ssl_policy stuff

This commit is contained in:
friendica 2012-03-14 20:36:23 -07:00
parent 64e3e3590b
commit f0a62d8908
5 changed files with 103 additions and 11 deletions

View File

@ -379,11 +379,22 @@ class App {
$scheme = $this->scheme; $scheme = $this->scheme;
if(x($this->config,'ssl_policy')) { if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL)) if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL)
$scheme = 'https';
if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
$scheme = 'https'; $scheme = 'https';
// We need to populate the $ssl flag across the entire program before turning this on.
// Basically, we'll have $ssl = true on any links which can only be seen by a logged in user
// (and also the login link). Anything seen by an outsider will have it turned off.
// At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their
// contact links to this site with "http:" if they are currently using "https:"
// if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) {
// if($ssl)
// $scheme = 'https';
// else
// $scheme = 'http';
// }
} }
$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); $this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );

View File

@ -1046,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
if(! $rino_enable) if(! $rino_enable)
$rino = 0; $rino = 0;
$ssl_val = intval(get_config('system','ssl_policy'));
$ssl_policy = '';
switch($ssl_val){
case SSL_POLICY_FULL:
$ssl_policy = 'full';
break;
case SSL_POLICY_SELFSIGN:
$ssl_policy = 'self';
break;
case SSL_POLICY_NONE:
default:
$ssl_policy = 'none';
break;
}
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
logger('dfrn_deliver: ' . $url); logger('dfrn_deliver: ' . $url);
@ -1118,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['perm'] = 'r'; $postvars['perm'] = 'r';
} }
$postvars['ssl_policy'] = $ssl_policy;
if($rino && $rino_allowed && (! $dissolve)) { if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16); $key = substr(random_string(),0,16);
$data = bin2hex(aes_encrypt($postvars['data'],$key)); $data = bin2hex(aes_encrypt($postvars['data'],$key));

View File

@ -152,10 +152,6 @@ function admin_page_summary(&$a) {
$r = q("SELECT COUNT(id) as `count` FROM `register`"); $r = q("SELECT COUNT(id) as `count` FROM `register`");
$pending = $r[0]['count']; $pending = $r[0]['count'];
$t = get_markup_template("admin_summary.tpl"); $t = get_markup_template("admin_summary.tpl");
return replace_macros($t, array( return replace_macros($t, array(
'$title' => t('Administration'), '$title' => t('Administration'),
@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False); $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False); $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False); $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
$ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
set_config('config','sitename',$sitename); set_config('config','sitename',$sitename);
if ($banner==""){ if ($banner==""){
@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
} else { } else {
set_config('system','banner', $banner); set_config('system','banner', $banner);
} }
set_config('system','ssl_policy',$ssl_policy);
set_config('system','language', $language); set_config('system','language', $language);
set_config('system','theme', $theme); set_config('system','theme', $theme);
set_config('system','maximagesize', $maximagesize); set_config('system','maximagesize', $maximagesize);
@ -306,6 +303,12 @@ function admin_page_site(&$a) {
REGISTER_OPEN => t("Open") REGISTER_OPEN => t("Open")
); );
$ssl_choices = array(
SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
SSL_POLICY_FULL => t("Force all links to use SSL"),
SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
);
$t = get_markup_template("admin_site.tpl"); $t = get_markup_template("admin_site.tpl");
return replace_macros($t, array( return replace_macros($t, array(
'$title' => t('Administration'), '$title' => t('Administration'),
@ -322,7 +325,7 @@ function admin_page_site(&$a) {
'$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
'$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),

View File

@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
$key = ((x($_POST,'key')) ? $_POST['key'] : ''); $key = ((x($_POST,'key')) ? $_POST['key'] : '');
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r'); $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$writable = (-1); $writable = (-1);
if($dfrn_version >= 2.21) { if($dfrn_version >= 2.21) {
@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
$importer['writable'] = $writable; $importer['writable'] = $writable;
} }
// if contact's ssl policy changed, update our links
$ssl_changed = false;
if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
$ssl_changed = true;
$importer['url'] = str_replace('https:','http:',$importer['url']);
$importer['nurl'] = normalise_link($importer['url']);
$importer['photo'] = str_replace('https:','http:',$importer['photo']);
$importer['thumb'] = str_replace('https:','http:',$importer['thumb']);
$importer['micro'] = str_replace('https:','http:',$importer['micro']);
$importer['request'] = str_replace('https:','http:',$importer['request']);
$importer['notify'] = str_replace('https:','http:',$importer['notify']);
$importer['poll'] = str_replace('https:','http:',$importer['poll']);
$importer['confirm'] = str_replace('https:','http:',$importer['confirm']);
$importer['poco'] = str_replace('https:','http:',$importer['poco']);
}
if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
$ssl_changed = true;
$importer['url'] = str_replace('http:','https:',$importer['url']);
$importer['nurl'] = normalise_link($importer['url']);
$importer['photo'] = str_replace('http:','https:',$importer['photo']);
$importer['thumb'] = str_replace('http:','https:',$importer['thumb']);
$importer['micro'] = str_replace('http:','https:',$importer['micro']);
$importer['request'] = str_replace('http:','https:',$importer['request']);
$importer['notify'] = str_replace('http:','https:',$importer['notify']);
$importer['poll'] = str_replace('http:','https:',$importer['poll']);
$importer['confirm'] = str_replace('http:','https:',$importer['confirm']);
$importer['poco'] = str_replace('http:','https:',$importer['poco']);
}
if($ssl_changed) {
q("update contact set
url = '%s',
nurl = '%s',
photo = '%s',
thumb = '%s',
micro = '%s',
request = '%s',
notify = '%s',
poll = '%s',
confirm = '%s',
poco = '%s'
where id = %d limit 1",
dbesc($importer['url']),
dbesc($importer['nurl']),
dbesc($importer['photo']),
dbesc($importer['thumb']),
dbesc($importer['micro']),
dbesc($importer['request']),
dbesc($importer['notify']),
dbesc($importer['poll']),
dbesc($importer['confirm']),
dbesc($importer['poco']),
intval($importer['id'])
);
}
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
logger('dfrn_notify: data: ' . $data, LOGGER_DATA); logger('dfrn_notify: data: ' . $data, LOGGER_DATA);

View File

@ -7,6 +7,7 @@
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }} {{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
{{ inc field_select.tpl with $field=$language }}{{ endinc }} {{ inc field_select.tpl with $field=$language }}{{ endinc }}
{{ inc field_select.tpl with $field=$theme }}{{ endinc }} {{ inc field_select.tpl with $field=$theme }}{{ endinc }}
{{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
<div class="submit"><input type="submit" name="page_site" value="$submit" /></div> <div class="submit"><input type="submit" name="page_site" value="$submit" /></div>