Maintenance: Warn admins when SSL verification is turned off for webhooks and Exchange integration.

app/assets/javascripts/app/controllers/_integration/ldap.coffee

@@ -280,10 +280,11 @@ class ConnectionWizard extends App.ControllerWizardModal
     'input .js-hostUrl':                 'hostChange'
 
   elements:
-    '.modal-body': 'body'
+    '.modal-body':         'body'
     '.js-userMappingForm': 'userMappingForm'
-    '.js-groupRoleForm': 'groupRoleForm'
-    '.js-expertForm': 'expertForm'
+    '.js-groupRoleForm':   'groupRoleForm'
+    '.js-expertForm':      'expertForm'
+    '.js-sslVerifyAlert':  'sslVerifyAlert'
 
   constructor: ->
     super
@@ -406,8 +407,10 @@ class ConnectionWizard extends App.ControllerWizardModal
 
     if exists && disabled
       el.parent().remove()
+      @sslVerifyAlert.addClass('hide')
     else if !exists && !disabled
       @$('.js-Ssl').closest('tr').after(@buildRowSslVerify())
+      @handleSslVerifyAlert()
 
   buildRowSslVerify: =>
     el = $(App.view('integration/ldap_ssl_verify_row')())
@@ -424,6 +427,7 @@ class ConnectionWizard extends App.ControllerWizardModal
       translate: true
       class: 'form-control form-control--small'
     )
+    sslVerifyElement.on('change', @handleSslVerifyAlert)
     el.find('.js-sslVerify').html sslVerifyElement
     el
 
@@ -776,6 +780,11 @@ class ConnectionWizard extends App.ControllerWizardModal
     el = $(App.view('integration/ldap_summary')(job: job))
     @el.find('.js-summary').html(el)
 
+  handleSslVerifyAlert: =>
+    if @formParam(@el).ssl_verify
+      @sslVerifyAlert.addClass('hide')
+    else
+      @sslVerifyAlert.removeClass('hide')
 
 class LdapSourceIndex extends App.ControllerGenericIndex
   constructor: ->

app/assets/javascripts/app/controllers/webhook.coffee

@@ -119,6 +119,7 @@ class Index extends App.ControllerSubContent
 
 class WebhookIndex extends App.ControllerGenericIndex
   editControllerClass: -> EditWebhook
+  newControllerClass: -> NewWebhook
 
 class ChoosePreDefinedWebhook extends App.ControllerModal
   buttonClose: true
@@ -212,8 +213,30 @@ PreDefinedWebhookMixin =
 
     { configure_attributes: attrs }
 
+WebhookSslVerifyAlertMixin =
+  events:
+    'change select[name="ssl_verify"]': 'handleSslVerifyAlert'
+
+  handleSslVerifyAlert: ->
+    @sslVerifyAlert = @injectSslVerifyAlert() if not @sslVerifyAlert
+
+    if @formParam(@el).ssl_verify
+      @sslVerifyAlert.addClass('hide')
+    else
+      @sslVerifyAlert.removeClass('hide')
+
+  injectSslVerifyAlert: ->
+    $('<div />')
+      .attr('role', 'alert')
+      .addClass('alert')
+      .addClass('alert--warning')
+      .addClass('hide')
+      .text(App.i18n.translatePlain('Turning off SSL verification is a security risk and should be used only temporary. Use this option at your own risk!'))
+      .appendTo(@el.find('.modal-alerts-container'))
+
 class NewPreDefinedWebhook extends App.ControllerGenericNew
   @include PreDefinedWebhookMixin
+  @include WebhookSslVerifyAlertMixin
 
   # Inject the pre-defined webhook data into the form.
   contentFormParams: ->
@@ -222,17 +245,26 @@ class NewPreDefinedWebhook extends App.ControllerGenericNew
     note: App.i18n.translatePlain('Pre-defined webhook for %s.', App.i18n.translatePlain(@preDefinedWebhook.name))
 
 class EditWebhook extends App.ControllerGenericEdit
-  shown: false
-
   @include PreDefinedWebhookMixin
+  @include WebhookSslVerifyAlertMixin
+
+  shown: false
 
   constructor: ->
     super
 
     App.PreDefinedWebhook.subscribe(@render, initFetch: true)
 
+  render: ->
+    super
+
+    setTimeout (=> @handleSslVerifyAlert()), 0
+
   # Inject the pre-defined webhook data into the form.
   contentFormParams: ->
     $.extend(true, @item, { custom_payload: @preDefinedWebhook?.custom_payload if not @item.customized_payload })
 
+class NewWebhook extends App.ControllerGenericNew
+  @include WebhookSslVerifyAlertMixin
+
 App.Config.set('Webhook', { prio: 3350, name: __('Webhook'), parent: '#manage', target: '#manage/webhook', controller: Index, permission: ['admin.webhook'] }, 'NavBarAdmin')

app/assets/javascripts/app/models/webhook.coffee

@@ -6,7 +6,7 @@ class App.Webhook extends App.Model
     { name: 'name',                display: __('Name'),                      tag: 'input',       type: 'text', limit: 250, null: false },
     { name: 'endpoint',            display: __('Endpoint'),                  tag: 'input',       type: 'text', limit: 300, null: false, placeholder: 'https://target.example.com/webhook' },
     { name: 'signature_token',     display: __('HMAC SHA1 Signature Token'), tag: 'input',       type: 'text', limit: 100, null: true },
-    { name: 'ssl_verify',          display: __('SSL Verify'),                tag: 'boolean',     null: true, translate: true, options: { true: 'yes', false: 'no'  }, default: true },
+    { name: 'ssl_verify',          display: __('SSL verification'),          tag: 'boolean',     null: true, translate: true, options: { true: 'yes', false: 'no' }, default: true },
     { name: 'basic_auth_username', display: __('HTTP Basic Authentication Username'), tag: 'input', type: 'text', limit: 250, null: true, item_class: 'formGroup--halfSize' },
     { name: 'basic_auth_password', display: __('HTTP Basic Authentication Password'), tag: 'input', type: 'text', limit: 250, null: true, item_class: 'formGroup--halfSize' },
     { name: 'customized_payload',  display: __('Custom Payload'),            tag: 'switch',      null: true, label_class: 'hidden' },

app/assets/javascripts/app/views/integration/exchange.jst.eco

@@ -23,6 +23,11 @@
 </div>
 <div class="js-summary hide">
   <h2><%- @T('Settings') %></h2>
+<% if @config.disable_ssl_verify: %>
+  <div class="alert alert--warning" role="alert">
+    <%= @T('Turning off SSL verification is a security risk and should be used only temporary. Use this option at your own risk!') %>
+  </div>
+<% end %>
   <table class="settings-list" style="width: 100%;">
     <thead>
       <tr>
@@ -41,6 +46,11 @@
         <td class="settings-list-row-control"><%- @T('Password') %>
         <td class="settings-list-row-control"><%= @M(@config.password) %>
     <% end %>
+    <% if @config.disable_ssl_verify: %>
+      <tr>
+        <td class="settings-list-row-control"><%- @T('SSL verification') %>
+        <td class="settings-list-row-control"><%- @T('no') %>
+    <% end %>
     </tbody>
   </table>
 

app/assets/javascripts/app/views/integration/ldap.jst.eco

@@ -8,6 +8,11 @@
 <div class="js-summary hide">
   <h5><a href="#" class="js-back">❮ Back to overview</a></h5>
   <h2><%- @T('Settings %s', @item.name) %></h2>
+<% if (@config.ssl is 'ssl' or @config.ssl is 'starttls') and not @config.ssl_verify: %>
+  <div class="alert alert--warning" role="alert">
+    <%= @T('Turning off SSL verification is a security risk and should be used only temporary. Use this option at your own risk!') %>
+  </div>
+<% end %>
   <table class="settings-list" style="width: 100%;">
     <thead>
       <tr>
@@ -21,6 +26,11 @@
       <tr>
         <td class="settings-list-row-control"><%- @T('SSL/STARTTLS') %>
         <td class="settings-list-row-control"><%= @T(@config.ssl_humanized) %>
+    <% if @config.ssl is 'ssl' or @config.ssl is 'starttls': %>
+      <tr>
+        <td class="settings-list-row-control"><%- @T('SSL verification') %>
+        <td class="settings-list-row-control"><% if @config.ssl_verify: %><%= @T('yes') %><% else: %><%= @T('no') %><% end %>
+    <% end %>
       <tr>
         <td class="settings-list-row-control"><%- @T('Base DN') %>
         <td class="settings-list-row-control"><%= @config.base_dn %>

app/assets/javascripts/app/views/integration/ldap_wizard.jst.eco

@@ -10,6 +10,9 @@
     <div class="modal-body">
       <div class="wizard-body vertical justified">
         <div class="alert alert--danger hide" role="alert"></div>
+        <div class="alert alert--warning js-sslVerifyAlert hide" role="alert">
+          <%= @T('Turning off SSL verification is a security risk and should be used only temporary. Use this option at your own risk!') %>
+        </div>
         <table class="settings-list" style="width: 100%;">
           <thead>
             <tr>

i18n/zammad.pot

@@ -9589,11 +9589,10 @@ msgid "SSL Certificates"
 msgstr ""
 
 #: app/assets/javascripts/app/models/webhook.coffee
-msgid "SSL Verify"
-msgstr ""
-
+#: app/assets/javascripts/app/views/integration/exchange.jst.eco
 #: app/assets/javascripts/app/views/integration/gitlab.jst.eco
 #: app/assets/javascripts/app/views/integration/idoit.jst.eco
+#: app/assets/javascripts/app/views/integration/ldap.jst.eco
 #: app/assets/javascripts/app/views/integration/ldap_ssl_verify_row.jst.eco
 msgid "SSL verification"
 msgstr ""
@@ -12714,8 +12713,12 @@ msgstr ""
 msgid "Turn chat into ticket"
 msgstr ""
 
+#: app/assets/javascripts/app/controllers/webhook.coffee
+#: app/assets/javascripts/app/views/integration/exchange.jst.eco
 #: app/assets/javascripts/app/views/integration/gitlab.jst.eco
 #: app/assets/javascripts/app/views/integration/idoit.jst.eco
+#: app/assets/javascripts/app/views/integration/ldap.jst.eco
+#: app/assets/javascripts/app/views/integration/ldap_wizard.jst.eco
 msgid "Turning off SSL verification is a security risk and should be used only temporary. Use this option at your own risk!"
 msgstr ""
 
@@ -14920,6 +14923,8 @@ msgstr ""
 #: app/assets/javascripts/app/controllers/_ui_element/boolean.coffee
 #: app/assets/javascripts/app/controllers/time_accounting_types.coffee
 #: app/assets/javascripts/app/models/public_link.coffee
+#: app/assets/javascripts/app/views/integration/exchange.jst.eco
+#: app/assets/javascripts/app/views/integration/ldap.jst.eco
 #: app/assets/javascripts/app/views/object_manager/attribute/boolean.jst.eco
 #: app/frontend/apps/mobile/pages/ticket/views/TicketInformation/TicketInformationDetails.vue
 #: app/frontend/shared/components/ObjectAttributes/attributes/AttributeBoolean/AttributeBoolean.vue
@@ -15348,6 +15353,7 @@ msgstr ""
 #: app/assets/javascripts/app/controllers/time_accounting_types.coffee
 #: app/assets/javascripts/app/models/group.coffee
 #: app/assets/javascripts/app/models/public_link.coffee
+#: app/assets/javascripts/app/views/integration/ldap.jst.eco
 #: app/assets/javascripts/app/views/object_manager/attribute/boolean.jst.eco
 #: app/frontend/apps/mobile/pages/ticket/views/TicketInformation/TicketInformationDetails.vue
 #: app/frontend/shared/components/ObjectAttributes/attributes/AttributeBoolean/AttributeBoolean.vue

public/assets/tests/qunit/form_tokenfield.js

@@ -25,7 +25,6 @@ QUnit.test('initial value', (assert) => {
   var initDelay = 750
 
   setTimeout(() => {
-    console.debug(el.find('.token-label').eq(0))
     assert.equal(el.find('.token-label').eq(0).text(), 'foo', 'first token label')
     assert.equal(el.find('.token-label').eq(1).text(), 'bar', 'second token label')
     done()