Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 60 additions & 22 deletions application/controllers/ConfigController.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
namespace Icinga\Controllers;

use Exception;
use GuzzleHttp\Psr7\ServerRequest;
use Icinga\Application\Version;
use InvalidArgumentException;
use Icinga\Application\Config;
Expand All @@ -17,6 +18,7 @@
use Icinga\Forms\ActionForm;
use Icinga\Forms\Config\GeneralConfigForm;
use Icinga\Forms\Config\ResourceConfigForm;
use Icinga\Forms\Config\Security\CspConfigForm;
use Icinga\Forms\Config\UserBackendConfigForm;
use Icinga\Forms\Config\UserBackendReorderForm;
use Icinga\Forms\ConfirmRemovalForm;
Expand All @@ -25,6 +27,7 @@
use Icinga\Web\Notification;
use Icinga\Web\Url;
use Icinga\Web\Widget;
use ipl\Html\Contract\Form as ContractForm;

/**
* Application and module configuration
Expand All @@ -39,27 +42,35 @@ public function createApplicationTabs()
$tabs = $this->getTabs();
if ($this->hasPermission('config/general')) {
$tabs->add('general', [
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
'label' => $this->translate('General'),
'url' => 'config/general',
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
'label' => $this->translate('General'),
'url' => 'config/general',
'baseTarget' => '_main'
]);
}
if ($this->hasPermission('config/security')) {
$tabs->add('security', array(
'title' => $this->translate('Adjust the security configuration of Icinga Web 2'),
'label' => $this->translate('Security'),
'url' => 'config/security',
'baseTarget' => '_main',
));
}
if ($this->hasPermission('config/resources')) {
$tabs->add('resource', [
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'),
'url' => 'config/resource',
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'),
'url' => 'config/resource',
'baseTarget' => '_main'
]);
}
if ($this->hasPermission('config/access-control/users')
|| $this->hasPermission('config/access-control/groups')
) {
$tabs->add('authentication', [
'title' => $this->translate('Configure the user and group backends'),
'label' => $this->translate('Access Control Backends'),
'url' => 'config/userbackend',
'title' => $this->translate('Configure the user and group backends'),
'label' => $this->translate('Access Control Backends'),
'url' => 'config/userbackend',
'baseTarget' => '_main'
]);
}
Expand All @@ -79,6 +90,8 @@ public function indexAction()
{
if ($this->hasPermission('config/general')) {
$this->redirectNow('config/general');
} elseif ($this->hasPermission('config/security')) {
$this->redirectNow('config/security');
} elseif ($this->hasPermission('config/resources')) {
$this->redirectNow('config/resource');
} elseif ($this->hasPermission('config/access-control/*')) {
Expand All @@ -96,26 +109,51 @@ public function indexAction()
public function generalAction()
{
$this->assertPermission('config/general');

$this->view->title = $this->translate('General');

$form = new GeneralConfigForm();
$form->setIniConfig(Config::app());
$form->setOnSuccess(function (GeneralConfigForm $form) {
$config = Config::app();
$useStrictCsp = (bool) $config->get('security', 'use_strict_csp', false);
if ($form->onSuccess() === false) {
return false;
}

$appConfigForm = $form->getSubForm('form_config_general_application');
if ($appConfigForm && (bool) $appConfigForm->getValue('security_use_strict_csp') !== $useStrictCsp) {
$this->getResponse()->setReloadWindow(true);
Comment thread
Al2Klimov marked this conversation as resolved.
}
})->handleRequest();
$form->handleRequest();

$this->view->form = $form;
$this->view->title = $this->translate('General');

$this->createApplicationTabs()->activate('general');
}

/**
* Security configuration
*
* @return void
*/
public function securityAction(): void
{
$this->assertPermission('config/security');

$this->view->title = $this->translate('Security');

$config = Config::app();
$cspForm = new CspConfigForm($config);
// Keep the auto-generation options off by default for installations that already
// had CSP enabled, so their existing behavior isn't changed. For installations
// enabling CSP for the first time, default them on as the recommended setting.
$defaultValue = $cspForm->isCspEnabled() ? '0' : '1';
$cspForm->populate([
'security__csp_enable_modules' => $config->get('security', 'csp_enable_modules', $defaultValue),
'security__csp_enable_dashboards' => $config->get('security', 'csp_enable_dashboards', $defaultValue),
'security__csp_enable_navigation' => $config->get('security', 'csp_enable_navigation', $defaultValue),
]);

$cspForm->on(ContractForm::ON_SUBMIT, function (CspConfigForm $form) {
if ($form->hasConfigChanged()) {
$this->getResponse()->setReloadWindow(true);
}
});
$cspForm->handleRequest(ServerRequest::fromGlobals());
$this->view->cspForm = $cspForm;
$this->createApplicationTabs()->activate('security');
}

/**
* Display the list of all modules
*/
Expand Down
12 changes: 0 additions & 12 deletions application/forms/Config/General/ApplicationConfigForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,18 +57,6 @@ public function createElements(array $formData)
]
);

$this->addElement(
'checkbox',
'security_use_strict_csp',
[
'label' => $this->translate('Enable strict content security policy'),
'description' => $this->translate(
'Set whether to use strict content security policy (CSP).'
. ' This setting helps to protect from cross-site scripting (XSS).'
)
]
);

$this->addElement(
'text',
'global_module_path',
Expand Down
Loading
Loading