Add basic reverseproxy misconfig detection to setupchecks

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2019-10-26 15:12:46 +02:00
parent 0b4c39d656
commit b0ea022a3e
No known key found for this signature in database
GPG Key ID: F941078878347C0C
4 changed files with 129 additions and 43 deletions

View File

@ -703,6 +703,7 @@ Raw output
'pendingBigIntConversionColumns' => $this->hasBigIntConversionPendingColumns(),
'isMysqlUsedWithoutUTF8MB4' => $this->isMysqlUsedWithoutUTF8MB4(),
'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed' => $this->isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(),
'reverseProxyGeneratedURL' => $this->urlGenerator->getAbsoluteURL('index.php'),
]
);
}

View File

@ -426,14 +426,6 @@ class CheckSetupControllerTest extends TestCase {
$this->clientService->expects($this->exactly(4))
->method('newClient')
->will($this->returnValue($client));
$this->urlGenerator->expects($this->at(0))
->method('linkToDocs')
->with('admin-performance')
->willReturn('http://docs.example.org/server/go.php?to=admin-performance');
$this->urlGenerator->expects($this->at(1))
->method('linkToDocs')
->with('admin-security')
->willReturn('https://docs.example.org/server/8.1/admin_manual/configuration_server/hardening.html');
$this->checkSetupController
->expects($this->once())
->method('isPhpOutdated')
@ -442,26 +434,6 @@ class CheckSetupControllerTest extends TestCase {
->expects($this->once())
->method('isOpcacheProperlySetup')
->willReturn(false);
$this->urlGenerator->expects($this->at(2))
->method('linkToDocs')
->with('admin-reverse-proxy')
->willReturn('reverse-proxy-doc-link');
$this->urlGenerator->expects($this->at(3))
->method('linkToDocs')
->with('admin-code-integrity')
->willReturn('http://docs.example.org/server/go.php?to=admin-code-integrity');
$this->urlGenerator->expects($this->at(4))
->method('linkToDocs')
->with('admin-php-opcache')
->willReturn('http://docs.example.org/server/go.php?to=admin-php-opcache');
$this->urlGenerator->expects($this->at(5))
->method('linkToDocs')
->with('admin-db-conversion')
->willReturn('http://docs.example.org/server/go.php?to=admin-db-conversion');
$this->urlGenerator->expects($this->at(6))
->method('getAbsoluteURL')
->with('index.php/settings/admin')
->willReturn('https://server/index.php/settings/admin');
$this->checkSetupController
->method('hasFreeTypeSupport')
->willReturn(false);
@ -540,6 +512,40 @@ class CheckSetupControllerTest extends TestCase {
->method('isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed')
->willReturn(true);
$this->urlGenerator->method('linkToDocs')
->willReturnCallback(function(string $key): string {
if ($key === 'admin-performance') {
return 'http://docs.example.org/server/go.php?to=admin-performance';
}
if ($key === 'admin-security') {
return 'https://docs.example.org/server/8.1/admin_manual/configuration_server/hardening.html';
}
if ($key === 'admin-reverse-proxy') {
return 'reverse-proxy-doc-link';
}
if ($key === 'admin-code-integrity') {
return 'http://docs.example.org/server/go.php?to=admin-code-integrity';
}
if ($key === 'admin-php-opcache') {
return 'http://docs.example.org/server/go.php?to=admin-php-opcache';
}
if ($key === 'admin-db-conversion') {
return 'http://docs.example.org/server/go.php?to=admin-db-conversion';
}
return '';
});
$this->urlGenerator->method('getAbsoluteURL')
->willReturnCallback(function(string $url): string {
if ($url === 'index.php/settings/admin') {
return 'https://server/index.php/settings/admin';
}
if ($url === 'index.php') {
return 'https://server/index.php';
}
return '';
});
$expected = new DataResponse(
[
'isGetenvServerWorking' => true,
@ -585,6 +591,7 @@ class CheckSetupControllerTest extends TestCase {
'pendingBigIntConversionColumns' => [],
'isMysqlUsedWithoutUTF8MB4' => false,
'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed' => true,
'reverseProxyGeneratedURL' => 'https://server/index.php',
]
);
$this->assertEquals($expected, $this->checkSetupController->check());

View File

@ -460,6 +460,18 @@
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
})
}
if (window.location.protocol === 'http:' && data.reverseProxyGeneratedURL.split('/')[0] !== 'https:') {
messages.push({
msg: t(
'core',
'You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read <a target="_blank" rel="noreferrer noopener" href="{docLink}">the documentation page about this</a>.',
{
docLink: data.reverseProxyDocs
}
),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
})
}
} else {
messages.push({

View File

@ -249,7 +249,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -301,7 +302,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -354,7 +356,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -405,7 +408,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -454,7 +458,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -505,7 +510,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -554,7 +560,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -603,7 +610,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -652,7 +660,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -722,7 +731,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -772,7 +782,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -822,7 +833,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -872,7 +884,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -921,7 +934,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: true,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyGeneratedURL: 'https://server',
})
);
@ -934,6 +948,57 @@ describe('OC.SetupChecks tests', function() {
});
});
it('should return an error if the protocol is https but the server generates http links', function(done) {
var async = OC.SetupChecks.checkSetup();
suite.server.requests[0].respond(
200,
{
'Content-Type': 'application/json',
},
JSON.stringify({
hasFileinfoInstalled: true,
isGetenvServerWorking: true,
isReadOnlyConfig: false,
hasWorkingFileLocking: true,
hasValidTransactionIsolationLevel: true,
suggestedOverwriteCliURL: '',
isRandomnessSecure: true,
securityDocs: 'https://docs.owncloud.org/myDocs.html',
serverHasInternetConnectionProblems: false,
isMemcacheConfigured: true,
forwardedForHeadersWorking: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isOpcacheProperlySetup: true,
hasOpcacheLoaded: true,
isSettimelimitAvailable: true,
hasFreeTypeSupport: true,
missingIndexes: [],
cronErrors: [],
cronInfo: {
diffInSeconds: 0
},
isMemoryLimitSufficient: true,
appDirsWithDifferentOwner: [],
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: true,
reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html',
reverseProxyGeneratedURL: 'http://server',
})
);
async.done(function( data, s, x ){
expect(data).toEqual([{
msg: 'You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read <a href="https://docs.nextcloud.com/foo/bar.html" rel="noreferrer noopener">the documentation page about this</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
});
});
it('should return an error if there is not enough free space in the temp directory', function(done) {
var async = OC.SetupChecks.checkSetup();
@ -970,7 +1035,8 @@ describe('OC.SetupChecks tests', function() {
recommendedPHPModules: [],
pendingBigIntConversionColumns: [],
isMysqlUsedWithoutUTF8MB4: false,
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: false
isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed: false,
reverseProxyGeneratedURL: 'https://server',
})
);