Commit graph

86 commits

Author SHA1 Message Date
Daniel Kesselberg
51f0651d68
Run setupchecks when #security-warnings is present
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-01-05 16:29:57 +01:00
Julius Härtl
a3be286273
Make setup check also pass with a 501 status
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-12-19 07:41:25 +01:00
Roeland Jago Douma
a915594b03
Merge pull request #12734 from nextcloud/feature/noid/check-nginx-woff2
Add check for missing .woff2 rule in Nginx via setup check
2018-11-29 19:36:56 +01:00
Morris Jobke
f5894b653d
Add check for missing .woff2 rule in Nginx via setup check
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-11-29 17:01:43 +01:00
Daniel Kesselberg
92675a606e
Add sendmailmode to gui
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-29 16:02:36 +01:00
Rinat Gumirov
5aca24f3bd expire share days in settings validate
Signed-off-by: Rinat Gumirov <rinat.gumirov@mail.ru>
2018-10-31 00:15:41 +05:00
Daniel Calviño Sánchez
20a5ce217a Add check for well known URL of WebFinger in the settings overview
If the WebFinger service is not set in Nextcloud configuration no check
is performed.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-10 14:12:10 +02:00
Morris Jobke
b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 10:41:02 +02:00
Daniel Calviño Sánchez
fe30653194
Fix "checkWellKnownUrl" not being run
The check is run only if its last parameter is true; data() tries to
convert the HTML attribute string to an actual JavaScript value, so
"true" is returned as an actual boolean instead of an string; as a
strict comparison against "true" was used the result was false and thus
the checks were not run.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-09-27 15:39:26 +02:00
Julius Härtl
5a20ac7df2
Add warning state to setup checks
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 17:34:38 +02:00
Julius Härtl
6afe3e42f3
Add visual indicator for setup checks
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-06-06 17:34:37 +02:00
Morris Jobke
0d5142be70
Show a link to the docs instead of a button on the untrusted domain page
Before there was a button to "quickly" add the untrusted domain to the config. This button often didn't worked, because the generated URL was often untrusted as well. Thus removing it and providing proper docs seems to be the better approach to handle this rare case.

Also the log should not be spammed by messages for the untrusted domain accesses, because they are user related and not necessarily an administrative issue.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-17 17:47:11 +02:00
Bjoern Schiessle
1615312bf1
add share permissions to settings page
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Joas Schilling
e938663329
Don't send the test mail twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-24 12:50:29 +02:00
Joas Schilling
a5b4308a51
Don't put the SMTP password into the HTML code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 15:44:20 +02:00
Joas Schilling
beb3f92c4d
Remove the double password confirmation on changing cron
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-13 15:52:16 +01:00
Joas Schilling
62855c08ff
Require confirmation when changing the email settings
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:50 +01:00
Joas Schilling
247b7f37ce
Color the trusted domain to alert the admin a bit more
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 12:22:21 +01:00
Joas Schilling
103bf6dd28
Switch to public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:26 +02:00
Joas Schilling
0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Morris Jobke
6bb95de1c5
Adding a optional disclaimer to the anonymous upload page 2016-09-08 18:44:27 +02:00
Morris Jobke
cf79417490
Use tooltip for background job execution time 2016-07-13 09:59:42 +02:00
Christoph Wurst
e4a8456d01
replace $().attr('checked') by $().prop('checked', state) or $().is(':checked') 2016-04-19 16:20:17 +02:00
Roeland Jago Douma
35024beb9c Add allow sharing with groups checkbox to admin page 2016-03-22 17:13:34 +01:00
Vincent Chan
faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Morris Jobke
8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Lukas Reschke
f4c04c5f28 Concat also the other results
Otherwise this will ignore the two last checks 🙊
2016-01-10 11:39:44 +01:00
Morris Jobke
0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Robin McCorkell
6959d5ca22 Properly detect setup check messages set in the HTML template 2015-11-08 00:02:59 +00:00
Thomas Müller
b2dd5cb616 save excluded groups in json format - fixes #10983 2015-10-01 15:37:55 +02:00
Robin McCorkell
2992a1aa88 Merge pull request #18395 from owncloud/hide-empty-security-warning
[admin settings] Show success message if security warnings are empty
2015-08-21 11:38:40 +01:00
Morris Jobke
63a1f9afac add success message 2015-08-21 11:09:01 +02:00
Morris Jobke
e8c3eb7473 Clear cron errors on change of background job mode
* fixes #18454
2015-08-20 14:51:28 +02:00
Morris Jobke
70bce7a54a [admin settings] hide security warnings if empty
* fixes #15257
2015-08-18 16:42:25 +02:00
Jan-Christoph Borchardt
12eec397e3 Merge pull request #17975 from owncloud/settings_admin_warning_levels
Settings admin warning levels
2015-08-18 13:38:08 +02:00
Roeland Jago Douma
8bde72c4bd All setup messages are now properly types 2015-07-30 09:57:08 +02:00
Roeland Jago Douma
5d15051da4 Allow setupchecks to specify a warning level 2015-07-30 09:57:08 +02:00
Roeland Jago Douma
15a0f8e433 Do not allow invalid default expire days
Currently it is possible to set a negative number of days in which a
public share expires. This results in public sharing not working and it
undesired.

Weird thing is that the API still lets you create shares and gives back
an URL. However the id is "unkown" and the URL invalid.
2015-07-04 06:57:00 +02:00
Bjoern Schiessle
8f1e504d79 adjust wording and add button to confirm encryption 2015-05-05 10:38:09 +02:00
Bjoern Schiessle
6dc3682cc2 don't let the the user disable encryption once it was activated 2015-05-04 13:13:31 +02:00
Clark Tomlinson
1174ad0681 Merge pull request #15445 from owncloud/enc2_migration
add migration script from old encryption to new one
2015-04-16 09:34:47 -04:00
Bjoern Schiessle
d2ef73367c allow user to start migration in admin settings if no external user back-ends are enabled 2015-04-16 14:15:04 +02:00
Jan-Christoph Borchardt
04ca5b8160 remove slow fade animation for remaining tipsy tooltips 2015-04-15 12:25:10 +02:00
Joas Schilling
495562f40c Move federated cloud sharing, files externals and updater to special positions 2015-03-27 09:38:09 +01:00
Thomas Müller
232518ac54 Merge pull request #15234 from owncloud/encryption2_core
core part of encryption 2.0
2015-03-26 21:14:59 +01:00
Bjoern Schiessle
ff9c85ce60 implement basic encryption functionallity in core to enable multiple encryption modules 2015-03-26 20:56:51 +01:00
Jan-Christoph Borchardt
04a4df5065 only show connection checks results if there are errors, fix #11476 2015-03-25 09:34:13 +01:00
Jan-Christoph Borchardt
db02edd7c8 adjust list of errors, more compact and readable 2015-03-06 15:27:21 +01:00
Lukas Reschke
bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Jakob Sack
0efed5c216 Add absolute time of last cronjob as hover tip 2015-02-28 21:48:19 +01:00