Author: sevein
Date: Fri Jan 27 23:37:57 2012
New Revision: 10762
Log:
Add optional setting to require SSL for admin funcionality, fixes issue 2226
Added:
trunk/lib/filter/QubitSslRequirementFilter.class.php
Modified:
trunk/apps/qubit/config/filters.yml
trunk/apps/qubit/modules/settings/actions/listAction.class.php
trunk/apps/qubit/modules/sfInstallPlugin/config/filters.yml
trunk/data/fixtures/settings.yml
trunk/lib/form/SettingsGlobalForm.class.php
trunk/plugins/qtSwordPlugin/modules/qtSwordPlugin/config/filters.yml
Modified: trunk/apps/qubit/config/filters.yml
==============================================================================
--- trunk/apps/qubit/config/filters.yml Fri Jan 27 21:59:41 2012 (r10761)
+++ trunk/apps/qubit/config/filters.yml Fri Jan 27 23:37:57 2012 (r10762)
@@ -14,5 +14,9 @@
settings:
class: QubitSettingsFilter
+# Must be executed after QubitSettingsFilter
+QubitSslRequirement:
+ class: QubitSslRequirementFilter
+
cache: ~
execution: ~
Modified: trunk/apps/qubit/modules/settings/actions/listAction.class.php
==============================================================================
--- trunk/apps/qubit/modules/settings/actions/listAction.class.php Fri Jan
27 21:59:41 2012 (r10761)
+++ trunk/apps/qubit/modules/settings/actions/listAction.class.php Fri Jan
27 23:37:57 2012 (r10762)
@@ -219,6 +219,7 @@
$showTooltips = QubitSetting::getSettingByName('show_tooltips');
$defaultPubStatus = QubitSetting::getSettingByName('defaultPubStatus');
$swordDepositDir = QubitSetting::getSettingByName('sword_deposit_dir');
+ $requireSslAdmin = QubitSetting::getSettingByName('require_ssl_admin');
// Set defaults for global form
$this->globalForm->setDefaults(array(
@@ -236,7 +237,8 @@
'explode_multipage_files' => (isset($explodeMultipageFiles)) ?
intval($explodeMultipageFiles->getValue(array('sourceCulture'=>true))) : 1,
'show_tooltips' => (isset($showTooltips)) ?
intval($showTooltips->getValue(array('sourceCulture'=>true))) : 1,
'defaultPubStatus' => (isset($defaultPubStatus)) ?
$defaultPubStatus->getValue(array('sourceCulture'=>true)) :
QubitTerm::PUBLICATION_STATUS_DRAFT_ID,
- 'sword_deposit_dir' => (isset($swordDepositDir)) ?
$swordDepositDir->getValue(array('sourceCulture'=>true)) : null
+ 'sword_deposit_dir' => (isset($swordDepositDir)) ?
$swordDepositDir->getValue(array('sourceCulture'=>true)) : null,
+ 'require_ssl_admin' => (isset($requireSslAdmin)) ?
intval($requireSslAdmin->getValue(array('sourceCulture'=>true))) : 1,
));
}
@@ -410,6 +412,16 @@
$setting->save();
}
+ // Require SSL for admin funcionality
+ if (null !== $requireSslAdmin = $thisForm->getValue('require_ssl_admin'))
+ {
+ $setting = QubitSetting::getSettingByName('require_ssl_admin');
+
+ // Force sourceCulture update to prevent discrepency in settings between
cultures
+ $setting->setValue($requireSslAdmin, array('sourceCulture' => true));
+ $setting->save();
+ }
+
return $this;
}
Modified: trunk/apps/qubit/modules/sfInstallPlugin/config/filters.yml
==============================================================================
--- trunk/apps/qubit/modules/sfInstallPlugin/config/filters.yml Fri Jan 27
21:59:41 2012 (r10761)
+++ trunk/apps/qubit/modules/sfInstallPlugin/config/filters.yml Fri Jan 27
23:37:57 2012 (r10762)
@@ -9,5 +9,8 @@
settings:
enabled: false
+QubitSslRequirement:
+ enabled: false
+
cache: ~
execution: ~
Modified: trunk/data/fixtures/settings.yml
==============================================================================
--- trunk/data/fixtures/settings.yml Fri Jan 27 21:59:41 2012 (r10761)
+++ trunk/data/fixtures/settings.yml Fri Jan 27 23:37:57 2012 (r10762)
@@ -369,3 +369,6 @@
QubitSetting_swordDepositDir:
name: sword_deposit_dir
value: '/tmp'
+ QubitSetting_sslRequirementAdmin:
+ name: require_ssl_admin
+ value: 0
Added: trunk/lib/filter/QubitSslRequirementFilter.class.php
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/lib/filter/QubitSslRequirementFilter.class.php Fri Jan 27
23:37:57 2012 (r10762)
@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * This file is part of Qubit Toolkit.
+ *
+ * Qubit Toolkit is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Qubit Toolkit is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Qubit Toolkit. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+class QubitSslRequirementFilter extends sfFilter
+{
+ public function execute($filterChain)
+ {
+ $context = $this->getContext();
+ $request = $context->getRequest();
+
+ if ($context->getConfiguration()->isDebug() ||
+ $request->isSecure() ||
+ !sfConfig::get('app_require_ssl_admin'))
+ {
+ return $filterChain->execute();
+ }
+
+ if ($context->user->isAuthenticated() ||
+ ('user' == $request->getParameter('module') &&
+ 'login' == $request->getParameter('action')))
+ {
+ $secure_url = str_replace('http', 'https', $request->getUri());
+
+ return $context->getController()->redirect($secure_url);
+ }
+ else
+ {
+ $filterChain->execute();
+ }
+ }
+}
Modified: trunk/lib/form/SettingsGlobalForm.class.php
==============================================================================
--- trunk/lib/form/SettingsGlobalForm.class.php Fri Jan 27 21:59:41 2012
(r10761)
+++ trunk/lib/form/SettingsGlobalForm.class.php Fri Jan 27 23:37:57 2012
(r10762)
@@ -53,7 +53,8 @@
'explode_multipage_files' => new
sfWidgetFormSelectRadio(array('choices'=>array(1=>'yes', 0=>'no')),
array('class'=>'radio')),
'show_tooltips' => new
sfWidgetFormSelectRadio(array('choices'=>array(1=>'yes', 0=>'no')),
array('class'=>'radio')),
'defaultPubStatus' => new
sfWidgetFormSelectRadio(array('choices'=>array(QubitTerm::PUBLICATION_STATUS_DRAFT_ID=>__('Draft'),
QubitTerm::PUBLICATION_STATUS_PUBLISHED_ID=>__('Published'))),
array('class'=>'radio')),
- 'sword_deposit_dir' => new sfWidgetFormInput
+ 'sword_deposit_dir' => new sfWidgetFormInput,
+ 'require_ssl_admin' => new
sfWidgetFormSelectRadio(array('choices'=>array(1=>'yes', 0=>'no')),
array('class'=>'radio'))
));
// Add labels
@@ -72,7 +73,8 @@
'explode_multipage_files' => __('Upload multi-page files as multiple
descriptions'),
'show_tooltips' => __('Show tooltips'),
'defaultPubStatus' => __('Default publication status'),
- 'sword_deposit_dir' => __('SWORD deposit directory')
+ 'sword_deposit_dir' => __('SWORD deposit directory'),
+ 'require_ssl_admin' => __('Require SSL for all administrator
funcionality')
));
// Add helper text
@@ -92,6 +94,7 @@
// 'explode_multipage_files' => __('')
// 'show_tooltips' => __('')
// 'sword_deposit_dir' => __('')
+ // 'require_ssl_admin' => __('')
));
// Reference image max. width validator
@@ -137,6 +140,7 @@
$this->validatorSchema['show_tooltips'] = new
sfValidatorInteger(array('required' => false));
$this->validatorSchema['defaultPubStatus'] = new
sfValidatorChoice(array('choices' =>
array(QubitTerm::PUBLICATION_STATUS_DRAFT_ID,
QubitTerm::PUBLICATION_STATUS_PUBLISHED_ID)));
$this->validatorSchema['sword_deposit_dir'] = new
sfValidatorString(array('required' => false));
+ $this->validatorSchema['require_ssl_admin'] = new
sfValidatorInteger(array('required' => false));
// Set decorator
$decorator = new QubitWidgetFormSchemaFormatterList($this->widgetSchema);
Modified: trunk/plugins/qtSwordPlugin/modules/qtSwordPlugin/config/filters.yml
==============================================================================
--- trunk/plugins/qtSwordPlugin/modules/qtSwordPlugin/config/filters.yml
Fri Jan 27 21:59:41 2012 (r10761)
+++ trunk/plugins/qtSwordPlugin/modules/qtSwordPlugin/config/filters.yml
Fri Jan 27 23:37:57 2012 (r10762)
@@ -16,6 +16,10 @@
class: QubitSettingsFilter
enabled: off
+QubitSslRequirement:
+ class: QubitSslRequirementFilter
+ enabled: off
+
rendering: ~
security: ~
cache: ~
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
