Mise à jour terminée. Pour connaître les apports de la version 13.8.4 par rapport à notre ancienne version vous pouvez lire les "Release Notes" suivantes :
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
https://about.gitlab.com/releases/2021/02/05/gitlab-13-8-3-released/

web_site.ml 51.6 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2014 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
Stephane Glondu's avatar
Stephane Glondu committed
27
open Web_serializable_j
28
open Web_common
29
open Web_signatures
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
Stephane Glondu's avatar
Stephane Glondu committed
33

34 35 36 37 38 39 40 41 42 43 44 45
let get_single_line x =
  match_lwt Lwt_stream.get x with
  | None -> return None
  | Some _ as line ->
    lwt b = Lwt_stream.is_empty x in
    if b then (
      return line
    ) else (
      Lwt_stream.junk_while (fun _ -> true) x >>
      return None
    )

46 47
let ( / ) = Filename.concat

48 49 50 51 52 53 54 55
let delete_shallow_directory dir =
  lwt () =
    Lwt_unix.files_of_directory dir |>
    Lwt_stream.filter (fun x -> x <> "." && x <> "..") |>
    Lwt_stream.iter_s (fun x -> Lwt_unix.unlink (dir/x))
  in
  Lwt_unix.rmdir dir

Stephane Glondu's avatar
Stephane Glondu committed
56
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
57

Stephane Glondu's avatar
Stephane Glondu committed
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
open Eliom_service
open Eliom_registration

module LwtRandom = MakeLwtRandom (struct let rng = make_rng () end)

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

74 75
let web_election_data (raw_election, web_params) =
  let params = Group.election_params_of_string raw_election in
Stephane Glondu's avatar
Stephane Glondu committed
76
  let module D = struct
Stephane Glondu's avatar
Stephane Glondu committed
77
    include (val params : ELECTION_DATA)
78
    include (val web_params : WEB_PARAMS)
Stephane Glondu's avatar
Stephane Glondu committed
79
  end in
80 81
  (module D : WEB_ELECTION_DATA)

Stephane Glondu's avatar
Stephane Glondu committed
82
let raw_find_election uuid =
83 84 85 86 87 88 89 90 91 92 93
  lwt raw_election = Web_persist.get_raw_election uuid in
  lwt metadata = Web_persist.get_election_metadata uuid in
  match raw_election, metadata with
  | Some raw_election, Some metadata ->
     let module P = struct
       let dir = !spool_dir / uuid
       let metadata = metadata
     end in
     let web_params = (module P : WEB_PARAMS) in
     return (web_election_data (raw_election, web_params))
  | _, _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
94

Stephane Glondu's avatar
Stephane Glondu committed
95 96 97 98 99 100 101 102 103 104 105
module WCacheTypes = struct
  type key = string
  type value = (module WEB_ELECTION_DATA)
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

Stephane Glondu's avatar
Stephane Glondu committed
106 107 108 109 110 111 112
let dump_passwords dir table uuid =
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

Stephane Glondu's avatar
Stephane Glondu committed
113 114 115
(* Mutex to avoid simultaneous registrations of the same election *)
let registration_mutex = Lwt_mutex.create ()

116
let import_election f =
Stephane Glondu's avatar
Stephane Glondu committed
117 118 119 120 121 122 123 124 125
  Lwt_mutex.lock registration_mutex >>
  try_lwt
    lwt raw_election =
      Lwt_io.lines_of_file f.f_election |>
      get_single_line >>=
      (function
      | Some e -> return e
      | None -> Printf.ksprintf
        failwith "election.json must contain a single line"
126
      )
Stephane Glondu's avatar
Stephane Glondu committed
127 128
    in
    let params = Group.election_params_of_string raw_election in
Stephane Glondu's avatar
Stephane Glondu committed
129 130
    let module P = (val params : ELECTION_DATA) in
    let uuid = Uuidm.to_string P.election.e_params.e_uuid in
Stephane Glondu's avatar
Stephane Glondu committed
131
    lwt exists =
Stephane Glondu's avatar
Stephane Glondu committed
132 133 134 135
      lwt x = Web_persist.get_raw_election uuid in
      match x with
      | Some _ -> return true
      | None -> return false
Stephane Glondu's avatar
Stephane Glondu committed
136 137 138 139 140 141 142 143 144 145 146 147 148 149
    in
    if exists then (
      Lwt_mutex.unlock registration_mutex;
      return None
    ) else (
      let dir = !spool_dir/uuid in
      lwt metadata =
        Lwt_io.chars_of_file f.f_metadata |>
        Lwt_stream.to_string >>=
        wrap1 metadata_of_string
      in
      let module X = struct
        let metadata = metadata
        let dir = dir
150
      end in
Stephane Glondu's avatar
Stephane Glondu committed
151
      let web_params = (module X : WEB_PARAMS) in
152
      let module G = P.G in
Stephane Glondu's avatar
Stephane Glondu committed
153 154
      let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
      let public_keys = Lwt_io.lines_of_file f.f_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
155
      let voters = Lwt_io.lines_of_file f.f_voters in
156 157 158 159 160
      lwt () =
        match_lwt Lwt_stream.peek voters with
        | Some _ -> return_unit
        | None -> Lwt.fail (Failure "No voters")
      in
161 162 163 164 165 166 167 168 169 170 171 172
      lwt () =
        match metadata.e_auth_config with
        | Some [x] ->
           if x.auth_system = "password" then
             let table = "password_" ^ underscorize uuid in
             let table = Ocsipersist.open_table table in
             lwt n = Ocsipersist.length table in
             if n = 0 then Lwt.fail (Failure "No passwords")
             else return_unit
           else return_unit
        | _ -> return_unit
      in
Stephane Glondu's avatar
Stephane Glondu committed
173 174 175 176 177 178 179
      lwt pks = Lwt_stream.(
        clone public_keys |>
        map (trustee_public_key_of_string G.read) |>
        to_list >>= wrap1 Array.of_list
      ) in
      if not (Array.forall KG.check pks) then
        failwith "Public keys are invalid.";
Stephane Glondu's avatar
Stephane Glondu committed
180
      if not G.(P.election.e_params.e_public_key =~ KG.combine pks) then
Stephane Glondu's avatar
Stephane Glondu committed
181 182 183 184 185 186 187 188
        failwith "Public keys mismatch with election public key.";
      let public_creds = Lwt_io.lines_of_file f.f_public_creds in
      lwt () = Lwt_stream.(
        clone public_creds |>
        iter_s (fun x ->
          if not G.(check @@ of_string x) then (
            Lwt.fail @@ Failure "Public credentials are invalid."
          ) else return ()
189
        )
Stephane Glondu's avatar
Stephane Glondu committed
190 191 192 193 194 195 196 197 198 199 200
      ) in
      let module R = struct
        let register () =
          try_lwt
            Lwt_unix.mkdir dir 0o700 >>
            Lwt_io.(with_file Output (dir/"election.json") (fun oc ->
              write_line oc raw_election
            )) >>
            Lwt_io.(with_file Output (dir/"public_keys.jsons") (fun oc ->
              write_lines oc public_keys
            )) >>
Stephane Glondu's avatar
Stephane Glondu committed
201 202 203
            Lwt_io.(with_file Output (dir/"voters.txt") (fun oc ->
              write_lines oc voters
            )) >>
204 205 206
            Lwt_io.(with_file Output (dir/"metadata.json") (fun oc ->
              write_line oc (string_of_metadata metadata)
            )) >>
207 208
            let election = web_election_data (raw_election, web_params) in
            let module W = Web_election.Make ((val election)) (LwtRandom) in
209
            lwt () =
210
              match W.D.metadata.e_auth_config with
211 212 213 214 215 216 217 218 219
              | None -> return ()
              | Some xs ->
                 let auth_config =
                   List.map (fun {auth_system; auth_instance; auth_config} ->
                     auth_instance, (auth_system, List.map snd auth_config)
                   ) xs
                 in
                 Web_persist.set_auth_config uuid auth_config
            in
Stephane Glondu's avatar
Stephane Glondu committed
220 221 222 223 224 225 226 227
            let () =
              Ocsigen_messages.debug (fun () ->
                Printf.sprintf "Injecting credentials for %s" uuid
              )
            in
            public_creds |>
            Lwt_stream.iter_s W.B.inject_cred >>
            W.B.update_files () >>
Stephane Glondu's avatar
Stephane Glondu committed
228 229 230 231 232 233
            (
              let table = "password_" ^ underscorize uuid in
              let table = Ocsipersist.open_table table in
              lwt size = Ocsipersist.length table in
              if size > 0 then dump_passwords dir table uuid else return_unit
            ) >>
Stephane Glondu's avatar
Stephane Glondu committed
234
            let () = Lwt_mutex.unlock registration_mutex in
235
            return (module W : WEB_ELECTION)
Stephane Glondu's avatar
Stephane Glondu committed
236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
          with e ->
            lwt () =
              try_lwt delete_shallow_directory dir
              with e ->
                Printf.ksprintf
                  (fun s ->
                   return (Ocsigen_messages.unexpected_exception e s))
                  "error while deleting %s after failure of %s"
                  dir uuid
            in
            Lwt_mutex.unlock registration_mutex;
            Lwt.fail e
      end in
      (* until here, no side-effects on the running server *)
      return @@ Some (module R : REGISTRABLE_ELECTION)
Stephane Glondu's avatar
Stephane Glondu committed
251
    )
Stephane Glondu's avatar
Stephane Glondu committed
252 253 254 255 256 257
  with e ->
    Lwt_mutex.unlock registration_mutex;
    Lwt.fail e

let () = Any.register ~service:home
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
258
    Eliom_reference.unset Web_auth_state.cont >>
259
    T.home () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
260 261 262 263
  )

let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
264 265 266
    let cont () = Redirection.send admin in
    Eliom_reference.set Web_auth_state.cont [cont] >>
    lwt site_user = Web_auth_state.get_site_user () in
Stephane Glondu's avatar
Stephane Glondu committed
267
    lwt elections =
268
      match site_user with
269
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
270
      | Some u ->
271
         lwt elections, tallied =
Stephane Glondu's avatar
Stephane Glondu committed
272 273
           Web_persist.get_elections_by_owner u >>=
           Lwt_list.fold_left_s (fun accu uuid_s ->
274
               lwt w = find_election uuid_s in
275
               lwt state = Web_persist.get_election_state uuid_s in
276
               lwt date = Web_persist.get_election_date uuid_s in
277
               let elections, tallied = accu in
278
               match state with
279 280
               | `Tallied _ -> return (elections, (date, w) :: tallied)
               | _ -> return ((date, w) :: elections, tallied)
Stephane Glondu's avatar
Stephane Glondu committed
281
           ) ([], [])
282 283 284
         and setup_elections =
           Ocsipersist.fold_step (fun k v accu ->
             if v.se_owner = u
285
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
286 287
             else return accu
           ) election_stable []
288 289 290 291 292 293 294
         in
         let sort l =
           List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
           List.map (fun (_, x) -> x)
         in
         let elections = sort elections and tallied = sort tallied in
         return @@ Some (elections, tallied, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
295
    in
296
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let do_get_randomness =
  let prng = Lazy.lazy_from_fun (Lwt_preemptive.detach (fun () ->
    pseudo_rng (random_string secure_rng 16)
  )) in
  let mutex = Lwt_mutex.create () in
  fun () ->
    Lwt_mutex.with_lock mutex (fun () ->
      lwt prng = Lazy.force prng in
      return (random_string prng 32)
313 314
    )

Stephane Glondu's avatar
Stephane Glondu committed
315 316 317 318 319 320 321 322 323 324 325
let () = String.register
  ~service:get_randomness
  (fun () () ->
    lwt r = do_get_randomness () in
    b64_encode_compact r |>
    (fun x -> string_of_randomness { randomness=x }) |>
    (fun x -> return (x, "application/json"))
  )

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

Stephane Glondu's avatar
Stephane Glondu committed
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
  lwt token = generate_token () in
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
    t_short_name = "short_name";
  } in
  let se = {
    se_owner = owner;
    se_group = "{\"g\":\"14887492224963187634282421537186040801304008017743492304481737382571933937568724473847106029915040150784031882206090286938661464458896494215273989547889201144857352611058572236578734319505128042602372864570426550855201448111746579871811249114781674309062693442442368697449970648232621880001709535143047913661432883287150003429802392229361583608686643243349727791976247247948618930423866180410558458272606627111270040091203073580238905303994472202930783207472394578498507764703191288249547659899997131166130259700604433891232298182348403175947450284433411265966789131024573629546048637848902243503970966798589660808533\",\"p\":\"16328632084933010002384055033805457329601614771185955389739167309086214800406465799038583634953752941675645562182498120750264980492381375579367675648771293800310370964745767014243638518442553823973482995267304044326777047662957480269391322789378384619428596446446984694306187644767462460965622580087564339212631775817895958409016676398975671266179637898557687317076177218843233150695157881061257053019133078545928983562221396313169622475509818442661047018436264806901023966236718367204710755935899013750306107738002364137917426595737403871114187750804346564731250609196846638183903982387884578266136503697493474682071\",\"q\":\"61329566248342901292543872769978950870633559608669337131139375508370458778917\"}";
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
  } in
  lwt () = Ocsipersist.add election_stable uuid_s se in
  lwt () = Ocsipersist.add election_credtokens token uuid_s in
  return (preapply election_setup uuid)

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

Stephane Glondu's avatar
Stephane Glondu committed
372
let () = Redirection.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
373
  (fun () (credmgmt, (auth, cas_server)) ->
Stephane Glondu's avatar
Stephane Glondu committed
374
   match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
375
   | Some u ->
Stephane Glondu's avatar
Stephane Glondu committed
376 377 378 379 380 381 382 383 384 385 386 387 388
      lwt credmgmt = match credmgmt with
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
      lwt auth = match auth with
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
389

390 391 392 393 394 395 396 397 398 399
let generic_setup_page f uuid () =
  match_lwt Web_auth_state.get_site_user () with
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     lwt se = Ocsipersist.find election_stable uuid_s in
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
400
let () = Html5.register ~service:election_setup
401
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
402

403
let () = Html5.register ~service:election_setup_trustees
404 405 406 407
  (generic_setup_page T.election_setup_trustees)

let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
408

Stephane Glondu's avatar
Stephane Glondu committed
409 410
let election_setup_mutex = Lwt_mutex.create ()

411
let handle_setup f uuid x =
Stephane Glondu's avatar
Stephane Glondu committed
412
  match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
413 414 415 416 417 418
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
       lwt se = Ocsipersist.find election_stable uuid_s in
       if se.se_owner = u then (
         try_lwt
419
           lwt cont = f se x u uuid in
Stephane Glondu's avatar
Stephane Glondu committed
420
           Ocsipersist.add election_stable uuid_s se >>
421
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
422
         with e ->
423
           T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
424 425 426
       ) else forbidden ()
     )
  | None -> forbidden ()
427

428 429
let redir_preapply s u () = Redirection.send (preapply s u)

430 431 432 433
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
434
       (fun se (name, description) _ uuid ->
435 436 437
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
438 439
         };
         return (redir_preapply election_setup uuid)))
440

Stephane Glondu's avatar
Stephane Glondu committed
441 442 443 444
let () =
  Any.register
    ~service:election_setup_group
    (handle_setup
445
       (fun se x _ uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
446 447
        let _group = Group.of_string x in
        (* we keep it as a string since it contains a type *)
448 449
        se.se_group <- x;
        return (redir_preapply election_setup uuid)))
450

Stephane Glondu's avatar
Stephane Glondu committed
451 452 453 454
let () =
  Any.register
    ~service:election_setup_metadata
    (handle_setup
455
       (fun se x u uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
456 457
        let metadata = metadata_of_string x in
        if metadata.e_owner <> Some u then failwith "wrong owner";
458 459
        se.se_metadata <- metadata;
        return (redir_preapply election_setup uuid)))
460

461 462 463 464
let () =
  Any.register
    ~service:election_setup_auth
    (handle_setup
465 466
       (fun se auth_system _ uuid ->
         (match auth_system with
467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485
         | Some (("dummy" | "password") as auth_system) ->
            se.se_metadata <- {
              se.se_metadata with
                e_auth_config = Some [{
                  auth_system;
                  auth_instance = auth_system;
                  auth_config = []
                }]
            }
         | Some "cas" ->
            se.se_metadata <- {
              se.se_metadata with
                e_auth_config = Some [{
                  auth_system = "cas";
                  auth_instance = "cas";
                  auth_config = ["server", ""];
                }]
            }
         | Some x -> failwith ("unknown authentication system: "^x)
486 487
         | None -> failwith "no authentication system was given");
         return (redir_preapply election_setup uuid)))
488 489 490 491 492

let () =
  Any.register
    ~service:election_setup_auth_cas
    (handle_setup
493
       (fun se server _ uuid ->
494 495 496 497 498 499 500
         se.se_metadata <- {
           se.se_metadata with
             e_auth_config = Some [{
               auth_system = "cas";
               auth_instance = "cas";
               auth_config = ["server", server];
             }]
501 502
         };
         return (redir_preapply election_setup uuid)))
503

504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525
let template_password = format_of_string
  "You are listed as a voter for the election

  %s

You will find below your login and password.  To cast a vote, you will
also need a credential, sent in a separate email.  Be careful,
passwords and credentials look similar but play different roles.  You
will be asked to enter your credential before entering the voting
booth.  Login and passwords are required once your ballot is ready to
be cast.

Username: %s
Password: %s
Page of the election: %s

Note that you are allowed to vote several times.  Only the last vote
counts.

-- 
Belenios"

526 527
let generate_password table title url id =
  let email, login = split_identity id in
528 529 530
  lwt salt = generate_token () in
  lwt password = generate_token () in
  let hashed = sha256_hex (salt ^ password) in
531 532
  lwt () = Ocsipersist.add table login (salt, hashed) in
  let body = Printf.sprintf template_password title login password url in
533
  let subject = "Your password for election " ^ title in
534
  send_email "noreply@belenios.org" email subject body
535

536 537 538 539 540
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
541 542
         let uuid_s = Uuidm.to_string uuid in
         let table = "password_" ^ underscorize uuid_s in
543 544 545 546 547
         let title = se.se_questions.t_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
548
         let table = Ocsipersist.open_table table in
549 550 551 552
         Lwt_list.iter_s (fun id ->
           generate_password table title url id.sv_id >>
           return (id.sv_password <- true)
         ) se.se_voters >>
553 554 555
         return (fun () ->
           T.generic_page ~title:"Success"
             "Passwords have been generated and mailed!" () >>= Html5.send)))
556

557 558 559
let () =
  Any.register
    ~service:election_regenpwd
560 561 562 563 564 565 566
    (fun (uuid, ()) user ->
      T.regenpwd uuid () >>= Html5.send)

let () =
  Any.register
    ~service:election_regenpwd_post
    (fun (uuid, ()) user ->
567
      let uuid_s = Uuidm.to_string uuid in
568 569
      lwt w = find_election uuid_s in
      let module W = (val w) in
570 571 572 573 574 575 576 577 578 579 580 581 582
      lwt site_user = Web_auth_state.get_site_user () in
      match site_user with
      | Some u when W.metadata.e_owner = Some u ->
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
         begin try_lwt
           lwt _ = Ocsipersist.find table user in
           generate_password table title url user >>
Stephane Glondu's avatar
Stephane Glondu committed
583
           dump_passwords W.dir table uuid_s >>
584 585 586 587 588 589 590 591 592 593 594
           T.generic_page ~title:"Success"
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
           T.generic_page ~title:"Error"
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
595 596 597 598
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
599
     match_lwt Web_auth_state.get_site_user () with
600 601
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
602 603
        lwt se = Ocsipersist.find election_stable uuid_s in
        if se.se_owner = u
604
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
605 606
        else forbidden ()
     | None -> forbidden ()
607 608
    )

Stephane Glondu's avatar
Stephane Glondu committed
609 610 611 612
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
613 614 615
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
         return (redir_preapply election_setup_questions uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
616

Stephane Glondu's avatar
Stephane Glondu committed
617 618 619 620
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
621
      match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
622 623 624 625
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
         lwt se = Ocsipersist.find election_stable uuid_s in
         if se.se_owner = u
626
         then T.election_setup_voters uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
627 628 629 630 631 632 633
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
634
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
635 636 637 638 639 640 641

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

let () =
  Any.register
642
    ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
643
    (handle_setup
644
       (fun se x _ uuid ->
Stephane Glondu's avatar
Stephane Glondu committed
645 646 647 648 649 650 651
         let xs = Pcre.split x in
         let () =
           try
             let bad = List.find (fun x -> not (is_email x)) xs in
             Printf.ksprintf failwith "%S is not a valid address" bad
           with Not_found -> ()
         in
652 653 654 655 656 657 658 659 660 661 662 663 664 665
         se.se_voters <- se.se_voters @ List.map (fun sv_id ->
           {sv_id; sv_credential=false; sv_password=false}
         ) xs;
         return (redir_preapply election_setup_voters uuid)))

let () =
  Any.register
    ~service:election_setup_voters_remove
    (handle_setup
       (fun se voter _ uuid ->
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
         return (redir_preapply election_setup_voters uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
666

Stephane Glondu's avatar
Stephane Glondu committed
667 668 669
let () =
  Redirection.register
    ~service:election_setup_trustee_add
670
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
671
     match_lwt Web_auth_state.get_site_user () with
672 673
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
674 675 676 677 678 679 680 681 682 683
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
          lwt se = Ocsipersist.find election_stable uuid_s in
          if se.se_owner = u
          then (
            lwt token = generate_token () in
            se.se_public_keys <- (token, ref "") :: se.se_public_keys;
            Ocsipersist.add election_stable uuid_s se >>
            Ocsipersist.add election_pktokens token uuid_s
          ) else forbidden ()
        ) >>
684
        return (preapply election_setup_trustees uuid)
685 686 687 688 689 690 691
     | None -> forbidden ()
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
692
     match_lwt Web_auth_state.get_site_user () with
693 694 695 696 697 698 699 700 701 702 703 704 705 706
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
          lwt se = Ocsipersist.find election_stable uuid_s in
          if se.se_owner = u
          then (
            match se.se_public_keys with
            | (token, _) :: xs ->
               se.se_public_keys <- xs;
               Ocsipersist.add election_stable uuid_s se >>
               Ocsipersist.remove election_pktokens token
            | _ -> return ()
          ) else forbidden ()
        ) >>
707
        return (preapply election_setup_trustees uuid)
708 709 710
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
711 712 713 714 715 716 717 718
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
     lwt uuid = Ocsipersist.find election_credtokens token in
     lwt se = Ocsipersist.find election_stable uuid in
     T.election_setup_credentials token uuid se ()
    )
719

Stephane Glondu's avatar
Stephane Glondu committed
720 721 722 723 724 725 726 727
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
     lwt uuid = Ocsipersist.find election_credtokens token in
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
728

Stephane Glondu's avatar
Stephane Glondu committed
729 730 731
let wrap_handler f =
  try_lwt f ()
  with
732
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758

let handle_credentials_post token creds =
  lwt uuid = Ocsipersist.find election_credtokens token in
  lwt se = Ocsipersist.find election_stable uuid in
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
  lwt () =
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
759
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
760 761
  T.generic_page ~title:"Success"
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
762 763 764 765 766 767 768

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
769

Stephane Glondu's avatar
Stephane Glondu committed
770 771 772 773 774 775 776
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819
module Credgen = struct
  module String = PString

  (* FIXME: duplicate of Tool_credgen *)

  let get_random_char =
    let prng = Lazy.lazy_from_fun (Lwt_preemptive.detach (fun () ->
      pseudo_rng (random_string secure_rng 16)
    )) in
    let mutex = Lwt_mutex.create () in
    fun () ->
      Lwt_mutex.with_lock mutex (fun () ->
        lwt prng = Lazy.force prng in
        let s = random_string prng 1 in
        return @@ s.[0]
      )

  (* Beware: the following must be changed in accordance with the booth! *)
  let digits = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
  let token_length = 14
  let n58 = Z.of_int 58
  let n53 = Z.of_int 53

  let generate_raw_token () =
    let res = String.create token_length in
    let rec loop i accu =
      if i < token_length then (
        lwt digit = get_random_char () in
        let digit = int_of_char digit mod 58 in
        res.[i] <- digits.[digit];
        loop (i+1) Z.(n58 * accu + of_int digit)
      ) else return (res, accu)
    in loop 0 Z.zero

  let add_checksum (raw, value) =
    let checksum = 53 - Z.(to_int (value mod n53)) in
    return (raw ^ String.make 1 digits.[checksum])

  let generate () =
    generate_raw_token () >>= add_checksum

end

820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841
let template_credential = format_of_string
  "You are listed as a voter for the election

  %s

You will find below your login and credential.  To cast a vote, you will
also need a password, sent in a separate email.  Be careful,
passwords and credentials look similar but play different roles.  You
will be asked to enter your credential before entering the voting
booth.  Login and passwords are required once your ballot is ready to
be cast.

Username: %s
Credential: %s
Page of the election: %s

Note that you are allowed to vote several times.  Only the last vote
counts.

-- 
Belenios"

842 843 844
let () =
  Any.register
    ~service:election_setup_credentials_server
845
    (handle_setup (fun se () _ uuid ->
846 847 848
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
849
      let uuid_s = Uuidm.to_string uuid in
850 851 852 853 854
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
855 856 857 858
      lwt se = Ocsipersist.find election_stable uuid_s in
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
      lwt creds =
859 860
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
861 862 863 864 865 866 867
          lwt cred = Credgen.generate () in
          let priv_cred = derive_cred uuid cred in
          let pub_cred =
            let x = Z.(of_string_base 16 priv_cred mod G.q) in
            let y = G.(g **~ x) in
            G.to_string y
          in
868
          let body = Printf.sprintf template_credential title login cred url in
869
          let subject = "Your credential for election " ^ title in
870
          lwt () = send_email "noreply@belenios.org" email subject body in
871
          v.sv_credential <- true;
872 873 874 875 876
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
877
      lwt () =
878 879 880 881
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
882
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
883
      in
884 885 886
      return (fun () ->
        T.generic_page ~title:"Success"
          "Credentials have been generated and mailed!" () >>= Html5.send)))
887

Stephane Glondu's avatar
Stephane Glondu committed
888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
     lwt uuid = Ocsipersist.find election_pktokens token in
     lwt se = Ocsipersist.find election_stable uuid in
     T.election_setup_trustee token uuid se ()
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
        lwt uuid = Ocsipersist.find election_pktokens token in
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
           lwt se = Ocsipersist.find election_stable uuid in
           let pkref = List.assoc token se.se_public_keys in
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
           let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
           pkref := public_key;
           Ocsipersist.add election_stable uuid se
916 917 918
          ) >> T.generic_page ~title:"Success"
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
919 920 921 922 923 924 925
       )
    )

let () =
  Any.register
    ~service:election_setup_create
    (fun uuid () ->
Stephane Glondu's avatar
Stephane Glondu committed
926
     match_lwt Web_auth_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
927 928 929
     | None -> forbidden ()
     | Some u ->
        begin try_lwt
930 931 932
          let uuid_s = Uuidm.to_string uuid in
          Lwt_mutex.with_lock election_setup_mutex (fun () ->
            lwt se = Ocsipersist.find election_stable uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
933 934 935
            if se.se_owner <> u then forbidden () else
            let group = Group.of_string se.se_group in
            let module G = (val group : GROUP) in
936
            let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
Stephane Glondu's avatar
Stephane Glondu committed
937
            (* construct election data in memory *)
938
            lwt public_keys, private_key =
Stephane Glondu's avatar
Stephane Glondu committed
939
              match se.se_public_keys with
940 941 942 943 944 945 946 947 948
              | [] ->
                 lwt private_key, public_key = KG.generate_and_prove () in
                 return ([public_key], Some private_key)
              | _ :: _ ->
                 return (List.rev_map
                   (fun (_, r) ->
                     if !r = "" then failwith "some public keys are missing";
                     trustee_public_key_of_string G.read !r
                   ) se.se_public_keys, None)
Stephane Glondu's avatar
Stephane Glondu committed
949 950 951 952 953 954
            in
            let y = KG.combine (Array.of_list public_keys) in
            let template = se.se_questions in
            let params = {
              e_description = template.t_description;
              e_name = template.t_name;
955
              e_public_key = {wpk_group = G.group; wpk_y = y};
Stephane Glondu's avatar
Stephane Glondu committed
956 957 958 959 960 961 962 963 964
              e_questions = template.t_questions;
              e_uuid = uuid;
              e_short_name = template.t_short_name;
            } in
            let files = {
              f_election = !spool_dir / uuid_s ^ ".election.json";
              f_metadata = !spool_dir / uuid_s ^ ".metadata.json";
              f_public_keys = !spool_dir / uuid_s ^ ".public_keys.jsons";
              f_public_creds = !spool_dir / uuid_s ^ ".public_creds.txt";
Stephane Glondu's avatar
Stephane Glondu committed
965
              f_voters = !spool_dir / uuid_s ^ ".voters.txt";
Stephane Glondu's avatar
Stephane Glondu committed
966 967 968 969 970 971
            } in
            lwt _ =
              try_lwt Lwt_unix.stat files.f_public_creds
              with _ -> failwith "public credentials are missing"
            in
            (* write election files to disk *)
972
            let create_file fname what xs =
Stephane Glondu's avatar
Stephane Glondu committed
973 974 975
              Lwt_io.with_file
                ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
                ~perm:0o600 ~mode:Lwt_io.Output fname
976 977 978 979 980
                (fun oc ->
                  Lwt_list.iter_s
                    (fun v ->
                      Lwt_io.write oc (what v) >>
                      Lwt_io.write oc "\n") xs)
Stephane Glondu's avatar
Stephane Glondu committed
981
            in
982 983
            create_file files.f_election (string_of_params (write_wrapped_pubkey G.write_group G.write)) [params] >>
            create_file files.f_metadata string_of_metadata [se.se_metadata] >>
984
            create_file files.f_voters (fun x -> x.sv_id) se.se_voters >>
985
            create_file files.f_public_keys (string_of_trustee_public_key G.write) public_keys >>
Stephane Glondu's avatar
Stephane Glondu committed
986 987 988
            (* actually create the election *)
            begin match_lwt import_election files with
            | None ->
989
               T.new_election_failure `Exists () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
990 991 992 993
            | Some w ->
               let module W = (val w : REGISTRABLE_ELECTION) in
               lwt w = W.register () in
               let module W = (val w : WEB_ELECTION) in
994 995 996 997 998
               (* create file with private key, if any *)
               lwt () =
                 match private_key with
                 | None -> return ()
                 | Some x ->
999
                    let fname = W.D.dir / "private_key.json" in
1000
                    create_file fname string_of_number [x]
1001
               in
Stephane Glondu's avatar
Stephane Glondu committed
1002 1003 1004 1005 1006
               (* clean up temporary files *)
               Lwt_unix.unlink files.f_election >>
               Lwt_unix.unlink files.f_metadata >>
               Lwt_unix.unlink files.f_public_keys >>
               Lwt_unix.unlink files.f_public_creds >>
Stephane Glondu's avatar
Stephane Glondu committed
1007
               Lwt_unix.unlink files.f_voters >>
Stephane Glondu's avatar
Stephane Glondu committed
1008 1009 1010 1011 1012 1013 1014
               (* clean up tokens *)
               Ocsipersist.remove election_credtokens se.se_public_creds >>
               Lwt_list.iter_s
                 (fun (token, _) ->
                  Ocsipersist.remove election_pktokens token)
                 se.se_public_keys >>
               Ocsipersist.remove election_stable uuid_s >>
1015
               Web_persist.set_election_date uuid_s (now ()) >>
Stephane Glondu's avatar
Stephane Glondu committed
1016
               Redirection.send
1017
                 (preapply election_admin (W.D.election.e_params.e_uuid, ()))
Stephane Glondu's avatar
Stephane Glondu committed
1018 1019 1020
            end
          )
        with e ->
1021
          T.new_election_failure (`Exception e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
1022 1023
        end
    )
1024

Stephane Glondu's avatar
Stephane Glondu committed
1025 1026 1027 1028
let () =
  Any.register
    ~service:election_home
    (fun (uuid, ()) () ->
1029
      let uuid_s = Uuidm.to_string uuid in
1030 1031 1032
      try_lwt
        lwt w = find_election uuid_s in
        let module W = (val w) in
1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047
        Eliom_reference.unset Web_services.ballot >>
        let cont () =
          Redirection.send
            (Eliom_service.preapply
               election_home (W.election.e_params.e_uuid, ()))
        in
        Eliom_reference.set Web_auth_state.cont [cont] >>
        match_lwt Eliom_reference.get Web_services.cast_confirmed with
        | Some result ->
           Eliom_reference.unset Web_services.cast_confirmed >>
           T.cast_confirmed (module W) ~result () >>= Html5.send
        | None ->
           lwt state = Web_persist.get_election_state uuid_s in
           T.election_home (module W) state () >>= Html5.send
      with Not_found ->
Stephane Glondu's avatar
Stephane Glondu committed
1048
        T.generic_page ~title:"Sorry, this election is not yet open"
1049 1050
          "This election does not exist yet. Please come back later." ()
          >>= Html5.send)
1051

Stephane Glondu's avatar
Stephane Glondu committed
1052 1053 1054 1055 1056
let () =
  Any.register
    ~service:election_admin
    (fun (uuid, ()) () ->
     let uuid_s = Uuidm.to_string uuid in
1057
     lwt w = find_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
1058
     lwt site_user = Web_auth_state.get_site_user () in
1059
     let module W = (val w) in
1060 1061 1062 1063
     let uuid = Uuidm.to_string W.election.e_params.e_uuid in
     match site_user with
     | Some u when W.metadata.e_owner = Some u ->
        lwt state = Web_persist.get_election_state uuid in
1064
        T.election_admin (module W) state () >>= Html5.send
1065 1066
       | _ -> forbidden ()
    )
1067

1068
let election_set_state state (uuid, ()) () =
Stephane Glondu's avatar
Stephane Glondu committed
1069
     let uuid_s = Uuidm.to_string uuid in
1070 1071
     lwt w = find_election uuid_s in
     let module W = (val w) in
1072
     lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
1073
       match_lwt Web_auth_state.get_site_user () with
1074 1075 1076 1077 1078 1079 1080 1081 1082 1083
       | Some u when W.metadata.e_owner = Some u -> return ()
       | _ -> forbidden ()
     in
     lwt () =
       match_lwt Web_persist.get_election_state uuid_s with
       | `Open | `Closed -> return ()
       | _ -> forbidden ()
     in
     let state = if state then `Open else `Closed in
     Web_persist.set_election_state uuid_s state >>
1084 1085 1086 1087
     Redirection.send (preapply election_admin (uuid, ()))

let () = Any.register ~service:election_open (election_set_state true)
let () = Any.register ~service:election_close (election_set_state false)
1088

Stephane Glondu's avatar
Stephane Glondu committed
1089 1090 1091 1092 1093
let () =
  Any.register
    ~service:election_update_credential
    (fun (uuid, ()) () ->
     let uuid_s = Uuidm.to_string uuid in
1094
     lwt w = find_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
1095
     lwt site_user = Web_auth_state.get_site_user () in
1096
     let module W = (val w) in
1097 1098 1099
     match site_user with
     | Some u ->
        if W.metadata.e_owner = Some u then (
1100
          T.update_credential (module W) () >>= Html5.send
1101 1102 1103 1104
        ) else (
          forbidden ()
        )
     | _ -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
1105 1106 1107 1108

let () =
  Any.register
    ~service:election_update_credential_post
1109
    (fun (uuid, ()) (old, new_) ->
Stephane Glondu's avatar
Stephane Glondu committed
1110
     let uuid_s = Uuidm.to_string uuid in
1111
     lwt w = find_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
1112
     lwt site_user = Web_auth_state.get_site_user () in
1113
     let module W = Web_election.Make ((val w)) (LwtRandom) in
1114 1115
     let module B = W.B in
     let module W = W.D in
1116 1117 1118 1119
     match site_user with
     | Some u ->
       if W.metadata.e_owner = Some u then (
         try_lwt
1120
           B.update_cred ~old ~new_ >>
1121 1122 1123 1124 1125 1126 1127 1128
           String.send ("OK", "text/plain")
         with Error e ->
           String.send ("Error: " ^ explain_error e, "text/plain")
       ) >>= (fun x -> return @@ cast_unknown_content_kind x)
       else (
         forbidden ()
       )
     | _ -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
1129 1130 1131 1132

let () =
  Any.register
    ~service:election_vote
1133
    (fun (uuid, ()) () ->
1134
      let uuid_s = Uuidm.to_string uuid in
1135