mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #17975 from owncloud/settings_admin_warning_levels 

Settings admin warning levels
This commit is contained in:
Jan-Christoph Borchardt 2015-08-18 13:38:08 +02:00
parent ffff156965 01607c09b8
commit 12eec397e3
5 changed files with 185 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
core/js/setupchecks.js
View File

@ -10,6 +10,12 @@
(function() {
OC.SetupChecks = {
/* Message types */
MESSAGE_TYPE_INFO:0,
MESSAGE_TYPE_WARNING:1,
MESSAGE_TYPE_ERROR:2,
/**
* Check whether the WebDAV connection works.
*
@ -20,9 +26,10 @@
var afterCall = function(xhr) {
var messages = [];
if (xhr.status !== 207 && xhr.status !== 401) {
messages.push(
t('core', 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.')
);
messages.push({
msg: t('core', 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
deferred.resolve(messages);
};
@ -50,27 +57,34 @@
var messages = [];
if (xhr.status === 200 && data) {
if (!data.serverHasInternetConnection) {
messages.push(
t('core', 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.')
);
messages.push({
msg: t('core', 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.'),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(!data.dataDirectoryProtected) {
messages.push(
t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.')
);
messages.push({
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
if(!data.isMemcacheConfigured) {
messages.push(
t('core', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.memcacheDocs})
);
messages.push({
msg: t('core', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.memcacheDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_INFO
});
}
if(!data.isUrandomAvailable) {
messages.push(
t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.securityDocs})
);
messages.push({
msg: t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="{docLink}">documentation</a>.', {docLink: data.securityDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(data.isUsedTlsLibOutdated) {
messages.push(data.isUsedTlsLibOutdated);
messages.push({
msg: data.isUsedTlsLibOutdated,
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(data.phpSupported && data.phpSupported.eol) {
messages.push(
@ -83,7 +97,10 @@
);
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
deferred.resolve(messages);
};
@ -139,13 +156,17 @@
for (var header in securityHeaders) {
if(!xhr.getResponseHeader(header) || xhr.getResponseHeader(header).toLowerCase() !== securityHeaders[header].toLowerCase()) {
messages.push(
t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security or privacy risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]})
);
messages.push({
msg: t('core', 'The "{header}" HTTP header is not configured to equal to "{expected}". This is a potential security or privacy risk and we recommend adjusting this setting.', {header: header, expected: securityHeaders[header]}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
return messages;
@ -175,17 +196,22 @@
var minimumSeconds = 15768000;
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
messages.push(
t('core', 'The "Strict-Transport-Security" HTTP header is not configured to least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'})
);
messages.push({
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push(
t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'})
);
messages.push({
msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push(t('core', 'Error occurred while checking server setup'));
messages.push({
msg: t('core', 'Error occurred while checking server setup'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
return messages;

111
core/js/tests/specs/setupchecksSpec.js
View File

@ -29,7 +29,10 @@ describe('OC.SetupChecks tests', function() {
suite.server.requests[0].respond(200);
async.done(function( data, s, x ){
expect(data).toEqual(['Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.']);
expect(data).toEqual([{
msg: 'Your web server is not yet set up properly to allow file synchronization because the WebDAV interface seems to be broken.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@ -75,7 +78,17 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.']);
expect(data).toEqual([
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}, {
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]);
done();
});
});
@ -98,7 +111,19 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.']);
expect(data).toEqual([
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
},
{
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
},
{
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://doc.owncloud.org/server/go.php?to=admin-performance">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]);
done();
});
});
@ -121,7 +146,15 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.']);
expect(data).toEqual([
{
msg: 'This server has no working Internet connection. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
},
{
msg: 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@ -145,7 +178,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html">documentation</a>.']);
expect(data).toEqual([{
msg: '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -186,7 +222,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@ -229,7 +268,13 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup', 'Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
},{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@ -247,7 +292,21 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.']);
expect(data).toEqual([
{
msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, {
msg: 'The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -266,7 +325,13 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.']);
expect(data).toEqual([{
msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING,
}, {
msg: 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -307,7 +372,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -323,7 +391,13 @@ describe('OC.SetupChecks tests', function() {
JSON.stringify({data: {serverHasInternetConnection: false, dataDirectoryProtected: false}})
);
async.done(function( data, s, x ){
expect(data).toEqual(['Error occurred while checking server setup', 'Error occurred while checking server setup']);
expect(data).toEqual([{
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}, {
msg: 'Error occurred while checking server setup',
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
}]);
done();
});
});
@ -342,7 +416,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -362,7 +439,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
@ -382,7 +462,10 @@ describe('OC.SetupChecks tests', function() {
);
async.done(function( data, s, x ){
expect(data).toEqual(['The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.']);
expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});

7
settings/css/settings.css
View File

@ -360,7 +360,6 @@ table.grid td.date{
#security-warning li {
list-style: initial;
margin: 10px 0;
color: #ce3702;
}
#shareAPI p { padding-bottom: 0.8em; }
@ -491,6 +490,12 @@ doesnotexist:-o-prefocus, .strengthify-wrapper {
background-position: left center;
}
#postsetupchecks .errors,
#postsetupchecks .warnings,
#security-warning > ul {
color: #ce3702;
}
#admin-tips li {
list-style: initial;
}

33
settings/js/admin.js
View File

@ -173,17 +173,36 @@ $(document).ready(function(){
OC.SetupChecks.checkSetup(),
OC.SetupChecks.checkGeneric()
).then(function(check1, check2, check3) {
var errors = [].concat(check1, check2, check3);
var messages = [].concat(check1, check2, check3);
var $el = $('#postsetupchecks');
var $errorsEl;
$el.find('.loading').addClass('hidden');
if (errors.length === 0) {
if (messages.length === 0) {
} else {
$errorsEl = $el.find('.errors');
for (var i = 0; i < errors.length; i++ ) {
$errorsEl.append('<li>' + errors[i] + '</li>');
var $errorsEl = $el.find('.errors');
var $warningsEl = $el.find('.warnings');
var $infoEl = $el.find('.info');
for (var i = 0; i < messages.length; i++ ) {
switch(messages[i].type) {
case OC.SetupChecks.MESSAGE_TYPE_INFO:
$infoEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_WARNING:
$warningsEl.append('<li>' + messages[i].msg + '</li>');
break;
case OC.SetupChecks.MESSAGE_TYPE_ERROR:
default:
$errorsEl.append('<li>' + messages[i].msg + '</li>');
}
}
if ($errorsEl.find('li').length > 0) {
$errorsEl.removeClass('hidden');
}
if ($warningsEl.find('li').length > 0) {
$warningsEl.removeClass('hidden');
}
if ($infoEl.find('li').length > 0) {
$infoEl.removeClass('hidden');
}
$errorsEl.removeClass('hidden');
$el.find('.hint').removeClass('hidden');
}
});

2
settings/templates/admin.php
View File

@ -171,6 +171,8 @@ if ($_['cronErrors']) {
<div id="postsetupchecks">
<div class="loading"></div>
<ul class="errors hidden"></ul>
<ul class="warnings hidden"></ul>
<ul class="info hidden"></ul>
<p class="hint hidden">
<?php print_unescaped($l->t('Please double check the <a target="_blank" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="#log-section">log</a>.', link_to_docs('admin-install'))); ?>
</p>