Mise à jour terminée. Pour connaître les apports de la version 13.8.4 par rapport à notre ancienne version vous pouvez lire les "Release Notes" suivantes :
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
https://about.gitlab.com/releases/2021/02/05/gitlab-13-8-3-released/

web_site.ml 53.7 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
Stephane Glondu's avatar
Stephane Glondu committed
33

34 35
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
36
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
37

Stephane Glondu's avatar
Stephane Glondu committed
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
open Eliom_service
open Eliom_registration

module LwtRandom = MakeLwtRandom (struct let rng = make_rng () end)

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
54
let raw_find_election uuid =
55
  let%lwt raw_election = Web_persist.get_raw_election uuid in
56 57 58 59
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
60

Stephane Glondu's avatar
Stephane Glondu committed
61 62
module WCacheTypes = struct
  type key = string
63
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
64 65 66 67 68 69 70 71
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

72
let get_setup_election uuid_s =
73
  let%lwt se = Ocsipersist.find election_stable uuid_s in
74
  return (setup_election_of_string se)
75 76

let set_setup_election uuid_s se =
77
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
78

Stephane Glondu's avatar
Stephane Glondu committed
79
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
80 81 82 83 84 85
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
  let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
109
  let%lwt trustees, public_keys, private_key =
110 111
    match se.se_public_keys with
    | [] ->
112
       let%lwt private_key, public_key = KG.generate_and_prove () in
113
       return (None, [public_key], Some private_key)
114
    | _ :: _ ->
115 116 117
       return (
         Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
         (List.map
118 119 120
            (fun {st_public_key; _} ->
              if st_public_key = "" then failwith "some public keys are missing";
              trustee_public_key_of_string G.read st_public_key
121 122
            ) se.se_public_keys),
         None)
123 124 125
  in
  let y = KG.combine (Array.of_list public_keys) in
  (* election parameters *)
126
  let metadata = { se.se_metadata with e_trustees = trustees } in
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
  create_file "public_keys.jsons" (string_of_trustee_public_key G.write) public_keys >>
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
151
  create_file "metadata.json" string_of_metadata [metadata] >>
152 153
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
154
  let election = Group.election_params_of_string raw_election in
155 156
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
157
  let%lwt () =
158
    match metadata.e_auth_config with
159 160 161 162 163 164 165 166 167 168
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
169
  let%lwt () =
170 171 172 173 174 175 176
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
  (* create file with private key, if any *)
177
  let%lwt () =
178 179 180 181 182 183 184
    match private_key with
    | None -> return_unit
    | Some x -> create_file "private_key.json" string_of_number [x]
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
185 186
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
187 188 189
    se.se_public_keys >>
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
190
  (match metadata.e_auth_config with
191 192 193 194 195 196 197 198 199 200
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
201
       dump_passwords (!spool_dir / uuid_s) table
202 203
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
204
  Web_persist.set_election_state uuid_s `Open >>
205
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
206

Stephane Glondu's avatar
Stephane Glondu committed
207 208 209 210
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
211
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
212 213 214 215 216 217
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
218
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
219 220 221 222
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
223 224 225 226 227 228 229 230
  let%lwt () = cleanup_table ~uuid_s "election_states" in
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
231 232
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
233 234
let () = Any.register ~service:home
  (fun () () ->
235
    Eliom_reference.unset Web_state.cont >>
236
    Redirection.send admin
Stephane Glondu's avatar
Stephane Glondu committed
237 238
  )

239
let get_finalized_elections_by_owner u =
240
  let%lwt elections, tallied, archived =
241 242
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
243 244 245
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
246
        let elections, tallied, archived = accu in
247
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
248 249 250 251
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
252 253 254 255 256
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
257
  return (sort elections, sort tallied, sort archived)
258

Stephane Glondu's avatar
Stephane Glondu committed
259 260
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
261
    let cont () = Redirection.send admin in
262
    Eliom_reference.set Web_state.cont [cont] >>
263 264
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
265
      match site_user with
266
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
267
      | Some u ->
268 269
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
270
           Ocsipersist.fold_step (fun k v accu ->
271
             let v = setup_election_of_string v in
272
             if v.se_owner = u
273
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
274 275
             else return accu
           ) election_stable []
276
         in
Stephane Glondu's avatar
Stephane Glondu committed
277
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
278
    in
279
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
280 281 282 283 284 285 286 287
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let do_get_randomness =
288
  let prng = Lazy.from_fun (Lwt_preemptive.detach (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
289 290 291 292 293
    pseudo_rng (random_string secure_rng 16)
  )) in
  let mutex = Lwt_mutex.create () in
  fun () ->
    Lwt_mutex.with_lock mutex (fun () ->
294
      let%lwt prng = Lazy.force prng in
Stephane Glondu's avatar
Stephane Glondu committed
295
      return (random_string prng 32)
296 297
    )

298 299 300
let b64_encode_compact x =
  Cryptokit.(transform_string (Base64.encode_compact ()) x)

Stephane Glondu's avatar
Stephane Glondu committed
301 302 303
let () = String.register
  ~service:get_randomness
  (fun () () ->
304
    let%lwt r = do_get_randomness () in
Stephane Glondu's avatar
Stephane Glondu committed
305 306 307 308 309 310 311
    b64_encode_compact r |>
    (fun x -> string_of_randomness { randomness=x }) |>
    (fun x -> return (x, "application/json"))
  )

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

Stephane Glondu's avatar
Stephane Glondu committed
312 313 314 315 316 317 318 319 320 321 322 323
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
324
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
325 326 327 328
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
329
    e_trustees = None;
330
    e_languages = Some ["en"; "fr"];
Stephane Glondu's avatar
Stephane Glondu committed
331 332 333
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
334
    q_blank = None;
Stephane Glondu's avatar
Stephane Glondu committed
335 336 337 338 339 340 341 342 343 344 345
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
346
    se_group = "{\"g\":\"2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627\",\"p\":\"20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719\",\"q\":\"78571733251071885079927659812671450121821421258408794611510081919805623223441\"}"; (* generated by fips.sage *)
Stephane Glondu's avatar
Stephane Glondu committed
347 348 349 350 351
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
352
    se_public_creds_received = false;
Stephane Glondu's avatar
Stephane Glondu committed
353
  } in
354 355
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
356 357 358 359 360
  return (preapply election_setup uuid)

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

Stephane Glondu's avatar
Stephane Glondu committed
361
let () = Redirection.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
362
  (fun () (credmgmt, (auth, cas_server)) ->
363
   match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
364
   | Some u ->
365
      let%lwt credmgmt = match credmgmt with
Stephane Glondu's avatar
Stephane Glondu committed
366 367 368 369
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
370
      let%lwt auth = match auth with
Stephane Glondu's avatar
Stephane Glondu committed
371 372 373 374 375 376 377
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
378

379
let generic_setup_page f uuid () =
380
  match%lwt Web_state.get_site_user () with
381 382
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
383
     let%lwt se = get_setup_election uuid_s in
384 385 386 387 388
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
389
let () = Html5.register ~service:election_setup
390
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
391

392
let () = Html5.register ~service:election_setup_trustees
393 394 395 396
  (generic_setup_page T.election_setup_trustees)

let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
397

Stephane Glondu's avatar
Stephane Glondu committed
398 399
let election_setup_mutex = Lwt_mutex.create ()

400
let handle_setup f uuid x =
401
  match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
402 403 404
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
405
       let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
406
       if se.se_owner = u then (
407 408
         try%lwt
           let%lwt cont = f se x u uuid in
409
           set_setup_election uuid_s se >>
410
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
411
         with e ->
412 413
           let service = preapply election_setup uuid in
           T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
414 415 416
       ) else forbidden ()
     )
  | None -> forbidden ()
417

418 419
let redir_preapply s u () = Redirection.send (preapply s u)

420 421 422 423 424
let () =
  Any.register
    ~service:election_setup_languages
    (handle_setup
       (fun se languages _ uuid ->
425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453
         let langs = languages_of_string languages in
         match langs with
         | None -> assert false
         | Some [] ->
            return (fun () ->
                let service = preapply election_setup uuid in
                T.generic_page ~title:"Error" ~service
                  "You must select at least one language!" () >>= Html5.send
              )
         | Some ls ->
            let unavailable =
              List.filter (fun x ->
                  not (List.mem x available_languages)
                ) ls
            in
            match unavailable with
            | [] ->
               se.se_metadata <- {
                  se.se_metadata with
                  e_languages = langs
                };
               return (redir_preapply election_setup uuid)
            | l :: _ ->
               return (fun () ->
                   let service = preapply election_setup uuid in
                   T.generic_page ~title:"Error" ~service
                     ("No such language: " ^ l) () >>= Html5.send
                 )
    ))
454

455 456 457 458
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
459
       (fun se (name, description) _ uuid ->
460 461 462
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
463 464
         };
         return (redir_preapply election_setup uuid)))
465

Stephane Glondu's avatar
Stephane Glondu committed
466
let generate_password langs title url id =
467
  let email, login = split_identity id in
468 469
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
470
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
471 472 473 474 475 476
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
477 478 479 480 481
  let subject =
    let lang = List.hd langs in
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password_subject title
  in
482
  send_email email subject body >>
483
  return (salt, hashed)
484

485 486 487 488 489
let handle_password se uuid ~force voters =
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
490
  let langs = get_languages se.se_metadata.e_languages in
491 492 493 494
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
495
       let%lwt x = generate_password langs title url id.sv_id in
496 497 498
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
499
    let service = preapply election_setup uuid in
500
    T.generic_page ~title:"Success" ~service
501 502
      "Passwords have been generated and mailed!" () >>= Html5.send)

503 504 505 506 507
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
508
         handle_password se uuid ~force:false se.se_voters))
509

510 511 512
let () =
  Any.register
    ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
513
    (fun (uuid, ()) () ->
514 515 516 517 518 519
      T.regenpwd uuid () >>= Html5.send)

let () =
  Any.register
    ~service:election_regenpwd_post
    (fun (uuid, ()) user ->
520
      let uuid_s = Uuidm.to_string uuid in
521 522
      let%lwt w = find_election uuid_s in
      let%lwt metadata = Web_persist.get_election_metadata uuid_s in
523
      let module W = (val w) in
524
      let%lwt site_user = Web_state.get_site_user () in
525
      match site_user with
526
      | Some u when metadata.e_owner = Some u ->
527 528 529 530 531 532 533
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
534
         let service = preapply election_admin (uuid, ()) in
535 536
         begin try%lwt
           let%lwt _ = Ocsipersist.find table user in
537
           let langs = get_languages metadata.e_languages in
538
           let%lwt x = generate_password langs title url user in
539
           Ocsipersist.add table user x >>
540
           dump_passwords (!spool_dir / uuid_s) table >>
541
           T.generic_page ~title:"Success" ~service
542 543 544
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
545
           T.generic_page ~title:"Error" ~service
546 547 548 549 550 551
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
552 553 554 555
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
556
     match%lwt Web_state.get_site_user () with
557 558
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
559
        let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
560
        if se.se_owner = u
561
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
562 563
        else forbidden ()
     | None -> forbidden ()
564 565
    )

Stephane Glondu's avatar
Stephane Glondu committed
566 567 568 569
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
570 571
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
572
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
573

Stephane Glondu's avatar
Stephane Glondu committed
574 575 576 577
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
578
      match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
579 580
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
581
         let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
582
         if se.se_owner = u
583
         then T.election_setup_voters uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
584 585 586 587 588
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
589
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
590
  ~flags:[`CASELESS]
591
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
592

Stephane Glondu's avatar
Stephane Glondu committed
593 594
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
595 596
  with Not_found -> false

597 598 599 600 601 602 603 604
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

605 606
module SSet = Set.Make (PString)

607
let merge_voters a b f =
608 609 610 611 612 613 614
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
615
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
616 617 618
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
619 620
let () =
  Any.register
621
    ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
622
    (handle_setup
623
       (fun se x _ uuid ->
624
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
625 626 627
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
628 629
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
630 631
           with Not_found -> ()
         in
632
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
633
         return (redir_preapply election_setup_voters uuid))))
634 635 636 637 638 639

let () =
  Any.register
    ~service:election_setup_voters_remove
    (handle_setup
       (fun se voter _ uuid ->
640
         if se.se_public_creds_received then forbidden () else (
641 642 643
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
644
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
645

646 647 648 649 650 651 652
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
653
let () =
654
  Any.register
Stephane Glondu's avatar
Stephane Glondu committed
655
    ~service:election_setup_trustee_add
656 657
    (fun uuid st_id ->
     if is_email st_id then
658
     match%lwt Web_state.get_site_user () with
659 660
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
661
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
662
          let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
663 664
          if se.se_owner = u
          then (
665
            let%lwt st_token = generate_token () in
666 667
            let trustee = {st_id; st_token; st_public_key = ""} in
            se.se_public_keys <- se.se_public_keys @ [trustee];
668
            set_setup_election uuid_s se >>
669
            Ocsipersist.add election_pktokens st_token uuid_s
Stephane Glondu's avatar
Stephane Glondu committed
670 671
          ) else forbidden ()
        ) >>
672
        Redirection.send (preapply election_setup_trustees uuid)
673
     | None -> forbidden ()
674 675
     else
       let msg = st_id ^ " is not a valid e-mail address!" in
676 677
       let service = preapply election_setup_trustees uuid in
       T.generic_page ~title:"Error" ~service msg () >>= Html5.send
678 679 680 681 682
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
683
    (fun uuid index ->
684
     match%lwt Web_state.get_site_user () with
685 686 687
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
688
          let%lwt se = get_setup_election uuid_s in
689 690
          if se.se_owner = u
          then (
691 692 693 694 695 696 697
            let trustees, old =
              se.se_public_keys |>
              List.mapi (fun i x -> i, x) |>
              List.partition (fun (i, _) -> i <> index) |>
              (fun (x, y) -> List.map snd x, List.map snd y)
            in
            se.se_public_keys <- trustees;
698
            set_setup_election uuid_s se >>
699 700 701
            Lwt_list.iter_s (fun {st_token; _} ->
              Ocsipersist.remove election_pktokens st_token
            ) old
702 703
          ) else forbidden ()
        ) >>
704
        return (preapply election_setup_trustees uuid)
705 706 707
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
708 709 710 711
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
712 713
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
Stephane Glondu's avatar
Stephane Glondu committed
714 715
     T.election_setup_credentials token uuid se ()
    )
716

Stephane Glondu's avatar
Stephane Glondu committed
717 718 719 720 721
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
722
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
723 724
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
725

Stephane Glondu's avatar
Stephane Glondu committed
726
let wrap_handler f =
727
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
728
  with
729
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
730 731

let handle_credentials_post token creds =
732 733
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
734
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
735 736 737 738 739 740 741 742 743 744
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
745
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
746 747 748 749 750 751 752 753 754 755 756
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
757
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
758
  let () = se.se_public_creds_received <- true in
759
  set_setup_election uuid se >>
760
  T.generic_page ~title:"Success" ~service:home
761
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
762 763 764 765 766 767 768

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
769

Stephane Glondu's avatar
Stephane Glondu committed
770 771 772 773 774 775 776
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

777
module CG = Credential.MakeGenerate (LwtRandom)
778 779 780 781

let () =
  Any.register
    ~service:election_setup_credentials_server
782
    (handle_setup (fun se () _ uuid ->
783
      if se.se_public_creds_received then forbidden () else
784 785 786
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
787
      let uuid_s = Uuidm.to_string uuid in
788 789 790 791 792
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
793 794
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
795
      let module CD = Credential.MakeDerive (G) in
796
      let%lwt creds =
797 798
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
799
          let%lwt cred = CG.generate () in
800
          let pub_cred =
801
            let x = CD.derive uuid cred in
802 803 804
            let y = G.(g **~ x) in
            G.to_string y
          in
805
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
806 807 808 809 810 811
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
812 813 814 815 816
          let subject =
            let lang = List.hd langs in
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential_subject title
          in
817
          let%lwt () = send_email email subject body in
818 819 820 821 822
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
823
      let%lwt () =
824 825 826 827
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
828
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
829
      in
830
      se.se_public_creds_received <- true;
831
      return (fun () ->
832 833
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
834
          "Credentials have been generated and mailed!" () >>= Html5.send)))
835

Stephane Glondu's avatar
Stephane Glondu committed
836 837 838 839
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
840 841
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
Stephane Glondu's avatar
Stephane Glondu committed
842
     T.election_setup_trustee token se ()
Stephane Glondu's avatar
Stephane Glondu committed
843 844 845 846 847 848 849 850
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
851
        let%lwt uuid = Ocsipersist.find election_pktokens token in
Stephane Glondu's avatar
Stephane Glondu committed
852 853 854
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
855
           let%lwt se = get_setup_election uuid in
856
           let t = List.find (fun x -> token = x.st_token) se.se_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
857 858 859 860 861
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
           let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
862
           t.st_public_key <- public_key;
863
           set_setup_election uuid se
864
          ) >> T.generic_page ~title:"Success"
865 866
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
867 868 869
       )
    )

870 871 872 873
let () =
  Any.register
    ~service:election_setup_confirm
    (fun uuid () ->
874
      match%lwt Web_state.get_site_user () with
875 876 877
      | None -> forbidden ()
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
878
         let%lwt se = get_setup_election uuid_s in
879 880 881
         if se.se_owner <> u then forbidden () else
         T.election_setup_confirm uuid se () >>= Html5.send)

Stephane Glondu's avatar
Stephane Glondu committed
882 883 884 885
let () =
  Any.register
    ~service:election_setup_create
    (fun uuid () ->
886
     match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
887 888
     | None -> forbidden ()
     | Some u ->
889
        begin try%lwt
890 891
          let uuid_s = Uuidm.to_string uuid in
          Lwt_mutex.with_lock election_setup_mutex (fun () ->
892
            let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
893
            if se.se_owner <> u then forbidden () else
894 895
            finalize_election uuid se >>
            Redirection.send (preapply election_admin (uuid, ()))
Stephane Glondu's avatar
Stephane Glondu committed
896 897
          )
        with e ->
898
          T.new_election_failure (`Exception e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
899 900
        end
    )
901

902 903 904 905
let () =
  Html5.register
    ~service:election_setup_import
    (fun uuid () ->
906
      let%lwt site_user = Web_state.get_site_user () in
907 908 909
      match site_user with
      | None -> forbidden ()
      | Some u ->