From c4d4ea399d3e2705d8880fdb22cf4fd4abfb14a1 Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Mon, 22 Jan 2007 01:46:34 +0000
Subject: [PATCH] minor improvement of README.proxy moved "ReadOnlyConfig"
 warning to "partition" plugin moved "NoSSL" warning to
 "encrypted_webinterface" plugin display up to three warnings at once

---
 README.proxy                                  | 15 +++++----
 .../encrypted_webinterface.py                 | 17 ++++++++++
 plugins/encrypted_webinterface/language.hdf   |  9 ++++++
 plugins/partition/language.hdf                | 12 +++++++
 plugins/partition/partition.py                |  9 ++++++
 src/cryptobox/plugins/base.py                 | 13 ++++++++
 src/cryptobox/web/sites.py                    | 32 +++++--------------
 templates/header.cs                           | 13 +++++---
 templates/language.hdf                        | 16 ----------
 www-data/cryptobox.css                        | 10 +++---
 10 files changed, 91 insertions(+), 55 deletions(-)

diff --git a/README.proxy b/README.proxy
index eed29e8..c8a09c0 100644
--- a/README.proxy
+++ b/README.proxy
@@ -1,13 +1,15 @@
 Running the CryptoBox behind a proxy
 
-This describes how to setup the CryptoBox webserver behind a apache or lighttpd
-as proxy webservers.
+This describes how to setup the CryptoBox webserver behind a proxy webserver
+(e.g.: apache or lighttpd).
+
 
 
 -=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
 
-The following section describes how to configure an apache2 webserver for
-forwarding requests to the cherrypy server of the CryptoBox.
+
+The following section describes how to configure an apache2 webserver to
+forward requests to the cherrypy server of the CryptoBox.
 
 
 1) Required modules
@@ -41,12 +43,13 @@ forwarding requests to the cherrypy server of the CryptoBox.
 
 3) Testing
 	Now you should point your webserver to the proxy host and check if
-	the CryptoBox layout ist working properly.
+	the CryptoBox layout ist displayed properly.
+
 
------
 
 -=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
 
+
 In this section we do the same as above, but with lighttpd.
 
 Your lighttpd config should contain something like this:
diff --git a/plugins/encrypted_webinterface/encrypted_webinterface.py b/plugins/encrypted_webinterface/encrypted_webinterface.py
index ce67bdd..7e2ec5c 100644
--- a/plugins/encrypted_webinterface/encrypted_webinterface.py
+++ b/plugins/encrypted_webinterface/encrypted_webinterface.py
@@ -46,3 +46,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
 		"""
 		return "TODO"
 
+
+	def get_warnings(self):
+		"""check if the connection is encrypted
+		"""
+		import cherrypy, os
+		if cherrypy.request.scheme == "https":
+			return None
+		## check an environment setting - this is quite common behind proxies
+		if os.environ.has_key("HTTPS"):
+			return None
+		## this arbitrarily chosen header is documented in README.proxy
+		if cherrypy.request.headers.has_key("X-SSL-Request") \
+				and (cherrypy.request.headers["X-SSL-Request"] == "1"):
+			return None
+		## plaintext connection -> "heavy security risk" (priority=20..39)
+		return (25, "Plugins.%s.NoSSL" % self.get_name())
+
diff --git a/plugins/encrypted_webinterface/language.hdf b/plugins/encrypted_webinterface/language.hdf
index 4c9aa9e..9310412 100644
--- a/plugins/encrypted_webinterface/language.hdf
+++ b/plugins/encrypted_webinterface/language.hdf
@@ -5,3 +5,12 @@ Title	= Create encryption certificate
 
 Button.CreateCertificate	= Create certificate
 
+
+EnvironmentWarning {
+	NoSSL {
+		Text	= The connection is not encrypted - passwords can be easily intercepted.
+		Link.Text	= Use encrypted connection
+		Link.Prot 	= https
+		}
+	}
+
diff --git a/plugins/partition/language.hdf b/plugins/partition/language.hdf
index a6aef70..1fe1f52 100644
--- a/plugins/partition/language.hdf
+++ b/plugins/partition/language.hdf
@@ -48,6 +48,16 @@ AdviceMessage {
 	}
 }
 
+
+EnvironmentWarning {
+	ReadOnlyConfig {
+		Text	= Read-only setup detected - probably you should create a configuration partition.
+		Link.Text	= Initialize partition
+		Link.Rel = partition
+	}
+}
+
+
 SuccessMessage {
 	Partitioned {
 		Title	= Partitioning complete
@@ -61,6 +71,7 @@ SuccessMessage {
 	}
 }
 
+
 WarningMessage {
 	FormatNotConfirmed {
 		Title	= Confirmation missing
@@ -107,3 +118,4 @@ WarningMessage {
 		Text	= The minimum size of a volume is 10 megabytes.
 	}
 }
+
diff --git a/plugins/partition/partition.py b/plugins/partition/partition.py
index cb312dd..d563455 100644
--- a/plugins/partition/partition.py
+++ b/plugins/partition/partition.py
@@ -98,6 +98,15 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
 				self.with_config_partition)
 
 
+	def get_warnings(self):
+		## this check is done _after_ "reset_dataset" -> if there is
+		## a config partition, then it was loaded before
+		if self.cbox.prefs.requires_partition() \
+				and not self.cbox.prefs.get_active_partition():
+			return (50, "Plugins.%s.ReadOnlyConfig" % self.get_name())
+		return None
+
+
 	def __prepare_dataset(self):
 		"""Set some hdf values.
 		"""
diff --git a/src/cryptobox/plugins/base.py b/src/cryptobox/plugins/base.py
index ec68ccf..8059a26 100644
--- a/src/cryptobox/plugins/base.py
+++ b/src/cryptobox/plugins/base.py
@@ -110,6 +110,19 @@ class CryptoBoxPlugin:
 		"""
 		pass
 
+	
+	def get_warnings(self):
+		"""Return a priority and a warning, if the plugin detects a misconfiguration
+
+		valid prioritie ranges are:
+			- 80..99	loss of data is possible
+			- 60..79	the cryptobox will probably not work at all
+			- 40..59	important features will propably not work
+			- 20..39	heavy security risk OR broken recommended features
+			- 00..19	possible mild security risk OR broken/missing optional features
+		"""
+		return None
+
 
 	@cherrypy.expose
 	def get_icon(self, image=None, **kargs):
diff --git a/src/cryptobox/web/sites.py b/src/cryptobox/web/sites.py
index e08803f..1627e8e 100644
--- a/src/cryptobox/web/sites.py
+++ b/src/cryptobox/web/sites.py
@@ -419,30 +419,14 @@ class WebInterfaceSites:
 
 		examples are: non-https, readonly-config, ...
 		"""
-		## this check is done _after_ "reset_dataset" -> if there is
-		## a config partition, then it was loaded before
-		if self.cbox.prefs.requires_partition() \
-				and not self.cbox.prefs.get_active_partition():
-			self.__dataset["Data.EnvironmentWarning"] = "ReadOnlyConfig"
-		#TODO: turn this on soon (add "not") - for now it is annoying
-		if not self.__check_https():
-			self.__dataset["Data.EnvironmentWarning"] = "NoSSL"
-
-
-	def __check_https(self):
-		"""check the request scheme
-		"""
-		if cherrypy.request.scheme == "https":
-			return True
-		## check an environment setting - this is quite common behind proxies
-		if os.environ.has_key("HTTPS"):
-			return True
-		## this arbitrarily chosen header is documented in README.proxy
-		if cherrypy.request.headers.has_key("X-SSL-Request") \
-				and (cherrypy.request.headers["X-SSL-Request"] == "1"):
-			return True
-		## plaintext connection
-		return False
+		warnings = []
+		for pl in self.__plugin_manager.get_plugins():
+			warnings.append(pl.get_warnings())
+		## remove empty warnings
+		warnings = [ e for e in warnings if e ]
+		warnings.sort(reverse=True)
+		for (index, (warn_prio, warn_text)) in enumerate(warnings):
+			self.__dataset["Data.EnvironmentWarning.%d" % index] = warn_text
 
 
 	def __set_web_lang(self, value):
diff --git a/templates/header.cs b/templates/header.cs
index f9effec..3704610 100644
--- a/templates/header.cs
+++ b/templates/header.cs
@@ -88,10 +88,15 @@ if:subcount(Data.StylesheetFiles) > 0
 		</td></tr></table>
 	</div></td></tr>
 
-	<?cs if:?Data.EnvironmentWarning ?>
-		<tr><td colspan="3"><div id="EnvironmentWarning"><?cs
-			call:environment_warning(Data.EnvironmentWarning) ?></div></td></tr>
-	<?cs /if ?>
+	<?cs if:subcount(Data.EnvironmentWarning) > 0
+		?><?cs # display up to 3 warnings (sorted by priority)
+		?><?cs set:warn_count = min(#3, subcount(Data.EnvironmentWarning))
+		?><?cs loop: x = #0, warn_count-#1, #1 ?>
+			<tr><td colspan="3"><div class="EnvironmentWarning">
+				<?cs call:environment_warning(Data.EnvironmentWarning[x]) ?>
+				</div></td></tr>
+		<?cs /loop ?><?cs
+	/if ?>
 
 
 		<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>
diff --git a/templates/language.hdf b/templates/language.hdf
index 6635146..09de2db 100644
--- a/templates/language.hdf
+++ b/templates/language.hdf
@@ -91,19 +91,3 @@ WarningMessage {
 	}
 }
 
-
-EnvironmentWarning {
-
-	ReadOnlyConfig {
-		Text	= Read-only setup detected - probably you should create a configuration partition.
-		Link.Text	= Initialize partition
-		Link.Rel = partition
-	}
-
-	NoSSL {
-		Text	= The connection is not encrypted - passwords can be easily intercepted.
-		Link.Text	= Use encrypted connection
-		Link.Prot 	= https
-		}
-	}
-}
diff --git a/www-data/cryptobox.css b/www-data/cryptobox.css
index 8f3b7d4..8606ca9 100644
--- a/www-data/cryptobox.css
+++ b/www-data/cryptobox.css
@@ -156,7 +156,7 @@ fieldset.message td {
 
 /* -------=-=-=- environmental messages -=-=-=-------- */
 
-#EnvironmentWarning fieldset.message {
+div.EnvironmentWarning fieldset.message {
 	text-align: left;
 	margin: 0 2px 8px 2px; 
 	padding: 5px;
@@ -167,7 +167,7 @@ fieldset.message td {
 	background-image: url(environment_warning_background.png);
 	}
 
-#EnvironmentWarning fieldset.message td.message_symbol img {
+div.EnvironmentWarning fieldset.message td.message_symbol img {
 	width: 16px;
 	height: 16px;
 	padding: 2px;
@@ -175,17 +175,17 @@ fieldset.message td {
 	vertical-align: middle;
 	}
 
-#EnvironmentWarning fieldset.message td.link {
+div.EnvironmentWarning fieldset.message td.link {
 	text-align: right;
 }
 
-#EnvironmentWarning fieldset.message td.link a {
+div.EnvironmentWarning fieldset.message td.link a {
 	color: #55b;
 	font-style: italic;
 	text-decoration: none;
 }
 
-#EnvironmentWarning fieldset.message td.link a:hover {
+div.EnvironmentWarning fieldset.message td.link a:hover {
 	text-decoration: underline;
 }