diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb
index ed021d9158d..51be59fcde2 100644
--- a/app/controllers/admin/dashboard_controller.rb
+++ b/app/controllers/admin/dashboard_controller.rb
@@ -9,6 +9,6 @@ class Admin::DashboardController < Admin::AdminController
end
def problems
- render_json_dump(problems: AdminDashboardData.fetch_problems)
+ render_json_dump(problems: AdminDashboardData.fetch_problems(check_force_https: request.ssl?))
end
end
diff --git a/app/models/admin_dashboard_data.rb b/app/models/admin_dashboard_data.rb
index 57a4394c27d..8ba294d4249 100644
--- a/app/models/admin_dashboard_data.rb
+++ b/app/models/admin_dashboard_data.rb
@@ -39,6 +39,10 @@ class AdminDashboardData
end
class << self; attr_reader :problem_syms, :problem_blocks, :problem_messages; end
+ def initialize(opts = {})
+ @opts = opts
+ end
+
def problems
problems = []
AdminDashboardData.problem_syms.each do |sym|
@@ -90,7 +94,7 @@ class AdminDashboardData
'dashboard.poll_pop3_auth_error'
]
- add_problem_check :rails_env_check, :host_names_check,
+ add_problem_check :rails_env_check, :host_names_check, :force_https_check,
:ram_check, :google_oauth2_config_check,
:facebook_config_check, :twitter_config_check,
:github_config_check, :s3_config_check, :image_magick_check,
@@ -112,8 +116,8 @@ class AdminDashboardData
'dash-stats'
end
- def self.fetch_problems
- AdminDashboardData.new.problems
+ def self.fetch_problems(opts = {})
+ AdminDashboardData.new(opts).problems
end
def self.problem_message_check(i18n_key)
@@ -234,4 +238,9 @@ class AdminDashboardData
I18n.t('dashboard.missing_mailgun_api_key')
end
+ def force_https_check
+ return unless @opts[:check_force_https]
+ I18n.t('dashboard.force_https_warning') unless SiteSetting.force_https
+ end
+
end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 714d5d8268e..96b7e87209f 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -956,6 +956,7 @@ en:
bad_favicon_url: "The favicon is failing to load. Check your favicon_url setting in Site Settings."
poll_pop3_timeout: "Connection to the POP3 server is timing out. Incoming email could not be retrieved. Please check your POP3 settings and service provider."
poll_pop3_auth_error: "Connection to the POP3 server is failing with an authentication error. Please check your POP3 settings."
+ force_https_warning: "Your website using SSL. But `force_https` is not yet enabled in your site settings."
site_settings:
censored_words: "Words that will be automatically replaced with ■■■■"
diff --git a/spec/models/admin_dashboard_data_spec.rb b/spec/models/admin_dashboard_data_spec.rb
index d04142bef5f..f65de862fd1 100644
--- a/spec/models/admin_dashboard_data_spec.rb
+++ b/spec/models/admin_dashboard_data_spec.rb
@@ -15,6 +15,9 @@ describe AdminDashboardData do
AdminDashboardData.fetch_problems
expect(called).to eq(true)
+
+ AdminDashboardData.fetch_problems(check_force_https: true)
+ expect(called).to eq(true)
end
it 'calls the passed method' do
@@ -281,6 +284,32 @@ describe AdminDashboardData do
end
end
+ describe 'force_https_check' do
+ subject { described_class.new(check_force_https: true).force_https_check }
+
+ it 'returns nil if force_https site setting enabled' do
+ SiteSetting.force_https = true
+ expect(subject).to be_nil
+ end
+
+ it 'returns nil if force_https site setting not enabled' do
+ SiteSetting.force_https = false
+ expect(subject).to eq(I18n.t('dashboard.force_https_warning'))
+ end
+ end
+
+ describe 'ignore force_https_check' do
+ subject { described_class.new(check_force_https: false).force_https_check }
+
+ it 'returns nil' do
+ SiteSetting.force_https = true
+ expect(subject).to be_nil
+
+ SiteSetting.force_https = false
+ expect(subject).to be_nil
+ end
+ end
+
describe 'stats cache' do
include_examples 'stats cachable'
end