#20230: Improving the SSL module

Work Item: 20230

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Drivers/SslSettingsPartDriver.cs

@@ -37,6 +37,7 @@ namespace Orchard.SecureSocketsLayer.Drivers {
 
         protected override void Importing(SslSettingsPart part, ImportContentContext context) {
             var elementName = part.PartDefinition.Name;
+            part.Enabled = bool.Parse(context.Attribute(elementName, "Enabled") ?? "false");
             part.SecureEverything = bool.Parse(context.Attribute(elementName, "SecureEverything") ?? "true");
             part.CustomEnabled = bool.Parse(context.Attribute(elementName, "CustomEnabled") ?? "false");
             part.Urls = context.Attribute(elementName, "Urls") ?? "";
@@ -48,6 +49,7 @@ namespace Orchard.SecureSocketsLayer.Drivers {
 
         protected override void Exporting(SslSettingsPart part, ExportContentContext context) {
             var el = context.Element(part.PartDefinition.Name);
+            el.SetAttributeValue("Enabled", part.Enabled);
             el.SetAttributeValue("SecureEverything", part.SecureEverything);
             el.SetAttributeValue("CustomEnabled", part.CustomEnabled);
             el.SetAttributeValue("Urls", part.Urls);

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Filters/SecureSocketsLayersFilter.cs

@@ -1,19 +1,30 @@
 using System.Collections.Specialized;
 using System.Web.Mvc;
+using Orchard.Localization;
 using Orchard.Mvc.Filters;
 using Orchard.SecureSocketsLayer.Services;
+using Orchard.UI.Notify;
 
 namespace Orchard.SecureSocketsLayer.Filters {
     public class SecureSocketsLayersFilter : FilterProvider, IActionFilter {
         private readonly ISecureSocketsLayerService _sslService;
+        private readonly IOrchardServices _orchardServices;
 
-        public SecureSocketsLayersFilter(ISecureSocketsLayerService sslService) {
+        public SecureSocketsLayersFilter(ISecureSocketsLayerService sslService, IOrchardServices orchardServices) {
             _sslService = sslService;
+            _orchardServices = orchardServices;
         }
-
+        public Localizer T { get; set; }
         public void OnActionExecuted(ActionExecutedContext filterContext) {}
 
         public void OnActionExecuting(ActionExecutingContext filterContext) {
+            var settings = _sslService.GetSettings();
+
+            if (!settings.Enabled) {
+                _orchardServices.Notifier.Warning(T("You need to configure the SSL settings."));
+                return;
+            }
+
             var user = filterContext.HttpContext.User;
             var secure =
                 (user != null && user.Identity.IsAuthenticated) ||

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Models/SslSettingsPart.cs

@@ -3,7 +3,8 @@ using Orchard.ContentManagement;
 using Orchard.ContentManagement.FieldStorage.InfosetStorage;
 
 namespace Orchard.SecureSocketsLayer.Models {
-    internal class SslSettings {
+    public class SslSettings {
+        public bool Enabled { get; set; }
         public string Urls { get; set; }
         public bool SecureEverything { get; set; }
         public bool CustomEnabled { get; set; }
@@ -28,6 +29,14 @@ namespace Orchard.SecureSocketsLayer.Models {
             set { this.As<InfosetPart>().Set<SslSettingsPart>("SecureEverything", value.ToString()); }
         }
 
+        public bool Enabled {
+            get {
+                var attributeValue = this.As<InfosetPart>().Get<SslSettingsPart>("Enabled");
+                return !String.IsNullOrWhiteSpace(attributeValue) && Convert.ToBoolean(attributeValue);
+            }
+            set { this.As<InfosetPart>().Set<SslSettingsPart>("Enabled", value.ToString()); }
+        }
+
         public bool CustomEnabled {
             get {
                 var attributeValue = this.As<InfosetPart>().Get<SslSettingsPart>("CustomEnabled");

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Module.txt

@@ -2,10 +2,9 @@ Name: Secure Sockets Layer
 AntiForgery: enabled
 Author: The Orchard Team
 Website: http://orchardproject.net
-Version: 1.7.1
-OrchardVersion: 1.7.1
+Version: 1.7.2
+OrchardVersion: 1.7.2
 Description: This module will ensure SSL is used when accessing specific parts of the website like the dashboard, authentication pages or custom pages.
 FeatureName: Secure Sockets Layer
 Category: Security
 FeatureDescription: Use SSL for specific parts of the website
-Dependencies: Orchard.Users

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Orchard.SecureSocketsLayer.csproj

@@ -64,7 +64,7 @@
     <Reference Include="System.Xml.Linq" />
   </ItemGroup>
   <ItemGroup>
-    <Content Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
     <Content Include="Module.txt" />
   </ItemGroup>
   <ItemGroup>

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Properties/AssemblyInfo.cs

@@ -30,5 +30,5 @@ using System.Runtime.InteropServices;
 //
 // You can specify all the values or you can default the Revision and Build Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyVersion("1.7.2")]
+[assembly: AssemblyFileVersion("1.7.2")]

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Services/ISecureSocketsLayerService.cs

@@ -1,5 +1,6 @@
 using System.Web.Mvc;
 using System.Web.Routing;
+using Orchard.SecureSocketsLayer.Models;
 
 namespace Orchard.SecureSocketsLayer.Services {
     public interface ISecureSocketsLayerService : IDependency {
@@ -12,5 +13,7 @@ namespace Orchard.SecureSocketsLayer.Services {
         string SecureActionUrl(string actionName, string controllerName);
         string SecureActionUrl(string actionName, string controllerName, object routeValues);
         string SecureActionUrl(string actionName, string controllerName, RouteValueDictionary routeValues);
+        SslSettings GetSettings();
+
     }
 }

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Services/SecureSocketsLayerService.cs

@@ -188,7 +188,7 @@ namespace Orchard.SecureSocketsLayer.Services {
                 : string.Equals(requestPath, pattern, StringComparison.OrdinalIgnoreCase);
         }
 
-        private SslSettings GetSettings() {
+        public SslSettings GetSettings() {
             return _cacheManager.Get("SslSettings",
                 ctx => {
                     ctx.Monitor(_signals.When(SslSettingsPart.CacheKey));
@@ -198,7 +198,8 @@ namespace Orchard.SecureSocketsLayer.Services {
                         CustomEnabled = settingsPart.CustomEnabled,
                         SecureEverything = settingsPart.SecureEverything,
                         SecureHostName = settingsPart.SecureHostName,
-                        InsecureHostName = settingsPart.InsecureHostName
+                        InsecureHostName = settingsPart.InsecureHostName,
+                        Enabled = settingsPart.Enabled
                     };
                 });
         }

src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Views/EditorTemplates/Parts/SecureSocketsLayer.Settings.cshtml

@@ -3,34 +3,42 @@
 <fieldset>
     <legend>@T("SSL Settings")</legend>
     <div>
-        @Html.EditorFor(m => m.SecureEverything)
-        <label for="@Html.FieldIdFor(m => m.SecureEverything)" class="forcheckbox">@T("Force SSL on all pages")</label>
-        @Html.ValidationMessage("SecureEverything", "*")
+        @Html.EditorFor(m => m.Enabled)
+        <label for="@Html.FieldIdFor(m => m.Enabled)" class="forcheckbox">@T("Enable SSL redirection")</label>
+        @Html.ValidationMessage("Enabled", "*")
     </div>
-    <div>
+    <div data-controllerid="@Html.FieldIdFor(m => m.Enabled)">
         <div>
-            @Html.EditorFor(m => m.CustomEnabled)
-            <label for="@Html.FieldIdFor(m => m.CustomEnabled)" class="forcheckbox">@T("Enable SSL on specific pages")</label>
-            @Html.ValidationMessage("CustomEnabled", "*")
+            @Html.EditorFor(m => m.SecureEverything)
+            <label for="@Html.FieldIdFor(m => m.SecureEverything)" class="forcheckbox">@T("Force SSL on all pages")</label>
+            @Html.ValidationMessage("SecureEverything", "*")
         </div>
-        <div data-controllerid="@Html.FieldIdFor(m => m.CustomEnabled)">
+        <div>
             <div>
-                <label for="@Html.FieldIdFor(m => m.Urls)">@T("Urls")</label>
-                @Html.TextAreaFor(m => m.Urls, new { @class = "textMedium", rows = "5" } )
-                @Html.ValidationMessage("Urls", "*")
-                <span class="hint">@T("Provide a list of urls, one per line. Urls can contains wildcard matches using '*', or root identifier like '~/'")</span>
-                <span class="hint">@T("Examples: http://mysite.com/mypage, ~/Profile/Edit, ~/Profile/*")</span>
+                @Html.EditorFor(m => m.CustomEnabled)
+                <label for="@Html.FieldIdFor(m => m.CustomEnabled)" class="forcheckbox">@T("Enable SSL on specific pages")</label>
+                @Html.ValidationMessage("CustomEnabled", "*")
+            </div>
+            <div data-controllerid="@Html.FieldIdFor(m => m.CustomEnabled)">
+                <div>
+                    <label for="@Html.FieldIdFor(m => m.Urls)">@T("Urls")</label>
+                    @Html.TextAreaFor(m => m.Urls, new { @class = "textMedium", rows = "5" })
+                    @Html.ValidationMessage("Urls", "*")
+                    <span class="hint">@T("Provide a list of urls, one per line. Urls can contains wildcard matches using '*', or root identifier like '~/'")</span>
+                    <span class="hint">@T("Examples: http://mysite.com/mypage, ~/Profile/Edit, ~/Profile/*")</span>
+                </div>
             </div>
         </div>
+        <div>
+            <label for="@Html.FieldIdFor(m => m.SecureHostName)">@T("Secure Host Name")</label>
+            @Html.TextBoxFor(m => m.SecureHostName, new { @class = "textMedium" })
+            <span class="hint">@T("Provide the host name secure traffic should be redirected to (e.g. secure.mydomain.com). Don't include the protocol or anything else than the host name. A port can be specified after a colon if necessary (e.g. secure.127-0-0-1.org.uk:4333).")</span>
+        </div>
+        <div>
+            <label for="@Html.FieldIdFor(m => m.InsecureHostName)">@T("Insecure Host Name")</label>
+            @Html.TextBoxFor(m => m.InsecureHostName, new { @class = "textMedium" })
+            <span class="hint">@T("Provide the host name non-secured traffic should be redirected to (e.g. mydomain.com). Don't include the protocol or anything else than the host name. A port can be specified after a colon if necessary (e.g. dev.127-0-0-1.org.uk:4333).")</span>
+        </div>
     </div>
-    <div>
-        <label for="@Html.FieldIdFor(m => m.SecureHostName)">@T("Secure Host Name")</label>
-        @Html.TextBoxFor(m => m.SecureHostName, new { @class = "textMedium" })
-        <span class="hint">@T("Provide the host name secure traffic should be redirected to (e.g. secure.mydomain.com). Don't include the protocol or anything else than the host name. A port can be specified after a colon if necessary (e.g. secure.127-0-0-1.org.uk:4333).")</span>
-    </div>
-    <div>
-        <label for="@Html.FieldIdFor(m => m.InsecureHostName)">@T("Insecure Host Name")</label>
-        @Html.TextBoxFor(m => m.InsecureHostName, new { @class = "textMedium" })
-        <span class="hint">@T("Provide the host name non-secured traffic should be redirected to (e.g. mydomain.com). Don't include the protocol or anything else than the host name. A port can be specified after a colon if necessary (e.g. dev.127-0-0-1.org.uk:4333).")</span>
-    </div>
+
 </fieldset>