Commit Graph

86 Commits

Author SHA1 Message Date
Daniel Kesselberg 51f0651d68
Run setupchecks when #security-warnings is present
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-01-05 16:29:57 +01:00
Julius Härtl a3be286273
Make setup check also pass with a 501 status
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-12-19 07:41:25 +01:00
Roeland Jago Douma a915594b03
Merge pull request #12734 from nextcloud/feature/noid/check-nginx-woff2
Add check for missing .woff2 rule in Nginx via setup check
2018-11-29 19:36:56 +01:00
Morris Jobke f5894b653d
Add check for missing .woff2 rule in Nginx via setup check
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-11-29 17:01:43 +01:00
Daniel Kesselberg 92675a606e
Add sendmailmode to gui
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-29 16:02:36 +01:00
Rinat Gumirov 5aca24f3bd expire share days in settings validate
Signed-off-by: Rinat Gumirov <rinat.gumirov@mail.ru>
2018-10-31 00:15:41 +05:00
Daniel Calviño Sánchez 20a5ce217a Add check for well known URL of WebFinger in the settings overview
If the WebFinger service is not set in Nextcloud configuration no check
is performed.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-10 14:12:10 +02:00
Morris Jobke b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 10:41:02 +02:00
Daniel Calviño Sánchez fe30653194
Fix "checkWellKnownUrl" not being run
The check is run only if its last parameter is true; data() tries to
convert the HTML attribute string to an actual JavaScript value, so
"true" is returned as an actual boolean instead of an string; as a
strict comparison against "true" was used the result was false and thus
the checks were not run.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-09-27 15:39:26 +02:00
Julius Härtl 5a20ac7df2
Add warning state to setup checks
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 17:34:38 +02:00
Julius Härtl 6afe3e42f3
Add visual indicator for setup checks
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 17:34:37 +02:00
Morris Jobke 0d5142be70
Show a link to the docs instead of a button on the untrusted domain page
Before there was a button to "quickly" add the untrusted domain to the config. This button often didn't worked, because the generated URL was often untrusted as well. Thus removing it and providing proper docs seems to be the better approach to handle this rare case.

Also the log should not be spammed by messages for the untrusted domain accesses, because they are user related and not necessarily an administrative issue.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-17 17:47:11 +02:00
Bjoern Schiessle 1615312bf1
add share permissions to settings page
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Joas Schilling e938663329
Don't send the test mail twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-24 12:50:29 +02:00
Joas Schilling a5b4308a51
Don't put the SMTP password into the HTML code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 15:44:20 +02:00
Joas Schilling beb3f92c4d
Remove the double password confirmation on changing cron
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-13 15:52:16 +01:00
Joas Schilling 62855c08ff
Require confirmation when changing the email settings
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:50 +01:00
Joas Schilling 247b7f37ce
Color the trusted domain to alert the admin a bit more
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 12:22:21 +01:00
Joas Schilling 103bf6dd28
Switch to public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:26 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Morris Jobke 6bb95de1c5
Adding a optional disclaimer to the anonymous upload page 2016-09-08 18:44:27 +02:00
Morris Jobke cf79417490
Use tooltip for background job execution time 2016-07-13 09:59:42 +02:00
Christoph Wurst e4a8456d01
replace $().attr('checked') by $().prop('checked', state) or $().is(':checked') 2016-04-19 16:20:17 +02:00
Roeland Jago Douma 35024beb9c Add `allow sharing with groups` checkbox to admin page 2016-03-22 17:13:34 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Lukas Reschke f4c04c5f28 Concat also the other results
Otherwise this will ignore the two last checks 🙊
2016-01-10 11:39:44 +01:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Robin McCorkell 6959d5ca22 Properly detect setup check messages set in the HTML template 2015-11-08 00:02:59 +00:00
Thomas Müller b2dd5cb616 save excluded groups in json format - fixes #10983 2015-10-01 15:37:55 +02:00
Robin McCorkell 2992a1aa88 Merge pull request #18395 from owncloud/hide-empty-security-warning
[admin settings] Show success message if security warnings are empty
2015-08-21 11:38:40 +01:00
Morris Jobke 63a1f9afac add success message 2015-08-21 11:09:01 +02:00
Morris Jobke e8c3eb7473 Clear cron errors on change of background job mode
* fixes #18454
2015-08-20 14:51:28 +02:00
Morris Jobke 70bce7a54a [admin settings] hide security warnings if empty
* fixes #15257
2015-08-18 16:42:25 +02:00
Jan-Christoph Borchardt 12eec397e3 Merge pull request #17975 from owncloud/settings_admin_warning_levels
Settings admin warning levels
2015-08-18 13:38:08 +02:00
Roeland Jago Douma 8bde72c4bd All setup messages are now properly types 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 5d15051da4 Allow setupchecks to specify a warning level 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 15a0f8e433 Do not allow invalid default expire days
Currently it is possible to set a negative number of days in which a
public share expires. This results in public sharing not working and it
undesired.

Weird thing is that the API still lets you create shares and gives back
an URL. However the id is "unkown" and the URL invalid.
2015-07-04 06:57:00 +02:00
Bjoern Schiessle 8f1e504d79 adjust wording and add button to confirm encryption 2015-05-05 10:38:09 +02:00
Bjoern Schiessle 6dc3682cc2 don't let the the user disable encryption once it was activated 2015-05-04 13:13:31 +02:00
Clark Tomlinson 1174ad0681 Merge pull request #15445 from owncloud/enc2_migration
add migration script from old encryption to new one
2015-04-16 09:34:47 -04:00
Bjoern Schiessle d2ef73367c allow user to start migration in admin settings if no external user back-ends are enabled 2015-04-16 14:15:04 +02:00
Jan-Christoph Borchardt 04ca5b8160 remove slow fade animation for remaining tipsy tooltips 2015-04-15 12:25:10 +02:00
Joas Schilling 495562f40c Move federated cloud sharing, files externals and updater to special positions 2015-03-27 09:38:09 +01:00
Thomas Müller 232518ac54 Merge pull request #15234 from owncloud/encryption2_core
core part of encryption 2.0
2015-03-26 21:14:59 +01:00
Bjoern Schiessle ff9c85ce60 implement basic encryption functionallity in core to enable multiple encryption modules 2015-03-26 20:56:51 +01:00
Jan-Christoph Borchardt 04a4df5065 only show connection checks results if there are errors, fix #11476 2015-03-25 09:34:13 +01:00
Jan-Christoph Borchardt db02edd7c8 adjust list of errors, more compact and readable 2015-03-06 15:27:21 +01:00
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Jakob Sack 0efed5c216 Add absolute time of last cronjob as hover tip 2015-02-28 21:48:19 +01:00