[security] Force matomo.org related requests to use ssl as default (#19098)

* Update dataTable.js update database table * Update dataTable.js update table bug * Update dataTable.js shorter the query * update screenshot update screenshot * Update dataTable.js make table size stable * Revert "Update dataTable.js" This reverts commit 1a72e1d9580172414fb147cda9e66f4927f4b2ae. * Update dataTable.js update columns * Revert "update screenshot" This reverts commit c11aec88af44668171d2ee14e7a502b5fb04126f. * force ssl to api and plug force ssl to api and plug * force request to ssl force request to ssl * Update Http.php update tests * update tests update condition only on matomo.org * update checks update checks * update default to https update default to https * update phpcs check update phpcs check * Update plugins/Marketplace/config/config.php * add config force ssl on market place add config force ssl on market place * Update plugins/Marketplace/config/config.php Co-authored-by: Justin Velluppillai <justin@innocraft.com> * update config update config * update config update config * built vue files * remove double diagnostic remove double diagnostic * force api using https force api using https * update tests update tests * update feed back update feed back * Remove unused use * update failed display message update failed display message * Update plugins/CoreUpdater/Diagnostic/HttpsUpdateCheck.php Co-authored-by: Justin Velluppillai <justin@innocraft.com> * Minor text tweak * update hardcode to translation update hardcode to translation * update translation update translation * update language and some logic update language and some logic * run test run test * trigger test trigger test * update screenshot update screenshot Co-authored-by: sgiehl <stefan@matomo.org> Co-authored-by: Justin Velluppillai <justin@innocraft.com> Co-authored-by: peterhashair <peterhashair@users.noreply.github.com> Co-authored-by: Ben Burgess <88810029+bx80@users.noreply.github.com>
author: Peter Zhang <peter@innocraft.com> 2022-05-18 01:12:21 +0300
committer: GitHub <noreply@github.com> 2022-05-18 01:12:21 +0300
commit: 35957fc5aeecf9f6f795e4e8e005f9d37fab7a2d (patch)
tree: ea88e41c8643d469bdb0352e492d401ae5bdc09a /plugins/Marketplace
parent: 3860159eaa190561896dcade11268193b4b4630b (diff)
4 files changed, 28 insertions, 13 deletions
diff --git a/plugins/Marketplace/Api/Client.php b/plugins/Marketplace/Api/Client.php
index 953ffbb56b..5e81b6c982 100644
--- a/plugins/Marketplace/Api/Client.php
+++ b/plugins/Marketplace/Api/Client.php
@@ -8,15 +8,16 @@
  */
 namespace Piwik\Plugins\Marketplace\Api;
 
+use Exception as PhpException;
 use Matomo\Cache\Lazy;
 use Piwik\Common;
+use Piwik\Config\GeneralConfig;
 use Piwik\Container\StaticContainer;
 use Piwik\Filesystem;
 use Piwik\Http;
 use Piwik\Plugin;
 use Piwik\Plugins\Marketplace\Environment;
 use Piwik\SettingsServer;
-use Exception as PhpException;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -325,4 +326,18 @@ class Client
         return $this->service->getDomain() . $downloadUrl . '?coreVersion=' . $this->environment->getPiwikVersion();
     }
 
+    /**
+     * this will return the api.matomo.org through right protocols
+     * @return string
+     */
+    public static function getApiServiceUrl()
+    {
+        $url = GeneralConfig::getConfigValue('api_service_url');
+        if (!GeneralConfig::getConfigValue('force_matomo_ssl_request')) {
+            $url = str_replace('https', 'http', $url);
+        }
+
+        return $url;
+    }
+
 }
diff --git a/plugins/Marketplace/Controller.php b/plugins/Marketplace/Controller.php
index 3436e34b05..dc5c0cc3f3 100644
--- a/plugins/Marketplace/Controller.php
+++ b/plugins/Marketplace/Controller.php
@@ -8,6 +8,7 @@
 
 namespace Piwik\Plugins\Marketplace;
 
+use Exception;
 use Piwik\Common;
 use Piwik\Date;
 use Piwik\Filesystem;
@@ -29,7 +30,6 @@ use Piwik\SettingsPiwik;
 use Piwik\SettingsServer;
 use Piwik\Url;
 use Piwik\View;
-use Exception;
 
 class Controller extends \Piwik\Plugin\ControllerAdmin
 {
@@ -521,4 +521,5 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
 
         return $view;
     }
+
 }
diff --git a/plugins/Marketplace/config/config.php b/plugins/Marketplace/config/config.php
index ac6a1bb0df..1ebe26f698 100644
--- a/plugins/Marketplace/config/config.php
+++ b/plugins/Marketplace/config/config.php
@@ -1,16 +1,16 @@
 <?php
 
-use Psr\Container\ContainerInterface;
+use Piwik\Config\GeneralConfig;
 use Piwik\Plugins\Marketplace\Api\Service;
 use Piwik\Plugins\Marketplace\LicenseKey;
+use Psr\Container\ContainerInterface;
 
 return array(
     'MarketplaceEndpoint' => function (ContainerInterface $c) {
-        $domain = 'http://plugins.matomo.org';
-        $updater = $c->get('Piwik\Plugins\CoreUpdater\Updater');
+        $domain = 'https://plugins.matomo.org';
 
-        if ($updater->isUpdatingOverHttps()) {
-            $domain = str_replace('http://', 'https://', $domain);
+        if (GeneralConfig::getConfigValue('force_matomo_ssl_request') === 0) {
+            $domain = str_replace('https://', 'http://', $domain);
         }
 
         return $domain;
@@ -28,5 +28,5 @@ return array(
         $service->authenticate($accessToken);
 
         return $service;
-    }
+    },
 );
diff --git a/plugins/Marketplace/config/test.php b/plugins/Marketplace/config/test.php
index 94dba1508e..d302d92446 100644
--- a/plugins/Marketplace/config/test.php
+++ b/plugins/Marketplace/config/test.php
@@ -1,10 +1,10 @@
 <?php
 
-use Psr\Container\ContainerInterface;
-use Piwik\Plugins\Marketplace\tests\Framework\Mock\Consumer as MockConsumer;
+use Piwik\Plugins\Marketplace\Input\PurchaseType;
 use Piwik\Plugins\Marketplace\LicenseKey;
+use Piwik\Plugins\Marketplace\tests\Framework\Mock\Consumer as MockConsumer;
 use Piwik\Plugins\Marketplace\tests\Framework\Mock\Service as MockService;
-use Piwik\Plugins\Marketplace\Input\PurchaseType;
+use Psr\Container\ContainerInterface;
 
 return array(
     'MarketplaceEndpoint' => function (ContainerInterface $c) {
@@ -12,9 +12,8 @@ return array(
         // it is because someone might have overwritten MarketplaceEndpoit in local config.php and we want
         // to make sure system tests of marketplace are ran against plugins.piwik.org
         $domain = 'http://plugins.piwik.org';
-        $updater = $c->get('Piwik\Plugins\CoreUpdater\Updater');
 
-        if ($updater->isUpdatingOverHttps()) {
+        if (\Piwik\Http::isUpdatingOverHttps()) {
             $domain = str_replace('http://', 'https://', $domain);
         }
author	Peter Zhang <peter@innocraft.com>	2022-05-18 01:12:21 +0300
committer	GitHub <noreply@github.com>	2022-05-18 01:12:21 +0300
commit	35957fc5aeecf9f6f795e4e8e005f9d37fab7a2d (patch)
tree	ea88e41c8643d469bdb0352e492d401ae5bdc09a /plugins/Marketplace
parent	3860159eaa190561896dcade11268193b4b4630b (diff)