web_site.ml 68.2 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
33
let maxmailsatonce = ref 1000
Stephane Glondu's avatar
Stephane Glondu committed
34

35 36
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
37
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
38

Stephane Glondu's avatar
Stephane Glondu committed
39 40 41 42 43 44 45 46 47
open Eliom_service
open Eliom_registration

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

48 49 50
(* Table with tokens given to trustees (in threshold mode). *)
let election_tpktokens = Ocsipersist.open_table "site_tpktokens"

Stephane Glondu's avatar
Stephane Glondu committed
51 52 53
(* Table with tokens given to trustees (in threshold mode) to decrypt *)
let election_tokens_decrypt = Ocsipersist.open_table "site_tokens_decrypt"

Stephane Glondu's avatar
Stephane Glondu committed
54 55 56 57 58
(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
59
let raw_find_election uuid =
60
  let%lwt raw_election = Web_persist.get_raw_election uuid in
61 62 63 64
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
65

Stephane Glondu's avatar
Stephane Glondu committed
66 67
module WCacheTypes = struct
  type key = string
68
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
69 70 71 72 73 74 75 76
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

77
let get_setup_election uuid_s =
78
  let%lwt se = Ocsipersist.find election_stable uuid_s in
79
  return (setup_election_of_string se)
80 81

let set_setup_election uuid_s se =
82
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
83

Stephane Glondu's avatar
Stephane Glondu committed
84
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
85 86 87 88 89 90
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
  let%lwt y, trustees, pk_or_tp, private_keys =
    match se.se_threshold_trustees with
    | None ->
       let module KG = Trustees.MakeSimple (G) (LwtRandom) in
       let%lwt trustees, public_keys, private_key =
         match se.se_public_keys with
         | [] ->
            let%lwt private_key = KG.generate () in
            let%lwt public_key = KG.prove private_key in
            return (None, [public_key], `KEY private_key)
         | _ :: _ ->
            return (
                Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
                (List.map
                   (fun {st_public_key; _} ->
                     if st_public_key = "" then failwith "some public keys are missing";
                     trustee_public_key_of_string G.read st_public_key
                   ) se.se_public_keys),
                `None)
       in
       let y = KG.combine (Array.of_list public_keys) in
       return (y, trustees, `PK public_keys, private_key)
    | Some ts ->
       match se.se_threshold_parameters with
       | None -> failwith "key establishment not finished"
       | Some tp ->
          let tp = threshold_parameters_of_string G.read tp in
          let module P = Trustees.MakePKI (G) (LwtRandom) in
          let module C = Trustees.MakeChannels (G) (LwtRandom) (P) in
          let module K = Trustees.MakePedersen (G) (LwtRandom) (P) (C) in
          let trustees = List.map (fun {stt_id; _} -> stt_id) ts in
          let private_keys =
            List.map (fun {stt_voutput; _} ->
                match stt_voutput with
                | Some v ->
                   let voutput = voutput_of_string G.read v in
                   voutput.vo_private_key
                | None -> failwith "inconsistent state"
              ) ts
          in
          let y = K.combine tp in
          return (y, Some trustees, `TP tp, `KEYS private_keys)
155 156
  in
  (* election parameters *)
157
  let metadata = { se.se_metadata with e_trustees = trustees } in
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
180 181 182 183
  (match pk_or_tp with
   | `PK pk -> create_file "public_keys.jsons" (string_of_trustee_public_key G.write) pk
   | `TP tp -> create_file "threshold.json" (string_of_threshold_parameters G.write) [tp]
  ) >>
184
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
185
  create_file "metadata.json" string_of_metadata [metadata] >>
186 187
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
188
  let election = Group.election_params_of_string raw_election in
189 190
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
191
  let%lwt () =
192
    match metadata.e_auth_config with
193 194 195 196 197 198 199 200 201 202
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
203
  let%lwt () =
204 205 206 207 208 209
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
210
  (* create file with private keys, if any *)
211
  let%lwt () =
212 213 214 215
    match private_keys with
    | `None -> return_unit
    | `KEY x -> create_file "private_key.json" string_of_number [x]
    | `KEYS x -> create_file "private_keys.jsons" (fun x -> x) x
216 217 218 219
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
220 221
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
222
    se.se_public_keys >>
223 224 225 226 227 228 229
  (match se.se_threshold_trustees with
   | None -> return_unit
   | Some ts ->
      Lwt_list.iter_s
        (fun x -> Ocsipersist.remove election_tpktokens x.stt_token)
        ts
  ) >>
230 231
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
232
  (match metadata.e_auth_config with
233 234 235 236 237 238 239 240 241 242
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
243
       dump_passwords (!spool_dir / uuid_s) table
244 245
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
246
  Web_persist.set_election_state uuid_s `Open >>
247
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
248

Stephane Glondu's avatar
Stephane Glondu committed
249 250 251 252
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
253
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
254 255 256 257 258 259
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
260
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
261 262 263 264
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
265
  let%lwt () = cleanup_table ~uuid_s "election_states" in
Stephane Glondu's avatar
Stephane Glondu committed
266
  let%lwt () = cleanup_table ~uuid_s "site_tokens_decrypt" in
267 268 269 270 271 272 273
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
274 275
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
276 277
let () = Any.register ~service:home
  (fun () () ->
278
    Eliom_reference.unset Web_state.cont >>
279
    Redirection.send admin
Stephane Glondu's avatar
Stephane Glondu committed
280 281
  )

282
let get_finalized_elections_by_owner u =
283
  let%lwt elections, tallied, archived =
284 285
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
286 287 288
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
289
        let elections, tallied, archived = accu in
290
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
291 292 293 294
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
295 296 297 298 299
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
300
  return (sort elections, sort tallied, sort archived)
301

Stephane Glondu's avatar
Stephane Glondu committed
302 303
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
304
    let cont () = Redirection.send admin in
305
    Eliom_reference.set Web_state.cont [cont] >>
306 307
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
308
      match site_user with
309
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
310
      | Some u ->
311 312
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
313
           Ocsipersist.fold_step (fun k v accu ->
314
             let v = setup_election_of_string v in
315
             if v.se_owner = u
316
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
317 318
             else return accu
           ) election_stable []
319
         in
Stephane Glondu's avatar
Stephane Glondu committed
320
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
321
    in
322
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
323 324 325 326 327 328 329 330 331
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

Stephane Glondu's avatar
Stephane Glondu committed
332 333 334 335 336 337 338 339 340 341 342 343
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
344
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
345 346 347 348
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
349
    e_trustees = None;
350
    e_languages = Some ["en"; "fr"];
Stephane Glondu's avatar
Stephane Glondu committed
351 352 353
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
354
    q_blank = None;
Stephane Glondu's avatar
Stephane Glondu committed
355 356 357 358 359 360 361 362 363 364 365
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
366
    se_group = "{\"g\":\"2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627\",\"p\":\"20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719\",\"q\":\"78571733251071885079927659812671450121821421258408794611510081919805623223441\"}"; (* generated by fips.sage *)
Stephane Glondu's avatar
Stephane Glondu committed
367 368 369 370 371
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
372
    se_public_creds_received = false;
373 374 375 376
    se_threshold = None;
    se_threshold_trustees = None;
    se_threshold_parameters = None;
    se_threshold_error = None;
Stephane Glondu's avatar
Stephane Glondu committed
377
  } in
378 379
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
380 381 382 383 384
  return (preapply election_setup uuid)

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

Stephane Glondu's avatar
Stephane Glondu committed
385
let () = Redirection.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
386
  (fun () (credmgmt, (auth, cas_server)) ->
387
   match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
388
   | Some u ->
389
      let%lwt credmgmt = match credmgmt with
Stephane Glondu's avatar
Stephane Glondu committed
390 391 392 393
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
394
      let%lwt auth = match auth with
Stephane Glondu's avatar
Stephane Glondu committed
395 396 397 398 399 400 401
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
402

403
let generic_setup_page f uuid () =
404
  match%lwt Web_state.get_site_user () with
405 406
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
407
     let%lwt se = get_setup_election uuid_s in
408 409 410 411 412
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
413
let () = Html5.register ~service:election_setup
414
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
415

416
let () = Html5.register ~service:election_setup_trustees
417 418
  (generic_setup_page T.election_setup_trustees)

419 420 421
let () = Html5.register ~service:election_setup_threshold_trustees
  (generic_setup_page T.election_setup_threshold_trustees)

422 423
let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
424

Stephane Glondu's avatar
Stephane Glondu committed
425 426
let election_setup_mutex = Lwt_mutex.create ()

427
let handle_setup f uuid x =
428
  match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
429 430 431
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
432
       let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
433
       if se.se_owner = u then (
434 435
         try%lwt
           let%lwt cont = f se x u uuid in
436
           set_setup_election uuid_s se >>
437
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
438
         with e ->
439 440
           let service = preapply election_setup uuid in
           T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
441 442 443
       ) else forbidden ()
     )
  | None -> forbidden ()
444

445 446
let redir_preapply s u () = Redirection.send (preapply s u)

447 448 449 450 451
let () =
  Any.register
    ~service:election_setup_languages
    (handle_setup
       (fun se languages _ uuid ->
452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480
         let langs = languages_of_string languages in
         match langs with
         | None -> assert false
         | Some [] ->
            return (fun () ->
                let service = preapply election_setup uuid in
                T.generic_page ~title:"Error" ~service
                  "You must select at least one language!" () >>= Html5.send
              )
         | Some ls ->
            let unavailable =
              List.filter (fun x ->
                  not (List.mem x available_languages)
                ) ls
            in
            match unavailable with
            | [] ->
               se.se_metadata <- {
                  se.se_metadata with
                  e_languages = langs
                };
               return (redir_preapply election_setup uuid)
            | l :: _ ->
               return (fun () ->
                   let service = preapply election_setup uuid in
                   T.generic_page ~title:"Error" ~service
                     ("No such language: " ^ l) () >>= Html5.send
                 )
    ))
481

482 483 484 485
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
486
       (fun se (name, description) _ uuid ->
487 488 489
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
490 491
         };
         return (redir_preapply election_setup uuid)))
492

Stephane Glondu's avatar
Stephane Glondu committed
493
let generate_password langs title url id =
494
  let email, login = split_identity id in
495 496
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
497
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
498 499 500 501 502 503
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
504 505 506 507 508
  let subject =
    let lang = List.hd langs in
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password_subject title
  in
509
  send_email email subject body >>
510
  return (salt, hashed)
511

512
let handle_password se uuid ~force voters =
513 514 515
  if List.length voters > !maxmailsatonce then
    Lwt.fail (Failure (Printf.sprintf "Cannot send passwords, there are too many voters (max is %d)" !maxmailsatonce))
  else
516 517 518 519
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
520
  let langs = get_languages se.se_metadata.e_languages in
521 522 523 524
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
525
       let%lwt x = generate_password langs title url id.sv_id in
526 527 528
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
529
    let service = preapply election_setup uuid in
530
    T.generic_page ~title:"Success" ~service
531 532
      "Passwords have been generated and mailed!" () >>= Html5.send)

533 534 535 536 537
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
538
         handle_password se uuid ~force:false se.se_voters))
539

540 541 542
let () =
  Any.register
    ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
543
    (fun (uuid, ()) () ->
544 545 546 547 548 549
      T.regenpwd uuid () >>= Html5.send)

let () =
  Any.register
    ~service:election_regenpwd_post
    (fun (uuid, ()) user ->
550
      let uuid_s = Uuidm.to_string uuid in
551 552
      let%lwt w = find_election uuid_s in
      let%lwt metadata = Web_persist.get_election_metadata uuid_s in
553
      let module W = (val w) in
554
      let%lwt site_user = Web_state.get_site_user () in
555
      match site_user with
556
      | Some u when metadata.e_owner = Some u ->
557 558 559 560 561 562 563
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
564
         let service = preapply election_admin (uuid, ()) in
565 566
         begin try%lwt
           let%lwt _ = Ocsipersist.find table user in
567
           let langs = get_languages metadata.e_languages in
568
           let%lwt x = generate_password langs title url user in
569
           Ocsipersist.add table user x >>
570
           dump_passwords (!spool_dir / uuid_s) table >>
571
           T.generic_page ~title:"Success" ~service
572 573 574
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
575
           T.generic_page ~title:"Error" ~service
576 577 578 579 580 581
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
582 583 584 585
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
586
     match%lwt Web_state.get_site_user () with
587 588
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
589
        let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
590
        if se.se_owner = u
591
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
592 593
        else forbidden ()
     | None -> forbidden ()
594 595
    )

Stephane Glondu's avatar
Stephane Glondu committed
596 597 598 599
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
600 601
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
602
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
603

Stephane Glondu's avatar
Stephane Glondu committed
604 605 606 607
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
608
      match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
609 610
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
611
         let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
612
         if se.se_owner = u
613
         then T.election_setup_voters uuid se !maxmailsatonce ()
Stephane Glondu's avatar
Stephane Glondu committed
614 615 616 617 618
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
619
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
620
  ~flags:[`CASELESS]
621
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
622

Stephane Glondu's avatar
Stephane Glondu committed
623 624
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
625 626
  with Not_found -> false

627 628 629 630 631 632 633 634
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

635 636
module SSet = Set.Make (PString)

637
let merge_voters a b f =
638 639 640 641 642 643 644
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
645
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
646 647 648
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
649 650
let () =
  Any.register
651
    ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
652
    (handle_setup
653
       (fun se x _ uuid ->
654
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
655 656 657
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
658 659
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
660 661
           with Not_found -> ()
         in
662
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
663
         return (redir_preapply election_setup_voters uuid))))
664 665 666 667 668 669

let () =
  Any.register
    ~service:election_setup_voters_remove
    (handle_setup
       (fun se voter _ uuid ->
670
         if se.se_public_creds_received then forbidden () else (
671 672 673
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
674
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
675

676 677 678 679 680 681 682
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
683
let () =
684
  Any.register
Stephane Glondu's avatar
Stephane Glondu committed
685
    ~service:election_setup_trustee_add
686 687
    (fun uuid st_id ->
     if is_email st_id then
688
     match%lwt Web_state.get_site_user () with
689 690
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
691
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
692
          let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
693 694
          if se.se_owner = u
          then (
695
            let%lwt st_token = generate_token () in
696 697
            let trustee = {st_id; st_token; st_public_key = ""} in
            se.se_public_keys <- se.se_public_keys @ [trustee];
698
            set_setup_election uuid_s se >>
699
            Ocsipersist.add election_pktokens st_token uuid_s
Stephane Glondu's avatar
Stephane Glondu committed
700 701
          ) else forbidden ()
        ) >>
702
        Redirection.send (preapply election_setup_trustees uuid)
703
     | None -> forbidden ()
704 705
     else
       let msg = st_id ^ " is not a valid e-mail address!" in
706 707
       let service = preapply election_setup_trustees uuid in
       T.generic_page ~title:"Error" ~service msg () >>= Html5.send
708 709 710 711 712
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
713
    (fun uuid index ->
714
     match%lwt Web_state.get_site_user () with
715 716 717
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
718
          let%lwt se = get_setup_election uuid_s in
719 720
          if se.se_owner = u
          then (
721 722 723 724 725 726 727
            let trustees, old =
              se.se_public_keys |>
              List.mapi (fun i x -> i, x) |>
              List.partition (fun (i, _) -> i <> index) |>
              (fun (x, y) -> List.map snd x, List.map snd y)
            in
            se.se_public_keys <- trustees;
728
            set_setup_election uuid_s se >>
729 730 731
            Lwt_list.iter_s (fun {st_token; _} ->
              Ocsipersist.remove election_pktokens st_token
            ) old
732 733
          ) else forbidden ()
        ) >>
734
        return (preapply election_setup_trustees uuid)
735 736 737
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
738 739 740 741
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
742 743
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
744 745 746 747
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from credtokens"
       | Some u -> u
     in
Stephane Glondu's avatar
Stephane Glondu committed
748 749
     T.election_setup_credentials token uuid se ()
    )
750

Stephane Glondu's avatar
Stephane Glondu committed
751 752 753 754 755
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
756
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
757 758
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
759

Stephane Glondu's avatar
Stephane Glondu committed
760
let wrap_handler f =
761
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
762
  with
763
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
764 765

let handle_credentials_post token creds =
766 767
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
768
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
769 770 771 772 773 774 775 776 777 778
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
779
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
780 781 782 783 784 785 786 787 788 789 790
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
791
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
792
  let () = se.se_public_creds_received <- true in
793
  set_setup_election uuid se >>
794
  T.generic_page ~title:"Success" ~service:home
795
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
796 797 798 799 800 801 802

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
803

Stephane Glondu's avatar
Stephane Glondu committed
804 805 806 807 808 809 810
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

811
module CG = Credential.MakeGenerate (LwtRandom)
812 813 814 815

let () =
  Any.register
    ~service:election_setup_credentials_server
816
    (handle_setup (fun se () _ uuid ->
817 818
      let nvoters = List.length se.se_voters in
      if nvoters > !maxmailsatonce then
819
        Lwt.fail (Failure (Printf.sprintf "Cannot send credentials, there are too many voters (max is %d)" !maxmailsatonce))
820 821
      else if nvoters = 0 then
        Lwt.fail (Failure "No voters")
822
      else
823
      if se.se_public_creds_received then forbidden () else
824 825 826
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
827
      let uuid_s = Uuidm.to_string uuid in
828 829 830 831 832
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
833 834
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
835
      let module CD = Credential.MakeDerive (G) in
836
      let%lwt creds =
837 838
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
839
          let%lwt cred = CG.generate () in
840
          let pub_cred =
841
            let x = CD.derive uuid cred in
842 843 844
            let y = G.(g **~ x) in
            G.to_string y
          in
845
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
846 847 848 849 850 851
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
852 853 854 855 856
          let subject =
            let lang = List.hd langs in
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential_subject title
          in
857
          let%lwt () = send_email email subject body in
858 859 860 861 862
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
863
      let%lwt () =
864 865 866 867
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
868
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
869
      in
870
      se.se_public_creds_received <- true;
871
      return (fun () ->
872 873
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
874
          "Credentials have been generated and mailed!" () >>= Html5.send)))
875

Stephane Glondu's avatar
Stephane Glondu committed
876 877 878 879
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
880 881
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
882 883 884 885 886
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from pktokens"
       | Some u -> u
     in
     T.election_setup_trustee token uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
887 888 889 890 891 892 893 894
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
895
        let%lwt uuid = Ocsipersist.find election_pktokens token in
Stephane Glondu's avatar
Stephane Glondu committed
896 897 898
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
899
           let%lwt se = get_setup_election uuid in
900
           let t = List.find (fun x -> token = x.st_token) se.se_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
901 902
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
903
           let module KG = Trustees.MakeSimple (G) (LwtRandom) in
Stephane Glondu's avatar
Stephane Glondu committed
904 905
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
906
           t.st_public_key <- public_key;
907
           set_setup_election uuid se
908
          ) >> T.generic_page ~title:"Success"
909 910
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
911 912 913
       )
    )

914 915 916 917
let () =
  Any.register
    ~service:election_setup_confirm
    (fun uuid () ->
918
      match%lwt Web_state.get_site_user () with
919 920 921
      | None -> forbidden ()
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
922
         let%lwt se = get_setup_election uuid_s in
923 924 925
         if se.se_owner <> u then forbidden () else
         T.election_setup_confirm uuid se () >>= Html5.send)

Stephane Glondu's avatar
Stephane Glondu committed
926 927 928 929
let () =
  Any.register
    ~service:election_setup_create
    (fun uu