diff options
| author | Simon Rettberg | 2017-03-20 21:30:33 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2017-03-20 21:30:33 +0100 |
| commit | 2aa709e968482756c0343dbecf079913cd16ba52 (patch) | |
| tree | 6284e55c25d48b0d434042c9baccfeb9842db8bc /modules-available/webinterface/page.inc.php | |
| parent | [sysconfig] Add ConfigTgz::rebuildAllConfigs() (diff) | |
| download | slx-admin-2aa709e968482756c0343dbecf079913cd16ba52.tar.gz slx-admin-2aa709e968482756c0343dbecf079913cd16ba52.tar.xz slx-admin-2aa709e968482756c0343dbecf079913cd16ba52.zip | |
[webinterface] Remember last HTTPS config; add redirect to HTTPS setting
Functionality in the LighttpdHttps task is still missing, so the new
redirect setting doesn't really do anything yet.
This refs #3058 @2h
Diffstat (limited to 'modules-available/webinterface/page.inc.php')
| -rw-r--r-- | modules-available/webinterface/page.inc.php | 87 |
1 files changed, 83 insertions, 4 deletions
diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 3c4304cd..35e14dc5 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -3,6 +3,9 @@ class Page_WebInterface extends Page { + const PROP_REDIRECT = 'webinterface.https-redirect'; + const PROP_TYPE = 'webinterface.https-type'; + protected function doPreprocess() { User::load(); @@ -33,13 +36,17 @@ class Page_WebInterface extends Page case 'custom': $task = $this->setHttpsCustomCert(); break; + default: + $task = $this->setRedirectMode(); + break; } if (isset($task['id'])) { Session::set('https-id', $task['id']); Util::redirect('?do=WebInterface&show=httpsupdate'); } + Util::redirect('?do=WebInterface'); } - + private function actionShowHidePassword() { Property::setPasswordFieldType(Request::post('mode') === 'show' ? 'text' : 'password'); @@ -48,10 +55,57 @@ class Page_WebInterface extends Page protected function doRender() { + // + // HTTPS + // if (Request::get('show') === 'httpsupdate') { Render::addTemplate('httpd-restart', array('taskid' => Session::get('https-id'))); } - Render::addTemplate('https', array('httpsEnabled' => file_exists('/etc/lighttpd/server.pem'))); + $type = Property::get(self::PROP_TYPE); + $force = Property::get(self::PROP_REDIRECT) === 'True'; + $https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'; + $exists = file_exists('/etc/lighttpd/server.pem'); + $data = array( + 'httpsUsed' => $https, + 'redirect_checked' => ($force ? 'checked' : '') + ); + // Type should be 'off', 'generated', 'supplied' + if ($type === 'off') { + if ($exists) { + // HTTPS is set to off, but a certificate exists + if ($https) { + // User is using https, just warn to prevent lockout + Message::addWarning('https-want-off-is-used'); + } else { + // User is not using https, try to delete stray certificate + $this->setHttpsOff(); + } + } elseif ($https) { + // Set to off, no cert found, but still using HTTPS apparently + // Admin might have modified web server config in another way + Message::addWarning('https-used-without-cert'); + } + } elseif ($type === 'generated' || $type === 'supplied') { + $data['httpsEnabled'] = true; + if ($force && !$https) { + Message::addWarning('https-want-redirect-is-plain'); + } + if (!$exists) { + Message::addWarning('https-on-cert-missing'); + } + } else { + // Unknown config - maybe upgraded old install that doesn't keep track + if ($exists || $https) { + $type = 'unknown'; // Legacy fallback + } else { + $type = 'off'; + } + } + $data[$type . 'Selected'] = true; + Render::addTemplate('https', $data); + // + // Password fields + // $data = array(); if (Property::getPasswordFieldType() === 'text') $data['selected_show'] = 'checked'; @@ -62,23 +116,48 @@ class Page_WebInterface extends Page private function setHttpsOff() { + Property::set(self::PROP_TYPE, 'off'); return Taskmanager::submit('LighttpdHttps', array()); } private function setHttpsRandomCert() { + $force = Request::post('httpsredirect', false, 'string') === 'on'; + Property::set(self::PROP_TYPE, 'generated'); + Property::set(self::PROP_REDIRECT, $force ? 'True' : 'False'); return Taskmanager::submit('LighttpdHttps', array( - 'proxyip' => Property::getServerIp() + 'proxyip' => Property::getServerIp(), + 'redirect' => $force, )); } private function setHttpsCustomCert() { + $force = Request::post('httpsredirect', false, 'string') === 'on'; + Property::set(self::PROP_TYPE, 'supplied'); + Property::set(self::PROP_REDIRECT, $force ? 'True' : 'False'); return Taskmanager::submit('LighttpdHttps', array( 'importcert' => Request::post('certificate', 'bla'), 'importkey' => Request::post('privatekey', 'bla'), - 'importchain' => Request::post('cachain', '') + 'importchain' => Request::post('cachain', ''), + 'redirect' => $force, + )); + } + + private function setRedirectMode() + { + $force = Request::post('httpsredirect', false, 'string') === 'on'; + Property::set(self::PROP_REDIRECT, $force ? 'True' : 'False'); + if (Property::get(self::PROP_TYPE) === 'off') { + // Don't bother running the task if https isn't enabled - just + // update the state in DB + return false; + } + return Taskmanager::submit('LighttpdHttps', array( + 'redirectOnly' => true, + 'redirect' => $force, )); } } + |