mirror of https://github.com/nextcloud/server.git
Add a background job that checks for potential user imported SSL certificates and shows a warning in the admin settings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>pull/21693/head
parent
54b9f639a6
commit
1c496a5a35
@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2020 Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @author Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Settings\SetupChecks;
|
||||
|
||||
use OCP\IConfig;
|
||||
use OCP\IL10N;
|
||||
use OCP\IURLGenerator;
|
||||
|
||||
class CheckUserCertificates {
|
||||
/** @var IL10N */
|
||||
private $l10n;
|
||||
/** @var string */
|
||||
private $configValue;
|
||||
/** @var IURLGenerator */
|
||||
private $urlGenerator;
|
||||
|
||||
public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) {
|
||||
$this->l10n = $l10n;
|
||||
$configValue = $config->getAppValue('files_external', 'user_certificate_scan', false);
|
||||
if (!is_string($configValue)) {
|
||||
$configValue = '';
|
||||
}
|
||||
$this->configValue = $configValue;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
}
|
||||
|
||||
public function description(): string {
|
||||
if ($this->configValue === '') {
|
||||
return '';
|
||||
}
|
||||
if ($this->configValue === 'not-run-yet') {
|
||||
return $this->l10n->t('A background job is pending that checks for user imported SSL certificates. Please check back later.');
|
||||
}
|
||||
return $this->l10n->t('There are some user imported SSL certificates present, that are not used anymore with Nextcloud 21. They can be imported on the command line via "occ security:certificates:import" command. Their paths inside the data directory are shown below.');
|
||||
}
|
||||
|
||||
public function severity(): string {
|
||||
return 'warning';
|
||||
}
|
||||
|
||||
public function run(): bool {
|
||||
// all fine if neither "not-run-yet" nor a result
|
||||
return $this->configValue === '';
|
||||
}
|
||||
|
||||
public function elements(): array {
|
||||
if ($this->configValue === '' || $this->configValue === 'not-run-yet') {
|
||||
return [];
|
||||
}
|
||||
$data = json_decode($this->configValue);
|
||||
if (!is_array($data)) {
|
||||
return [];
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
}
|
@ -0,0 +1,79 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright 2020 Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @author Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Core\BackgroundJobs;
|
||||
|
||||
use OC\BackgroundJob\QueuedJob;
|
||||
use OCP\Files\Folder;
|
||||
use OCP\Files\IRootFolder;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
|
||||
class CheckForUserCertificates extends QueuedJob {
|
||||
|
||||
/** @var IConfig */
|
||||
protected $config;
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
/** @var IRootFolder */
|
||||
private $rootFolder;
|
||||
|
||||
public function __construct(IConfig $config, IUserManager $userManager, IRootFolder $rootFolder) {
|
||||
$this->config = $config;
|
||||
$this->userManager = $userManager;
|
||||
$this->rootFolder = $rootFolder;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks all user directories for old user uploaded certificates
|
||||
*/
|
||||
public function run($arguments) {
|
||||
$uploadList = [];
|
||||
$this->userManager->callForSeenUsers(function (IUser $user) use (&$uploadList) {
|
||||
$userId = $user->getUID();
|
||||
try {
|
||||
\OC_Util::setupFS($userId);
|
||||
$filesExternalUploadsFolder = $this->rootFolder->get($userId . '/files_external/uploads');
|
||||
} catch (NotFoundException $e) {
|
||||
\OC_Util::tearDownFS();
|
||||
return;
|
||||
}
|
||||
if ($filesExternalUploadsFolder instanceof Folder) {
|
||||
$files = $filesExternalUploadsFolder->getDirectoryListing();
|
||||
foreach ($files as $file) {
|
||||
$filename = $file->getName();
|
||||
$uploadList[] = "$userId/files_external/uploads/$filename";
|
||||
}
|
||||
}
|
||||
\OC_Util::tearDownFS();
|
||||
});
|
||||
|
||||
if (empty($uploadList)) {
|
||||
$this->config->deleteAppValue('files_external', 'user_certificate_scan');
|
||||
} else {
|
||||
$this->config->setAppValue('files_external', 'user_certificate_scan', json_encode($uploadList));
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,61 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2020 Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @author Morris Jobke <hey@morrisjobke.de>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Repair\NC21;
|
||||
|
||||
use OC\Core\BackgroundJobs\CheckForUserCertificates;
|
||||
use OCP\BackgroundJob\IJobList;
|
||||
use OCP\IConfig;
|
||||
use OCP\Migration\IOutput;
|
||||
use OCP\Migration\IRepairStep;
|
||||
|
||||
class AddCheckForUserCertificatesJob implements IRepairStep {
|
||||
|
||||
/** @var IJobList */
|
||||
protected $jobList;
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
public function __construct(IConfig $config, IJobList $jobList) {
|
||||
$this->jobList = $jobList;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
public function getName() {
|
||||
return 'Queue a one-time job to check for user uploaded certificates';
|
||||
}
|
||||
|
||||
private function shouldRun() {
|
||||
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
|
||||
|
||||
// was added to 21.0.0.2
|
||||
return version_compare($versionFromBeforeUpdate, '21.0.0.2', '<');
|
||||
}
|
||||
|
||||
public function run(IOutput $output) {
|
||||
if ($this->shouldRun()) {
|
||||
$this->config->setAppValue('files_external', 'user_certificate_scan', 'not-run-yet');
|
||||
$this->jobList->add(CheckForUserCertificates::class);
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue