web_site.ml 49.7 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2014 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
Stephane Glondu's avatar
Stephane Glondu committed
27
open Web_serializable_j
28
open Web_common
29
open Web_signatures
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32 33
let source_file = ref "belenios.tar.gz"
let spool_dir = ref "."
Stephane Glondu's avatar
Stephane Glondu committed
34

35 36 37 38 39 40 41 42 43 44 45 46
let get_single_line x =
  match_lwt Lwt_stream.get x with
  | None -> return None
  | Some _ as line ->
    lwt b = Lwt_stream.is_empty x in
    if b then (
      return line
    ) else (
      Lwt_stream.junk_while (fun _ -> true) x >>
      return None
    )

47 48
let ( / ) = Filename.concat

49 50 51 52 53 54 55 56
let delete_shallow_directory dir =
  lwt () =
    Lwt_unix.files_of_directory dir |>
    Lwt_stream.filter (fun x -> x <> "." && x <> "..") |>
    Lwt_stream.iter_s (fun x -> Lwt_unix.unlink (dir/x))
  in
  Lwt_unix.rmdir dir

Stephane Glondu's avatar
Stephane Glondu committed
57
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
58

Stephane Glondu's avatar
Stephane Glondu committed
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
open Eliom_service
open Eliom_registration

module LwtRandom = MakeLwtRandom (struct let rng = make_rng () end)

(* Persistent table, used to initialize the server. *)
let election_ptable = Ocsipersist.open_table "site_elections"

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

(* In-memory table, indexed by UUID, contains closures. *)
let election_table = ref SMap.empty

module T = Web_templates

let register_election params web_params =
  let module P = (val params : ELECTION_PARAMS) in
  let uuid = Uuidm.to_string P.params.e_uuid in
  let module D = struct
    module G = P.G
    let election = {
      e_params = P.params;
      e_pks = None;
      e_fingerprint = P.fingerprint;
    }
  end in
  let module P = (val web_params : WEB_PARAMS) in
93
  let module W = Web_election.Make (D) (P) (LwtRandom) in
94 95
  let election = (module W : WEB_ELECTION) in
  fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
96 97 98 99 100 101 102
    (* starting from here, we do side-effects on the running server *)
    election_table := SMap.add uuid election !election_table;
    election

(* Mutex to avoid simultaneous registrations of the same election *)
let registration_mutex = Lwt_mutex.create ()

103
let import_election f =
Stephane Glondu's avatar
Stephane Glondu committed
104 105 106 107 108 109 110 111 112
  Lwt_mutex.lock registration_mutex >>
  try_lwt
    lwt raw_election =
      Lwt_io.lines_of_file f.f_election |>
      get_single_line >>=
      (function
      | Some e -> return e
      | None -> Printf.ksprintf
        failwith "election.json must contain a single line"
113
      )
Stephane Glondu's avatar
Stephane Glondu committed
114 115
    in
    let params = Group.election_params_of_string raw_election in
116 117
    let module P = (val params : ELECTION_PARAMS) in
    let uuid = Uuidm.to_string P.params.e_uuid in
Stephane Glondu's avatar
Stephane Glondu committed
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
    lwt exists =
      try_lwt
        lwt _ = Ocsipersist.find election_ptable uuid in
        return true
      with Not_found -> return false
    in
    if exists then (
      Lwt_mutex.unlock registration_mutex;
      return None
    ) else (
      let dir = !spool_dir/uuid in
      lwt metadata =
        Lwt_io.chars_of_file f.f_metadata |>
        Lwt_stream.to_string >>=
        wrap1 metadata_of_string
      in
      let module X = struct
        let metadata = metadata
        let dir = dir
137
      end in
Stephane Glondu's avatar
Stephane Glondu committed
138
      let web_params = (module X : WEB_PARAMS) in
139
      let do_register = register_election params web_params in
140
      let module G = P.G in
Stephane Glondu's avatar
Stephane Glondu committed
141 142
      let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
      let public_keys = Lwt_io.lines_of_file f.f_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
143
      let voters = Lwt_io.lines_of_file f.f_voters in
144 145 146 147 148
      lwt () =
        match_lwt Lwt_stream.peek voters with
        | Some _ -> return_unit
        | None -> Lwt.fail (Failure "No voters")
      in
149 150 151 152 153 154 155 156 157 158 159 160
      lwt () =
        match metadata.e_auth_config with
        | Some [x] ->
           if x.auth_system = "password" then
             let table = "password_" ^ underscorize uuid in
             let table = Ocsipersist.open_table table in
             lwt n = Ocsipersist.length table in
             if n = 0 then Lwt.fail (Failure "No passwords")
             else return_unit
           else return_unit
        | _ -> return_unit
      in
Stephane Glondu's avatar
Stephane Glondu committed
161 162 163 164 165 166 167
      lwt pks = Lwt_stream.(
        clone public_keys |>
        map (trustee_public_key_of_string G.read) |>
        to_list >>= wrap1 Array.of_list
      ) in
      if not (Array.forall KG.check pks) then
        failwith "Public keys are invalid.";
168
      if not G.(P.params.e_public_key =~ KG.combine pks) then
Stephane Glondu's avatar
Stephane Glondu committed
169 170 171 172 173 174 175 176
        failwith "Public keys mismatch with election public key.";
      let public_creds = Lwt_io.lines_of_file f.f_public_creds in
      lwt () = Lwt_stream.(
        clone public_creds |>
        iter_s (fun x ->
          if not G.(check @@ of_string x) then (
            Lwt.fail @@ Failure "Public credentials are invalid."
          ) else return ()
177
        )
Stephane Glondu's avatar
Stephane Glondu committed
178 179 180 181 182 183 184 185 186 187 188
      ) in
      let module R = struct
        let register () =
          try_lwt
            Lwt_unix.mkdir dir 0o700 >>
            Lwt_io.(with_file Output (dir/"election.json") (fun oc ->
              write_line oc raw_election
            )) >>
            Lwt_io.(with_file Output (dir/"public_keys.jsons") (fun oc ->
              write_lines oc public_keys
            )) >>
Stephane Glondu's avatar
Stephane Glondu committed
189 190 191
            Lwt_io.(with_file Output (dir/"voters.txt") (fun oc ->
              write_lines oc voters
            )) >>
Stephane Glondu's avatar
Stephane Glondu committed
192 193
            let election = do_register () in
            let module W = (val election : WEB_ELECTION) in
194 195 196 197 198 199 200 201 202 203 204
            lwt () =
              match W.metadata.e_auth_config with
              | None -> return ()
              | Some xs ->
                 let auth_config =
                   List.map (fun {auth_system; auth_instance; auth_config} ->
                     auth_instance, (auth_system, List.map snd auth_config)
                   ) xs
                 in
                 Web_persist.set_auth_config uuid auth_config
            in
Stephane Glondu's avatar
Stephane Glondu committed
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230
            let () =
              Ocsigen_messages.debug (fun () ->
                Printf.sprintf "Injecting credentials for %s" uuid
              )
            in
            public_creds |>
            Lwt_stream.iter_s W.B.inject_cred >>
            W.B.update_files () >>
            Ocsipersist.add election_ptable uuid (raw_election, web_params) >>
            let () = Lwt_mutex.unlock registration_mutex in
            return election
          with e ->
            lwt () =
              try_lwt delete_shallow_directory dir
              with e ->
                Printf.ksprintf
                  (fun s ->
                   return (Ocsigen_messages.unexpected_exception e s))
                  "error while deleting %s after failure of %s"
                  dir uuid
            in
            Lwt_mutex.unlock registration_mutex;
            Lwt.fail e
      end in
      (* until here, no side-effects on the running server *)
      return @@ Some (module R : REGISTRABLE_ELECTION)
Stephane Glondu's avatar
Stephane Glondu committed
231
    )
Stephane Glondu's avatar
Stephane Glondu committed
232 233 234 235 236 237 238
  with e ->
    Lwt_mutex.unlock registration_mutex;
    Lwt.fail e

lwt () =
  Ocsipersist.iter_step (fun uuid (raw_election, web_params) ->
    let params = Group.election_params_of_string raw_election in
239
    let do_register = register_election params web_params in
Stephane Glondu's avatar
Stephane Glondu committed
240 241 242 243 244 245 246 247 248 249 250
    let election = do_register () in
    let module W = (val election : WEB_ELECTION) in
    assert (uuid = Uuidm.to_string W.election.e_params.e_uuid);
    Ocsigen_messages.debug (fun () ->
      Printf.sprintf "Initialized election %s from persistent store" uuid
    );
    return ()
  ) election_ptable

let () = Any.register ~service:home
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
251
    Eliom_reference.unset Web_auth_state.cont >>
252
    match_lwt Web_persist.get_main_election () with
Stephane Glondu's avatar
Stephane Glondu committed
253 254
    | None ->
      lwt featured =
255
        Web_persist.get_featured_elections () >>=
Stephane Glondu's avatar
Stephane Glondu committed
256
        Lwt_list.map_p (fun x -> return @@ SMap.find x !election_table)
257
      in
Stephane Glondu's avatar
Stephane Glondu committed
258 259 260 261 262 263 264 265 266
      T.home ~featured () >>= Html5.send
    | Some x ->
      let module W = (val SMap.find x !election_table : WEB_ELECTION) in
      Redirection.send
        (preapply election_home (W.election.e_params.e_uuid, ()))
  )

let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
267 268 269
    let cont () = Redirection.send admin in
    Eliom_reference.set Web_auth_state.cont [cont] >>
    lwt site_user = Web_auth_state.get_site_user () in
Stephane Glondu's avatar
Stephane Glondu committed
270
    lwt elections =
271
      match site_user with
272
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
273
      | Some u ->
274 275 276 277 278 279 280 281 282 283 284 285
         lwt elections =
           SMap.fold (fun _ w accu ->
             let module W = (val w : WEB_ELECTION) in
             if W.metadata.e_owner = Some u then (
               w :: accu
             ) else (
               accu
             )
           ) !election_table [] |> List.rev |> return
         and setup_elections =
           Ocsipersist.fold_step (fun k v accu ->
             if v.se_owner = u
286
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
287 288 289
             else return accu
           ) election_stable []
         in return @@ Some (elections, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
290
    in
291
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let do_get_randomness =
  let prng = Lazy.lazy_from_fun (Lwt_preemptive.detach (fun () ->
    pseudo_rng (random_string secure_rng 16)
  )) in
  let mutex = Lwt_mutex.create () in
  fun () ->
    Lwt_mutex.with_lock mutex (fun () ->
      lwt prng = Lazy.force prng in
      return (random_string prng 32)
308 309
    )

Stephane Glondu's avatar
Stephane Glondu committed
310 311 312 313 314 315 316 317 318 319 320 321 322
let () = String.register
  ~service:get_randomness
  (fun () () ->
    lwt r = do_get_randomness () in
    b64_encode_compact r |>
    (fun x -> string_of_randomness { randomness=x }) |>
    (fun x -> return (x, "application/json"))
  )

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

let () = Redirection.register ~service:election_setup_new
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
323
   match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
324 325 326 327 328 329
   | Some u ->
      let uuid = generate_uuid () in
      let uuid_s = Uuidm.to_string uuid in
      lwt token = generate_token () in
      let se_metadata = {
        e_owner = Some u;
330
        e_auth_config = Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}];
331
        e_cred_authority = None;
Stephane Glondu's avatar
Stephane Glondu committed
332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347
      } in
      let question = {
        q_answers = [| "Answer 1"; "Answer 2" |];
        q_min = 0;
        q_max = 1;
        q_question = "Question 1?";
      } in
      let se_questions = {
        t_description = "Description of the election.";
        t_name = "Name of the election";
        t_questions = [| question |];
        t_short_name = "short_name";
      } in
      let se = {
        se_owner = u;
        se_group = "{\"g\":\"14887492224963187634282421537186040801304008017743492304481737382571933937568724473847106029915040150784031882206090286938661464458896494215273989547889201144857352611058572236578734319505128042602372864570426550855201448111746579871811249114781674309062693442442368697449970648232621880001709535143047913661432883287150003429802392229361583608686643243349727791976247247948618930423866180410558458272606627111270040091203073580238905303994472202930783207472394578498507764703191288249547659899997131166130259700604433891232298182348403175947450284433411265966789131024573629546048637848902243503970966798589660808533\",\"p\":\"16328632084933010002384055033805457329601614771185955389739167309086214800406465799038583634953752941675645562182498120750264980492381375579367675648771293800310370964745767014243638518442553823973482995267304044326777047662957480269391322789378384619428596446446984694306187644767462460965622580087564339212631775817895958409016676398975671266179637898557687317076177218843233150695157881061257053019133078545928983562221396313169622475509818442661047018436264806901023966236718367204710755935899013750306107738002364137917426595737403871114187750804346564731250609196846638183903982387884578266136503697493474682071\",\"q\":\"61329566248342901292543872769978950870633559608669337131139375508370458778917\"}";
Stephane Glondu's avatar
Stephane Glondu committed
348
        se_voters = [];
Stephane Glondu's avatar
Stephane Glondu committed
349 350 351 352 353 354 355 356 357 358 359
        se_questions;
        se_public_keys = [];
        se_metadata;
        se_public_creds = token;
      } in
      lwt () = Ocsipersist.add election_stable uuid_s se in
      lwt () = Ocsipersist.add election_credtokens token uuid_s in
      return (preapply election_setup uuid)
  | None -> forbidden ()
  )

360 361 362 363 364 365 366 367 368 369
let generic_setup_page f uuid () =
  match_lwt Web_auth_state.get_site_user () with
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     lwt se = Ocsipersist.find election_stable uuid_s in
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
370
let () = Html5.register ~service:election_setup
371
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
372

373
let () = Html5.register ~service:election_setup_trustees
374 375 376 377
  (generic_setup_page T.election_setup_trustees)

let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
378

Stephane Glondu's avatar
Stephane Glondu committed
379 380
let election_setup_mutex = Lwt_mutex.create ()

381
let handle_setup f uuid x =
Stephane Glondu's avatar
Stephane Glondu committed
382
  match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
383 384 385 386 387 388
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
       lwt se = Ocsipersist.find election_stable uuid_s in
       if se.se_owner = u then (
         try_lwt
389
           lwt cont = f se x u uuid in
Stephane Glondu's avatar
Stephane Glondu committed
390
           Ocsipersist.add election_stable uuid_s se >>
391
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
392
         with e ->
393
           T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
394 395 396
       ) else forbidden ()
     )
  | None -> forbidden ()
397

398 399
let redir_preapply s u () = Redirection.send (preapply s u)

400 401 402 403
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
404
       (fun se (name, description) _ uuid ->
405 406 407
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
408 409
         };
         return (redir_preapply election_setup uuid)))
410

Stephane Glondu's avatar
Stephane Glondu committed
411 412 413 414
let () =
  Any.register
    ~service:election_setup_group
    (handle_setup
415
       (fun se x _ uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
416 417
        let _group = Group.of_string x in
        (* we keep it as a string since it contains a type *)
418 419
        se.se_group <- x;
        return (redir_preapply election_setup uuid)))
420

Stephane Glondu's avatar
Stephane Glondu committed
421 422 423 424
let () =
  Any.register
    ~service:election_setup_metadata
    (handle_setup
425
       (fun se x u uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
426 427
        let metadata = metadata_of_string x in
        if metadata.e_owner <> Some u then failwith "wrong owner";
428 429
        se.se_metadata <- metadata;
        return (redir_preapply election_setup uuid)))
430

431 432 433 434
let () =
  Any.register
    ~service:election_setup_auth
    (handle_setup
435 436
       (fun se auth_system _ uuid ->
         (match auth_system with
437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
         | Some (("dummy" | "password") as auth_system) ->
            se.se_metadata <- {
              se.se_metadata with
                e_auth_config = Some [{
                  auth_system;
                  auth_instance = auth_system;
                  auth_config = []
                }]
            }
         | Some "cas" ->
            se.se_metadata <- {
              se.se_metadata with
                e_auth_config = Some [{
                  auth_system = "cas";
                  auth_instance = "cas";
                  auth_config = ["server", ""];
                }]
            }
         | Some x -> failwith ("unknown authentication system: "^x)
456 457
         | None -> failwith "no authentication system was given");
         return (redir_preapply election_setup uuid)))
458 459 460 461 462

let () =
  Any.register
    ~service:election_setup_auth_cas
    (handle_setup
463
       (fun se server _ uuid ->
464 465 466 467 468 469 470
         se.se_metadata <- {
           se.se_metadata with
             e_auth_config = Some [{
               auth_system = "cas";
               auth_instance = "cas";
               auth_config = ["server", server];
             }]
471 472
         };
         return (redir_preapply election_setup uuid)))
473

474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495
let template_password = format_of_string
  "You are listed as a voter for the election

  %s

You will find below your login and password.  To cast a vote, you will
also need a credential, sent in a separate email.  Be careful,
passwords and credentials look similar but play different roles.  You
will be asked to enter your credential before entering the voting
booth.  Login and passwords are required once your ballot is ready to
be cast.

Username: %s
Password: %s
Page of the election: %s

Note that you are allowed to vote several times.  Only the last vote
counts.

-- 
Belenios"

496 497 498 499 500 501 502 503 504
let generate_password table title url v =
  lwt salt = generate_token () in
  lwt password = generate_token () in
  let hashed = sha256_hex (salt ^ password) in
  lwt () = Ocsipersist.add table v (salt, hashed) in
  let body = Printf.sprintf template_password title v password url in
  let subject = "Your password for election " ^ title in
  send_email "noreply@belenios.org" v subject body

505 506 507 508 509 510 511 512 513 514
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
         let table =
           "password_" ^
           let u = Uuidm.to_string uuid in
           underscorize u
         in
515 516 517 518 519
         let title = se.se_questions.t_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
520
         let table = Ocsipersist.open_table table in
521
         Lwt_list.iter_s (generate_password table title url) se.se_voters >>
522 523 524
         return (fun () ->
           T.generic_page ~title:"Success"
             "Passwords have been generated and mailed!" () >>= Html5.send)))
525

526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556
let () =
  Any.register
    ~service:election_regenpwd
    (fun ((uuid, ()), user) () ->
      let uuid_s = Uuidm.to_string uuid in
      let w = SMap.find uuid_s !election_table in
      let module W = (val w : WEB_ELECTION) in
      lwt site_user = Web_auth_state.get_site_user () in
      match site_user with
      | Some u when W.metadata.e_owner = Some u ->
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
         begin try_lwt
           lwt _ = Ocsipersist.find table user in
           generate_password table title url user >>
           T.generic_page ~title:"Success"
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
           T.generic_page ~title:"Error"
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
557 558 559 560
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
561
     match_lwt Web_auth_state.get_site_user () with
562 563
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
564 565
        lwt se = Ocsipersist.find election_stable uuid_s in
        if se.se_owner = u
566
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
567 568
        else forbidden ()
     | None -> forbidden ()
569 570
    )

Stephane Glondu's avatar
Stephane Glondu committed
571 572 573 574
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
575 576 577
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
         return (redir_preapply election_setup_questions uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
578

Stephane Glondu's avatar
Stephane Glondu committed
579 580 581 582
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
583
      match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
584 585 586 587
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
         lwt se = Ocsipersist.find election_stable uuid_s in
         if se.se_owner = u
588
         then T.election_setup_voters uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

let () =
  Any.register
    ~service:election_setup_voters_post
    (handle_setup
606
       (fun se x _ uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
607 608 609 610 611 612 613
         let xs = Pcre.split x in
         let () =
           try
             let bad = List.find (fun x -> not (is_email x)) xs in
             Printf.ksprintf failwith "%S is not a valid address" bad
           with Not_found -> ()
         in
614 615
         se.se_voters <- xs;
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
616

Stephane Glondu's avatar
Stephane Glondu committed
617 618 619
let () =
  Redirection.register
    ~service:election_setup_trustee_add
620
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
621
     match_lwt Web_auth_state.get_site_user () with
622 623
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
624 625 626 627 628 629 630 631 632 633
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
          lwt se = Ocsipersist.find election_stable uuid_s in
          if se.se_owner = u
          then (
            lwt token = generate_token () in
            se.se_public_keys <- (token, ref "") :: se.se_public_keys;
            Ocsipersist.add election_stable uuid_s se >>
            Ocsipersist.add election_pktokens token uuid_s
          ) else forbidden ()
        ) >>
634
        return (preapply election_setup_trustees uuid)
635 636 637 638 639 640 641
     | None -> forbidden ()
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
642
     match_lwt Web_auth_state.get_site_user () with
643 644 645 646 647 648 649 650 651 652 653 654 655 656
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
          lwt se = Ocsipersist.find election_stable uuid_s in
          if se.se_owner = u
          then (
            match se.se_public_keys with
            | (token, _) :: xs ->
               se.se_public_keys <- xs;
               Ocsipersist.add election_stable uuid_s se >>
               Ocsipersist.remove election_pktokens token
            | _ -> return ()
          ) else forbidden ()
        ) >>
657
        return (preapply election_setup_trustees uuid)
658 659 660
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
661 662 663 664 665 666 667 668
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
     lwt uuid = Ocsipersist.find election_credtokens token in
     lwt se = Ocsipersist.find election_stable uuid in
     T.election_setup_credentials token uuid se ()
    )
669

Stephane Glondu's avatar
Stephane Glondu committed
670 671 672 673 674 675 676 677
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
     lwt uuid = Ocsipersist.find election_credtokens token in
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
678

Stephane Glondu's avatar
Stephane Glondu committed
679 680 681
let wrap_handler f =
  try_lwt f ()
  with
682
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708

let handle_credentials_post token creds =
  lwt uuid = Ocsipersist.find election_credtokens token in
  lwt se = Ocsipersist.find election_stable uuid in
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
  lwt () =
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
709
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
710 711
  T.generic_page ~title:"Success"
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
712 713 714 715 716 717 718

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
719

Stephane Glondu's avatar
Stephane Glondu committed
720 721 722 723 724 725 726
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769
module Credgen = struct
  module String = PString

  (* FIXME: duplicate of Tool_credgen *)

  let get_random_char =
    let prng = Lazy.lazy_from_fun (Lwt_preemptive.detach (fun () ->
      pseudo_rng (random_string secure_rng 16)
    )) in
    let mutex = Lwt_mutex.create () in
    fun () ->
      Lwt_mutex.with_lock mutex (fun () ->
        lwt prng = Lazy.force prng in
        let s = random_string prng 1 in
        return @@ s.[0]
      )

  (* Beware: the following must be changed in accordance with the booth! *)
  let digits = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
  let token_length = 14
  let n58 = Z.of_int 58
  let n53 = Z.of_int 53

  let generate_raw_token () =
    let res = String.create token_length in
    let rec loop i accu =
      if i < token_length then (
        lwt digit = get_random_char () in
        let digit = int_of_char digit mod 58 in
        res.[i] <- digits.[digit];
        loop (i+1) Z.(n58 * accu + of_int digit)
      ) else return (res, accu)
    in loop 0 Z.zero

  let add_checksum (raw, value) =
    let checksum = 53 - Z.(to_int (value mod n53)) in
    return (raw ^ String.make 1 digits.[checksum])

  let generate () =
    generate_raw_token () >>= add_checksum

end

770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791
let template_credential = format_of_string
  "You are listed as a voter for the election

  %s

You will find below your login and credential.  To cast a vote, you will
also need a password, sent in a separate email.  Be careful,
passwords and credentials look similar but play different roles.  You
will be asked to enter your credential before entering the voting
booth.  Login and passwords are required once your ballot is ready to
be cast.

Username: %s
Credential: %s
Page of the election: %s

Note that you are allowed to vote several times.  Only the last vote
counts.

-- 
Belenios"

792 793 794
let () =
  Any.register
    ~service:election_setup_credentials_server
795
    (handle_setup (fun se () _ uuid ->
796 797 798
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
799
      let uuid_s = Uuidm.to_string uuid in
800 801 802 803 804
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
805 806 807 808 809 810 811 812 813 814 815 816
      lwt se = Ocsipersist.find election_stable uuid_s in
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
      lwt creds =
        Lwt_list.fold_left_s (fun accu id ->
          lwt cred = Credgen.generate () in
          let priv_cred = derive_cred uuid cred in
          let pub_cred =
            let x = Z.(of_string_base 16 priv_cred mod G.q) in
            let y = G.(g **~ x) in
            G.to_string y
          in
817 818
          let body = Printf.sprintf template_credential title id cred url in
          let subject = "Your credential for election " ^ title in
819
          lwt () = send_email "noreply@belenios.org" id subject body in
820 821 822 823 824
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
825
      lwt () =
826 827 828 829
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
830
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
831
      in
832 833 834
      return (fun () ->
        T.generic_page ~title:"Success"
          "Credentials have been generated and mailed!" () >>= Html5.send)))
835

Stephane Glondu's avatar
Stephane Glondu committed
836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
     lwt uuid = Ocsipersist.find election_pktokens token in
     lwt se = Ocsipersist.find election_stable uuid in
     T.election_setup_trustee token uuid se ()
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
        lwt uuid = Ocsipersist.find election_pktokens token in
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
           lwt se = Ocsipersist.find election_stable uuid in
           let pkref = List.assoc token se.se_public_keys in
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
           let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
           pkref := public_key;
           Ocsipersist.add election_stable uuid se
864 865 866
          ) >> T.generic_page ~title:"Success"
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
867 868 869 870 871 872 873
       )
    )

let () =
  Any.register
    ~service:election_setup_create
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
874
     match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
875 876 877
     | None -> forbidden ()
     | Some u ->
        begin try_lwt
878 879 880
          let uuid_s = Uuidm.to_string uuid in
          Lwt_mutex.with_lock election_setup_mutex (fun () ->
            lwt se = Ocsipersist.find election_stable uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
881 882 883
            if se.se_owner <> u then forbidden () else
            let group = Group.of_string se.se_group in
            let module G = (val group : GROUP) in
884
            let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
Stephane Glondu's avatar
Stephane Glondu committed
885
            (* construct election data in memory *)
886
            lwt public_keys, private_key =
Stephane Glondu's avatar
Stephane Glondu committed
887
              match se.se_public_keys with
888 889 890 891 892 893 894 895 896
              | [] ->
                 lwt private_key, public_key = KG.generate_and_prove () in
                 return ([public_key], Some private_key)
              | _ :: _ ->
                 return (List.rev_map
                   (fun (_, r) ->
                     if !r = "" then failwith "some public keys are missing";
                     trustee_public_key_of_string G.read !r
                   ) se.se_public_keys, None)
Stephane Glondu's avatar
Stephane Glondu committed
897 898 899 900 901 902
            in
            let y = KG.combine (Array.of_list public_keys) in
            let template = se.se_questions in
            let params = {
              e_description = template.t_description;
              e_name = template.t_name;
903
              e_public_key = {wpk_group = G.group; wpk_y = y};
Stephane Glondu's avatar
Stephane Glondu committed
904 905 906 907 908 909 910 911 912
              e_questions = template.t_questions;
              e_uuid = uuid;
              e_short_name = template.t_short_name;
            } in
            let files = {
              f_election = !spool_dir / uuid_s ^ ".election.json";
              f_metadata = !spool_dir / uuid_s ^ ".metadata.json";
              f_public_keys = !spool_dir / uuid_s ^ ".public_keys.jsons";
              f_public_creds = !spool_dir / uuid_s ^ ".public_creds.txt";
Stephane Glondu's avatar
Stephane Glondu committed
913
              f_voters = !spool_dir / uuid_s ^ ".voters.txt";
Stephane Glondu's avatar
Stephane Glondu committed
914 915 916 917 918 919
            } in
            lwt _ =
              try_lwt Lwt_unix.stat files.f_public_creds
              with _ -> failwith "public credentials are missing"
            in
            (* write election files to disk *)
920
            let create_file fname what xs =
Stephane Glondu's avatar
Stephane Glondu committed
921 922 923
              Lwt_io.with_file
                ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
                ~perm:0o600 ~mode:Lwt_io.Output fname
924 925 926 927 928
                (fun oc ->
                  Lwt_list.iter_s
                    (fun v ->
                      Lwt_io.write oc (what v) >>
                      Lwt_io.write oc "\n") xs)
Stephane Glondu's avatar
Stephane Glondu committed
929
            in
930 931 932 933
            create_file files.f_election (string_of_params (write_wrapped_pubkey G.write_group G.write)) [params] >>
            create_file files.f_metadata string_of_metadata [se.se_metadata] >>
            create_file files.f_voters (fun x -> x) se.se_voters >>
            create_file files.f_public_keys (string_of_trustee_public_key G.write) public_keys >>
Stephane Glondu's avatar
Stephane Glondu committed
934 935 936
            (* actually create the election *)
            begin match_lwt import_election files with
            | None ->
937
               T.new_election_failure `Exists () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
938 939 940 941
            | Some w ->
               let module W = (val w : REGISTRABLE_ELECTION) in
               lwt w = W.register () in
               let module W = (val w : WEB_ELECTION) in
942 943 944 945 946 947
               (* create file with private key, if any *)
               lwt () =
                 match private_key with
                 | None -> return ()
                 | Some x ->
                    let fname = W.dir / "private_key.json" in
948
                    create_file fname string_of_number [x]
949
               in
Stephane Glondu's avatar
Stephane Glondu committed
950 951 952 953 954
               (* clean up temporary files *)
               Lwt_unix.unlink files.f_election >>
               Lwt_unix.unlink files.f_metadata >>
               Lwt_unix.unlink files.f_public_keys >>
               Lwt_unix.unlink files.f_public_creds >>
Stephane Glondu's avatar
Stephane Glondu committed
955
               Lwt_unix.unlink files.f_voters >>
Stephane Glondu's avatar
Stephane Glondu committed
956 957 958 959 960 961 962 963 964 965 966 967
               (* clean up tokens *)
               Ocsipersist.remove election_credtokens se.se_public_creds >>
               Lwt_list.iter_s
                 (fun (token, _) ->
                  Ocsipersist.remove election_pktokens token)
                 se.se_public_keys >>
               Ocsipersist.remove election_stable uuid_s >>
               Redirection.send
                 (preapply election_admin (W.election.e_params.e_uuid, ()))
            end
          )
        with e ->
968
          T.new_election_failure (`Exception e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
969 970
        end
    )
971

Stephane Glondu's avatar
Stephane Glondu committed
972 973 974 975
let () =
  Any.register
    ~service:election_home
    (fun (uuid, ()) () ->
976
      let uuid_s = Uuidm.to_string uuid in
977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994
      try
        let w = SMap.find uuid_s !election_table in
        let module W = (val w : WEB_ELECTION) in
        Eliom_reference.unset Web_services.ballot >>
        let cont () =
          Redirection.send
            (Eliom_service.preapply
               election_home (W.election.e_params.e_uuid, ()))
        in
        Eliom_reference.set Web_auth_state.cont [cont] >>
        match_lwt Eliom_reference.get Web_services.cast_confirmed with
        | Some result ->
           Eliom_reference.unset Web_services.cast_confirmed >>
           T.cast_confirmed (module W) ~result () >>= Html5.send
        | None ->
           lwt state = Web_persist.get_election_state uuid_s in
           T.election_home (module W) state () >>= Html5.send
      with Not_found ->
Stephane Glondu's avatar
Stephane Glondu committed
995
        T.generic_page ~title:"Sorry, this election is not yet open"
996 997
          "This election does not exist yet. Please come back later." ()
          >>= Html5.send)
998

Stephane Glondu's avatar
Stephane Glondu committed
999 1000 1001 1002 1003 1004
let () =
  Any.register
    ~service:election_admin
    (fun (uuid, ()) () ->
     let uuid_s = Uuidm.to_string uuid in
     let w = SMap.find uuid_s !election_table in
Stephane Glondu's avatar
Stephane Glondu committed
1005
     lwt site_user = Web_auth_state.get_site_user () in
1006
     lwt is_featured = Web_persist.is_featured_election uuid_s in
1007 1008 1009 1010 1011
     let module W = (val w : WEB_ELECTION) in
     let uuid = Uuidm.to_string W.election.e_params.e_uuid in
     match site_user with
     | Some u when W.metadata.e_owner = Some u ->
        lwt state = Web_persist.get_election_state uuid in
1012
        T.election_admin (module W) ~is_featured state () >>= Html5.send
1013 1014
       | _ -> forbidden ()
    )
1015

1016
let election_set_state state (uuid, ()) () =
Stephane Glondu's avatar
Stephane Glondu committed
1017 1018 1019
     let uuid_s = Uuidm.to_string uuid in
     let w = SMap.find uuid_s !election_table in
     let module W = (val w : WEB_ELECTION) in
1020
     lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
1021
       match_lwt Web_auth_state.get_site_user () with
1022 1023 1024 1025 1026 1027 1028 1029 1030 1031
       | Some u when W.metadata.e_owner = Some u -> return ()
       | _ -> forbidden ()
     in
     lwt () =
       match_lwt Web_persist.get_election_state uuid_s with
       | `Open | `Closed -> return ()
       | _ -> forbidden ()
     in
     let state = if state then `Open else `Closed in
     Web_persist.set_election_state uuid_s state >>
1032 1033 1034 1035
     Redirection.send (preapply election_admin (uuid, ()))

let () = Any.register ~service:election_open (election_set_state true)
let () = Any.register ~service:election_close (election_set_state false)
1036

Stephane Glondu's avatar
Stephane Glondu committed
1037 1038 1039 1040 1041 1042
let () =
  Any.register
    ~service:election_update_credential
    (fun (uuid, ()) () ->
     let uuid_s = Uuidm.to_string uuid in
     let w = SMap.find uuid_s !election_table in
Stephane Glondu's avatar
Stephane Glondu committed
1043
     lwt site_user = Web_auth_state.get_site_user () in
1044 1045 1046 1047
     let module W = (val w : WEB_ELECTION) in
     match site_user with
     | Some u ->
        if W.metadata.e_owner = Some u then (
1048
          T.update_credential (module W) () >>= Html5.send
1049 1050 1051 1052
        ) else (
          forbidden ()
        )
     | _ -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
1053 1054 1055 1056

let () =
  Any.register
    ~service:election_update_credential_post
1057
    (fun (uuid, ()) (old, new_) ->
Stephane Glondu's avatar
Stephane Glondu committed
1058 1059
     let uuid_s = Uuidm.to_string uuid in
     let w = SMap.find uuid_s !election_table in
Stephane Glondu's avatar
Stephane Glondu committed
1060
     lwt site_user = Web_auth_state.get_site_user () in
1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074
     let module W = (val w : WEB_ELECTION) in
     match site_user with
     | Some u ->
       if W.metadata.e_owner = Some u then (
         try_lwt
           W.B.update_cred ~old ~new_ >>
           String.send ("OK", "text/plain")
         with Error e ->
           String.send ("Error: " ^ explain_error e, "text/plain")
       ) >>= (fun x -> return @@ cast_unknown_content_kind x)
       else (
         forbidden ()
       )
     | _ -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
1075 1076 1077 1078

let () =
  Any.register
    ~service:election_vote
1079
    (fun (uuid, ()) () ->
1080 1081 1082 1083 1084 1085 1086 1087 1088 1089
      let uuid_s = Uuidm.to_string uuid in
      let w = SMap.find uuid_s !election_table in
      let module W = (val w : WEB_ELECTION) in
      Eliom_reference.unset Web_services.ballot >>
      Redirection.send
        (Eliom_service.preapply
           (Eliom_service.static_dir_with_params
              ~get_params:(Eliom_parameter.string "election_url") ())
           (["static"; "vote.html"],
            "../elections/" ^ uuid_s ^ "/")))
1090

Stephane Glondu's avatar
Stephane Glondu committed
1091 1092 1093
let () =
  Any.register
    ~service:election_cast
1094
    (fun (uuid, ()) () ->
1095 1096 1097
      let uuid_s = Uuidm.to_string uuid in
      let w = SMap.find uuid_s !election_table in
      let module W = (val w : WEB_ELECTION) in
Stephane Glondu's avatar
Stephane Glondu committed
1098
      let cont () =
1099 1100 1101 1102
        Redirection.send
          (Eliom_service.preapply
             election_cast (W.election.e_params.e_uuid, ()))
      in
Stephane Glondu's avatar
Stephane Glondu committed
1103
      Eliom_reference.set Web_auth_state.cont [cont] >>
1104 1105 1106
      match_lwt Eliom_reference.get Web_services.ballot with
      | Some b -> T.cast_confirmation w (sha256_b64 b) () >>= Html5.send
      | None -> T.cast_raw w () >>= Html5.send)
Stephane Glondu's avatar
Stephane Glondu committed
1107 1108 1109 1110

let () =
  Any.register
    ~service:election_cast_post
1111 1112 1113 1114
    (fun (uuid, ()) (ballot_raw, ballot_file) ->
      let uuid_s = Uuidm.to_string uuid in
      let w = SMap.find uuid_s !election_table in
      let module W = (val w : WEB_ELECTION) in
Stephane Glondu's avatar
Stephane Glondu committed
1115
      lwt user = Web_auth_state.get_election_user uuid in
1116 1117 1118 1119 1120 1121 1122
      lwt the_ballot = match ballot_raw, ballot_file with
        | Some ballot, None -> return ballot
        | None, Some fi ->
           let fname = fi.Ocsigen_extensions.tmp_filename in
           Lwt_stream.to_string (Lwt_io.chars_of_file fname)
        | _, _ -> fail_http 400
      in
Stephane Glondu's avatar
Stephane Glondu committed
1123
      let cont () =
1124 1125 1126 1127
        Redirection.send
          (Eliom_service.preapply
             Web_services.election_cast (W.election.e_params.e_uuid, ()))
      in
Stephane Glondu's avatar
Stephane Glondu committed
1128
      Eliom_reference.set Web_auth_state.cont [cont] >>
1129 1130 1131 1132 1133 1134 1135
      Eliom_reference.set Web_services.ballot (Some the_ballot) >>
      match user with
      | None ->
         Redirection.send
           (Eliom_service.preapply
              Web_services.election_login
              ((W.election.e_params.e_uuid, ()), None))
Stephane Glondu's avatar
Stephane Glondu committed
1136
      | Some u -> cont ())
1137

Stephane Glondu's avatar
Stephane Glondu committed
1138 1139 1140
let () =
  Any.register
    ~service:election_cast_confirm
1141
    (fun (uuid, ()) () ->
1142 1143 1144 1145 1146 1147 1148
      let uuid_s = Uuidm.to_string uuid in
      let w = SMap.find uuid_s !election_table in
      let module W = (val w : WEB_ELECTION) in
      match_lwt Eliom_reference.get Web_services.ballot with
      | Some the_ballot ->
         begin
           Eliom_reference.unset Web_services.ballot >>
Stephane Glondu's avatar
Stephane Glondu committed
1149
           match_lwt Web_auth_state.get_election_user uuid with
1150 1151 1152 1153 1154