Mise à jour terminée. Pour connaître les apports de la version 13.8.4 par rapport à notre ancienne version vous pouvez lire les "Release Notes" suivantes :
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
https://about.gitlab.com/releases/2021/02/05/gitlab-13-8-3-released/

web_site.ml 70.7 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
33
let maxmailsatonce = ref 1000
Stephane Glondu's avatar
Stephane Glondu committed
34

35 36
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
37
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
38

Stephane Glondu's avatar
Stephane Glondu committed
39 40 41 42 43 44 45 46 47
open Eliom_service
open Eliom_registration

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

48 49 50
(* Table with tokens given to trustees (in threshold mode). *)
let election_tpktokens = Ocsipersist.open_table "site_tpktokens"

Stephane Glondu's avatar
Stephane Glondu committed
51 52 53
(* Table with tokens given to trustees (in threshold mode) to decrypt *)
let election_tokens_decrypt = Ocsipersist.open_table "site_tokens_decrypt"

Stephane Glondu's avatar
Stephane Glondu committed
54 55 56 57 58
(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
59
let raw_find_election uuid =
60
  let%lwt raw_election = Web_persist.get_raw_election uuid in
61 62 63 64
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
65

Stephane Glondu's avatar
Stephane Glondu committed
66 67
module WCacheTypes = struct
  type key = string
68
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
69 70 71 72 73 74 75 76
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

77
let get_setup_election uuid_s =
78
  let%lwt se = Ocsipersist.find election_stable uuid_s in
79
  return (setup_election_of_string se)
80 81

let set_setup_election uuid_s se =
82
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
83

Stephane Glondu's avatar
Stephane Glondu committed
84
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
85 86 87 88 89 90
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
  let%lwt y, trustees, pk_or_tp, private_keys =
    match se.se_threshold_trustees with
    | None ->
       let module KG = Trustees.MakeSimple (G) (LwtRandom) in
       let%lwt trustees, public_keys, private_key =
         match se.se_public_keys with
         | [] ->
            let%lwt private_key = KG.generate () in
            let%lwt public_key = KG.prove private_key in
            return (None, [public_key], `KEY private_key)
         | _ :: _ ->
            return (
                Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
                (List.map
                   (fun {st_public_key; _} ->
                     if st_public_key = "" then failwith "some public keys are missing";
                     trustee_public_key_of_string G.read st_public_key
                   ) se.se_public_keys),
                `None)
       in
       let y = KG.combine (Array.of_list public_keys) in
       return (y, trustees, `PK public_keys, private_key)
    | Some ts ->
       match se.se_threshold_parameters with
       | None -> failwith "key establishment not finished"
       | Some tp ->
          let tp = threshold_parameters_of_string G.read tp in
          let module P = Trustees.MakePKI (G) (LwtRandom) in
          let module C = Trustees.MakeChannels (G) (LwtRandom) (P) in
          let module K = Trustees.MakePedersen (G) (LwtRandom) (P) (C) in
          let trustees = List.map (fun {stt_id; _} -> stt_id) ts in
          let private_keys =
            List.map (fun {stt_voutput; _} ->
                match stt_voutput with
                | Some v ->
                   let voutput = voutput_of_string G.read v in
                   voutput.vo_private_key
                | None -> failwith "inconsistent state"
              ) ts
          in
          let y = K.combine tp in
          return (y, Some trustees, `TP tp, `KEYS private_keys)
155 156
  in
  (* election parameters *)
157
  let metadata = { se.se_metadata with e_trustees = trustees } in
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
180 181 182 183
  (match pk_or_tp with
   | `PK pk -> create_file "public_keys.jsons" (string_of_trustee_public_key G.write) pk
   | `TP tp -> create_file "threshold.json" (string_of_threshold_parameters G.write) [tp]
  ) >>
184
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
185
  create_file "metadata.json" string_of_metadata [metadata] >>
186 187
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
188
  let election = Group.election_params_of_string raw_election in
189 190
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
191
  let%lwt () =
192
    match metadata.e_auth_config with
193 194 195 196 197 198 199 200 201 202
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
203
  let%lwt () =
204 205 206 207 208 209
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
210
  (* create file with private keys, if any *)
211
  let%lwt () =
212 213 214 215
    match private_keys with
    | `None -> return_unit
    | `KEY x -> create_file "private_key.json" string_of_number [x]
    | `KEYS x -> create_file "private_keys.jsons" (fun x -> x) x
216 217 218 219
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
220 221
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
222
    se.se_public_keys >>
223 224 225 226 227 228 229
  (match se.se_threshold_trustees with
   | None -> return_unit
   | Some ts ->
      Lwt_list.iter_s
        (fun x -> Ocsipersist.remove election_tpktokens x.stt_token)
        ts
  ) >>
230 231
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
232
  (match metadata.e_auth_config with
233 234 235 236 237 238 239 240 241 242
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
243
       dump_passwords (!spool_dir / uuid_s) table
244 245
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
246
  Web_persist.set_election_state uuid_s `Open >>
247
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
248

Stephane Glondu's avatar
Stephane Glondu committed
249 250 251 252
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
253
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
254 255 256 257 258 259
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
260
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
261 262 263 264
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
265
  let%lwt () = cleanup_table ~uuid_s "election_states" in
Stephane Glondu's avatar
Stephane Glondu committed
266
  let%lwt () = cleanup_table ~uuid_s "site_tokens_decrypt" in
267 268 269 270 271 272 273
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
274 275
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
276 277
let () = Any.register ~service:home
  (fun () () ->
278
    Eliom_reference.unset Web_state.cont >>
279
    Redirection.send admin
Stephane Glondu's avatar
Stephane Glondu committed
280 281
  )

282
let get_finalized_elections_by_owner u =
283
  let%lwt elections, tallied, archived =
284 285
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
286 287 288
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
289
        let elections, tallied, archived = accu in
290
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
291 292 293 294
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
295 296 297 298 299
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
300
  return (sort elections, sort tallied, sort archived)
301

302 303 304 305 306
let with_site_user f =
  match%lwt Web_state.get_site_user () with
  | Some u -> f u
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
307 308
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
309
    let cont () = Redirection.send admin in
310
    Eliom_reference.set Web_state.cont [cont] >>
311 312
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
313
      match site_user with
314
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
315
      | Some u ->
316 317
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
318
           Ocsipersist.fold_step (fun k v accu ->
319
             let v = setup_election_of_string v in
320 321
             if v.se_owner = u then
               return ((uuid_of_string k, v.se_questions.t_name) :: accu)
322 323
             else return accu
           ) election_stable []
324
         in
Stephane Glondu's avatar
Stephane Glondu committed
325
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
326
    in
327
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
328 329
  )

330
let () = File.register ~service:source_code
Stephane Glondu's avatar
Stephane Glondu committed
331 332 333 334 335
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

336 337
let redir_preapply s u () = Redirection.send (preapply s u)

Stephane Glondu's avatar
Stephane Glondu committed
338 339 340 341 342 343 344 345 346 347 348 349
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
350
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
351 352 353 354
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
355
    e_trustees = None;
356
    e_languages = Some ["en"; "fr"];
Stephane Glondu's avatar
Stephane Glondu committed
357 358 359
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
360
    q_blank = None;
Stephane Glondu's avatar
Stephane Glondu committed
361 362 363 364 365 366 367 368 369 370 371
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
372
    se_group = "{\"g\":\"2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627\",\"p\":\"20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719\",\"q\":\"78571733251071885079927659812671450121821421258408794611510081919805623223441\"}"; (* generated by fips.sage *)
Stephane Glondu's avatar
Stephane Glondu committed
373 374 375 376 377
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
378
    se_public_creds_received = false;
379 380 381 382
    se_threshold = None;
    se_threshold_trustees = None;
    se_threshold_parameters = None;
    se_threshold_error = None;
Stephane Glondu's avatar
Stephane Glondu committed
383
  } in
384 385
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
386
  redir_preapply election_setup uuid ()
Stephane Glondu's avatar
Stephane Glondu committed
387 388 389 390

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

391
let () = Any.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
392
  (fun () (credmgmt, (auth, cas_server)) ->
393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
    with_site_user (fun u ->
        let%lwt credmgmt = match credmgmt with
          | Some "auto" -> return `Automatic
          | Some "manual" -> return `Manual
          | _ -> fail_http 400
        in
        let%lwt auth = match auth with
          | Some "password" -> return `Password
          | Some "dummy" -> return `Dummy
          | Some "cas" -> return @@ `CAS cas_server
          | _ -> fail_http 400
        in
        create_new_election u credmgmt auth
      )
  )
Stephane Glondu's avatar
Stephane Glondu committed
408

409
let generic_setup_page f uuid () =
410 411 412 413 414 415 416
  with_site_user (fun u ->
      let uuid_s = Uuidm.to_string uuid in
      let%lwt se = get_setup_election uuid_s in
      if se.se_owner = u then
        f uuid se ()
      else forbidden ()
    )
417

Stephane Glondu's avatar
Stephane Glondu committed
418
let () = Html5.register ~service:election_setup
419
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
420

421 422
let () = Any.register ~service:election_setup_trustees
  (fun uuid () ->
423 424 425 426 427 428 429 430 431
    with_site_user (fun u ->
        let uuid_s = Uuidm.to_string uuid in
        let%lwt se = get_setup_election uuid_s in
        if se.se_owner = u then
          match se.se_threshold_trustees with
          | None -> T.election_setup_trustees uuid se () >>= Html5.send
          | Some _ -> redir_preapply election_setup_threshold_trustees uuid ()
        else forbidden ()
      )
432
  )
433

434 435 436
let () = Html5.register ~service:election_setup_threshold_trustees
  (generic_setup_page T.election_setup_threshold_trustees)

437 438
let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
439

Stephane Glondu's avatar
Stephane Glondu committed
440 441
let election_setup_mutex = Lwt_mutex.create ()

442
let handle_setup f uuid x =
443 444 445 446 447 448 449 450 451 452 453 454 455 456 457
  with_site_user (fun u ->
      let uuid_s = Uuidm.to_string uuid in
      Lwt_mutex.with_lock election_setup_mutex (fun () ->
          let%lwt se = get_setup_election uuid_s in
          if se.se_owner = u then (
            try%lwt
               let%lwt cont = f se x u uuid in
               set_setup_election uuid_s se >>
               cont ()
            with e ->
              let service = preapply election_setup uuid in
              T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
          ) else forbidden ()
        )
    )
458

459
let () =
460
  Any.register ~service:election_setup_languages
461 462
    (handle_setup
       (fun se languages _ uuid ->
463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491
         let langs = languages_of_string languages in
         match langs with
         | None -> assert false
         | Some [] ->
            return (fun () ->
                let service = preapply election_setup uuid in
                T.generic_page ~title:"Error" ~service
                  "You must select at least one language!" () >>= Html5.send
              )
         | Some ls ->
            let unavailable =
              List.filter (fun x ->
                  not (List.mem x available_languages)
                ) ls
            in
            match unavailable with
            | [] ->
               se.se_metadata <- {
                  se.se_metadata with
                  e_languages = langs
                };
               return (redir_preapply election_setup uuid)
            | l :: _ ->
               return (fun () ->
                   let service = preapply election_setup uuid in
                   T.generic_page ~title:"Error" ~service
                     ("No such language: " ^ l) () >>= Html5.send
                 )
    ))
492

493
let () =
494
  Any.register ~service:election_setup_description
495
    (handle_setup
496
       (fun se (name, description) _ uuid ->
497 498 499
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
500 501
         };
         return (redir_preapply election_setup uuid)))
502

Stephane Glondu's avatar
Stephane Glondu committed
503
let generate_password langs title url id =
504
  let email, login = split_identity id in
505 506
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
507
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
508 509 510 511 512 513
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
514 515 516 517 518
  let subject =
    let lang = List.hd langs in
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password_subject title
  in
519
  send_email email subject body >>
520
  return (salt, hashed)
521

522
let handle_password se uuid ~force voters =
523 524 525
  if List.length voters > !maxmailsatonce then
    Lwt.fail (Failure (Printf.sprintf "Cannot send passwords, there are too many voters (max is %d)" !maxmailsatonce))
  else
526 527 528 529
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
530
  let langs = get_languages se.se_metadata.e_languages in
531 532 533 534
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
535
       let%lwt x = generate_password langs title url id.sv_id in
536 537 538
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
539
    let service = preapply election_setup uuid in
540
    T.generic_page ~title:"Success" ~service
541 542
      "Passwords have been generated and mailed!" () >>= Html5.send)

543
let () =
544
  Any.register ~service:election_setup_auth_genpwd
545 546
    (handle_setup
       (fun se () _ uuid ->
547
         handle_password se uuid ~force:false se.se_voters))
548

549
let () =
550
  Any.register ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
551
    (fun (uuid, ()) () ->
552 553 554
      T.regenpwd uuid () >>= Html5.send)

let () =
555
  Any.register ~service:election_regenpwd_post
556
    (fun (uuid, ()) user ->
557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586
      with_site_user (fun u ->
          let uuid_s = Uuidm.to_string uuid in
          let%lwt w = find_election uuid_s in
          let%lwt metadata = Web_persist.get_election_metadata uuid_s in
          let module W = (val w) in
          if metadata.e_owner = Some u then (
            let table = "password_" ^ underscorize uuid_s in
            let table = Ocsipersist.open_table table in
            let title = W.election.e_params.e_name in
            let url = Eliom_uri.make_string_uri
                        ~absolute:true ~service:election_home
                        (uuid, ()) |> rewrite_prefix
            in
            let service = preapply election_admin (uuid, ()) in
            (try%lwt
               let%lwt _ = Ocsipersist.find table user in
               let langs = get_languages metadata.e_languages in
               let%lwt x = generate_password langs title url user in
               Ocsipersist.add table user x >>
                 dump_passwords (!spool_dir / uuid_s) table >>
                 T.generic_page ~title:"Success" ~service
                   ("A new password has been mailed to " ^ user ^ ".") ()
               >>= Html5.send
              with Not_found ->
                T.generic_page ~title:"Error" ~service
                  (user ^ " is not a registered user for this election.") ()
                >>= Html5.send
            )
          ) else forbidden ()
        )
587 588
    )

Stephane Glondu's avatar
Stephane Glondu committed
589
let () =
590
  Html5.register ~service:election_setup_questions
Stephane Glondu's avatar
Stephane Glondu committed
591
    (fun uuid () ->
592 593 594 595 596 597 598
      with_site_user (fun u ->
          let uuid_s = Uuidm.to_string uuid in
          let%lwt se = get_setup_election uuid_s in
          if se.se_owner = u then
            T.election_setup_questions uuid se ()
          else forbidden ()
        )
599 600
    )

Stephane Glondu's avatar
Stephane Glondu committed
601
let () =
602
  Any.register ~service:election_setup_questions_post
Stephane Glondu's avatar
Stephane Glondu committed
603
    (handle_setup
604 605
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
606
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
607

Stephane Glondu's avatar
Stephane Glondu committed
608
let () =
609
  Html5.register ~service:election_setup_voters
Stephane Glondu's avatar
Stephane Glondu committed
610
    (fun uuid () ->
611 612 613 614 615 616 617
      with_site_user (fun u ->
          let uuid_s = Uuidm.to_string uuid in
          let%lwt se = get_setup_election uuid_s in
          if se.se_owner = u then
            T.election_setup_voters uuid se !maxmailsatonce ()
          else forbidden ()
        )
Stephane Glondu's avatar
Stephane Glondu committed
618 619 620
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
621
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
622
  ~flags:[`CASELESS]
623
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
624

Stephane Glondu's avatar
Stephane Glondu committed
625 626
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
627 628
  with Not_found -> false

629 630 631 632 633 634 635 636
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

637 638
module SSet = Set.Make (PString)

639
let merge_voters a b f =
640 641 642 643 644 645 646
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
647
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
648 649 650
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
651
let () =
652
  Any.register ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
653
    (handle_setup
654
       (fun se x _ uuid ->
655
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
656 657 658
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
659 660
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
661 662
           with Not_found -> ()
         in
663
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
664
         return (redir_preapply election_setup_voters uuid))))
665 666

let () =
667
  Any.register ~service:election_setup_voters_remove
668 669
    (handle_setup
       (fun se voter _ uuid ->
670
         if se.se_public_creds_received then forbidden () else (
671 672 673
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
674
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
675

676 677 678 679 680 681 682
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
683
let () =
684
  Any.register ~service:election_setup_trustee_add
685
    (fun uuid st_id ->
686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705
      with_site_user (fun u ->
          if is_email st_id then (
            let uuid_s = Uuidm.to_string uuid in
            Lwt_mutex.with_lock election_setup_mutex (fun () ->
                let%lwt se = get_setup_election uuid_s in
                if se.se_owner = u then (
                  let%lwt st_token = generate_token () in
                  let trustee = {st_id; st_token; st_public_key = ""} in
                  se.se_public_keys <- se.se_public_keys @ [trustee];
                  set_setup_election uuid_s se >>
                    Ocsipersist.add election_pktokens st_token uuid_s
                ) else forbidden ()
              ) >>
              redir_preapply election_setup_trustees uuid ()
          ) else (
            let msg = st_id ^ " is not a valid e-mail address!" in
            let service = preapply election_setup_trustees uuid in
            T.generic_page ~title:"Error" ~service msg () >>= Html5.send
          )
        )
706 707 708
    )

let () =
709
  Any.register ~service:election_setup_trustee_del
710
    (fun uuid index ->
711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730
      with_site_user (fun u ->
          let uuid_s = Uuidm.to_string uuid in
          Lwt_mutex.with_lock election_setup_mutex (fun () ->
              let%lwt se = get_setup_election uuid_s in
              if se.se_owner = u then (
                let trustees, old =
                  se.se_public_keys |>
                    List.mapi (fun i x -> i, x) |>
                    List.partition (fun (i, _) -> i <> index) |>
                    (fun (x, y) -> List.map snd x, List.map snd y)
                in
                se.se_public_keys <- trustees;
                set_setup_election uuid_s se >>
                  Lwt_list.iter_s (fun {st_token; _} ->
                      Ocsipersist.remove election_pktokens st_token
                    ) old
              ) else forbidden ()
            ) >>
            redir_preapply election_setup_trustees uuid ()
        )
731 732
    )

Stephane Glondu's avatar
Stephane Glondu committed
733
let () =
734
  Html5.register ~service:election_setup_credentials
Stephane Glondu's avatar
Stephane Glondu committed
735
    (fun token () ->
736 737
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
738 739 740 741
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from credtokens"
       | Some u -> u
     in
Stephane Glondu's avatar
Stephane Glondu committed
742 743
     T.election_setup_credentials token uuid se ()
    )
744

Stephane Glondu's avatar
Stephane Glondu committed
745
let () =
746
  File.register ~service:election_setup_credentials_download
Stephane Glondu's avatar
Stephane Glondu committed
747 748
    ~content_type:"text/plain"
    (fun token () ->
749
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
750 751
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
752

Stephane Glondu's avatar
Stephane Glondu committed
753
let wrap_handler f =
754
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
755
  with
756
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
757 758

let handle_credentials_post token creds =
759 760
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
761
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
762 763 764 765 766 767 768 769 770 771
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
772
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
773 774 775 776 777 778 779 780 781 782 783
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
784
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
785
  let () = se.se_public_creds_received <- true in
786
  set_setup_election uuid se >>
787
  T.generic_page ~title:"Success" ~service:home
788
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
789 790

let () =
791
  Any.register ~service:election_setup_credentials_post
Stephane Glondu's avatar
Stephane Glondu committed
792 793 794
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
795

Stephane Glondu's avatar
Stephane Glondu committed
796
let () =
797
  Any.register ~service:election_setup_credentials_post_file
Stephane Glondu's avatar
Stephane Glondu committed
798 799 800 801
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

802
module CG = Credential.MakeGenerate (LwtRandom)
803 804

let () =
805
  Any.register ~service:election_setup_credentials_server
806
    (handle_setup (fun se () _ uuid ->
807 808
      let nvoters = List.length se.se_voters in
      if nvoters > !maxmailsatonce then
809
        Lwt.fail (Failure (Printf.sprintf "Cannot send credentials, there are too many voters (max is %d)" !maxmailsatonce))
810 811
      else if nvoters = 0 then
        Lwt.fail (Failure "No voters")
812
      else
813
      if se.se_public_creds_received then forbidden () else
814 815 816
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
817
      let uuid_s = Uuidm.to_string uuid in
818 819 820 821 822
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
823 824
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
825
      let module CD = Credential.MakeDerive (G) in
826
      let%lwt creds =
827 828
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
829
          let%lwt cred = CG.generate () in
830
          let pub_cred =
831
            let x = CD.derive uuid cred in
832 833 834
            let y = G.(g **~ x) in
            G.to_string y
          in
835
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
836 837 838 839 840 841
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
842 843 844 845 846
          let subject =
            let lang = List.hd langs in
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential_subject title
          in
847
          let%lwt () = send_email email subject body in
848 849 850 851 852
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
853
      let%lwt () =
854 855 856 857
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
858
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
859
      in
860
      se.se_public_creds_received <- true;
861
      return (fun () ->
862 863
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
864
          "Credentials have been generated and mailed!" () >>= Html5.send)))
865

Stephane Glondu's avatar
Stephane Glondu committed
866
let () =
867
  Html5.register ~service:election_setup_trustee
Stephane Glondu's avatar
Stephane Glondu committed
868
    (fun token () ->
869 870
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
871 872 873 874 875
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from pktokens"
       | Some u -> u
     in
     T.election_setup_trustee token uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
876 877 878
    )

let () =
879
  Any.register ~service:election_setup_trustee_post
Stephane Glondu's avatar
Stephane Glondu committed
880 881 882
    (fun token public_key ->
     wrap_handler
       (fun () ->
883
        let%lwt uuid = Ocsipersist.find election_pktokens token in
Stephane Glondu's avatar
Stephane Glondu committed
884 885 886
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
887
           let%lwt se = get_setup_election uuid in
888
           let t = List.find (fun x -> token = x.st_token) se.se_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
889 890
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
891
           let module KG = Trustees.MakeSimple (G) (LwtRandom) in
Stephane Glondu's avatar
Stephane Glondu committed
892 893
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
894
           t.st_public_key <- public_key;
895
           set_setup_election uuid se
896
          ) >> T.generic_page ~title:"Success"
897 898
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
899 900 901
       )
    )

902
let () =
903
  Any.register ~service:election_setup_confirm
904
    (fun uuid () ->
905 906 907 908 909 910 911
      with_site_user (fun u ->
          let uuid_s = Uuidm.to_string uuid in
          let%lwt se = get_setup_election uuid_s in
          if se.se_owner <> u then forbidden () else
            T.election_setup_confirm uuid se () >>= Html5.send
        )
    )
912

Stephane Glondu's avatar
Stephane Glondu committed
913
let () =
914
  Any.register ~service:election_setup_create
Stephane Glondu's avatar
Stephane Glondu committed
915
    (fun uuid () ->
916 917 918 919 920 921 922 923 924 925 926
      with_site_user (fun u ->
          (try%lwt
             let uuid_s = Uuidm.to_string uuid in
             Lwt_mutex.with_lock election_setup_mutex (fun () ->
                 let%lwt se = get_setup_election uuid_s in
                 if se.se_owner <> u then forbidden () else
                   finalize_election uuid se >>
                     redir_preapply election_admin (uuid, ()) ()
               )
           with e ->
             T.new_election_failure (`Exception e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
927
          )
928
        )
Stephane Glondu's avatar
Stephane Glondu committed
929
    )
930

931
let () =
932
  Html5.register ~service:election_setup_import
933
    (fun uuid () ->
934 935 936 937 938 939
      with_site_user (fun u ->
          let%lwt se = get_setup_election (Uuidm.to_string uuid) in
          let%lwt elections = get_finalized_elections_by_owner u in
          T.election_setup_import uuid se elections ()
        )
    )
940 941

let () =
942
  Any.register ~service:election_setup_import_post
943 944 945
    (handle_setup
       (fun se from _ uuid ->
         let from_s = Uuidm.to_string from in
946 947
         let%lwt voters = Web_persist.get_voters from_s in
         let%lwt passwords = Web_persist.get_passwords from_s in
948 949 950 951 952 953 954 955
         let get_password =
           match passwords with
           | None -> fun _ -> None
           |