Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Enabling SSL in Vanilla 2?

2456

Comments

  • From docs...

    So, the plugin author has the ability to override any core function simply by defining it before the framework does.

    Is this possible do to inside a plugin? If I put

    function Redirect($Destination) {}

    ...above my plugin class delaration I get
    Fatal error: Cannot redeclare redirect() (previously declared in ... functions.general.php.

    Would this need to be done in the bootstrap file?
  • lucluc ✭✭
    In : bootstrap.before.php in conf dir
  • derekdonderekdon New
    edited January 2010
    @bean
    thought so, cheers!

    Having a problem overriding a method in the base Gdn_Controller...
    Can anyone tell me is it... (within your plugin class)

    public function Gdn_Controller_MethodXYZ_Override(&$Sender) ??

    Doesn't seem to working... probably missing something stupid.
  • lucluc ✭✭
    Well I'd say, it doesn't work as the underscore is used to automatically find what to do, so here, as the controller has an underscore in its name, it is lost.

    Maybe done on purpose or not, as the Gdn_ was added later on. I'd say you will have to wait for @Mark for an answer on this.
  • SS ✭✭
    Only Controller::xMethod() can be overriden.
    Now only two contrroller has these methods DiscussionController::xGetNew() and Gdn_Controller::xRender()
  • derekdonderekdon New
    edited January 2010
    Okay I have this working but I need to sort out the ajax part of it... may need a bit of help. I want to try a avoid editing the existing files.
    First off...
    garden/js/entry.js uses definition('WebRoot', '') to get the webroot which it uses to check for an existing username etc. This is always http as the base class.controller's DefinitionList method writes a string of definitions which I can't override.
    It uses Gdn_Url::WebRoot(TRUE) as a value for a hidden WebRoot field.
    I also can't override Gdn_Url's methonds.

    I have tried a number of things.
    I've added my own,

    $Sender->AddDefinition('WebRoot', $this->_WebRoot()); // Returns webroot with correct protocol

    which gets added to the end of the class.controller's DefinitionList when rendered. But this just means there is two definitions for WebRoot, and the original is still the one that gets used. When the original is removed. The one with the correct protocol gets used by entry.js

    I have also been experimenting with an sslcontrollerhelper.js which is added to the controllers
    $Sender->AddJsFile('plugins/SSLControllers/sslcontrollerhelper.js');
    It's file contents is short,

    var WebRoot = '';
    // Get the protocol and WebRoot for the current controller via an ajax call
    // "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create"
    $.getJSON("/plugin/getwebroot", function (json)
    {
    WebRoot = json.WebRoot;
    });

    I can get values from the plugin with this but I'm not sure if it helps yet so I'm not using it. I don't use Ajax much.

    I also have a bootstrap.before.php file which re-defines a few of functions.general's methods. Nothing major.

    Any ideas on the best way to get definition('WebRoot', '') in the js files to return my protocol webroot when the plugin is enabled instead of the default?

  • MarkMark Vanilla Staff
    @derekdon - I'm going to change the controller class so that those "hard-coded" values are no longer hard-coded. They should be override-able.
  • @Mark
    That's great news! Going a bit mad trying to work around it... :-)
  • MarkMark Vanilla Staff
    edited January 2010
    Okay - pushed the change to master at GitHub. Now you'll be able to just go $Sender->AddDefinition('WebRoot', 'whatever you want');
  • derekdonderekdon New
    edited January 2010
    @Mark

    I don't suppose it's possible to override the Gdn_HandshakeAuthenticator's and the Gdn_PasswordAuthenticator's SignInUrl methods from a plugin? Or perhaps the Gdn_MenuModule AddLink method?
  • @Mark
    Cheers mate that great!
  • MarkMark Vanilla Staff
    I think that the authenticators should probably define the protocol. Gimme a minute to dig around.
  • derekdonderekdon New
    edited January 2010
    If you have a test site I can email you the plugin as it stands so you can get an idea of what's going on? It should work for you.
  • derekdonderekdon New
    edited January 2010
    Maybe you could change line 174 of the class.menumodule to also account for https if you're in the mood. :-)
  • MarkMark Vanilla Staff
    @derekdon - Okay, check this out: http://github.com/lussumo/Garden/commit/0c6b68652c733a582dee658ef3cd0ee18a33c09e

    I've made it so that your plugin can go:

    Gdn::Authenticator->Protocol('https');
  • @Mark
    That's cool! I've also just emailed you a couple of minor updates in relation to the whole http/https issue. Might be useful.
  • derekdonderekdon New
    edited January 2010
    @Mark

    The Base_Render_Before method in my plugin sets the Authenticator protocol. This works fine and switches the top menu sign in link to http or https. The problem is it has no effect on the links in the garden/views/modules/guest.php file. I've changed the SignInUrl method in the class.passwordauthenticator.php to return $this->_Protocol... and low and behold it's http for the module, and https for the top menu sign in link. The Base_Render_Before does some stuff and sets it. I imagine the problem is that I need to hook on to the module somehow to do the same. I would of thought they would be the same. Isn't it a Singleton?

    The only other different I can see is the top menu link is set from the master template like so;

    $this->Menu->AddLink('Entry', Gdn::Translate('Sign In'), $Authenticator->SignInUrl($this->SelfUrl), FALSE, array('class' => 'NonTab'), array('class' => 'SignInPopup'));

    and the one if the module is set like so;

    Anchor('Sign In', Gdn::Authenticator()->SignInUrl($this->_Sender->SelfUrl), 'Button');

    It's not a major issue as the plugin automatically kicks the controller into https if it's in the SecureControllers array. But I want to resolve it.

    Any ideas? Something in the Menu perhaps? I'll keep looking in the mean time.

    Cheers.
  • derekdonderekdon New
    edited January 2010
    Update to my last comment...

    I've put almost the exact same line of trace code in both files to check the results... results on the root homepage
    guest.php
    <?php echo Gdn::Authenticator()->SignInUrl($this->_Sender->SelfUrl); ?> // traces 'http'
    <?php echo $this->_Sender->SelfUrl; ?> // traces 'discussions'
    default.master.php
    <?php echo Gdn::Authenticator()->SignInUrl($this->SelfUrl); ?> // traces 'https'
    <?php echo $this->SelfUrl; ?> // traces 'discussions'

    As I said I have the SignInUrl currently returning the protocol.
  • MarkMark Vanilla Staff
    The module isn't getting the correct sign in url because it is added to the controller before your Base_Render_Before is fired. We need to do something sooner than that so that your change affects all modules.

    I was thinking about this issue this afternoon. I think that https should be a core option, anyway. What do you think of just having an https configuration option to set this to either:

    a: straight http
    b: https on entry pages
    c: https on entire forum

    ?
Sign In or Register to comment.