').map(function(item) { return item.trim(); }) : []; - if (xssfields.length === 0 || xssfields.indexOf('1') === -1 || xssfields.indexOf('mode=block') === -1) { - messages.push({ - msg: t('core', 'The "{header}" HTTP header does not contain "{expected}". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - { - header: 'X-XSS-Protection', - expected: '1; mode=block' - }), - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }); - } - - const referrerPolicy = xhr.getResponseHeader('Referrer-Policy') - if (referrerPolicy === null || !/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/.test(referrerPolicy)) { - messages.push({ - msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}", "{val4}" or "{val5}". This can leak referer information. See the {linkstart}W3C Recommendation ↗{linkend}.', - { - header: 'Referrer-Policy', - val1: 'no-referrer', - val2: 'no-referrer-when-downgrade', - val3: 'strict-origin', - val4: 'strict-origin-when-cross-origin', - val5: 'same-origin' - }) - .replace('{linkstart}', '<a target="_blank" rel="noreferrer noopener" class="external" href="https://www.w3.org/TR/referrer-policy/">') - .replace('{linkend}', '</a>'), - type: OC.SetupChecks.MESSAGE_TYPE_INFO - }) - } - } else { - messages.push({ - msg: t('core', 'Error occurred while checking server setup'), - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }); - } - - return messages; - }, - - /** - * Runs check for some SSL configuration issues on the server side - * - * @param {Object} xhr - * @return {Array} Array with error messages - */ - _checkSSL: function(xhr) { - var messages = []; - - if (xhr.status === 200) { - var tipsUrl = OC.theme.docPlaceholderUrl.replace('PLACEHOLDER', 'admin-security'); - if(OC.getProtocol() === 'https') { - // Extract the value of 'Strict-Transport-Security' - var transportSecurityValidity = xhr.getResponseHeader('Strict-Transport-Security'); - if(transportSecurityValidity !== null && transportSecurityValidity.length > 8) { - var firstComma = transportSecurityValidity.indexOf(";"); - if(firstComma !== -1) { - transportSecurityValidity = transportSecurityValidity.substring(8, firstComma); - } else { - transportSecurityValidity = transportSecurityValidity.substring(8); - } - } - - var minimumSeconds = 15552000; - if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) { - messages.push({ - msg: t('core', 'The "Strict-Transport-Security" HTTP header is not set to at least "{seconds}" seconds. For enhanced security, it is recommended to enable HSTS as described in the {linkstart}security tips ↗{linkend}.', {'seconds': minimumSeconds}) - .replace('{linkstart}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + tipsUrl + '">') - .replace('{linkend}', '</a>'), - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }); - } - } - } else { - messages.push({ - msg: t('core', 'Error occurred while checking server setup'), - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }); - } - - return messages; - } }; })(); diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index bef316b16c9..99f72754ace 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -320,607 +320,4 @@ describe('OC.SetupChecks tests', function() { }); }); }); - - describe('checkGeneric', function() { - it('should return an error if the response has no statuscode 200', function(done) { - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 500, - { - 'Content-Type': 'application/json' - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - },{ - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }]); - done(); - }); - }); - - it('should return all errors if all headers are missing', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 200, - { - 'Content-Type': 'application/json', - 'Strict-Transport-Security': 'max-age=15768000' - }, - '{}' - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "X-XSS-Protection" HTTP header does not contain "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" class="external" href="https://www.w3.org/TR/referrer-policy/">W3C Recommendation ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_INFO - } - ]); - done(); - }); - }); - - it('should return only some errors if just some headers are missing', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 200, - { - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'Strict-Transport-Security': 'max-age=15768000;preload', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }, { - msg: 'The "X-XSS-Protection" HTTP header does not contain "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING, - } - ]); - done(); - }); - }); - - it('should return none errors if all headers are there', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 200, - { - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'Strict-Transport-Security': 'max-age=15768000', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer' - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - describe('check X-Robots-Tag header', function() { - it('should return no message if X-Robots-Tag is set to noindex,nofollow without space', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex,nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return a message if X-Robots-Tag is set to none', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'none', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - } - ]); - done(); - }); - }); - }); - - describe('check X-XSS-Protection header', function() { - it('should return no message if X-XSS-Protection is set to 1; mode=block; report=https://example.com', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block; report=https://example.com', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no message if X-XSS-Protection is set to 1; mode=block', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return a message if X-XSS-Protection is set to 1', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "X-XSS-Protection" HTTP header does not contain "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - } - ]); - done(); - }); - }); - - it('should return a message if X-XSS-Protection is set to 0', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '0', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "X-XSS-Protection" HTTP header does not contain "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - } - ]); - done(); - }); - }); - }); - - describe('check Referrer-Policy header', function() { - it('should return no message if Referrer-Policy is set to no-referrer', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no message if Referrer-Policy is set to no-referrer-when-downgrade', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer-when-downgrade', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no message if Referrer-Policy is set to strict-origin', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'strict-origin', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no message if Referrer-Policy is set to strict-origin-when-cross-origin', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'strict-origin-when-cross-origin', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no message if Referrer-Policy is set to same-origin', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'same-origin', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return a message if Referrer-Policy is set to origin', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'origin', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" class="external" href="https://www.w3.org/TR/referrer-policy/">W3C Recommendation ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_INFO - } - ]); - done(); - }); - }); - - it('should return a message if Referrer-Policy is set to origin-when-cross-origin', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'origin-when-cross-origin', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" class="external" href="https://www.w3.org/TR/referrer-policy/">W3C Recommendation ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_INFO - } - ]); - done(); - }); - }); - - it('should return a message if Referrer-Policy is set to unsafe-url', function(done) { - protocolStub.returns('https'); - var result = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'unsafe-url', - }); - - result.done(function( data, s, x ){ - expect(data).toEqual([ - { - msg: 'The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" class="external" href="https://www.w3.org/TR/referrer-policy/">W3C Recommendation ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_INFO - } - ]); - done(); - }); - }); - }); - }); - - it('should return an error if the response has no statuscode 200', function(done) { - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond( - 500, - { - 'Content-Type': 'application/json' - }, - JSON.stringify({data: {serverHasInternetConnectionProblems: true}}) - ); - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }, { - msg: 'Error occurred while checking server setup', - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used without Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used with to small Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'Strict-Transport-Security': 'max-age=15551999', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return a SSL warning if SSL used with to a bogus Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, - { - 'Strict-Transport-Security': 'iAmABogusHeader342', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - } - ); - - async.done(function( data, s, x ){ - expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the <a target="_blank" rel="noreferrer noopener" class="external" href="https://docs.example.org/admin-security">security tips ↗</a>.', - type: OC.SetupChecks.MESSAGE_TYPE_WARNING - }]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to exact the minimum Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15768000', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains parameter', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999; includeSubDomains', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); - - it('should return no SSL warning if SSL used with to more than the minimum Strict-Transport-Security-Header and includeSubDomains and preload parameter', function(done) { - protocolStub.returns('https'); - var async = OC.SetupChecks.checkGeneric(); - - suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=99999999; preload; includeSubDomains', - 'X-XSS-Protection': '1; mode=block', - 'X-Content-Type-Options': 'nosniff', - 'X-Robots-Tag': 'noindex, nofollow', - 'X-Frame-Options': 'SAMEORIGIN', - 'X-Permitted-Cross-Domain-Policies': 'none', - 'Referrer-Policy': 'no-referrer', - }); - - async.done(function( data, s, x ){ - expect(data).toEqual([]); - done(); - }); - }); }); diff --git a/dist/settings-legacy-admin.js b/dist/settings-legacy-admin.js index 0ec6f49c67c..ccddfa326bf 100644 --- a/dist/settings-legacy-admin.js +++ b/dist/settings-legacy-admin.js @@ -1,2 +1,2 @@ -({69129:function(){window.addEventListener("DOMContentLoaded",(()=>{$("#loglevel").change((function(){$.post(OC.generateUrl("/settings/admin/log/level"),{level:$(this).val()},(()=>{OC.Log.reload()}))})),$("#mail_smtpauth").change((function(){this.checked?$("#mail_credentials").removeClass("hidden"):$("#mail_credentials").addClass("hidden")})),$("#mail_smtpmode").change((function(){"smtp"!==$(this).val()?($("#setting_smtpauth").addClass("hidden"),$("#setting_smtphost").addClass("hidden"),$("#mail_smtpsecure_label").addClass("hidden"),$("#mail_smtpsecure").addClass("hidden"),$("#mail_credentials").addClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").removeClass("hidden")):($("#setting_smtpauth").removeClass("hidden"),$("#setting_smtphost").removeClass("hidden"),$("#mail_smtpsecure_label").removeClass("hidden"),$("#mail_smtpsecure").removeClass("hidden"),$("#mail_smtpauth").is(":checked")&&$("#mail_credentials").removeClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").addClass("hidden"))}));const e=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(e):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings"),type:"POST",data:$("#mail_general_settings_form").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))},s=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(s):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings/credentials"),type:"POST",data:$("#mail_credentials_settings").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))};$("#mail_general_settings_form").change(e),$("#mail_credentials_settings_submit").click(s),$("#mail_smtppassword").click((()=>{"text"===this.N&&"********"===this.U&&(this.N="password",this.U="")})),$("#sendtestemail").click((e=>{e.preventDefault(),OC.msg.startAction("#sendtestmail_msg",t("settings","Sending…")),$.ajax({url:OC.generateUrl("/settings/admin/mailtest"),type:"POST",success:()=>{OC.msg.finishedSuccess("#sendtestmail_msg",t("settings","Email sent"))},error:e=>{OC.msg.finishedError("#sendtestmail_msg",e.responseJSON)}})})),null!==document.getElementById("security-warning")&&$.when(OC.SetupChecks.checkWebDAV(),OC.SetupChecks.checkSetup(),OC.SetupChecks.checkGeneric()).then(((e,s,i)=>{const t=[].concat(e,s,i),n=$("#postsetupchecks");$("#security-warning-state-loading").addClass("hidden");let a=!1;const d=n.find(".errors"),l=n.find(".warnings"),r=n.find(".info");for(let e=0;e<t.length;e++)switch(t[e].type){case OC.SetupChecks.MESSAGE_TYPE_INFO:r.append("<li>"+t[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_WARNING:l.append("<li>"+t[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_ERROR:default:d.append("<li>"+t[e].msg+"</li>")}d.find("li").length>0&&(d.removeClass("hidden"),a=!0),l.find("li").length>0&&(l.removeClass("hidden"),a=!0),r.find("li").length>0&&(r.removeClass("hidden"),a=!0),a?($("#postsetupchecks-hint").removeClass("hidden"),d.find("li").length>0?$("#security-warning-state-failure").removeClass("hidden"):$("#security-warning-state-warning").removeClass("hidden")):0===$("#security-warning").children("ul").children().length?$("#security-warning-state-ok").removeClass("hidden"):$("#security-warning-state-failure").removeClass("hidden")}))}))}})[69129](); -//# sourceMappingURL=settings-legacy-admin.js.map?v=934bbdbaeebd1d2b478c
\ No newline at end of file +({69129:function(){window.addEventListener("DOMContentLoaded",(()=>{$("#loglevel").change((function(){$.post(OC.generateUrl("/settings/admin/log/level"),{level:$(this).val()},(()=>{OC.Log.reload()}))})),$("#mail_smtpauth").change((function(){this.checked?$("#mail_credentials").removeClass("hidden"):$("#mail_credentials").addClass("hidden")})),$("#mail_smtpmode").change((function(){"smtp"!==$(this).val()?($("#setting_smtpauth").addClass("hidden"),$("#setting_smtphost").addClass("hidden"),$("#mail_smtpsecure_label").addClass("hidden"),$("#mail_smtpsecure").addClass("hidden"),$("#mail_credentials").addClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").removeClass("hidden")):($("#setting_smtpauth").removeClass("hidden"),$("#setting_smtphost").removeClass("hidden"),$("#mail_smtpsecure_label").removeClass("hidden"),$("#mail_smtpsecure").removeClass("hidden"),$("#mail_smtpauth").is(":checked")&&$("#mail_credentials").removeClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").addClass("hidden"))}));const e=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(e):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings"),type:"POST",data:$("#mail_general_settings_form").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))},s=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(s):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings/credentials"),type:"POST",data:$("#mail_credentials_settings").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))};$("#mail_general_settings_form").change(e),$("#mail_credentials_settings_submit").click(s),$("#mail_smtppassword").click((()=>{"text"===this.N&&"********"===this.U&&(this.N="password",this.U="")})),$("#sendtestemail").click((e=>{e.preventDefault(),OC.msg.startAction("#sendtestmail_msg",t("settings","Sending…")),$.ajax({url:OC.generateUrl("/settings/admin/mailtest"),type:"POST",success:()=>{OC.msg.finishedSuccess("#sendtestmail_msg",t("settings","Email sent"))},error:e=>{OC.msg.finishedError("#sendtestmail_msg",e.responseJSON)}})})),null!==document.getElementById("security-warning")&&$.when(OC.SetupChecks.checkWebDAV(),OC.SetupChecks.checkSetup()).then(((e,s)=>{const i=[].concat(e,s),t=$("#postsetupchecks");$("#security-warning-state-loading").addClass("hidden");let n=!1;const a=t.find(".errors"),d=t.find(".warnings"),l=t.find(".info");for(let e=0;e<i.length;e++)switch(i[e].type){case OC.SetupChecks.MESSAGE_TYPE_INFO:l.append("<li>"+i[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_WARNING:d.append("<li>"+i[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_ERROR:default:a.append("<li>"+i[e].msg+"</li>")}a.find("li").length>0&&(a.removeClass("hidden"),n=!0),d.find("li").length>0&&(d.removeClass("hidden"),n=!0),l.find("li").length>0&&(l.removeClass("hidden"),n=!0),n?($("#postsetupchecks-hint").removeClass("hidden"),a.find("li").length>0?$("#security-warning-state-failure").removeClass("hidden"):$("#security-warning-state-warning").removeClass("hidden")):0===$("#security-warning").children("ul").children().length?$("#security-warning-state-ok").removeClass("hidden"):$("#security-warning-state-failure").removeClass("hidden")}))}))}})[69129](); +//# sourceMappingURL=settings-legacy-admin.js.map?v=9e17c38bdab4c3ea2932
\ No newline at end of file diff --git a/dist/settings-legacy-admin.js.map b/dist/settings-legacy-admin.js.map index 23c54717692..0aec2e9f790 100644 --- a/dist/settings-legacy-admin.js.map +++ b/dist/settings-legacy-admin.js.map @@ -1 +1 @@ -{"version":3,"file":"settings-legacy-admin.js?v=934bbdbaeebd1d2b478c","mappings":"mBAAAA,OAAOC,iBAAiB,oBAAoB,KAC3CC,EAAE,aAAaC,QAAO,WACrBD,EAAEE,KAAKC,GAAGC,YAAY,6BAA8B,CAAEC,MAAOL,EAAEM,MAAMC,QAAS,KAC7EJ,GAAGK,IAAIC,QAAQ,GAEjB,IAEAT,EAAE,kBAAkBC,QAAO,WACrBK,KAAKI,QAGTV,EAAE,qBAAqBW,YAAY,UAFnCX,EAAE,qBAAqBY,SAAS,SAIlC,IAEAZ,EAAE,kBAAkBC,QAAO,WACJ,SAAlBD,EAAEM,MAAMC,OACXP,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,0BAA0BY,SAAS,UACrCZ,EAAE,oBAAoBY,SAAS,UAC/BZ,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,gDAAgDW,YAAY,YAE9DX,EAAE,qBAAqBW,YAAY,UACnCX,EAAE,qBAAqBW,YAAY,UACnCX,EAAE,0BAA0BW,YAAY,UACxCX,EAAE,oBAAoBW,YAAY,UAC9BX,EAAE,kBAAkBa,GAAG,aAC1Bb,EAAE,qBAAqBW,YAAY,UAEpCX,EAAE,gDAAgDY,SAAS,UAE7D,IAEA,MAAME,EAAsB,WACvBX,GAAGY,qBAAqBC,+BAC3Bb,GAAGY,qBAAqBE,4BAA4BH,IAIrDX,GAAGe,IAAIC,YAAY,sBACnBnB,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,gCACpBkB,KAAM,OACNC,KAAMvB,EAAE,+BAA+BwB,YACvCC,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,qBAAsBC,EAAE,WAAY,SAAS,EAErEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,qBAAsBD,EAAIE,aAAa,IAG/D,EAEMC,EAAyB,WAC1B7B,GAAGY,qBAAqBC,+BAC3Bb,GAAGY,qBAAqBE,4BAA4Be,IAIrD7B,GAAGe,IAAIC,YAAY,sBACnBnB,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,4CACpBkB,KAAM,OACNC,KAAMvB,EAAE,8BAA8BwB,YACtCC,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,qBAAsBC,EAAE,WAAY,SAAS,EAErEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,qBAAsBD,EAAIE,aAAa,IAG/D,EAEA/B,EAAE,+BAA+BC,OAAOa,GACxCd,EAAE,qCAAqCiC,MAAMD,GAC7ChC,EAAE,sBAAsBiC,OAAM,KACX,SAAd3B,KAAK,GAAkC,aAAfA,KAAK,IAChCA,KAAK,EAAO,WACZA,KAAK,EAAQ,GACd,IAGDN,EAAE,kBAAkBiC,OAAOC,IAC1BA,EAAMC,iBACNhC,GAAGe,IAAIkB,YAAY,oBAAqBT,EAAE,WAAY,aAEtD3B,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,4BACpBkB,KAAM,OACNG,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,oBAAqBC,EAAE,WAAY,cAAc,EAEzEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,oBAAqBD,EAAIE,aAAa,GAE3D,IAgEiD,OAAhDM,SAASC,eAAe,qBA3D3BtC,EAAEuC,KACDpC,GAAGqC,YAAYC,cACftC,GAAGqC,YAAYE,aACfvC,GAAGqC,YAAYG,gBACdC,MAAK,CAACC,EAAQC,EAAQC,KACvB,MAAMC,EAAW,GAAGC,OAAOJ,EAAQC,EAAQC,GACrCG,EAAMlD,EAAE,oBACdA,EAAE,mCAAmCY,SAAS,UAE9C,IAAIuC,GAAc,EAClB,MAAMC,EAAYF,EAAIG,KAAK,WACrBC,EAAcJ,EAAIG,KAAK,aACvBE,EAAUL,EAAIG,KAAK,SAEzB,IAAK,IAAIG,EAAI,EAAGA,EAAIR,EAASS,OAAQD,IACpC,OAAQR,EAASQ,GAAGlC,MACpB,KAAKnB,GAAGqC,YAAYkB,kBACnBH,EAAQI,OAAO,OAASX,EAASQ,GAAGtC,IAAM,SAC1C,MACD,KAAKf,GAAGqC,YAAYoB,qBACnBN,EAAYK,OAAO,OAASX,EAASQ,GAAGtC,IAAM,SAC9C,MACD,KAAKf,GAAGqC,YAAYqB,mBACpB,QACCT,EAAUO,OAAO,OAASX,EAASQ,GAAGtC,IAAM,SAI1CkC,EAAUC,KAAK,MAAMI,OAAS,IACjCL,EAAUzC,YAAY,UACtBwC,GAAc,GAEXG,EAAYD,KAAK,MAAMI,OAAS,IACnCH,EAAY3C,YAAY,UACxBwC,GAAc,GAEXI,EAAQF,KAAK,MAAMI,OAAS,IAC/BF,EAAQ5C,YAAY,UACpBwC,GAAc,GAGXA,GACHnD,EAAE,yBAAyBW,YAAY,UACnCyC,EAAUC,KAAK,MAAMI,OAAS,EACjCzD,EAAE,mCAAmCW,YAAY,UAEjDX,EAAE,mCAAmCW,YAAY,WAIO,IADjCX,EAAE,qBACN8D,SAAS,MAAMA,WAAWL,OAC7CzD,EAAE,8BAA8BW,YAAY,UAE5CX,EAAE,mCAAmCW,YAAY,SAEnD,GAMF,G,IC/JmB","sources":["webpack:///nextcloud/apps/settings/src/admin.js","webpack:///nextcloud/webpack/startup"],"sourcesContent":["window.addEventListener('DOMContentLoaded', () => {\n\t$('#loglevel').change(function() {\n\t\t$.post(OC.generateUrl('/settings/admin/log/level'), { level: $(this).val() }, () => {\n\t\t\tOC.Log.reload()\n\t\t})\n\t})\n\n\t$('#mail_smtpauth').change(function() {\n\t\tif (!this.checked) {\n\t\t\t$('#mail_credentials').addClass('hidden')\n\t\t} else {\n\t\t\t$('#mail_credentials').removeClass('hidden')\n\t\t}\n\t})\n\n\t$('#mail_smtpmode').change(function() {\n\t\tif ($(this).val() !== 'smtp') {\n\t\t\t$('#setting_smtpauth').addClass('hidden')\n\t\t\t$('#setting_smtphost').addClass('hidden')\n\t\t\t$('#mail_smtpsecure_label').addClass('hidden')\n\t\t\t$('#mail_smtpsecure').addClass('hidden')\n\t\t\t$('#mail_credentials').addClass('hidden')\n\t\t\t$('#mail_sendmailmode_label, #mail_sendmailmode').removeClass('hidden')\n\t\t} else {\n\t\t\t$('#setting_smtpauth').removeClass('hidden')\n\t\t\t$('#setting_smtphost').removeClass('hidden')\n\t\t\t$('#mail_smtpsecure_label').removeClass('hidden')\n\t\t\t$('#mail_smtpsecure').removeClass('hidden')\n\t\t\tif ($('#mail_smtpauth').is(':checked')) {\n\t\t\t\t$('#mail_credentials').removeClass('hidden')\n\t\t\t}\n\t\t\t$('#mail_sendmailmode_label, #mail_sendmailmode').addClass('hidden')\n\t\t}\n\t})\n\n\tconst changeEmailSettings = function() {\n\t\tif (OC.PasswordConfirmation.requiresPasswordConfirmation()) {\n\t\t\tOC.PasswordConfirmation.requirePasswordConfirmation(changeEmailSettings)\n\t\t\treturn\n\t\t}\n\n\t\tOC.msg.startSaving('#mail_settings_msg')\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailsettings'),\n\t\t\ttype: 'POST',\n\t\t\tdata: $('#mail_general_settings_form').serialize(),\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#mail_settings_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t}\n\n\tconst toggleEmailCredentials = function() {\n\t\tif (OC.PasswordConfirmation.requiresPasswordConfirmation()) {\n\t\t\tOC.PasswordConfirmation.requirePasswordConfirmation(toggleEmailCredentials)\n\t\t\treturn\n\t\t}\n\n\t\tOC.msg.startSaving('#mail_settings_msg')\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailsettings/credentials'),\n\t\t\ttype: 'POST',\n\t\t\tdata: $('#mail_credentials_settings').serialize(),\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#mail_settings_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t}\n\n\t$('#mail_general_settings_form').change(changeEmailSettings)\n\t$('#mail_credentials_settings_submit').click(toggleEmailCredentials)\n\t$('#mail_smtppassword').click(() => {\n\t\tif (this.type === 'text' && this.value === '********') {\n\t\t\tthis.type = 'password'\n\t\t\tthis.value = ''\n\t\t}\n\t})\n\n\t$('#sendtestemail').click((event) => {\n\t\tevent.preventDefault()\n\t\tOC.msg.startAction('#sendtestmail_msg', t('settings', 'Sending…'))\n\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailtest'),\n\t\t\ttype: 'POST',\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#sendtestmail_msg', t('settings', 'Email sent'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#sendtestmail_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t})\n\n\tconst setupChecks = () => {\n\t\t// run setup checks then gather error messages\n\t\t$.when(\n\t\t\tOC.SetupChecks.checkWebDAV(),\n\t\t\tOC.SetupChecks.checkSetup(),\n\t\t\tOC.SetupChecks.checkGeneric(),\n\t\t).then((check1, check2, check3) => {\n\t\t\tconst messages = [].concat(check1, check2, check3)\n\t\t\tconst $el = $('#postsetupchecks')\n\t\t\t$('#security-warning-state-loading').addClass('hidden')\n\n\t\t\tlet hasMessages = false\n\t\t\tconst $errorsEl = $el.find('.errors')\n\t\t\tconst $warningsEl = $el.find('.warnings')\n\t\t\tconst $infoEl = $el.find('.info')\n\n\t\t\tfor (let i = 0; i < messages.length; i++) {\n\t\t\t\tswitch (messages[i].type) {\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_INFO:\n\t\t\t\t\t$infoEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t\tbreak\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_WARNING:\n\t\t\t\t\t$warningsEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t\tbreak\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_ERROR:\n\t\t\t\tdefault:\n\t\t\t\t\t$errorsEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($errorsEl.find('li').length > 0) {\n\t\t\t\t$errorsEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\t\t\tif ($warningsEl.find('li').length > 0) {\n\t\t\t\t$warningsEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\t\t\tif ($infoEl.find('li').length > 0) {\n\t\t\t\t$infoEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\n\t\t\tif (hasMessages) {\n\t\t\t\t$('#postsetupchecks-hint').removeClass('hidden')\n\t\t\t\tif ($errorsEl.find('li').length > 0) {\n\t\t\t\t\t$('#security-warning-state-failure').removeClass('hidden')\n\t\t\t\t} else {\n\t\t\t\t\t$('#security-warning-state-warning').removeClass('hidden')\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tconst securityWarning = $('#security-warning')\n\t\t\t\tif (securityWarning.children('ul').children().length === 0) {\n\t\t\t\t\t$('#security-warning-state-ok').removeClass('hidden')\n\t\t\t\t} else {\n\t\t\t\t\t$('#security-warning-state-failure').removeClass('hidden')\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t}\n\n\tif (document.getElementById('security-warning') !== null) {\n\t\tsetupChecks()\n\t}\n})\n","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = {};\n__webpack_modules__[69129]();\n"],"names":["window","addEventListener","$","change","post","OC","generateUrl","level","this","val","Log","reload","checked","removeClass","addClass","is","changeEmailSettings","PasswordConfirmation","requiresPasswordConfirmation","requirePasswordConfirmation","msg","startSaving","ajax","url","type","data","serialize","success","finishedSuccess","t","error","xhr","finishedError","responseJSON","toggleEmailCredentials","click","event","preventDefault","startAction","document","getElementById","when","SetupChecks","checkWebDAV","checkSetup","checkGeneric","then","check1","check2","check3","messages","concat","$el","hasMessages","$errorsEl","find","$warningsEl","$infoEl","i","length","MESSAGE_TYPE_INFO","append","MESSAGE_TYPE_WARNING","MESSAGE_TYPE_ERROR","children"],"sourceRoot":""}
\ No newline at end of file +{"version":3,"file":"settings-legacy-admin.js?v=9e17c38bdab4c3ea2932","mappings":"mBAAAA,OAAOC,iBAAiB,oBAAoB,KAC3CC,EAAE,aAAaC,QAAO,WACrBD,EAAEE,KAAKC,GAAGC,YAAY,6BAA8B,CAAEC,MAAOL,EAAEM,MAAMC,QAAS,KAC7EJ,GAAGK,IAAIC,QAAQ,GAEjB,IAEAT,EAAE,kBAAkBC,QAAO,WACrBK,KAAKI,QAGTV,EAAE,qBAAqBW,YAAY,UAFnCX,EAAE,qBAAqBY,SAAS,SAIlC,IAEAZ,EAAE,kBAAkBC,QAAO,WACJ,SAAlBD,EAAEM,MAAMC,OACXP,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,0BAA0BY,SAAS,UACrCZ,EAAE,oBAAoBY,SAAS,UAC/BZ,EAAE,qBAAqBY,SAAS,UAChCZ,EAAE,gDAAgDW,YAAY,YAE9DX,EAAE,qBAAqBW,YAAY,UACnCX,EAAE,qBAAqBW,YAAY,UACnCX,EAAE,0BAA0BW,YAAY,UACxCX,EAAE,oBAAoBW,YAAY,UAC9BX,EAAE,kBAAkBa,GAAG,aAC1Bb,EAAE,qBAAqBW,YAAY,UAEpCX,EAAE,gDAAgDY,SAAS,UAE7D,IAEA,MAAME,EAAsB,WACvBX,GAAGY,qBAAqBC,+BAC3Bb,GAAGY,qBAAqBE,4BAA4BH,IAIrDX,GAAGe,IAAIC,YAAY,sBACnBnB,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,gCACpBkB,KAAM,OACNC,KAAMvB,EAAE,+BAA+BwB,YACvCC,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,qBAAsBC,EAAE,WAAY,SAAS,EAErEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,qBAAsBD,EAAIE,aAAa,IAG/D,EAEMC,EAAyB,WAC1B7B,GAAGY,qBAAqBC,+BAC3Bb,GAAGY,qBAAqBE,4BAA4Be,IAIrD7B,GAAGe,IAAIC,YAAY,sBACnBnB,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,4CACpBkB,KAAM,OACNC,KAAMvB,EAAE,8BAA8BwB,YACtCC,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,qBAAsBC,EAAE,WAAY,SAAS,EAErEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,qBAAsBD,EAAIE,aAAa,IAG/D,EAEA/B,EAAE,+BAA+BC,OAAOa,GACxCd,EAAE,qCAAqCiC,MAAMD,GAC7ChC,EAAE,sBAAsBiC,OAAM,KACX,SAAd3B,KAAK,GAAkC,aAAfA,KAAK,IAChCA,KAAK,EAAO,WACZA,KAAK,EAAQ,GACd,IAGDN,EAAE,kBAAkBiC,OAAOC,IAC1BA,EAAMC,iBACNhC,GAAGe,IAAIkB,YAAY,oBAAqBT,EAAE,WAAY,aAEtD3B,EAAEoB,KAAK,CACNC,IAAKlB,GAAGC,YAAY,4BACpBkB,KAAM,OACNG,QAASA,KACRtB,GAAGe,IAAIQ,gBAAgB,oBAAqBC,EAAE,WAAY,cAAc,EAEzEC,MAAQC,IACP1B,GAAGe,IAAIY,cAAc,oBAAqBD,EAAIE,aAAa,GAE3D,IA+DiD,OAAhDM,SAASC,eAAe,qBA1D3BtC,EAAEuC,KACDpC,GAAGqC,YAAYC,cACftC,GAAGqC,YAAYE,cACdC,MAAK,CAACC,EAAQC,KACf,MAAMC,EAAW,GAAGC,OAAOH,EAAQC,GAC7BG,EAAMhD,EAAE,oBACdA,EAAE,mCAAmCY,SAAS,UAE9C,IAAIqC,GAAc,EAClB,MAAMC,EAAYF,EAAIG,KAAK,WACrBC,EAAcJ,EAAIG,KAAK,aACvBE,EAAUL,EAAIG,KAAK,SAEzB,IAAK,IAAIG,EAAI,EAAGA,EAAIR,EAASS,OAAQD,IACpC,OAAQR,EAASQ,GAAGhC,MACpB,KAAKnB,GAAGqC,YAAYgB,kBACnBH,EAAQI,OAAO,OAASX,EAASQ,GAAGpC,IAAM,SAC1C,MACD,KAAKf,GAAGqC,YAAYkB,qBACnBN,EAAYK,OAAO,OAASX,EAASQ,GAAGpC,IAAM,SAC9C,MACD,KAAKf,GAAGqC,YAAYmB,mBACpB,QACCT,EAAUO,OAAO,OAASX,EAASQ,GAAGpC,IAAM,SAI1CgC,EAAUC,KAAK,MAAMI,OAAS,IACjCL,EAAUvC,YAAY,UACtBsC,GAAc,GAEXG,EAAYD,KAAK,MAAMI,OAAS,IACnCH,EAAYzC,YAAY,UACxBsC,GAAc,GAEXI,EAAQF,KAAK,MAAMI,OAAS,IAC/BF,EAAQ1C,YAAY,UACpBsC,GAAc,GAGXA,GACHjD,EAAE,yBAAyBW,YAAY,UACnCuC,EAAUC,KAAK,MAAMI,OAAS,EACjCvD,EAAE,mCAAmCW,YAAY,UAEjDX,EAAE,mCAAmCW,YAAY,WAIO,IADjCX,EAAE,qBACN4D,SAAS,MAAMA,WAAWL,OAC7CvD,EAAE,8BAA8BW,YAAY,UAE5CX,EAAE,mCAAmCW,YAAY,SAEnD,GAMF,G,IC9JmB","sources":["webpack:///nextcloud/apps/settings/src/admin.js","webpack:///nextcloud/webpack/startup"],"sourcesContent":["window.addEventListener('DOMContentLoaded', () => {\n\t$('#loglevel').change(function() {\n\t\t$.post(OC.generateUrl('/settings/admin/log/level'), { level: $(this).val() }, () => {\n\t\t\tOC.Log.reload()\n\t\t})\n\t})\n\n\t$('#mail_smtpauth').change(function() {\n\t\tif (!this.checked) {\n\t\t\t$('#mail_credentials').addClass('hidden')\n\t\t} else {\n\t\t\t$('#mail_credentials').removeClass('hidden')\n\t\t}\n\t})\n\n\t$('#mail_smtpmode').change(function() {\n\t\tif ($(this).val() !== 'smtp') {\n\t\t\t$('#setting_smtpauth').addClass('hidden')\n\t\t\t$('#setting_smtphost').addClass('hidden')\n\t\t\t$('#mail_smtpsecure_label').addClass('hidden')\n\t\t\t$('#mail_smtpsecure').addClass('hidden')\n\t\t\t$('#mail_credentials').addClass('hidden')\n\t\t\t$('#mail_sendmailmode_label, #mail_sendmailmode').removeClass('hidden')\n\t\t} else {\n\t\t\t$('#setting_smtpauth').removeClass('hidden')\n\t\t\t$('#setting_smtphost').removeClass('hidden')\n\t\t\t$('#mail_smtpsecure_label').removeClass('hidden')\n\t\t\t$('#mail_smtpsecure').removeClass('hidden')\n\t\t\tif ($('#mail_smtpauth').is(':checked')) {\n\t\t\t\t$('#mail_credentials').removeClass('hidden')\n\t\t\t}\n\t\t\t$('#mail_sendmailmode_label, #mail_sendmailmode').addClass('hidden')\n\t\t}\n\t})\n\n\tconst changeEmailSettings = function() {\n\t\tif (OC.PasswordConfirmation.requiresPasswordConfirmation()) {\n\t\t\tOC.PasswordConfirmation.requirePasswordConfirmation(changeEmailSettings)\n\t\t\treturn\n\t\t}\n\n\t\tOC.msg.startSaving('#mail_settings_msg')\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailsettings'),\n\t\t\ttype: 'POST',\n\t\t\tdata: $('#mail_general_settings_form').serialize(),\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#mail_settings_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t}\n\n\tconst toggleEmailCredentials = function() {\n\t\tif (OC.PasswordConfirmation.requiresPasswordConfirmation()) {\n\t\t\tOC.PasswordConfirmation.requirePasswordConfirmation(toggleEmailCredentials)\n\t\t\treturn\n\t\t}\n\n\t\tOC.msg.startSaving('#mail_settings_msg')\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailsettings/credentials'),\n\t\t\ttype: 'POST',\n\t\t\tdata: $('#mail_credentials_settings').serialize(),\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#mail_settings_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t}\n\n\t$('#mail_general_settings_form').change(changeEmailSettings)\n\t$('#mail_credentials_settings_submit').click(toggleEmailCredentials)\n\t$('#mail_smtppassword').click(() => {\n\t\tif (this.type === 'text' && this.value === '********') {\n\t\t\tthis.type = 'password'\n\t\t\tthis.value = ''\n\t\t}\n\t})\n\n\t$('#sendtestemail').click((event) => {\n\t\tevent.preventDefault()\n\t\tOC.msg.startAction('#sendtestmail_msg', t('settings', 'Sending…'))\n\n\t\t$.ajax({\n\t\t\turl: OC.generateUrl('/settings/admin/mailtest'),\n\t\t\ttype: 'POST',\n\t\t\tsuccess: () => {\n\t\t\t\tOC.msg.finishedSuccess('#sendtestmail_msg', t('settings', 'Email sent'))\n\t\t\t},\n\t\t\terror: (xhr) => {\n\t\t\t\tOC.msg.finishedError('#sendtestmail_msg', xhr.responseJSON)\n\t\t\t},\n\t\t})\n\t})\n\n\tconst setupChecks = () => {\n\t\t// run setup checks then gather error messages\n\t\t$.when(\n\t\t\tOC.SetupChecks.checkWebDAV(),\n\t\t\tOC.SetupChecks.checkSetup(),\n\t\t).then((check1, check2) => {\n\t\t\tconst messages = [].concat(check1, check2)\n\t\t\tconst $el = $('#postsetupchecks')\n\t\t\t$('#security-warning-state-loading').addClass('hidden')\n\n\t\t\tlet hasMessages = false\n\t\t\tconst $errorsEl = $el.find('.errors')\n\t\t\tconst $warningsEl = $el.find('.warnings')\n\t\t\tconst $infoEl = $el.find('.info')\n\n\t\t\tfor (let i = 0; i < messages.length; i++) {\n\t\t\t\tswitch (messages[i].type) {\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_INFO:\n\t\t\t\t\t$infoEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t\tbreak\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_WARNING:\n\t\t\t\t\t$warningsEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t\tbreak\n\t\t\t\tcase OC.SetupChecks.MESSAGE_TYPE_ERROR:\n\t\t\t\tdefault:\n\t\t\t\t\t$errorsEl.append('<li>' + messages[i].msg + '</li>')\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif ($errorsEl.find('li').length > 0) {\n\t\t\t\t$errorsEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\t\t\tif ($warningsEl.find('li').length > 0) {\n\t\t\t\t$warningsEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\t\t\tif ($infoEl.find('li').length > 0) {\n\t\t\t\t$infoEl.removeClass('hidden')\n\t\t\t\thasMessages = true\n\t\t\t}\n\n\t\t\tif (hasMessages) {\n\t\t\t\t$('#postsetupchecks-hint').removeClass('hidden')\n\t\t\t\tif ($errorsEl.find('li').length > 0) {\n\t\t\t\t\t$('#security-warning-state-failure').removeClass('hidden')\n\t\t\t\t} else {\n\t\t\t\t\t$('#security-warning-state-warning').removeClass('hidden')\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tconst securityWarning = $('#security-warning')\n\t\t\t\tif (securityWarning.children('ul').children().length === 0) {\n\t\t\t\t\t$('#security-warning-state-ok').removeClass('hidden')\n\t\t\t\t} else {\n\t\t\t\t\t$('#security-warning-state-failure').removeClass('hidden')\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t}\n\n\tif (document.getElementById('security-warning') !== null) {\n\t\tsetupChecks()\n\t}\n})\n","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = {};\n__webpack_modules__[69129]();\n"],"names":["window","addEventListener","$","change","post","OC","generateUrl","level","this","val","Log","reload","checked","removeClass","addClass","is","changeEmailSettings","PasswordConfirmation","requiresPasswordConfirmation","requirePasswordConfirmation","msg","startSaving","ajax","url","type","data","serialize","success","finishedSuccess","t","error","xhr","finishedError","responseJSON","toggleEmailCredentials","click","event","preventDefault","startAction","document","getElementById","when","SetupChecks","checkWebDAV","checkSetup","then","check1","check2","messages","concat","$el","hasMessages","$errorsEl","find","$warningsEl","$infoEl","i","length","MESSAGE_TYPE_INFO","append","MESSAGE_TYPE_WARNING","MESSAGE_TYPE_ERROR","children"],"sourceRoot":""}
\ No newline at end of file |