Merge pull request #9 from experius/feature/ARCI-143_introduce-on-off…

…-switch Introduce on off switch and repair system.xml configuration
experius · Jun 16, 2021 · af55067 · af55067
2 parents 34663ff + c0ae13c
commit af55067
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 26 deletions.
diff --git a/Model/Message/ReportErrors.php b/Model/Message/ReportErrors.php
@@ -83,11 +83,6 @@ public function getText()
         $url = $this->urlBuilder->getUrl('experius_csp/report/index');
         return __(
             '<style>
-                .message-system-short,
-                .message-system-short * {
-                    background-color: #e22626;
-                    color: #fff !important;
-                 }
                  .message-system-collapsible a.csp-error {
                     color: #e22626;
                  }

diff --git a/Plugin/Magento/Csp/Api/Data/ModeConfiguredInterface.php b/Plugin/Magento/Csp/Api/Data/ModeConfiguredInterface.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * Copyright © Experius B.V. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Experius\Csp\Plugin\Magento\Csp\Api\Data;
+
+use Magento\Framework\App\Config\ScopeConfigInterface;
+
+class ModeConfiguredInterface
+{
+    const XML_PATH_CSP_REPORTING_ENABLED = 'experius_csp/general/reporting_enabled';
+
+    /**
+     * @var ScopeConfigInterface
+     */
+    protected $scopeConfig;
+
+    public function __construct(
+        ScopeConfigInterface $scopeConfig
+    ) {
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    /**
+     * After getReportUri() plugin to be able to disable Content Security Policy reporting using configuration
+     *
+     * @param \Magento\Csp\Api\Data\ModeConfiguredInterface $subject
+     * @param $result
+     * @return string
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterGetReportUri(
+        \Magento\Csp\Api\Data\ModeConfiguredInterface $subject,
+        $result
+    ): ?string {
+        if (!$this->scopeConfig->isSetFlag(self::XML_PATH_CSP_REPORTING_ENABLED)) {
+            // Return empty reporting url to disable reporting
+            return null;
+        }
+
+        return $result;
+    }
+}
diff --git a/etc/acl.xml b/etc/acl.xml
@@ -1,13 +1,20 @@
 <?xml version="1.0" ?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
-	<acl>
-		<resources>
-			<resource id="Magento_Backend::admin">
-				<resource id="Experius_Csp::report" sortOrder="10" title="Report">
-					<resource id="Experius_Csp::report_delete" sortOrder="20" title="Delete Report"/>
-					<resource id="Experius_Csp::report_view" sortOrder="40" title="View Report"/>
-				</resource>
-			</resource>
-		</resources>
-	</acl>
+    <acl>
+        <resources>
+            <resource id="Magento_Backend::admin">
+                <resource id="Experius_Csp::report" sortOrder="10" title="Report">
+                    <resource id="Experius_Csp::report_delete" sortOrder="20" title="Delete Report"/>
+                    <resource id="Experius_Csp::report_view" sortOrder="40" title="View Report"/>
+                </resource>
+            </resource>
+            <resource id="Magento_Backend::stores">
+                <resource id="Magento_Backend::stores_settings">
+                    <resource id="Magento_Config::config">
+                        <resource id="Experius_Csp::config_experius_csp" title="Experius Csp Reporting"/>
+                    </resource>
+                </resource>
+            </resource>
+        </resources>
+    </acl>
 </config>
diff --git a/etc/adminhtml/system.xml b/etc/adminhtml/system.xml
@@ -1,15 +1,23 @@
 <?xml version="1.0" ?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
+        <tab id="experius" translate="label" sortOrder="999">
+            <label>Experius</label>
+        </tab>
         <section id="experius_csp" sortOrder="10" showInWebsite="1" showInStore="1" showInDefault="1" translate="label">
             <label>Experius CSP</label>
             <tab>experius</tab>
             <resource>Experius_Csp::config_experius_csp</resource>
             <group id="general" sortOrder="10" showInWebsite="1" showInStore="1" showInDefault="1" translate="label">
-                <label>general</label>
-                <field id="add_all_storefront_urls" type="text" sortOrder="10" showInWebsite="1" showInStore="1" showInDefault="1" translate="label">
+                <label>General</label>
+                <field id="add_all_storefront_urls" type="text" sortOrder="10" showInWebsite="1" showInStore="1" showInDefault="1" translate="label comment">
                     <label>add_all_storefront_urls</label>
-                    <comment/>
+                    <comment>This adds all base urls of the available storefronts for this Magento installation to the csp_whitelist.</comment>
+                </field>
+                <field id="reporting_enabled" type="select" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0" translate="label comment">
+                    <label>Reporting enabled</label>
+                    <comment>Disable to stop reporting to database temporarily.</comment>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
             </group>
         </section>

diff --git a/etc/config.xml b/etc/config.xml
@@ -15,6 +15,7 @@
         <experius_csp>
             <general>
                 <add_all_storefront_urls>1</add_all_storefront_urls>
+                <reporting_enabled>1</reporting_enabled>
             </general>
         </experius_csp>
     </default>

diff --git a/etc/di.xml b/etc/di.xml
@@ -18,13 +18,20 @@
 		</arguments>
 	</type>
 	<type name="Magento\Framework\App\Response\HttpInterface">
-		<plugin disabled="false" name="Experius_Csp_Plugin_Magento_Framework_App_Response_HttpInterface" sortOrder="10" type="Experius\Csp\Plugin\Magento\Framework\App\Response\HttpInterface"/>
+		<plugin name="Experius_Csp_Plugin_Magento_Framework_App_Response_HttpInterface"
+				type="Experius\Csp\Plugin\Magento\Framework\App\Response\HttpInterface"
+				sortOrder="10"/>
+	</type>
+	<type name="Magento\Csp\Api\Data\ModeConfiguredInterface">
+		<plugin name="Experius_Csp_Plugin_Magento_Csp_Api_Data_ModeConfiguredInterface"
+				type="Experius\Csp\Plugin\Magento\Csp\Api\Data\ModeConfiguredInterface"
+				sortOrder="9999"/>
+	</type>
+	<type name="Magento\Csp\Model\CompositePolicyCollector">
+		<arguments>
+			<argument name="collectors" xsi:type="array">
+				<item name="200" xsi:type="object">Experius\Csp\Model\Collector\DynamicCollector</item>
+			</argument>
+		</arguments>
 	</type>
-    <type name="Magento\Csp\Model\CompositePolicyCollector">
-        <arguments>
-            <argument name="collectors" xsi:type="array">
-                <item name="200" xsi:type="object">Experius\Csp\Model\Collector\DynamicCollector</item>
-            </argument>
-        </arguments>
-    </type>
 </config>