web_site.ml 52.5 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
Stephane Glondu's avatar
Stephane Glondu committed
33

34 35
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
36
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
37

Stephane Glondu's avatar
Stephane Glondu committed
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
open Eliom_service
open Eliom_registration

module LwtRandom = MakeLwtRandom (struct let rng = make_rng () end)

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
54
let raw_find_election uuid =
55
  let%lwt raw_election = Web_persist.get_raw_election uuid in
56 57 58 59
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
60

Stephane Glondu's avatar
Stephane Glondu committed
61 62
module WCacheTypes = struct
  type key = string
63
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
64 65 66 67 68 69 70 71
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

72
let get_setup_election uuid_s =
73
  let%lwt se = Ocsipersist.find election_stable uuid_s in
74
  return (setup_election_of_string se)
75 76

let set_setup_election uuid_s se =
77
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
78

Stephane Glondu's avatar
Stephane Glondu committed
79
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
80 81 82 83 84 85
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
  let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
109
  let%lwt trustees, public_keys, private_key =
110 111
    match se.se_public_keys with
    | [] ->
112
       let%lwt private_key, public_key = KG.generate_and_prove () in
113
       return (None, [public_key], Some private_key)
114
    | _ :: _ ->
115 116 117
       return (
         Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
         (List.map
118 119 120
            (fun {st_public_key; _} ->
              if st_public_key = "" then failwith "some public keys are missing";
              trustee_public_key_of_string G.read st_public_key
121 122
            ) se.se_public_keys),
         None)
123 124 125
  in
  let y = KG.combine (Array.of_list public_keys) in
  (* election parameters *)
126
  let metadata = { se.se_metadata with e_trustees = trustees } in
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
  create_file "public_keys.jsons" (string_of_trustee_public_key G.write) public_keys >>
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
151
  create_file "metadata.json" string_of_metadata [metadata] >>
152 153
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
154
  let election = Group.election_params_of_string raw_election in
155 156
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
157
  let%lwt () =
158
    match metadata.e_auth_config with
159 160 161 162 163 164 165 166 167 168
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
169
  let%lwt () =
170 171 172 173 174 175 176
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
  (* create file with private key, if any *)
177
  let%lwt () =
178 179 180 181 182 183 184
    match private_key with
    | None -> return_unit
    | Some x -> create_file "private_key.json" string_of_number [x]
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
185 186
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
187 188 189
    se.se_public_keys >>
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
190
  (match metadata.e_auth_config with
191 192 193 194 195 196 197 198 199 200
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
201
       dump_passwords (!spool_dir / uuid_s) table
202 203
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
204
  Web_persist.set_election_state uuid_s `Open >>
205
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
206

Stephane Glondu's avatar
Stephane Glondu committed
207 208 209 210
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
211
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
212 213 214 215 216 217
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
218
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
219 220 221 222
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
223 224 225 226 227 228 229 230
  let%lwt () = cleanup_table ~uuid_s "election_states" in
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
231 232
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
233 234
let () = Any.register ~service:home
  (fun () () ->
235
    Eliom_reference.unset Web_state.cont >>
236
    T.home () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
237 238
  )

239
let get_finalized_elections_by_owner u =
240
  let%lwt elections, tallied, archived =
241 242
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
243 244 245
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
246
        let elections, tallied, archived = accu in
247
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
248 249 250 251
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
252 253 254 255 256
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
257
  return (sort elections, sort tallied, sort archived)
258

Stephane Glondu's avatar
Stephane Glondu committed
259 260
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
261
    let cont () = Redirection.send admin in
262
    Eliom_reference.set Web_state.cont [cont] >>
263 264
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
265
      match site_user with
266
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
267
      | Some u ->
268 269
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
270
           Ocsipersist.fold_step (fun k v accu ->
271
             let v = setup_election_of_string v in
272
             if v.se_owner = u
273
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
274 275
             else return accu
           ) election_stable []
276
         in
Stephane Glondu's avatar
Stephane Glondu committed
277
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
278
    in
279
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
280 281 282 283 284 285 286 287
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let do_get_randomness =
288
  let prng = Lazy.from_fun (Lwt_preemptive.detach (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
289 290 291 292 293
    pseudo_rng (random_string secure_rng 16)
  )) in
  let mutex = Lwt_mutex.create () in
  fun () ->
    Lwt_mutex.with_lock mutex (fun () ->
294
      let%lwt prng = Lazy.force prng in
Stephane Glondu's avatar
Stephane Glondu committed
295
      return (random_string prng 32)
296 297
    )

298 299 300
let b64_encode_compact x =
  Cryptokit.(transform_string (Base64.encode_compact ()) x)

Stephane Glondu's avatar
Stephane Glondu committed
301 302 303
let () = String.register
  ~service:get_randomness
  (fun () () ->
304
    let%lwt r = do_get_randomness () in
Stephane Glondu's avatar
Stephane Glondu committed
305 306 307 308 309 310 311
    b64_encode_compact r |>
    (fun x -> string_of_randomness { randomness=x }) |>
    (fun x -> return (x, "application/json"))
  )

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

Stephane Glondu's avatar
Stephane Glondu committed
312 313 314 315 316 317 318 319 320 321 322 323
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
324
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
325 326 327 328
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
329
    e_trustees = None;
330
    e_languages = None;
Stephane Glondu's avatar
Stephane Glondu committed
331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
    se_group = "{\"g\":\"14887492224963187634282421537186040801304008017743492304481737382571933937568724473847106029915040150784031882206090286938661464458896494215273989547889201144857352611058572236578734319505128042602372864570426550855201448111746579871811249114781674309062693442442368697449970648232621880001709535143047913661432883287150003429802392229361583608686643243349727791976247247948618930423866180410558458272606627111270040091203073580238905303994472202930783207472394578498507764703191288249547659899997131166130259700604433891232298182348403175947450284433411265966789131024573629546048637848902243503970966798589660808533\",\"p\":\"16328632084933010002384055033805457329601614771185955389739167309086214800406465799038583634953752941675645562182498120750264980492381375579367675648771293800310370964745767014243638518442553823973482995267304044326777047662957480269391322789378384619428596446446984694306187644767462460965622580087564339212631775817895958409016676398975671266179637898557687317076177218843233150695157881061257053019133078545928983562221396313169622475509818442661047018436264806901023966236718367204710755935899013750306107738002364137917426595737403871114187750804346564731250609196846638183903982387884578266136503697493474682071\",\"q\":\"61329566248342901292543872769978950870633559608669337131139375508370458778917\"}";
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
351
    se_public_creds_received = false;
Stephane Glondu's avatar
Stephane Glondu committed
352
  } in
353 354
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
355 356 357 358 359
  return (preapply election_setup uuid)

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

Stephane Glondu's avatar
Stephane Glondu committed
360
let () = Redirection.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
361
  (fun () (credmgmt, (auth, cas_server)) ->
362
   match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
363
   | Some u ->
364
      let%lwt credmgmt = match credmgmt with
Stephane Glondu's avatar
Stephane Glondu committed
365 366 367 368
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
369
      let%lwt auth = match auth with
Stephane Glondu's avatar
Stephane Glondu committed
370 371 372 373 374 375 376
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
377

378
let generic_setup_page f uuid () =
379
  match%lwt Web_state.get_site_user () with
380 381
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
382
     let%lwt se = get_setup_election uuid_s in
383 384 385 386 387
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
388
let () = Html5.register ~service:election_setup
389
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
390

391
let () = Html5.register ~service:election_setup_trustees
392 393 394 395
  (generic_setup_page T.election_setup_trustees)

let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
396

Stephane Glondu's avatar
Stephane Glondu committed
397 398
let election_setup_mutex = Lwt_mutex.create ()

399
let handle_setup f uuid x =
400
  match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
401 402 403
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
404
       let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
405
       if se.se_owner = u then (
406 407
         try%lwt
           let%lwt cont = f se x u uuid in
408
           set_setup_election uuid_s se >>
409
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
410
         with e ->
411 412
           let service = preapply election_setup uuid in
           T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
413 414 415
       ) else forbidden ()
     )
  | None -> forbidden ()
416

417 418
let redir_preapply s u () = Redirection.send (preapply s u)

419 420 421 422 423 424 425 426 427 428 429
let () =
  Any.register
    ~service:election_setup_languages
    (handle_setup
       (fun se languages _ uuid ->
         se.se_metadata <- {
            se.se_metadata with
            e_languages = languages_of_string languages
          };
         return (redir_preapply election_setup uuid)))

430 431 432 433
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
434
       (fun se (name, description) _ uuid ->
435 436 437
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
438 439
         };
         return (redir_preapply election_setup uuid)))
440

Stephane Glondu's avatar
Stephane Glondu committed
441
let generate_password langs title url id =
442
  let email, login = split_identity id in
443 444
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
445
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
446 447 448 449 450 451
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
452
  let subject = "Your password for election " ^ title in
453
  send_email email subject body >>
454
  return (salt, hashed)
455

456 457 458 459 460
let handle_password se uuid ~force voters =
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
461
  let langs = get_languages se.se_metadata.e_languages in
462 463 464 465
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
466
       let%lwt x = generate_password langs title url id.sv_id in
467 468 469
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
470
    let service = preapply election_setup uuid in
471
    T.generic_page ~title:"Success" ~service
472 473
      "Passwords have been generated and mailed!" () >>= Html5.send)

474 475 476 477 478
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
479
         handle_password se uuid ~force:false se.se_voters))
480

481 482 483
let () =
  Any.register
    ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
484
    (fun (uuid, ()) () ->
485 486 487 488 489 490
      T.regenpwd uuid () >>= Html5.send)

let () =
  Any.register
    ~service:election_regenpwd_post
    (fun (uuid, ()) user ->
491
      let uuid_s = Uuidm.to_string uuid in
492 493
      let%lwt w = find_election uuid_s in
      let%lwt metadata = Web_persist.get_election_metadata uuid_s in
494
      let module W = (val w) in
495
      let%lwt site_user = Web_state.get_site_user () in
496
      match site_user with
497
      | Some u when metadata.e_owner = Some u ->
498 499 500 501 502 503 504
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
505
         let service = preapply election_admin (uuid, ()) in
506 507
         begin try%lwt
           let%lwt _ = Ocsipersist.find table user in
508
           let langs = get_languages metadata.e_languages in
509
           let%lwt x = generate_password langs title url user in
510
           Ocsipersist.add table user x >>
511
           dump_passwords (!spool_dir / uuid_s) table >>
512
           T.generic_page ~title:"Success" ~service
513 514 515
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
516
           T.generic_page ~title:"Error" ~service
517 518 519 520 521 522
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
523 524 525 526
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
527
     match%lwt Web_state.get_site_user () with
528 529
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
530
        let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
531
        if se.se_owner = u
532
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
533 534
        else forbidden ()
     | None -> forbidden ()
535 536
    )

Stephane Glondu's avatar
Stephane Glondu committed
537 538 539 540
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
541 542 543
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
         return (redir_preapply election_setup_questions uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
544

Stephane Glondu's avatar
Stephane Glondu committed
545 546 547 548
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
549
      match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
550 551
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
552
         let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
553
         if se.se_owner = u
554
         then T.election_setup_voters uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
555 556 557 558 559
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
560
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
561
  ~flags:[`CASELESS]
562
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
563

Stephane Glondu's avatar
Stephane Glondu committed
564 565
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
566 567
  with Not_found -> false

568 569 570 571 572 573 574 575
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

576 577
module SSet = Set.Make (PString)

578
let merge_voters a b f =
579 580 581 582 583 584 585
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
586
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
587 588 589
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
590 591
let () =
  Any.register
592
    ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
593
    (handle_setup
594
       (fun se x _ uuid ->
595
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
596 597 598
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
599 600
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
601 602
           with Not_found -> ()
         in
603
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
604
         return (redir_preapply election_setup_voters uuid))))
605 606 607 608 609 610

let () =
  Any.register
    ~service:election_setup_voters_remove
    (handle_setup
       (fun se voter _ uuid ->
611
         if se.se_public_creds_received then forbidden () else (
612 613 614
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
615
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
616

617 618 619 620 621 622 623
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
624
let () =
625
  Any.register
Stephane Glondu's avatar
Stephane Glondu committed
626
    ~service:election_setup_trustee_add
627 628
    (fun uuid st_id ->
     if is_email st_id then
629
     match%lwt Web_state.get_site_user () with
630 631
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
632
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
633
          let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
634 635
          if se.se_owner = u
          then (
636
            let%lwt st_token = generate_token () in
637 638
            let trustee = {st_id; st_token; st_public_key = ""} in
            se.se_public_keys <- se.se_public_keys @ [trustee];
639
            set_setup_election uuid_s se >>
640
            Ocsipersist.add election_pktokens st_token uuid_s
Stephane Glondu's avatar
Stephane Glondu committed
641 642
          ) else forbidden ()
        ) >>
643
        Redirection.send (preapply election_setup_trustees uuid)
644
     | None -> forbidden ()
645 646
     else
       let msg = st_id ^ " is not a valid e-mail address!" in
647 648
       let service = preapply election_setup_trustees uuid in
       T.generic_page ~title:"Error" ~service msg () >>= Html5.send
649 650 651 652 653
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
654
    (fun uuid index ->
655
     match%lwt Web_state.get_site_user () with
656 657 658
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
659
          let%lwt se = get_setup_election uuid_s in
660 661
          if se.se_owner = u
          then (
662 663 664 665 666 667 668
            let trustees, old =
              se.se_public_keys |>
              List.mapi (fun i x -> i, x) |>
              List.partition (fun (i, _) -> i <> index) |>
              (fun (x, y) -> List.map snd x, List.map snd y)
            in
            se.se_public_keys <- trustees;
669
            set_setup_election uuid_s se >>
670 671 672
            Lwt_list.iter_s (fun {st_token; _} ->
              Ocsipersist.remove election_pktokens st_token
            ) old
673 674
          ) else forbidden ()
        ) >>
675
        return (preapply election_setup_trustees uuid)
676 677 678
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
679 680 681 682
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
683 684
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
Stephane Glondu's avatar
Stephane Glondu committed
685 686
     T.election_setup_credentials token uuid se ()
    )
687

Stephane Glondu's avatar
Stephane Glondu committed
688 689 690 691 692
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
693
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
694 695
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
696

Stephane Glondu's avatar
Stephane Glondu committed
697
let wrap_handler f =
698
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
699
  with
700
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
701 702

let handle_credentials_post token creds =
703 704
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
705
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
706 707 708 709 710 711 712 713 714 715
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
716
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
717 718 719 720 721 722 723 724 725 726 727
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
728
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
729
  let () = se.se_public_creds_received <- true in
730
  set_setup_election uuid se >>
731
  T.generic_page ~title:"Success" ~service:home
732
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
733 734 735 736 737 738 739

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
740

Stephane Glondu's avatar
Stephane Glondu committed
741 742 743 744 745 746 747
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

748
module CG = Credential.MakeGenerate (LwtRandom)
749 750 751 752

let () =
  Any.register
    ~service:election_setup_credentials_server
753
    (handle_setup (fun se () _ uuid ->
754
      if se.se_public_creds_received then forbidden () else
755 756 757
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
758
      let uuid_s = Uuidm.to_string uuid in
759 760 761 762 763
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
764 765
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
766
      let module CD = Credential.MakeDerive (G) in
767
      let%lwt creds =
768 769
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
770
          let%lwt cred = CG.generate () in
771
          let pub_cred =
772
            let x = CD.derive uuid cred in
773 774 775
            let y = G.(g **~ x) in
            G.to_string y
          in
776
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
777 778 779 780 781 782
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
783
          let subject = "Your credential for election " ^ title in
784
          let%lwt () = send_email email subject body in
785 786 787 788 789
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
790
      let%lwt () =
791 792 793 794
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
795
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
796
      in
797
      se.se_public_creds_received <- true;
798
      return (fun () ->
799 800
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
801
          "Credentials have been generated and mailed!" () >>= Html5.send)))
802

Stephane Glondu's avatar
Stephane Glondu committed
803 804 805 806
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
807 808
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
Stephane Glondu's avatar
Stephane Glondu committed
809
     T.election_setup_trustee token se ()
Stephane Glondu's avatar
Stephane Glondu committed
810 811 812 813 814 815 816 817
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
818
        let%lwt uuid = Ocsipersist.find election_pktokens token in
Stephane Glondu's avatar
Stephane Glondu committed
819 820 821
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
822
           let%lwt se = get_setup_election uuid in
823
           let t = List.find (fun x -> token = x.st_token) se.se_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
824 825 826 827 828
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
           let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
829
           t.st_public_key <- public_key;
830
           set_setup_election uuid se
831
          ) >> T.generic_page ~title:"Success"
832 833
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
834 835 836
       )
    )

837 838 839 840
let () =
  Any.register
    ~service:election_setup_confirm
    (fun uuid () ->
841
      match%lwt Web_state.get_site_user () with
842 843 844
      | None -> forbidden ()
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
845
         let%lwt se = get_setup_election uuid_s in
846 847 848
         if se.se_owner <> u then forbidden () else
         T.election_setup_confirm uuid se () >>= Html5.send)

Stephane Glondu's avatar
Stephane Glondu committed
849 850 851 852
let () =
  Any.register
    ~service:election_setup_create
    (fun uuid () ->
853
     match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
854 855
     | None -> forbidden ()
     | Some u ->
856
        begin try%lwt
857 858
          let uuid_s = Uuidm.to_string uuid in
          Lwt_mutex.with_lock election_setup_mutex (fun () ->
859
            let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
860
            if se.se_owner <> u then forbidden () else
861 862
            finalize_election uuid se >>
            Redirection.send (preapply election_admin (uuid, ()))
Stephane Glondu's avatar
Stephane Glondu committed
863 864
          )
        with e ->
865
          T.new_election_failure (`Exception e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
866 867
        end
    )