Merge pull request #5482 from vinothkannans/force_https_check

FEATURE: Display force_https warning in admin problems dashboard

app/controllers/admin/dashboard_controller.rb

@@ -9,6 +9,6 @@ class Admin::DashboardController < Admin::AdminController
   end
 
   def problems
-    render_json_dump(problems: AdminDashboardData.fetch_problems)
+    render_json_dump(problems: AdminDashboardData.fetch_problems(check_force_https: request.ssl?))
   end
 end

app/models/admin_dashboard_data.rb

@@ -39,6 +39,10 @@ class AdminDashboardData
   end
   class << self; attr_reader :problem_syms, :problem_blocks, :problem_messages; end
 
+  def initialize(opts = {})
+    @opts = opts
+  end
+
   def problems
     problems = []
     AdminDashboardData.problem_syms.each do |sym|
@@ -90,7 +94,7 @@ class AdminDashboardData
       'dashboard.poll_pop3_auth_error'
     ]
 
-    add_problem_check :rails_env_check, :host_names_check,
+    add_problem_check :rails_env_check, :host_names_check, :force_https_check,
                       :ram_check, :google_oauth2_config_check,
                       :facebook_config_check, :twitter_config_check,
                       :github_config_check, :s3_config_check, :image_magick_check,
@@ -112,8 +116,8 @@ class AdminDashboardData
     'dash-stats'
   end
 
-  def self.fetch_problems
+  def self.fetch_problems(opts = {})
-    AdminDashboardData.new.problems
+    AdminDashboardData.new(opts).problems
   end
 
   def self.problem_message_check(i18n_key)
@@ -234,4 +238,9 @@ class AdminDashboardData
     I18n.t('dashboard.missing_mailgun_api_key')
   end
 
+  def force_https_check
+    return unless @opts[:check_force_https]
+    I18n.t('dashboard.force_https_warning') unless SiteSetting.force_https
+  end
+
 end

config/locales/server.en.yml

@@ -956,6 +956,7 @@ en:
     bad_favicon_url: "The favicon is failing to load. Check your favicon_url setting in <a href='/admin/site_settings'>Site Settings</a>."
     poll_pop3_timeout: "Connection to the POP3 server is timing out. Incoming email could not be retrieved. Please check your <a href='/admin/site_settings/category/email'>POP3 settings</a> and service provider."
     poll_pop3_auth_error: "Connection to the POP3 server is failing with an authentication error. Please check your <a href='/admin/site_settings/category/email'>POP3 settings</a>."
+    force_https_warning: "Your website using SSL. But `<a href='/admin/site_settings/category/all_results?filter=force_https'>force_https</a>` is not yet enabled in your site settings."
 
   site_settings:
     censored_words: "Words that will be automatically replaced with &#9632;&#9632;&#9632;&#9632;"

spec/models/admin_dashboard_data_spec.rb

@@ -15,6 +15,9 @@ describe AdminDashboardData do
 
       AdminDashboardData.fetch_problems
       expect(called).to eq(true)
+
+      AdminDashboardData.fetch_problems(check_force_https: true)
+      expect(called).to eq(true)
     end
 
     it 'calls the passed method' do
@@ -281,6 +284,32 @@ describe AdminDashboardData do
     end
   end
 
+  describe 'force_https_check' do
+    subject { described_class.new(check_force_https: true).force_https_check }
+
+    it 'returns nil if force_https site setting enabled' do
+      SiteSetting.force_https = true
+      expect(subject).to be_nil
+    end
+
+    it 'returns nil if force_https site setting not enabled' do
+      SiteSetting.force_https = false
+      expect(subject).to eq(I18n.t('dashboard.force_https_warning'))
+    end
+  end
+
+  describe 'ignore force_https_check' do
+    subject { described_class.new(check_force_https: false).force_https_check }
+
+    it 'returns nil' do
+      SiteSetting.force_https = true
+      expect(subject).to be_nil
+
+      SiteSetting.force_https = false
+      expect(subject).to be_nil
+    end
+  end
+
   describe 'stats cache' do
     include_examples 'stats cachable'
   end