diff --git a/core/Url.php b/core/Url.php
index d30f18467b045be3baf456bcd5a935b391668244..a86978286ae3f329f08099970259d7ec8202b517 100644
--- a/core/Url.php
+++ b/core/Url.php
@@ -176,7 +176,7 @@ class Url
*/
public static function getCurrentScheme()
{
- if (self::isPiwikServerAssumeSecureConnectionIsUsed()) {
+ if (self::isPiwikConfiguredToAssumeSecureConnection()) {
return 'https';
}
return self::getCurrentSchemeFromRequestHeader();
@@ -677,10 +677,25 @@ class Url
return array('localhost', '127.0.0.1', '::1', '[::1]');
}
+
+ /**
+ * @return bool
+ */
+ public static function isSecureConnectionAssumedByPiwikButNotForcedYet()
+ {
+ $isSecureConnectionLikelyNotUsed = Url::isSecureConnectionLikelyNotUsed();
+ $hasSessionCookieSecureFlag = ProxyHttp::isHttps();
+ $isSecureConnectionAssumedByPiwikButNotForcedYet = Url::isPiwikConfiguredToAssumeSecureConnection() && !SettingsPiwik::isHttpsForced();
+
+ return $isSecureConnectionLikelyNotUsed
+ && $hasSessionCookieSecureFlag
+ && $isSecureConnectionAssumedByPiwikButNotForcedYet;
+ }
+
/**
* @return string
*/
- public static function getCurrentSchemeFromRequestHeader()
+ protected static function getCurrentSchemeFromRequestHeader()
{
if ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] === true))
|| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
@@ -691,16 +706,17 @@ class Url
return 'http';
}
+ protected static function isSecureConnectionLikelyNotUsed()
+ {
+ return Url::getCurrentSchemeFromRequestHeader() == 'http';
+ }
+
/**
* @return bool
*/
- public static function isPiwikServerAssumeSecureConnectionIsUsed()
+ protected static function isPiwikConfiguredToAssumeSecureConnection()
{
- try {
- $assume_secure_protocol = @Config::getInstance()->General['assume_secure_protocol'];
- } catch (Exception $e) {
- $assume_secure_protocol = false;
- }
- return $assume_secure_protocol;
+ $assume_secure_protocol = @Config::getInstance()->General['assume_secure_protocol'];
+ return (bool) $assume_secure_protocol;
}
}
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index c2179ef97cb78eee766be8ac595d5f0a9a5b9e9e..37d2b7a60a47e8f1dc56dbcbd3b49da54d1b1382 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -9,7 +9,6 @@
namespace Piwik\Plugins\Login;
use Exception;
-use Piwik\Auth as AuthInterface;
use Piwik\Common;
use Piwik\Config;
use Piwik\Container\StaticContainer;
@@ -17,10 +16,8 @@ use Piwik\Cookie;
use Piwik\Log;
use Piwik\Nonce;
use Piwik\Piwik;
-use Piwik\ProxyHttp;
use Piwik\QuickForm2;
use Piwik\Session;
-use Piwik\SettingsPiwik;
use Piwik\Url;
use Piwik\View;
@@ -219,7 +216,7 @@ class Controller extends \Piwik\Plugin\Controller
{
$message = Piwik::translate('Login_InvalidNonceOrHeadersOrReferrer', array('<a href="?module=Proxy&action=redirect&url=' . urlencode('http://piwik.org/faq/how-to-install/#faq_98') . '" target="_blank">', '</a>'));
- $message .= $this->getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed($message);
+ $message .= $this->getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed();
return $message;
}
@@ -228,21 +225,12 @@ class Controller extends \Piwik\Plugin\Controller
* The Session cookie is set to a secure cookie, when SSL is mis-configured, it can cause the PHP session cookie ID to change on each page view.
* Indicate to user how to solve this particular use case by forcing secure connections.
*
- * @param $message
* @return string
*/
- protected function getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed($message)
+ protected function getMessageExceptionNoAccessWhenInsecureConnectionMayBeUsed()
{
$message = '';
-
- $isSecureConnectionLikelyNotUsed = Url::getCurrentSchemeFromRequestHeader() == 'http';
- $hasSessionCookieSecureFlag = ProxyHttp::isHttps();
- $isSecureConnectionAssumedByPiwikButNotForcedYet = Url::isPiwikServerAssumeSecureConnectionIsUsed() && !SettingsPiwik::isHttpsForced();
- if ( $isSecureConnectionLikelyNotUsed
- && $hasSessionCookieSecureFlag
- && $isSecureConnectionAssumedByPiwikButNotForcedYet
- ) {
-
+ if(Url::isSecureConnectionAssumedByPiwikButNotForcedYet()) {
$message = '<br/><br/>' . Piwik::translate('Login_InvalidNonceSSLMisconfigured',
array(
'<a href="?module=Proxy&action=redirect&url=' . urlencode('<a href="http://piwik.org/faq/how-to/faq_91/">') . '">',
@@ -381,5 +369,4 @@ class Controller extends \Piwik\Plugin\Controller
Url::redirectToUrl($logoutUrl);
}
}
-
}