web_site.ml 70.5 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
33
let maxmailsatonce = ref 1000
Stephane Glondu's avatar
Stephane Glondu committed
34

35 36
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
37
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
38

Stephane Glondu's avatar
Stephane Glondu committed
39 40 41 42 43 44 45 46 47
open Eliom_service
open Eliom_registration

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

48 49 50
(* Table with tokens given to trustees (in threshold mode). *)
let election_tpktokens = Ocsipersist.open_table "site_tpktokens"

Stephane Glondu's avatar
Stephane Glondu committed
51 52 53
(* Table with tokens given to trustees (in threshold mode) to decrypt *)
let election_tokens_decrypt = Ocsipersist.open_table "site_tokens_decrypt"

Stephane Glondu's avatar
Stephane Glondu committed
54 55 56 57 58
(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
59
let raw_find_election uuid =
60
  let%lwt raw_election = Web_persist.get_raw_election uuid in
61 62 63 64
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
65

Stephane Glondu's avatar
Stephane Glondu committed
66 67
module WCacheTypes = struct
  type key = string
68
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
69 70 71 72 73 74 75 76
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

77
let get_setup_election uuid_s =
78
  let%lwt se = Ocsipersist.find election_stable uuid_s in
79
  return (setup_election_of_string se)
80 81

let set_setup_election uuid_s se =
82
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
83

Stephane Glondu's avatar
Stephane Glondu committed
84
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
85 86 87 88 89 90
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
  let%lwt y, trustees, pk_or_tp, private_keys =
    match se.se_threshold_trustees with
    | None ->
       let module KG = Trustees.MakeSimple (G) (LwtRandom) in
       let%lwt trustees, public_keys, private_key =
         match se.se_public_keys with
         | [] ->
            let%lwt private_key = KG.generate () in
            let%lwt public_key = KG.prove private_key in
            return (None, [public_key], `KEY private_key)
         | _ :: _ ->
            return (
                Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
                (List.map
                   (fun {st_public_key; _} ->
                     if st_public_key = "" then failwith "some public keys are missing";
                     trustee_public_key_of_string G.read st_public_key
                   ) se.se_public_keys),
                `None)
       in
       let y = KG.combine (Array.of_list public_keys) in
       return (y, trustees, `PK public_keys, private_key)
    | Some ts ->
       match se.se_threshold_parameters with
       | None -> failwith "key establishment not finished"
       | Some tp ->
          let tp = threshold_parameters_of_string G.read tp in
          let module P = Trustees.MakePKI (G) (LwtRandom) in
          let module C = Trustees.MakeChannels (G) (LwtRandom) (P) in
          let module K = Trustees.MakePedersen (G) (LwtRandom) (P) (C) in
          let trustees = List.map (fun {stt_id; _} -> stt_id) ts in
          let private_keys =
            List.map (fun {stt_voutput; _} ->
                match stt_voutput with
                | Some v ->
                   let voutput = voutput_of_string G.read v in
                   voutput.vo_private_key
                | None -> failwith "inconsistent state"
              ) ts
          in
          let y = K.combine tp in
          return (y, Some trustees, `TP tp, `KEYS private_keys)
155 156
  in
  (* election parameters *)
157
  let metadata = { se.se_metadata with e_trustees = trustees } in
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
180 181 182 183
  (match pk_or_tp with
   | `PK pk -> create_file "public_keys.jsons" (string_of_trustee_public_key G.write) pk
   | `TP tp -> create_file "threshold.json" (string_of_threshold_parameters G.write) [tp]
  ) >>
184
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
185
  create_file "metadata.json" string_of_metadata [metadata] >>
186 187
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
188
  let election = Group.election_params_of_string raw_election in
189 190
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
191
  let%lwt () =
192
    match metadata.e_auth_config with
193 194 195 196 197 198 199 200 201 202
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
203
  let%lwt () =
204 205 206 207 208 209
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
210
  (* create file with private keys, if any *)
211
  let%lwt () =
212 213 214 215
    match private_keys with
    | `None -> return_unit
    | `KEY x -> create_file "private_key.json" string_of_number [x]
    | `KEYS x -> create_file "private_keys.jsons" (fun x -> x) x
216 217 218 219
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
220 221
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
222
    se.se_public_keys >>
223 224 225 226 227 228 229
  (match se.se_threshold_trustees with
   | None -> return_unit
   | Some ts ->
      Lwt_list.iter_s
        (fun x -> Ocsipersist.remove election_tpktokens x.stt_token)
        ts
  ) >>
230 231
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
232
  (match metadata.e_auth_config with
233 234 235 236 237 238 239 240 241 242
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
243
       dump_passwords (!spool_dir / uuid_s) table
244 245
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
246
  Web_persist.set_election_state uuid_s `Open >>
247
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
248

Stephane Glondu's avatar
Stephane Glondu committed
249 250 251 252
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
253
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
254 255 256 257 258 259
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
260
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
261 262 263 264
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
265
  let%lwt () = cleanup_table ~uuid_s "election_states" in
Stephane Glondu's avatar
Stephane Glondu committed
266
  let%lwt () = cleanup_table ~uuid_s "site_tokens_decrypt" in
267 268 269 270 271 272 273
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
274 275
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
276 277
let () = Any.register ~service:home
  (fun () () ->
278
    Eliom_reference.unset Web_state.cont >>
279
    Redirection.send admin
Stephane Glondu's avatar
Stephane Glondu committed
280 281
  )

282
let get_finalized_elections_by_owner u =
283
  let%lwt elections, tallied, archived =
284 285
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
286 287 288
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
289
        let elections, tallied, archived = accu in
290
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
291 292 293 294
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
295 296 297 298 299
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
300
  return (sort elections, sort tallied, sort archived)
301

Stephane Glondu's avatar
Stephane Glondu committed
302 303
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
304
    let cont () = Redirection.send admin in
305
    Eliom_reference.set Web_state.cont [cont] >>
306 307
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
308
      match site_user with
309
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
310
      | Some u ->
311 312
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
313
           Ocsipersist.fold_step (fun k v accu ->
314
             let v = setup_election_of_string v in
315
             if v.se_owner = u
316
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
317 318
             else return accu
           ) election_stable []
319
         in
Stephane Glondu's avatar
Stephane Glondu committed
320
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
321
    in
322
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
323 324
  )

325
let () = File.register ~service:source_code
Stephane Glondu's avatar
Stephane Glondu committed
326 327 328 329 330
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

331 332
let redir_preapply s u () = Redirection.send (preapply s u)

Stephane Glondu's avatar
Stephane Glondu committed
333 334 335 336 337 338 339 340 341 342 343 344
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
345
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
346 347 348 349
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
350
    e_trustees = None;
351
    e_languages = Some ["en"; "fr"];
Stephane Glondu's avatar
Stephane Glondu committed
352 353 354
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
355
    q_blank = None;
Stephane Glondu's avatar
Stephane Glondu committed
356 357 358 359 360 361 362 363 364 365 366
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
367
    se_group = "{\"g\":\"2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627\",\"p\":\"20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719\",\"q\":\"78571733251071885079927659812671450121821421258408794611510081919805623223441\"}"; (* generated by fips.sage *)
Stephane Glondu's avatar
Stephane Glondu committed
368 369 370 371 372
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
373
    se_public_creds_received = false;
374 375 376 377
    se_threshold = None;
    se_threshold_trustees = None;
    se_threshold_parameters = None;
    se_threshold_error = None;
Stephane Glondu's avatar
Stephane Glondu committed
378
  } in
379 380
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
381
  redir_preapply election_setup uuid ()
Stephane Glondu's avatar
Stephane Glondu committed
382 383 384 385

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

386
let () = Any.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
387
  (fun () (credmgmt, (auth, cas_server)) ->
388
   match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
389
   | Some u ->
390
      let%lwt credmgmt = match credmgmt with
Stephane Glondu's avatar
Stephane Glondu committed
391 392 393 394
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
395
      let%lwt auth = match auth with
Stephane Glondu's avatar
Stephane Glondu committed
396 397 398 399 400 401 402
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
403

404
let generic_setup_page f uuid () =
405
  match%lwt Web_state.get_site_user () with
406 407
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
408
     let%lwt se = get_setup_election uuid_s in
409 410 411 412 413
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
414
let () = Html5.register ~service:election_setup
415
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
416

417 418 419 420 421 422 423 424 425 426 427 428 429 430
let () = Any.register ~service:election_setup_trustees
  (fun uuid () ->
    match%lwt Web_state.get_site_user () with
    | Some u ->
       let uuid_s = Uuidm.to_string uuid in
       let%lwt se = get_setup_election uuid_s in
       if se.se_owner = u
       then
         match se.se_threshold_trustees with
         | None -> T.election_setup_trustees uuid se () >>= Html5.send
         | Some _ -> redir_preapply election_setup_threshold_trustees uuid ()
       else forbidden ()
    | None -> forbidden ()
  )
431

432 433 434
let () = Html5.register ~service:election_setup_threshold_trustees
  (generic_setup_page T.election_setup_threshold_trustees)

435 436
let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
437

Stephane Glondu's avatar
Stephane Glondu committed
438 439
let election_setup_mutex = Lwt_mutex.create ()

440
let handle_setup f uuid x =
441
  match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
442 443 444
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
445
       let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
446
       if se.se_owner = u then (
447 448
         try%lwt
           let%lwt cont = f se x u uuid in
449
           set_setup_election uuid_s se >>
450
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
451
         with e ->
452 453
           let service = preapply election_setup uuid in
           T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
454 455 456
       ) else forbidden ()
     )
  | None -> forbidden ()
457

458
let () =
459
  Any.register ~service:election_setup_languages
460 461
    (handle_setup
       (fun se languages _ uuid ->
462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490
         let langs = languages_of_string languages in
         match langs with
         | None -> assert false
         | Some [] ->
            return (fun () ->
                let service = preapply election_setup uuid in
                T.generic_page ~title:"Error" ~service
                  "You must select at least one language!" () >>= Html5.send
              )
         | Some ls ->
            let unavailable =
              List.filter (fun x ->
                  not (List.mem x available_languages)
                ) ls
            in
            match unavailable with
            | [] ->
               se.se_metadata <- {
                  se.se_metadata with
                  e_languages = langs
                };
               return (redir_preapply election_setup uuid)
            | l :: _ ->
               return (fun () ->
                   let service = preapply election_setup uuid in
                   T.generic_page ~title:"Error" ~service
                     ("No such language: " ^ l) () >>= Html5.send
                 )
    ))
491

492
let () =
493
  Any.register ~service:election_setup_description
494
    (handle_setup
495
       (fun se (name, description) _ uuid ->
496 497 498
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
499 500
         };
         return (redir_preapply election_setup uuid)))
501

Stephane Glondu's avatar
Stephane Glondu committed
502
let generate_password langs title url id =
503
  let email, login = split_identity id in
504 505
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
506
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
507 508 509 510 511 512
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
513 514 515 516 517
  let subject =
    let lang = List.hd langs in
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password_subject title
  in
518
  send_email email subject body >>
519
  return (salt, hashed)
520

521
let handle_password se uuid ~force voters =
522 523 524
  if List.length voters > !maxmailsatonce then
    Lwt.fail (Failure (Printf.sprintf "Cannot send passwords, there are too many voters (max is %d)" !maxmailsatonce))
  else
525 526 527 528
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
529
  let langs = get_languages se.se_metadata.e_languages in
530 531 532 533
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
534
       let%lwt x = generate_password langs title url id.sv_id in
535 536 537
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
538
    let service = preapply election_setup uuid in
539
    T.generic_page ~title:"Success" ~service
540 541
      "Passwords have been generated and mailed!" () >>= Html5.send)

542
let () =
543
  Any.register ~service:election_setup_auth_genpwd
544 545
    (handle_setup
       (fun se () _ uuid ->
546
         handle_password se uuid ~force:false se.se_voters))
547

548
let () =
549
  Any.register ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
550
    (fun (uuid, ()) () ->
551 552 553
      T.regenpwd uuid () >>= Html5.send)

let () =
554
  Any.register ~service:election_regenpwd_post
555
    (fun (uuid, ()) user ->
556
      let uuid_s = Uuidm.to_string uuid in
557 558
      let%lwt w = find_election uuid_s in
      let%lwt metadata = Web_persist.get_election_metadata uuid_s in
559
      let module W = (val w) in
560
      let%lwt site_user = Web_state.get_site_user () in
561
      match site_user with
562
      | Some u when metadata.e_owner = Some u ->
563 564 565 566 567 568 569
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
570
         let service = preapply election_admin (uuid, ()) in
571 572
         begin try%lwt
           let%lwt _ = Ocsipersist.find table user in
573
           let langs = get_languages metadata.e_languages in
574
           let%lwt x = generate_password langs title url user in
575
           Ocsipersist.add table user x >>
576
           dump_passwords (!spool_dir / uuid_s) table >>
577
           T.generic_page ~title:"Success" ~service
578 579 580
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
581
           T.generic_page ~title:"Error" ~service
582 583 584 585 586 587
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
588
let () =
589
  Html5.register ~service:election_setup_questions
Stephane Glondu's avatar
Stephane Glondu committed
590
    (fun uuid () ->
591
     match%lwt Web_state.get_site_user () with
592 593
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
594
        let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
595
        if se.se_owner = u
596
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
597 598
        else forbidden ()
     | None -> forbidden ()
599 600
    )

Stephane Glondu's avatar
Stephane Glondu committed
601
let () =
602
  Any.register ~service:election_setup_questions_post
Stephane Glondu's avatar
Stephane Glondu committed
603
    (handle_setup
604 605
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
606
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
607

Stephane Glondu's avatar
Stephane Glondu committed
608
let () =
609
  Html5.register ~service:election_setup_voters
Stephane Glondu's avatar
Stephane Glondu committed
610
    (fun uuid () ->
611
      match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
612 613
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
614
         let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
615
         if se.se_owner = u
616
         then T.election_setup_voters uuid se !maxmailsatonce ()
Stephane Glondu's avatar
Stephane Glondu committed
617 618 619 620 621
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
622
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
623
  ~flags:[`CASELESS]
624
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
625

Stephane Glondu's avatar
Stephane Glondu committed
626 627
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
628 629
  with Not_found -> false

630 631 632 633 634 635 636 637
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

638 639
module SSet = Set.Make (PString)

640
let merge_voters a b f =
641 642 643 644 645 646 647
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
648
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
649 650 651
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
652
let () =
653
  Any.register ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
654
    (handle_setup
655
       (fun se x _ uuid ->
656
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
657 658 659
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
660 661
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
662 663
           with Not_found -> ()
         in
664
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
665
         return (redir_preapply election_setup_voters uuid))))
666 667

let () =
668
  Any.register ~service:election_setup_voters_remove
669 670
    (handle_setup
       (fun se voter _ uuid ->
671
         if se.se_public_creds_received then forbidden () else (
672 673 674
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
675
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
676

677 678 679 680 681 682 683
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
684
let () =
685
  Any.register ~service:election_setup_trustee_add
686 687
    (fun uuid st_id ->
     if is_email st_id then
688
     match%lwt Web_state.get_site_user () with
689 690
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
691
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
692
          let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
693 694
          if se.se_owner = u
          then (
695
            let%lwt st_token = generate_token () in
696 697
            let trustee = {st_id; st_token; st_public_key = ""} in
            se.se_public_keys <- se.se_public_keys @ [trustee];
698
            set_setup_election uuid_s se >>
699
            Ocsipersist.add election_pktokens st_token uuid_s
Stephane Glondu's avatar
Stephane Glondu committed
700 701
          ) else forbidden ()
        ) >>
702
        redir_preapply election_setup_trustees uuid ()
703
     | None -> forbidden ()
704 705
     else
       let msg = st_id ^ " is not a valid e-mail address!" in
706 707
       let service = preapply election_setup_trustees uuid in
       T.generic_page ~title:"Error" ~service msg () >>= Html5.send
708 709 710
    )

let () =
711
  Any.register ~service:election_setup_trustee_del
712
    (fun uuid index ->
713
     match%lwt Web_state.get_site_user () with
714 715 716
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
717
          let%lwt se = get_setup_election uuid_s in
718 719
          if se.se_owner = u
          then (
720 721 722 723 724 725 726
            let trustees, old =
              se.se_public_keys |>
              List.mapi (fun i x -> i, x) |>
              List.partition (fun (i, _) -> i <> index) |>
              (fun (x, y) -> List.map snd x, List.map snd y)
            in
            se.se_public_keys <- trustees;
727
            set_setup_election uuid_s se >>
728 729 730
            Lwt_list.iter_s (fun {st_token; _} ->
              Ocsipersist.remove election_pktokens st_token
            ) old
731 732
          ) else forbidden ()
        ) >>
733
        redir_preapply election_setup_trustees uuid ()
734 735 736
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
737
let () =
738
  Html5.register ~service:election_setup_credentials
Stephane Glondu's avatar
Stephane Glondu committed
739
    (fun token () ->
740 741
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
742 743 744 745
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from credtokens"
       | Some u -> u
     in
Stephane Glondu's avatar
Stephane Glondu committed
746 747
     T.election_setup_credentials token uuid se ()
    )
748

Stephane Glondu's avatar
Stephane Glondu committed
749
let () =
750
  File.register ~service:election_setup_credentials_download
Stephane Glondu's avatar
Stephane Glondu committed
751 752
    ~content_type:"text/plain"
    (fun token () ->
753
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
754 755
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
756

Stephane Glondu's avatar
Stephane Glondu committed
757
let wrap_handler f =
758
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
759
  with
760
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
761 762

let handle_credentials_post token creds =
763 764
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
765
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
766 767 768 769 770 771 772 773 774 775
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
776
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
777 778 779 780 781 782 783 784 785 786 787
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
788
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
789
  let () = se.se_public_creds_received <- true in
790
  set_setup_election uuid se >>
791
  T.generic_page ~title:"Success" ~service:home
792
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
793 794

let () =
795
  Any.register ~service:election_setup_credentials_post
Stephane Glondu's avatar
Stephane Glondu committed
796 797 798
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
799

Stephane Glondu's avatar
Stephane Glondu committed
800
let () =
801
  Any.register ~service:election_setup_credentials_post_file
Stephane Glondu's avatar
Stephane Glondu committed
802 803 804 805
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

806
module CG = Credential.MakeGenerate (LwtRandom)
807 808

let () =
809
  Any.register ~service:election_setup_credentials_server
810
    (handle_setup (fun se () _ uuid ->
811 812
      let nvoters = List.length se.se_voters in
      if nvoters > !maxmailsatonce then
813
        Lwt.fail (Failure (Printf.sprintf "Cannot send credentials, there are too many voters (max is %d)" !maxmailsatonce))
814 815
      else if nvoters = 0 then
        Lwt.fail (Failure "No voters")
816
      else
817
      if se.se_public_creds_received then forbidden () else
818 819 820
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
821
      let uuid_s = Uuidm.to_string uuid in
822 823 824 825 826
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
827 828
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
829
      let module CD = Credential.MakeDerive (G) in
830
      let%lwt creds =
831 832
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
833
          let%lwt cred = CG.generate () in
834
          let pub_cred =
835
            let x = CD.derive uuid cred in
836 837 838
            let y = G.(g **~ x) in
            G.to_string y
          in
839
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
840 841 842 843 844 845
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
846 847 848 849 850
          let subject =
            let lang = List.hd langs in
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential_subject title
          in
851
          let%lwt () = send_email email subject body in
852 853 854 855 856
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
857
      let%lwt () =
858 859 860 861
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
862
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
863
      in
864
      se.se_public_creds_received <- true;
865
      return (fun () ->
866 867
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
868
          "Credentials have been generated and mailed!" () >>= Html5.send)))
869

Stephane Glondu's avatar
Stephane Glondu committed
870
let () =
871
  Html5.register ~service:election_setup_trustee
Stephane Glondu's avatar
Stephane Glondu committed
872
    (fun token () ->
873 874
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
875 876 877 878 879
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from pktokens"
       | Some u -> u
     in
     T.election_setup_trustee token uuid se ()