diff options
Diffstat (limited to 'settings')
| -rw-r--r-- | settings/admin.php | 3 | ||||
| -rw-r--r-- | settings/ajax/setsecurity.php | 21 | ||||
| -rw-r--r-- | settings/application.php | 9 | ||||
| -rw-r--r-- | settings/controller/securitysettingscontroller.php | 95 | ||||
| -rw-r--r-- | settings/js/admin.js | 30 | ||||
| -rw-r--r-- | settings/l10n/uk.js | 2 | ||||
| -rw-r--r-- | settings/l10n/uk.json | 2 | ||||
| -rw-r--r-- | settings/routes.php | 8 | ||||
| -rw-r--r-- | settings/templates/admin.php | 22 |
9 files changed, 160 insertions, 32 deletions
diff --git a/settings/admin.php b/settings/admin.php index 683c7f61659..d1ed6e75f50 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -53,7 +53,8 @@ $template->assign('shareExcludedGroupsList', implode('|', $excludedGroupsList)); // Check if connected using HTTPS $template->assign('isConnectedViaHTTPS', OC_Request::serverProtocol() === 'https'); -$template->assign('enforceHTTPSEnabled', $config->getSystemValue("forcessl", false)); +$template->assign('enforceHTTPSEnabled', $config->getSystemValue('forcessl', false)); +$template->assign('forceSSLforSubdomainsEnabled', $config->getSystemValue('forceSSLforSubdomains', false)); // If the current web root is non-empty but the web root from the config is, // and system cron is used, the URL generator fails to build valid URLs. diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php deleted file mode 100644 index f1f737a4943..00000000000 --- a/settings/ajax/setsecurity.php +++ /dev/null @@ -1,21 +0,0 @@ -<?php -/** - * Copyright (c) 2013-2014, Lukas Reschke <lukas@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or later. - * See the COPYING-README file. - */ - -OC_Util::checkAdminUser(); -OCP\JSON::callCheck(); - -if(isset($_POST['enforceHTTPS'])) { - \OC::$server->getConfig()->setSystemValue('forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); -} - -if(isset($_POST['trustedDomain'])) { - $trustedDomains = \OC::$server->getConfig()->getSystemValue('trusted_domains'); - $trustedDomains[] = $_POST['trustedDomain']; - \OC::$server->getConfig()->setSystemValue('trusted_domains', $trustedDomains); -} - -echo 'true'; diff --git a/settings/application.php b/settings/application.php index 99d78aff2cc..64aa4671228 100644 --- a/settings/application.php +++ b/settings/application.php @@ -13,6 +13,7 @@ namespace OC\Settings; use OC\AppFramework\Utility\SimpleContainer; use OC\Settings\Controller\AppSettingsController; use OC\Settings\Controller\MailSettingsController; +use OC\Settings\Controller\SecuritySettingsController; use \OCP\AppFramework\App; use \OCP\Util; @@ -53,6 +54,14 @@ class Application extends App { $c->query('Config') ); }); + $container->registerService('SecuritySettingsController', function(SimpleContainer $c) { + return new SecuritySettingsController( + $c->query('AppName'), + $c->query('Request'), + $c->query('Config') + ); + }); + /** * Core class wrappers */ diff --git a/settings/controller/securitysettingscontroller.php b/settings/controller/securitysettingscontroller.php new file mode 100644 index 00000000000..af60df8dc3b --- /dev/null +++ b/settings/controller/securitysettingscontroller.php @@ -0,0 +1,95 @@ +<?php +/** + * @author Lukas Reschke + * @copyright 2014 Lukas Reschke lukas@owncloud.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Settings\Controller; + +use \OCP\AppFramework\Controller; +use OCP\IRequest; +use OCP\IConfig; + +/** + * @package OC\Settings\Controller + */ +class SecuritySettingsController extends Controller { + /** @var \OCP\IConfig */ + private $config; + + /** + * @param string $appName + * @param IRequest $request + * @param IConfig $config + */ + public function __construct($appName, + IRequest $request, + IConfig $config) { + parent::__construct($appName, $request); + $this->config = $config; + } + + /** + * @return array + */ + protected function returnSuccess() { + return array( + 'status' => 'success' + ); + } + + /** + * @return array + */ + protected function returnError() { + return array( + 'status' => 'error' + ); + } + + /** + * Enforce or disable the enforcement of SSL + * @param boolean $enforceHTTPS Whether SSL should be enforced + * @return array + */ + public function enforceSSL($enforceHTTPS = false) { + if(!is_bool($enforceHTTPS)) { + return $this->returnError(); + } + $this->config->setSystemValue('forcessl', $enforceHTTPS); + + return $this->returnSuccess(); + } + + /** + * Enforce or disable the enforcement for SSL on subdomains + * @param bool $forceSSLforSubdomains Whether SSL on subdomains should be enforced + * @return array + */ + public function enforceSSLForSubdomains($forceSSLforSubdomains = false) { + if(!is_bool($forceSSLforSubdomains)) { + return $this->returnError(); + } + $this->config->setSystemValue('forceSSLforSubdomains', $forceSSLforSubdomains); + + return $this->returnSuccess(); + } + + /** + * Add a new trusted domain + * @param string $newTrustedDomain The newly to add trusted domain + * @return array + */ + public function trustedDomains($newTrustedDomain) { + $trustedDomains = $this->config->getSystemValue('trusted_domains'); + $trustedDomains[] = $newTrustedDomain; + $this->config->setSystemValue('trusted_domains', $trustedDomains); + + return $this->returnSuccess(); + } + +} diff --git a/settings/js/admin.js b/settings/js/admin.js index e3a092f71b0..059e48ebabe 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -9,8 +9,8 @@ $(document).ready(function(){ if(answer) { $.ajax({ type: 'POST', - url: OC.generateUrl('settings/ajax/setsecurity.php'), - data: { trustedDomain: params.trustDomain } + url: OC.generateUrl('settings/admin/security/trustedDomains'), + data: { newTrustedDomain: params.trustDomain } }).done(function() { window.location.replace(OC.generateUrl('settings/admin')); }); @@ -73,10 +73,32 @@ $(document).ready(function(){ $('#setDefaultExpireDate').toggleClass('hidden', !(this.checked && $('#shareapiDefaultExpireDate')[0].checked)); }); - $('#security').change(function(){ - $.post(OC.filePath('settings','ajax','setsecurity.php'), { enforceHTTPS: $('#forcessl').val() },function(){} ); + $('#forcessl').change(function(){ + $(this).val(($(this).val() !== 'true')); + var forceSSLForSubdomain = $('#forceSSLforSubdomainsSpan'); + + $.post(OC.generateUrl('settings/admin/security/ssl'), { + enforceHTTPS: $(this).val() + },function(){} ); + + if($(this).val() === 'true') { + forceSSLForSubdomain.prop('disabled', false); + forceSSLForSubdomain.removeClass('hidden'); + } else { + forceSSLForSubdomain.prop('disabled', true); + forceSSLForSubdomain.addClass('hidden'); + } }); + $('#forceSSLforSubdomains').change(function(){ + $(this).val(($(this).val() !== 'true')); + + $.post(OC.generateUrl('settings/admin/security/ssl/subdomains'), { + forceSSLforSubdomains: $(this).val() + },function(){} ); + }); + + $('#mail_smtpauth').change(function() { if (!this.checked) { $('#mail_credentials').addClass('hidden'); diff --git a/settings/l10n/uk.js b/settings/l10n/uk.js index 76c5cca1490..94a0ac7af01 100644 --- a/settings/l10n/uk.js +++ b/settings/l10n/uk.js @@ -1,6 +1,7 @@ OC.L10N.register( "settings", { + "Security & Setup Warnings" : "Попередження Налаштувань та Безпеки", "Cron" : "Cron", "Sharing" : "Спільний доступ", "Security" : "Безпека", @@ -119,6 +120,7 @@ OC.L10N.register( "We strongly suggest to install the required packages on your system to support one of the following locales: %s." : "Ми наполегливо рекомендуємо встановити необхідні пакети в систему, для підтримки наступних локалей: %s.", "URL generation in notification emails" : "Генерування URL для повідомлень в електроних листах", "If your installation is not installed in the root of the domain and uses system cron, there can be issues with the URL generation. To avoid these problems, please set the \"overwritewebroot\" option in your config.php file to the webroot path of your installation (Suggested: \"%s\")" : "Якщо ваша копія ownCloud встановлена не в корені домену та використовує систему планування CRON, можливі проблеми з генерацією правильних URL. Щоб уникнути цього, встановіть опцію overwritewebroot файла config.php відповідно до теки розташування установки (Ймовірніше за все, це \"%s\")", + "Connectivity Checks" : "Перевірка З'єднання", "No problems found" : "Проблем не виявленно", "Please double check the <a href='%s'>installation guides</a>." : "Будь ласка, перевірте <a href='%s'>інструкції по встановленню</a>.", "Last cron was executed at %s." : "Останню cron-задачу було запущено: %s.", diff --git a/settings/l10n/uk.json b/settings/l10n/uk.json index 4d5eb45f51f..abe77748e17 100644 --- a/settings/l10n/uk.json +++ b/settings/l10n/uk.json @@ -1,4 +1,5 @@ { "translations": { + "Security & Setup Warnings" : "Попередження Налаштувань та Безпеки", "Cron" : "Cron", "Sharing" : "Спільний доступ", "Security" : "Безпека", @@ -117,6 +118,7 @@ "We strongly suggest to install the required packages on your system to support one of the following locales: %s." : "Ми наполегливо рекомендуємо встановити необхідні пакети в систему, для підтримки наступних локалей: %s.", "URL generation in notification emails" : "Генерування URL для повідомлень в електроних листах", "If your installation is not installed in the root of the domain and uses system cron, there can be issues with the URL generation. To avoid these problems, please set the \"overwritewebroot\" option in your config.php file to the webroot path of your installation (Suggested: \"%s\")" : "Якщо ваша копія ownCloud встановлена не в корені домену та використовує систему планування CRON, можливі проблеми з генерацією правильних URL. Щоб уникнути цього, встановіть опцію overwritewebroot файла config.php відповідно до теки розташування установки (Ймовірніше за все, це \"%s\")", + "Connectivity Checks" : "Перевірка З'єднання", "No problems found" : "Проблем не виявленно", "Please double check the <a href='%s'>installation guides</a>." : "Будь ласка, перевірте <a href='%s'>інструкції по встановленню</a>.", "Last cron was executed at %s." : "Останню cron-задачу було запущено: %s.", diff --git a/settings/routes.php b/settings/routes.php index 82167ea6396..7ca33fc2745 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -14,7 +14,11 @@ $application->registerRoutes($this, array('routes' =>array( array('name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST'), array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'), array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'), - array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET') + array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'), + array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'), + array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'), + array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'), + ))); /** @var $this \OCP\Route\IRouter */ @@ -95,8 +99,6 @@ $this->create('settings_ajax_getlog', '/settings/ajax/getlog.php') ->actionInclude('settings/ajax/getlog.php'); $this->create('settings_ajax_setloglevel', '/settings/ajax/setloglevel.php') ->actionInclude('settings/ajax/setloglevel.php'); -$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php') - ->actionInclude('settings/ajax/setsecurity.php'); $this->create('settings_ajax_excludegroups', '/settings/ajax/excludegroups.php') ->actionInclude('settings/ajax/excludegroups.php'); $this->create('settings_ajax_checksetup', '/settings/ajax/checksetup') diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 0033845c74e..ddac77508c7 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -336,9 +336,9 @@ if ($_['suggestedOverwriteWebroot']) { <input type="checkbox" name="forcessl" id="forcessl" <?php if ($_['enforceHTTPSEnabled']) { print_unescaped('checked="checked" '); - print_unescaped('value="false"'); - } else { print_unescaped('value="true"'); + } else { + print_unescaped('value="false"'); } ?> <?php if (!$_['isConnectedViaHTTPS']) p('disabled'); ?> /> @@ -346,7 +346,23 @@ if ($_['suggestedOverwriteWebroot']) { <em><?php p($l->t( 'Forces the clients to connect to %s via an encrypted connection.', $theme->getName() - )); ?></em> + )); ?></em><br/> + <span id="forceSSLforSubdomainsSpan" <?php if(!$_['enforceHTTPSEnabled']) { print_unescaped('class="hidden"'); } ?>> + <input type="checkbox" name="forceSSLforSubdomains" id="forceSSLforSubdomains" + <?php if ($_['forceSSLforSubdomainsEnabled']) { + print_unescaped('checked="checked" '); + print_unescaped('value="true"'); + } else { + print_unescaped('value="false"'); + } + ?> + <?php if (!$_['isConnectedViaHTTPS']) { p('disabled'); } ?> /> + <label for="forceSSLforSubdomains"><?php p($l->t('Enforce HTTPS for subdomains'));?></label><br/> + <em><?php p($l->t( + 'Forces the clients to connect to %s and subdomains via an encrypted connection.', + $theme->getName() + )); ?></em> + </span> <?php if (!$_['isConnectedViaHTTPS']) { print_unescaped("<br/><em>"); p($l->t( |