diff options
author | Christoph Wurst <ChristophWurst@users.noreply.github.com> | 2017-10-30 17:11:50 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-30 17:11:50 +0300 |
commit | ce01e4a30753739415539d607f7f462be5eedd87 (patch) | |
tree | c1ae4347540db97c1b0792da4fdf59581f093f6b | |
parent | 0836a91a651f8c510ab3c7836331ec7160aa2902 (diff) | |
parent | 74740f65c431301bf20a4ff38311aca69692833a (diff) |
Merge pull request #42 from nextcloud/http-warning
Show warning if u2f is used via HTTP
-rw-r--r-- | js/challenge.js | 11 | ||||
-rw-r--r-- | js/settingsview.js | 12 | ||||
-rw-r--r-- | templates/challenge.php | 12 | ||||
-rw-r--r-- | templates/personal.php | 18 |
4 files changed, 44 insertions, 9 deletions
diff --git a/js/challenge.js b/js/challenge.js index dd7e7e7..f6cadfd 100644 --- a/js/challenge.js +++ b/js/challenge.js @@ -1,6 +1,6 @@ /* global OCA, u2f */ -(function(OCA, u2f) { +(function(OCA, u2f, document) { 'use strict'; OCA.TwoFactorU2F = OCA.TwoFactorU2F || {}; @@ -32,7 +32,14 @@ $form.submit(); } + function checkHTTPS() { + if (document.location.protocol !== 'https:') { + $('#u2f-http-warning').show(); + } + } + function sign() { + checkHTTPS(); var req = JSON.parse($('#u2f-auth').val()); toggleError(false); @@ -46,4 +53,4 @@ $(sign); -})(OCA || {}, u2f); +})(OCA || {}, u2f, document); diff --git a/js/settingsview.js b/js/settingsview.js index 0488776..efd0993 100644 --- a/js/settingsview.js +++ b/js/settingsview.js @@ -1,6 +1,6 @@ /* global Backbone, Handlebars, OC, u2f, Promise, _ */ -(function (OC, OCA, Backbone, Handlebars, $, _, u2f) { +(function (OC, OCA, Backbone, Handlebars, $, _, u2f, document) { 'use strict'; OCA.TwoFactorU2F = OCA.TwoFactorU2F || {}; @@ -81,6 +81,8 @@ * @returns {undefined} */ render: function () { + this._checkHTTPS(); + this._devices = _.sortBy(this._devices, function (device) { // Underscore's stable sort requires a value for each item return device.name || ''; @@ -99,6 +101,12 @@ return this; }, + _checkHTTPS: function () { + if (document.location.protocol !== 'https:') { + $('#u2f-http-warning').show(); + } + }, + /** * @private * @returns {Promise} @@ -328,4 +336,4 @@ OCA.TwoFactorU2F.SettingsView = SettingsView; -})(OC, OCA, OC.Backbone, Handlebars, $, _, u2f); +})(OC, OCA, OC.Backbone, Handlebars, $, _, u2f, document); diff --git a/templates/challenge.php b/templates/challenge.php index 801d421..1077348 100644 --- a/templates/challenge.php +++ b/templates/challenge.php @@ -14,10 +14,18 @@ style('twofactor_u2f', 'style'); <img src="<?php print_unescaped(image_path('twofactor_u2f', 'app.svg')); ?>"> <p id="u2f-info"> - <?php p($l->t('Please plug in your U2F device and press the device button to authorize.')) ?> +<?php p($l->t('Please plug in your U2F device and press the device button to authorize.')) ?> </p> <p id="u2f-error" style="display: none"> <strong><?php p($l->t('An error occurred. Please try again.')) ?></strong> </p> -<p><em><?php p($l->t('Install the "U2F Support Add-on" on Firefox to use U2F, this is not needed on Chrome.')) ?></em></p> +<p> + <em> + <?php p($l->t('Install the "U2F Support Add-on" on Firefox to use U2F, this is not needed on Chrome.')) ?> + <p id="u2f-http-warning" + style="display: none"> + <?php p($l->t('You are accessing this site via an insecure connection. Browsers might therefore refuse the U2F authentication.')) ?> + </p> + </em> +</p> diff --git a/templates/personal.php b/templates/personal.php index 457c8f3..bd77496 100644 --- a/templates/personal.php +++ b/templates/personal.php @@ -11,7 +11,19 @@ style('twofactor_u2f', 'style'); <span class="icon-loading-small u2f-loading"></span> <span><?php p($l->t('Loading your devices …')); ?></span> </div> - <p class="utf-register-info" style="display: none;"><?php p($l->t('Please plug in your U2F device and press the device button to authorize.')) ?></p> - <p class="utf-register-info" style="display: none;"><em><?php p($l->t('Chrome is the only browser that supports U2F devices. You need to install the "U2F Support Add-on" on Firefox to use U2F.')) ?></em></p> - <p class="utf-register-success" style="display: none;"><span class="icon-checkmark-color" style="width: 16px;"></span><?php p($l->t('U2F device successfully registered.')) ?></p> + <p class="utf-register-info" style="display: none;"> + <?php p($l->t('Please plug in your U2F device and press the device button to authorize.')) ?> + </p> + <p class="utf-register-info" style="display: none;"> + <em> + <?php p($l->t('Chrome is the only browser that supports U2F devices. You need to install the "U2F Support Add-on" on Firefox to use U2F.')) ?> + <p id="u2f-http-warning" + style="display: none"> + <?php p($l->t('You are accessing this site via an insecure connection. Browsers might therefore refuse the U2F authentication.')) ?> + </p> + </em> + </p> + <p class="utf-register-success" style="display: none;"> + <span class="icon-checkmark-color" style="width: 16px;"></span><?php p($l->t('U2F device successfully registered.')) ?> + </p> </div> |