diff options
Diffstat (limited to 'modules-available/webinterface/page.inc.php')
| -rw-r--r-- | modules-available/webinterface/page.inc.php | 78 |
1 files changed, 29 insertions, 49 deletions
diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index a2123ac5..fb982616 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -45,12 +45,10 @@ class Page_WebInterface extends Page $this->setRedirectFromPost(); $mode = Request::post('mode'); switch ($mode) { + case 'random': case 'off': $taskId = $this->setHttpsOff(); break; - case 'random': - $taskId = $this->setHttpsRandomCert(); - break; case 'custom': $taskId = $this->setHttpsCustomCert(); break; @@ -67,7 +65,7 @@ class Page_WebInterface extends Page } if ($taskId !== null) { Session::set('https-id', $taskId, 1); - Util::redirect('?do=WebInterface&show=httpsupdate'); + Util::redirect('?do=WebInterface&show=httpsupdate&mode=' . $mode); } Util::redirect('?do=WebInterface'); } @@ -96,9 +94,17 @@ class Page_WebInterface extends Page // HTTPS // if (Request::get('show') === 'httpsupdate') { - Render::addTemplate('httpd-restart', array('taskid' => Session::get('https-id'))); + Render::addTemplate('httpd-restart', [ + 'taskid' => Session::get('https-id'), + 'mode' => Request::get('mode', '', 'string'), + ]); } $type = Property::get(WebInterface::PROP_TYPE); + if ($type === 'off') { + // Not really possible anymore to disable HTTPS since we use it for client communication + $type = 'generated'; + Property::set(WebInterface::PROP_TYPE, $type); + } $force = Property::get(WebInterface::PROP_REDIRECT) === 'True'; $hsts = Property::get(WebInterface::PROP_HSTS) === 'True'; $redirdomain = WebInterface::getDomainRedirect(); @@ -117,36 +123,19 @@ class Page_WebInterface extends Page Render::addTemplate('acme-error', ['error' => $err]); } } - if ($type === 'off') { - if ($exists) { - // HTTPS is set to off, but a certificate exists - if ($https) { - // User is using https, just warn to prevent lockout - Message::addWarning('https-want-off-is-used'); - } else { - // User is not using https, try to delete stray certificate - $this->setHttpsOff(); - } - } elseif ($https) { - // Set to off, no cert found, but still using HTTPS apparently - // Admin might have modified web server config in another way - Message::addWarning('https-used-without-cert'); - } - } elseif ($type === 'generated' || $type === 'supplied' || $type === 'acme' || $type === 'api') { - $data['httpsEnabled'] = true; + if ($type === 'generated' || $type === 'supplied' || $type === 'acme' || $type === 'api') { if ($force && !$https) { Message::addWarning('https-want-redirect-is-plain'); } - if (!$exists) { + if ($type !== 'generated' && !$exists) { Message::addWarning('https-on-cert-missing'); } } else { // Unknown config - maybe upgraded old install that doesn't keep track if ($exists || $https) { $type = 'unknown'; // Legacy fallback - $data['httpsEnabled'] = true; } else { - $type = 'off'; + $type = 'generated'; } } $domains = implode("\n", Acme::getDomains()); @@ -171,23 +160,21 @@ class Page_WebInterface extends Page // $type might have changed in above block $data[$type . 'Selected'] = true; // Show cert info if possible - if ($type !== 'off') { - $data['certDomains'] = []; - $exp = 0; - $iss = ''; - if (WebInterface::extractCurrentCertData($data['certDomains'], $exp, $iss)) { - $data['certExpire'] = Util::prettyTime($exp); - $data['certIssuer'] = $iss; - $diff = $exp - time(); - $class = []; - if ($diff < 86400 * 3) { - $class[] = 'text-danger'; - } - if ($diff < 86400 * 10) { - $class[] = 'slx-bold'; - } - $data['certExpireClass'] = implode(' ', $class); + $data['certDomains'] = []; + $exp = 0; + $iss = ''; + if (WebInterface::extractCurrentCertData($data['certDomains'], $exp, $iss)) { + $data['certExpire'] = Util::prettyTime($exp); + $data['certIssuer'] = $iss; + $diff = $exp - time(); + $class = []; + if ($diff < 86400 * 3) { + $class[] = 'text-danger'; + } + if ($diff < 86400 * 10) { + $class[] = 'slx-bold'; } + $data['certExpireClass'] = implode(' ', $class); } $data['httpsApiKeyPostUrl'] = ($https ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/slx-admin/api.php?do=webinterface'; Permission::addGlobalTags($data['perms'], null, ['edit.https']); @@ -238,16 +225,9 @@ class Page_WebInterface extends Page private function setHttpsOff(): ?string { - Header('Strict-Transport-Security: max-age=0', true); - Session::deleteCookie(); return WebInterface::tmDisableHttps(); } - private function setHttpsRandomCert(): ?string - { - return WebInterface::tmGenerateRandomCert(); - } - private function setHttpsCustomCert(): ?string { $cert = trim(Request::post('certificate', Request::REQUIRED, 'string')); @@ -257,7 +237,7 @@ class Page_WebInterface extends Page $cert .= "\n" . $chain; } return WebInterface::tmImportCustomCert($key . "\n", $cert . "\n", 'supplied', - 'New certificate uploaded by ' . User::getLogin()); + 'Applying uploaded HTTPS certificate'); } private function setAcmeMode(): ?string |