From 573177d1768dd69dde94106919a61344f4146794 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 4 Aug 2015 17:50:30 +0200 Subject: [PATCH 1/2] only add the possibility to import ssl root certificates to the personal setting if the user can mount external storages --- settings/personal.php | 18 +++++++++++++++++- settings/templates/personal.php | 2 ++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/settings/personal.php b/settings/personal.php index 8823102e01..203c9f68af 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -104,6 +104,17 @@ $clients = array( 'ios' => $config->getSystemValue('customclient_ios', $defaults->getiOSClientUrl()) ); +// only show root certificate import if external storages are enabled +$enableCertImport = false; +$externalStorageEnabled = \OC::$server->getAppManager()->isEnabledForUser('files_external'); +if ($externalStorageEnabled) { + $backends = OC_Mount_Config::getPersonalBackends(); + if (!empty($backends)) { + $enableCertImport = true; + } +} + + // Return template $tmpl = new OC_Template( 'settings', 'personal', 'user'); $tmpl->assign('usage', OC_Helper::humanFileSize($storageInfo['used'])); @@ -120,6 +131,7 @@ $tmpl->assign('displayName', OC_User::getDisplayName()); $tmpl->assign('enableAvatars', $config->getSystemValue('enable_avatars', true)); $tmpl->assign('avatarChangeSupported', OC_User::canUserChangeAvatar(OC_User::getUser())); $tmpl->assign('certs', $certificateManager->listCertificates()); +$tmpl->assign('showCertificates', $enableCertImport); $tmpl->assign('urlGenerator', $urlGenerator); // Get array of group ids for this user @@ -157,7 +169,11 @@ $formsMap = array_map(function($form){ $formsAndMore = array_merge($formsAndMore, $formsMap); // add bottom hardcoded forms from the template -$formsAndMore[]= array( 'anchor' => 'ssl-root-certificates', 'section-name' => $l->t('SSL root certificates') ); +if($enableCertImport) { + $formsAndMore[]= array( 'anchor' => 'ssl-root-certificates', 'section-name' => $l->t('SSL root certificates') ); +} + + $tmpl->assign('forms', $formsAndMore); $tmpl->printPage(); diff --git a/settings/templates/personal.php b/settings/templates/personal.php index e7832b85eb..490133c9f2 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -205,6 +205,7 @@ if($_['passwordChangeSupported']) { +

t('SSL root certificates')); ?>

@@ -242,6 +243,7 @@ if($_['passwordChangeSupported']) { +

t('Version'));?>

From dc5e89e624ca7bcc5ff4f9ce5068ccbc75cda7f6 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 4 Aug 2015 18:33:19 +0200 Subject: [PATCH 2/2] also block certificate management in the back-end if external storages are disabled for the user --- settings/application.php | 3 +- settings/controller/certificatecontroller.php | 34 ++++++++++++++++++- .../controller/CertificateControllerTest.php | 23 +++++++++---- 3 files changed, 52 insertions(+), 8 deletions(-) diff --git a/settings/application.php b/settings/application.php index 8da835c18d..155cc39d04 100644 --- a/settings/application.php +++ b/settings/application.php @@ -107,7 +107,8 @@ class Application extends App { $c->query('AppName'), $c->query('Request'), $c->query('CertificateManager'), - $c->query('L10N') + $c->query('L10N'), + $c->query('IAppManager') ); }); $container->registerService('GroupsController', function(IContainer $c) { diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php index ea20b7c587..92d0961efb 100644 --- a/settings/controller/certificatecontroller.php +++ b/settings/controller/certificatecontroller.php @@ -21,6 +21,7 @@ namespace OC\Settings\Controller; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -36,20 +37,25 @@ class CertificateController extends Controller { private $certificateManager; /** @var IL10N */ private $l10n; + /** @var IAppManager */ + private $appManager; /** * @param string $appName * @param IRequest $request * @param ICertificateManager $certificateManager * @param IL10N $l10n + * @param IAppManager $appManager */ public function __construct($appName, IRequest $request, ICertificateManager $certificateManager, - IL10N $l10n) { + IL10N $l10n, + IAppManager $appManager) { parent::__construct($appName, $request); $this->certificateManager = $certificateManager; $this->l10n = $l10n; + $this->appManager = $appManager; } /** @@ -60,6 +66,11 @@ class CertificateController extends Controller { * @return array */ public function addPersonalRootCertificate() { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + $file = $this->request->getUploadedFile('rootcert_import'); if(empty($file)) { return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY); @@ -92,8 +103,29 @@ class CertificateController extends Controller { * @return DataResponse */ public function removePersonalRootCertificate($certificateIdentifier) { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + $this->certificateManager->removeCertificate($certificateIdentifier); return new DataResponse(); } + /** + * check if certificate import is allowed + * + * @return bool + */ + protected function isCertificateImportAllowed() { + $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external'); + if ($externalStorageEnabled) { + $backends = \OC_Mount_Config::getPersonalBackends(); + if (!empty($backends)) { + return true; + } + } + return false; + } + } diff --git a/tests/settings/controller/CertificateControllerTest.php b/tests/settings/controller/CertificateControllerTest.php index b698119503..023d7753cc 100644 --- a/tests/settings/controller/CertificateControllerTest.php +++ b/tests/settings/controller/CertificateControllerTest.php @@ -21,6 +21,7 @@ namespace OC\Settings\Controller; +use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; @@ -41,6 +42,8 @@ class CertificateControllerTest extends \Test\TestCase { private $certificateManager; /** @var IL10N */ private $l10n; + /** @var IAppManager */ + private $appManager; public function setUp() { parent::setUp(); @@ -48,13 +51,21 @@ class CertificateControllerTest extends \Test\TestCase { $this->request = $this->getMock('\OCP\IRequest'); $this->certificateManager = $this->getMock('\OCP\ICertificateManager'); $this->l10n = $this->getMock('\OCP\IL10N'); + $this->appManager = $this->getMock('OCP\App\IAppManager'); - $this->certificateController = new CertificateController( - 'settings', - $this->request, - $this->certificateManager, - $this->l10n - ); + $this->certificateController = $this->getMockBuilder('OC\Settings\Controller\CertificateController') + ->setConstructorArgs( + [ + 'settings', + $this->request, + $this->certificateManager, + $this->l10n, + $this->appManager + ] + )->setMethods(['isCertificateImportAllowed'])->getMock(); + + $this->certificateController->expects($this->any()) + ->method('isCertificateImportAllowed')->willReturn(true); } public function testAddPersonalRootCertificateWithEmptyFile() {