Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>pull/43908/head
Ferdinand Thiessen
2 years ago
parent
fa0e3d66ba
commit
ef2c312b18
@ -0,0 +1,80 @@ |
||||
<?php |
||||
|
||||
declare(strict_types=1); |
||||
|
||||
/** |
||||
* @copyright Copyright (c) 2024 Ferdinand Thiessen <opensource@fthiessen.de> |
||||
* |
||||
* @author Ferdinand Thiessen <opensource@fthiessen.de> |
||||
* |
||||
* @license AGPL-3.0-or-later |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU Affero General Public License as |
||||
* published by the Free Software Foundation, either version 3 of the |
||||
* License, or (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU Affero General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU Affero General Public License |
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
* |
||||
*/ |
||||
namespace OCA\Settings\SetupChecks; |
||||
|
||||
use OCP\Http\Client\IClientService; |
||||
use OCP\IConfig; |
||||
use OCP\IL10N; |
||||
use OCP\IURLGenerator; |
||||
use OCP\SetupCheck\ISetupCheck; |
||||
use OCP\SetupCheck\SetupResult; |
||||
use Psr\Log\LoggerInterface; |
||||
|
||||
/** |
||||
* Checks if the data directory can not be accessed from outside |
||||
*/ |
||||
class DataDirectoryProtected implements ISetupCheck { |
||||
use CheckServerResponseTrait; |
||||
|
||||
public function __construct( |
||||
protected IL10N $l10n, |
||||
protected IConfig $config, |
||||
protected IURLGenerator $urlGenerator, |
||||
protected IClientService $clientService, |
||||
protected LoggerInterface $logger, |
||||
) { |
||||
} |
||||
|
||||
public function getCategory(): string { |
||||
return 'network'; |
||||
} |
||||
|
||||
public function getName(): string { |
||||
return $this->l10n->t('Data directory protected'); |
||||
} |
||||
|
||||
public function run(): SetupResult { |
||||
$datadir = str_replace(\OC::$SERVERROOT . '/', '', $this->config->getSystemValue('datadirectory', '')); |
||||
|
||||
$dataUrl = $this->urlGenerator->getWebroot() . '/' . $datadir . '/.ocdata'; |
||||
|
||||
$noResponse = true; |
||||
foreach ($this->runHEAD($dataUrl, httpErrors:false) as $response) { |
||||
$noResponse = false; |
||||
if ($response->getStatusCode() === 200) { |
||||
return SetupResult::error($this->l10n->t('Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.')); |
||||
} else { |
||||
$this->logger->debug('[expected] Could not access data directory from outside.', ['url' => $dataUrl]); |
||||
} |
||||
} |
||||
|
||||
if ($noResponse) { |
||||
return SetupResult::warning($this->l10n->t('Could not check that the data directory is protected. Please check manually that your server does not allow access to the data directory.') . "\n" . $this->serverConfigHelp()); |
||||
} |
||||
return SetupResult::success(); |
||||
|
||||
} |
||||
} |
||||
@ -0,0 +1,136 @@ |
||||
<?php |
||||
|
||||
declare(strict_types=1); |
||||
|
||||
/** |
||||
* @copyright Copyright (c) 2024 Ferdinand Thiessen <opensource@fthiessen.de> |
||||
* |
||||
* @author Ferdinand Thiessen <opensource@fthiessen.de> |
||||
* |
||||
* @license AGPL-3.0-or-later |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU Affero General Public License as |
||||
* published by the Free Software Foundation, either version 3 of the |
||||
* License, or (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU Affero General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU Affero General Public License |
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
* |
||||
*/ |
||||
namespace OCA\Settings\Tests; |
||||
|
||||
use OCA\Settings\SetupChecks\DataDirectoryProtected; |
||||
use OCP\Http\Client\IClientService; |
||||
use OCP\Http\Client\IResponse; |
||||
use OCP\IConfig; |
||||
use OCP\IL10N; |
||||
use OCP\IURLGenerator; |
||||
use OCP\SetupCheck\SetupResult; |
||||
use PHPUnit\Framework\MockObject\MockObject; |
||||
use Psr\Log\LoggerInterface; |
||||
use Test\TestCase; |
||||
|
||||
class DataDirectoryProtectedTest extends TestCase { |
||||
private IL10N|MockObject $l10n; |
||||
private IConfig|MockObject $config; |
||||
private IURLGenerator|MockObject $urlGenerator; |
||||
private IClientService|MockObject $clientService; |
||||
private LoggerInterface|MockObject $logger; |
||||
private DataDirectoryProtected|MockObject $setupcheck; |
||||
|
||||
protected function setUp(): void { |
||||
parent::setUp(); |
||||
|
||||
/** @var IL10N|MockObject */ |
||||
$this->l10n = $this->getMockBuilder(IL10N::class) |
||||
->disableOriginalConstructor()->getMock(); |
||||
$this->l10n->expects($this->any()) |
||||
->method('t') |
||||
->willReturnCallback(function ($message, array $replace) { |
||||
return vsprintf($message, $replace); |
||||
}); |
||||
|
||||
$this->config = $this->createMock(IConfig::class); |
||||
$this->urlGenerator = $this->createMock(IURLGenerator::class); |
||||
$this->clientService = $this->createMock(IClientService::class); |
||||
$this->logger = $this->createMock(LoggerInterface::class); |
||||
|
||||
$this->setupcheck = $this->getMockBuilder(DataDirectoryProtected::class) |
||||
->onlyMethods(['runHEAD']) |
||||
->setConstructorArgs([ |
||||
$this->l10n, |
||||
$this->config, |
||||
$this->urlGenerator, |
||||
$this->clientService, |
||||
$this->logger, |
||||
]) |
||||
->getMock(); |
||||
} |
||||
|
||||
/** |
||||
* @dataProvider dataTestStatusCode |
||||
*/ |
||||
public function testStatusCode(array $status, string $expected): void { |
||||
$responses = array_map(function ($state) { |
||||
$response = $this->createMock(IResponse::class); |
||||
$response->expects($this->any())->method('getStatusCode')->willReturn($state); |
||||
return $response; |
||||
}, $status); |
||||
|
||||
$this->setupcheck |
||||
->expects($this->once()) |
||||
->method('runHEAD') |
||||
->will($this->generate($responses)); |
||||
|
||||
$this->config |
||||
->expects($this->once()) |
||||
->method('getSystemValue') |
||||
->willReturn(''); |
||||
|
||||
$result = $this->setupcheck->run(); |
||||
$this->assertEquals($expected, $result->getSeverity()); |
||||
} |
||||
|
||||
public function dataTestStatusCode(): array { |
||||
return [ |
||||
'success: forbidden access' => [[403], SetupResult::SUCCESS], |
||||
'error: can access' => [[200], SetupResult::ERROR], |
||||
'error: one forbidden one can access' => [[403, 200], SetupResult::ERROR], |
||||
'warning: connection issue' => [[], SetupResult::WARNING], |
||||
]; |
||||
} |
||||
|
||||
public function testNoResponse(): void { |
||||
$response = $this->createMock(IResponse::class); |
||||
$response->expects($this->any())->method('getStatusCode')->willReturn(200); |
||||
|
||||
$this->setupcheck |
||||
->expects($this->once()) |
||||
->method('runHEAD') |
||||
->will($this->generate([])); |
||||
|
||||
$this->config |
||||
->expects($this->once()) |
||||
->method('getSystemValue') |
||||
->willReturn(''); |
||||
|
||||
$result = $this->setupcheck->run(); |
||||
$this->assertEquals(SetupResult::WARNING, $result->getSeverity()); |
||||
$this->assertMatchesRegularExpression('/^Could not check/', $result->getDescription()); |
||||
} |
||||
|
||||
/** |
||||
* Helper function creates a nicer interface for mocking Generator behavior |
||||
*/ |
||||
protected function generate(array $yield_values) { |
||||
return $this->returnCallback(function () use ($yield_values) { |
||||
yield from $yield_values; |
||||
}); |
||||
} |
||||
} |
||||
@ -1,2 +1,2 @@ |
||||
({69129:function(){window.addEventListener("DOMContentLoaded",(()=>{$("#loglevel").change((function(){$.post(OC.generateUrl("/settings/admin/log/level"),{level:$(this).val()},(()=>{OC.Log.reload()}))})),$("#mail_smtpauth").change((function(){this.checked?$("#mail_credentials").removeClass("hidden"):$("#mail_credentials").addClass("hidden")})),$("#mail_smtpmode").change((function(){"smtp"!==$(this).val()?($("#setting_smtpauth").addClass("hidden"),$("#setting_smtphost").addClass("hidden"),$("#mail_smtpsecure_label").addClass("hidden"),$("#mail_smtpsecure").addClass("hidden"),$("#mail_credentials").addClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").removeClass("hidden")):($("#setting_smtpauth").removeClass("hidden"),$("#setting_smtphost").removeClass("hidden"),$("#mail_smtpsecure_label").removeClass("hidden"),$("#mail_smtpsecure").removeClass("hidden"),$("#mail_smtpauth").is(":checked")&&$("#mail_credentials").removeClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").addClass("hidden"))}));const e=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(e):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings"),type:"POST",data:$("#mail_general_settings_form").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))},s=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(s):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings/credentials"),type:"POST",data:$("#mail_credentials_settings").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))};$("#mail_general_settings_form").change(e),$("#mail_credentials_settings_submit").click(s),$("#mail_smtppassword").click((()=>{"text"===this.N&&"********"===this.U&&(this.N="password",this.U="")})),$("#sendtestemail").click((e=>{e.preventDefault(),OC.msg.startAction("#sendtestmail_msg",t("settings","Sending…")),$.ajax({url:OC.generateUrl("/settings/admin/mailtest"),type:"POST",success:()=>{OC.msg.finishedSuccess("#sendtestmail_msg",t("settings","Email sent"))},error:e=>{OC.msg.finishedError("#sendtestmail_msg",e.responseJSON)}})})),null!==document.getElementById("security-warning")&&$.when(OC.SetupChecks.checkWebDAV(),OC.SetupChecks.checkWellKnownUrl("GET","/.well-known/webfinger",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown"),[200,404],!0),OC.SetupChecks.checkWellKnownUrl("GET","/.well-known/nodeinfo",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown"),[200,404],!0),OC.SetupChecks.checkWellKnownUrl("PROPFIND","/.well-known/caldav",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown")),OC.SetupChecks.checkWellKnownUrl("PROPFIND","/.well-known/carddav",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown")),OC.SetupChecks.checkSetup(),OC.SetupChecks.checkGeneric(),OC.SetupChecks.checkDataProtected()).then(((e,s,t,n,i,a,l,d)=>{const r=[].concat(e,s,t,n,i,a,l,d),c=$("#postsetupchecks");$("#security-warning-state-loading").addClass("hidden");let m=!1;const o=c.find(".errors"),h=c.find(".warnings"),g=c.find(".info");for(let e=0;e<r.length;e++)switch(r[e].type){case OC.SetupChecks.MESSAGE_TYPE_INFO:g.append("<li>"+r[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_WARNING:h.append("<li>"+r[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_ERROR:default:o.append("<li>"+r[e].msg+"</li>")}o.find("li").length>0&&(o.removeClass("hidden"),m=!0),h.find("li").length>0&&(h.removeClass("hidden"),m=!0),g.find("li").length>0&&(g.removeClass("hidden"),m=!0),m?($("#postsetupchecks-hint").removeClass("hidden"),o.find("li").length>0?$("#security-warning-state-failure").removeClass("hidden"):$("#security-warning-state-warning").removeClass("hidden")):0===$("#security-warning").children("ul").children().length?$("#security-warning-state-ok").removeClass("hidden"):$("#security-warning-state-failure").removeClass("hidden")}))}))}})[69129](); |
||||
//# sourceMappingURL=settings-legacy-admin.js.map?v=689487601db452849a35
|
||||
({69129:function(){window.addEventListener("DOMContentLoaded",(()=>{$("#loglevel").change((function(){$.post(OC.generateUrl("/settings/admin/log/level"),{level:$(this).val()},(()=>{OC.Log.reload()}))})),$("#mail_smtpauth").change((function(){this.checked?$("#mail_credentials").removeClass("hidden"):$("#mail_credentials").addClass("hidden")})),$("#mail_smtpmode").change((function(){"smtp"!==$(this).val()?($("#setting_smtpauth").addClass("hidden"),$("#setting_smtphost").addClass("hidden"),$("#mail_smtpsecure_label").addClass("hidden"),$("#mail_smtpsecure").addClass("hidden"),$("#mail_credentials").addClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").removeClass("hidden")):($("#setting_smtpauth").removeClass("hidden"),$("#setting_smtphost").removeClass("hidden"),$("#mail_smtpsecure_label").removeClass("hidden"),$("#mail_smtpsecure").removeClass("hidden"),$("#mail_smtpauth").is(":checked")&&$("#mail_credentials").removeClass("hidden"),$("#mail_sendmailmode_label, #mail_sendmailmode").addClass("hidden"))}));const e=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(e):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings"),type:"POST",data:$("#mail_general_settings_form").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))},s=function(){OC.PasswordConfirmation.requiresPasswordConfirmation()?OC.PasswordConfirmation.requirePasswordConfirmation(s):(OC.msg.startSaving("#mail_settings_msg"),$.ajax({url:OC.generateUrl("/settings/admin/mailsettings/credentials"),type:"POST",data:$("#mail_credentials_settings").serialize(),success:()=>{OC.msg.finishedSuccess("#mail_settings_msg",t("settings","Saved"))},error:e=>{OC.msg.finishedError("#mail_settings_msg",e.responseJSON)}}))};$("#mail_general_settings_form").change(e),$("#mail_credentials_settings_submit").click(s),$("#mail_smtppassword").click((()=>{"text"===this.N&&"********"===this.U&&(this.N="password",this.U="")})),$("#sendtestemail").click((e=>{e.preventDefault(),OC.msg.startAction("#sendtestmail_msg",t("settings","Sending…")),$.ajax({url:OC.generateUrl("/settings/admin/mailtest"),type:"POST",success:()=>{OC.msg.finishedSuccess("#sendtestmail_msg",t("settings","Email sent"))},error:e=>{OC.msg.finishedError("#sendtestmail_msg",e.responseJSON)}})})),null!==document.getElementById("security-warning")&&$.when(OC.SetupChecks.checkWebDAV(),OC.SetupChecks.checkWellKnownUrl("GET","/.well-known/webfinger",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown"),[200,404],!0),OC.SetupChecks.checkWellKnownUrl("GET","/.well-known/nodeinfo",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown"),[200,404],!0),OC.SetupChecks.checkWellKnownUrl("PROPFIND","/.well-known/caldav",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown")),OC.SetupChecks.checkWellKnownUrl("PROPFIND","/.well-known/carddav",OC.theme.docPlaceholderUrl,!0===$("#postsetupchecks").data("check-wellknown")),OC.SetupChecks.checkSetup(),OC.SetupChecks.checkGeneric()).then(((e,s,t,n,i,a,l)=>{const d=[].concat(e,s,t,n,i,a,l),r=$("#postsetupchecks");$("#security-warning-state-loading").addClass("hidden");let c=!1;const m=r.find(".errors"),o=r.find(".warnings"),h=r.find(".info");for(let e=0;e<d.length;e++)switch(d[e].type){case OC.SetupChecks.MESSAGE_TYPE_INFO:h.append("<li>"+d[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_WARNING:o.append("<li>"+d[e].msg+"</li>");break;case OC.SetupChecks.MESSAGE_TYPE_ERROR:default:m.append("<li>"+d[e].msg+"</li>")}m.find("li").length>0&&(m.removeClass("hidden"),c=!0),o.find("li").length>0&&(o.removeClass("hidden"),c=!0),h.find("li").length>0&&(h.removeClass("hidden"),c=!0),c?($("#postsetupchecks-hint").removeClass("hidden"),m.find("li").length>0?$("#security-warning-state-failure").removeClass("hidden"):$("#security-warning-state-warning").removeClass("hidden")):0===$("#security-warning").children("ul").children().length?$("#security-warning-state-ok").removeClass("hidden"):$("#security-warning-state-failure").removeClass("hidden")}))}))}})[69129](); |
||||
//# sourceMappingURL=settings-legacy-admin.js.map?v=aae3b9bd4aae206239f2
|
||||
File diff suppressed because one or more lines are too long
Loading…
Reference in new issue