From 97b536e3dfd35d1e51ecf866ccb433745c33309a Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 21 Aug 2014 22:22:35 +0200 Subject: Add a trusted domain wizard Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain. By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement. --- core/css/styles.css | 4 ++++ core/templates/untrustedDomain.php | 19 +++++++++++++++++++ lib/base.php | 7 +++---- settings/ajax/setsecurity.php | 12 ++++++++++-- settings/js/admin.js | 16 ++++++++++++++++ 5 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 core/templates/untrustedDomain.php diff --git a/core/css/styles.css b/core/css/styles.css index f1ce49cfe20..292fb83a056 100644 --- a/core/css/styles.css +++ b/core/css/styles.css @@ -611,6 +611,10 @@ label.infield { margin-left: -200px !important; } +.error-wide .button { + color: black !important; +} + /* Fixes for log in page, TODO should be removed some time */ #body-login .update, #body-login .error { diff --git a/core/templates/untrustedDomain.php b/core/templates/untrustedDomain.php new file mode 100644 index 00000000000..b661834318d --- /dev/null +++ b/core/templates/untrustedDomain.php @@ -0,0 +1,19 @@ + + + diff --git a/lib/base.php b/lib/base.php index 759a4177031..499ef29f304 100644 --- a/lib/base.php +++ b/lib/base.php @@ -689,10 +689,9 @@ class OC { ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); - OC_Template::printErrorPage( - $l->t('You are accessing the server from an untrusted domain.'), - $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.') - ); + $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); + $tmpl->assign('domain', $_SERVER['SERVER_NAME']); + $tmpl->printPage(); return; } diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php index 675d7eced47..3cb1d05ee63 100644 --- a/settings/ajax/setsecurity.php +++ b/settings/ajax/setsecurity.php @@ -1,6 +1,6 @@ + * Copyright (c) 2013-2014, Lukas Reschke * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ @@ -8,6 +8,14 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); -OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); +if(isset($_POST['enforceHTTPS'])) { + OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); +} + +if(isset($_POST['trustedDomain'])) { + $trustedDomains = OC_Config::getValue('trusted_domains'); + $trustedDomains[] = $_POST['trustedDomain']; + OC_Config::setValue('trusted_domains', $trustedDomains); +} echo 'true'; diff --git a/settings/js/admin.js b/settings/js/admin.js index a202feb4f65..b09704f87b7 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -38,6 +38,22 @@ var SharingGroupList = { }; $(document).ready(function(){ + var params = OC.Util.History.parseUrlQuery(); + + // Hack to add a trusted domain + if (params.trustDomain) { + OC.dialogs.confirm(t('core', 'Are you really sure you want add "{domain}" as trusted domain?', {domain: params.trustDomain}), + t('core', 'Add trusted domain'), function(answer) { + if(answer) { + $.ajax({ + type: 'POST', + url: OC.generateUrl('settings/ajax/setsecurity.php'), + data: { trustedDomain: params.trustDomain} + }); + } + }); + } + $('select#excludedGroups[multiple]').each(function (index, element) { SharingGroupList.applyMultipleSelect($(element)); -- cgit v1.2.3 From 88c3a4a31ae09b4822cff6d6965f0c39becb5b97 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 22 Aug 2014 15:53:23 +0200 Subject: Expose setSystemValue --- lib/private/allconfig.php | 7 +++---- lib/public/iconfig.php | 3 +-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php index de3ac973637..eb114546010 100644 --- a/lib/private/allconfig.php +++ b/lib/private/allconfig.php @@ -18,11 +18,10 @@ class AllConfig implements \OCP\IConfig { * * @param string $key the key of the value, under which will be saved * @param mixed $value the value that should be stored - * @todo need a use case for this */ -// public function setSystemValue($key, $value) { -// \OCP\Config::setSystemValue($key, $value); -// } + public function setSystemValue($key, $value) { + \OCP\Config::setSystemValue($key, $value); + } /** * Looks up a system wide defined value diff --git a/lib/public/iconfig.php b/lib/public/iconfig.php index 0ebbd9f5a71..d4a8cdc7381 100644 --- a/lib/public/iconfig.php +++ b/lib/public/iconfig.php @@ -39,9 +39,8 @@ interface IConfig { * * @param string $key the key of the value, under which will be saved * @param mixed $value the value that should be stored - * @todo need a use case for this */ -// public function setSystemValue($key, $value); + public function setSystemValue($key, $value); /** * Looks up a system wide defined value -- cgit v1.2.3 From dd871098c5f598326a1bc03f8b7bed0d2184e798 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 22 Aug 2014 16:01:03 +0200 Subject: Redirect user after clicking on link Use DI --- settings/ajax/setsecurity.php | 6 +++--- settings/js/admin.js | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php index 3cb1d05ee63..f1f737a4943 100644 --- a/settings/ajax/setsecurity.php +++ b/settings/ajax/setsecurity.php @@ -9,13 +9,13 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); if(isset($_POST['enforceHTTPS'])) { - OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); + \OC::$server->getConfig()->setSystemValue('forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); } if(isset($_POST['trustedDomain'])) { - $trustedDomains = OC_Config::getValue('trusted_domains'); + $trustedDomains = \OC::$server->getConfig()->getSystemValue('trusted_domains'); $trustedDomains[] = $_POST['trustedDomain']; - OC_Config::setValue('trusted_domains', $trustedDomains); + \OC::$server->getConfig()->setSystemValue('trusted_domains', $trustedDomains); } echo 'true'; diff --git a/settings/js/admin.js b/settings/js/admin.js index b09704f87b7..56dc1b98716 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -48,7 +48,9 @@ $(document).ready(function(){ $.ajax({ type: 'POST', url: OC.generateUrl('settings/ajax/setsecurity.php'), - data: { trustedDomain: params.trustDomain} + data: { trustedDomain: params.trustDomain } + }).done(function() { + window.location.replace(OC.generateUrl('settings/admin')); }); } }); -- cgit v1.2.3