From 466cdab680d74cad2cbb902efa3e3c2f9e35f767 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 11 Jan 2013 14:18:51 +0100 Subject: Add security section to admin menu Currently it only allows the admin to enable or disable the HTTPS enforcement, but in the future it could be expanded to further options. The HTTPS enforcement only allows the admin to enforce it, if he is connected via HTTPS. (To prevent admins to enable it without a proper SSL setup) --- settings/admin.php | 10 ++++++++++ settings/ajax/setsecurity.php | 13 +++++++++++++ settings/js/admin.js | 4 ++++ settings/routes.php | 2 ++ settings/templates/admin.php | 27 +++++++++++++++++++++++++++ 5 files changed, 56 insertions(+) create mode 100644 settings/ajax/setsecurity.php (limited to 'settings') diff --git a/settings/admin.php b/settings/admin.php index 04905391138..4d9685ab920 100755 --- a/settings/admin.php +++ b/settings/admin.php @@ -33,6 +33,16 @@ $tmpl->assign('internetconnectionworking', OC_Util::isinternetconnectionworking( $tmpl->assign('islocaleworking', OC_Util::issetlocaleworking()); $tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax')); $tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enabled', 'yes')); + +// Check if connected using HTTPS +if (OC_Request::serverProtocol() == 'https') { + $connectedHTTPS = true; +} else { + $connectedHTTPS = false; +} +$tmpl->assign('isConnectedViaHTTPS', $connectedHTTPS); +$tmpl->assign('enforceHTTPSEnabled', OC_Config::getValue( "forcessl", false)); + $tmpl->assign('allowLinks', OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes')); $tmpl->assign('allowResharing', OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes')); $tmpl->assign('sharePolicy', OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global')); diff --git a/settings/ajax/setsecurity.php b/settings/ajax/setsecurity.php new file mode 100644 index 00000000000..16a85aade81 --- /dev/null +++ b/settings/ajax/setsecurity.php @@ -0,0 +1,13 @@ + + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ + +OC_Util::checkAdminUser(); +OCP\JSON::callCheck(); + +OC_Config::setValue( 'forcessl', filter_var($_POST['enforceHTTPS'], FILTER_VALIDATE_BOOLEAN)); + +echo 'true'; \ No newline at end of file diff --git a/settings/js/admin.js b/settings/js/admin.js index 95b7a503c27..ab218377fb3 100644 --- a/settings/js/admin.js +++ b/settings/js/admin.js @@ -30,4 +30,8 @@ $(document).ready(function(){ } OC.AppConfig.setValue('core', $(this).attr('name'), value); }); + + $('#security').change(function(){ + $.post(OC.filePath('settings','ajax','setsecurity.php'), { enforceHTTPS: $('#enforceHTTPSEnabled').val() },function(){} ); + }); }); diff --git a/settings/routes.php b/settings/routes.php index 8239fe005db..595b83c313e 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -58,6 +58,8 @@ $this->create('settings_ajax_getlog', '/settings/ajax/getlog.php') ->actionInclude('settings/ajax/getlog.php'); $this->create('settings_ajax_setloglevel', '/settings/ajax/setloglevel.php') ->actionInclude('settings/ajax/setloglevel.php'); +$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php') + ->actionInclude('settings/ajax/setsecurity.php'); // apps/user_openid $this->create('settings_ajax_openid', '/settings/ajax/openid.php') diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 26335063d4b..94df359b052 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -132,6 +132,33 @@ if (!$_['internetconnectionworking']) { +
+ t('Security');?> + + + + +
+ + /> +
+ t('Enforces the clients to connect to ownCloud via an encrypted connection.'); ?> + "; + echo $l->t('Please connect to this ownCloud instance via HTTPS to enable or disable the SSL enforcement.'); + echo ""; + } + ?> +
+
+
t('Log');?> t('Log level');?>