From 8282ff0aaa2c9021e4d76fccbf88746aeefeabf7 Mon Sep 17 00:00:00 2001
From: VirtuBox <contact@virtubox.net>
Date: Mon, 15 Apr 2019 15:09:10 +0200
Subject: [PATCH] fix hsts

---
 wo/cli/plugins/site.py           | 14 ++++++--------
 wo/cli/plugins/site_functions.py |  8 ++++----
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py
index 285f2fe..58e0e1d 100644
--- a/wo/cli/plugins/site.py
+++ b/wo/cli/plugins/site.py
@@ -888,7 +888,8 @@ class WOSiteUpdateController(CementBaseController):
         if (pargs.password and not (pargs.html or
                                     pargs.php or pargs.php73 or pargs.mysql or
                                     pargs.wp or pargs.wpfc or pargs.wpsc or
-                                    pargs.wpsubdir or pargs.wpsubdomain)):
+                                    pargs.wpsubdir or pargs.wpsubdomain or
+                                    pargs.hsts)):
             try:
                 updatewpuserpassword(self, wo_domain, wo_site_webroot)
             except SiteError as e:
@@ -1320,16 +1321,13 @@ class WOSiteUpdateController(CementBaseController):
         if pargs.hsts:
             if os.path.isfile(("{0}/conf/nginx/ssl.conf")
                               .format(wo_site_webroot)):
-                if (not os.path.isfile("{0}/conf/nginx/hsts.conf.disabled"
+                if (not os.path.isfile("{0}/conf/nginx/hsts.conf"
                                        .format(wo_site_webroot))):
-                    setupHsts(self, wo_domain)
+                    setupHsts(self, wo_domain, True)
 
                 else:
-                    WOFileUtils.mvfile(self, "{0}/conf/nginx/"
-                                       "hsts.conf.disabled"
-                                       .format(wo_site_webroot),
-                                       '{0}/conf/nginx/hsts.conf'
-                                       .format(wo_site_webroot))
+                    Log.error(self, "HSTS is already configured for given "
+                              "site")
                 if not WOService.reload_service(self, 'nginx'):
                     Log.error(self, "service nginx reload failed. "
                               "check issues with `nginx -t` command")
diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py
index 3fd57f2..b302cbd 100644
--- a/wo/cli/plugins/site_functions.py
+++ b/wo/cli/plugins/site_functions.py
@@ -1453,13 +1453,13 @@ def renewLetsEncrypt(self, wo_domain_name):
 # redirect= False to disable https redirection
 
 
-def setupHsts(self, wo_domain_name):
+def setupHsts(self, wo_domain, hsts=True):
     Log.info(
-        self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
-        .format(wo_domain_name))
+        self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
+        .format(wo_domain))
 
     hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
-                    .format(wo_domain_name),
+                    .format(wo_domain),
                     encoding='utf-8', mode='w')
     hstsconf.write("more_set_headers "
                    "\"Strict-Transport-Security: "