web_site.ml 54.4 KB
Newer Older
Stephane Glondu's avatar
Stephane Glondu committed
1 2 3
(**************************************************************************)
(*                                BELENIOS                                *)
(*                                                                        *)
Stephane Glondu's avatar
Stephane Glondu committed
4
(*  Copyright © 2012-2016 Inria                                           *)
Stephane Glondu's avatar
Stephane Glondu committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(*                                                                        *)
(*  This program is free software: you can redistribute it and/or modify  *)
(*  it under the terms of the GNU Affero General Public License as        *)
(*  published by the Free Software Foundation, either version 3 of the    *)
(*  License, or (at your option) any later version, with the additional   *)
(*  exemption that compiling, linking, and/or using OpenSSL is allowed.   *)
(*                                                                        *)
(*  This program is distributed in the hope that it will be useful, but   *)
(*  WITHOUT ANY WARRANTY; without even the implied warranty of            *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *)
(*  Affero General Public License for more details.                       *)
(*                                                                        *)
(*  You should have received a copy of the GNU Affero General Public      *)
(*  License along with this program.  If not, see                         *)
(*  <http://www.gnu.org/licenses/>.                                       *)
(**************************************************************************)

22
open Lwt
23
open Platform
24
open Serializable_j
25
open Signatures
26
open Common
27
open Web_serializable_builtin_t
Stephane Glondu's avatar
Stephane Glondu committed
28
open Web_serializable_j
29
open Web_common
30
open Web_services
Stephane Glondu's avatar
Stephane Glondu committed
31

32
let source_file = ref "belenios.tar.gz"
33
let maxmailsatonce = ref 1000
Stephane Glondu's avatar
Stephane Glondu committed
34

35 36
let ( / ) = Filename.concat

Stephane Glondu's avatar
Stephane Glondu committed
37
module PString = String
Stephane Glondu's avatar
Stephane Glondu committed
38

Stephane Glondu's avatar
Stephane Glondu committed
39 40 41 42 43 44 45 46 47 48 49 50 51 52
open Eliom_service
open Eliom_registration

(* Table with elections in setup mode. *)
let election_stable = Ocsipersist.open_table "site_setup"

(* Table with tokens given to trustees. *)
let election_pktokens = Ocsipersist.open_table "site_pktokens"

(* Table with tokens given to credential authorities. *)
let election_credtokens = Ocsipersist.open_table "site_credtokens"

module T = Web_templates

Stephane Glondu's avatar
Stephane Glondu committed
53
let raw_find_election uuid =
54
  let%lwt raw_election = Web_persist.get_raw_election uuid in
55 56 57 58
  match raw_election with
  | Some raw_election ->
     return (Group.election_params_of_string raw_election)
  | _ -> Lwt.fail Not_found
Stephane Glondu's avatar
Stephane Glondu committed
59

Stephane Glondu's avatar
Stephane Glondu committed
60 61
module WCacheTypes = struct
  type key = string
62
  type value = (module ELECTION_DATA)
Stephane Glondu's avatar
Stephane Glondu committed
63 64 65 66 67 68 69 70
end

module WCache = Ocsigen_cache.Make (WCacheTypes)

let find_election =
  let cache = new WCache.cache raw_find_election 100 in
  fun x -> cache#find x

71
let get_setup_election uuid_s =
72
  let%lwt se = Ocsipersist.find election_stable uuid_s in
73
  return (setup_election_of_string se)
74 75

let set_setup_election uuid_s se =
76
  Ocsipersist.add election_stable uuid_s (string_of_setup_election se)
77

Stephane Glondu's avatar
Stephane Glondu committed
78
let dump_passwords dir table =
Stephane Glondu's avatar
Stephane Glondu committed
79 80 81 82 83 84
  Lwt_io.(with_file Output (dir / "passwords.csv") (fun oc ->
    Ocsipersist.iter_step (fun voter (salt, hashed) ->
      write_line oc (voter ^ "," ^ salt ^ "," ^ hashed)
    ) table
  ))

85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
let finalize_election uuid se =
  let uuid_s = Uuidm.to_string uuid in
  (* voters *)
  let () =
    if se.se_voters = [] then failwith "no voters"
  in
  (* passwords *)
  let () =
    match se.se_metadata.e_auth_config with
    | Some [{auth_system = "password"; _}] ->
       if not @@ List.for_all (fun v -> v.sv_password <> None) se.se_voters then
         failwith "some passwords are missing"
    | _ -> ()
  in
  (* credentials *)
  let () =
    if not se.se_public_creds_received then
      failwith "public credentials are missing"
  in
  (* trustees *)
  let group = Group.of_string se.se_group in
  let module G = (val group : GROUP) in
107
  let module KG = Trustees.MakeSimpleDistKeyGen (G) (LwtRandom) in
108
  let%lwt trustees, public_keys, private_key =
109 110
    match se.se_public_keys with
    | [] ->
Stephane Glondu's avatar
Stephane Glondu committed
111 112
       let%lwt private_key = KG.generate () in
       let%lwt public_key = KG.prove private_key in
113
       return (None, [public_key], Some private_key)
114
    | _ :: _ ->
115 116 117
       return (
         Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
         (List.map
118 119 120
            (fun {st_public_key; _} ->
              if st_public_key = "" then failwith "some public keys are missing";
              trustee_public_key_of_string G.read st_public_key
121 122
            ) se.se_public_keys),
         None)
123 124 125
  in
  let y = KG.combine (Array.of_list public_keys) in
  (* election parameters *)
126
  let metadata = { se.se_metadata with e_trustees = trustees } in
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
  let template = se.se_questions in
  let params = {
    e_description = template.t_description;
    e_name = template.t_name;
    e_public_key = {wpk_group = G.group; wpk_y = y};
    e_questions = template.t_questions;
    e_uuid = uuid;
  } in
  let raw_election = string_of_params (write_wrapped_pubkey G.write_group G.write) params in
  (* write election files to disk *)
  let dir = !spool_dir / uuid_s in
  let create_file fname what xs =
    Lwt_io.with_file
      ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
      ~perm:0o600 ~mode:Lwt_io.Output (dir / fname)
      (fun oc ->
        Lwt_list.iter_s
          (fun v ->
            Lwt_io.write oc (what v) >>
              Lwt_io.write oc "\n") xs)
  in
  Lwt_unix.mkdir dir 0o700 >>
  create_file "public_keys.jsons" (string_of_trustee_public_key G.write) public_keys >>
  create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
151
  create_file "metadata.json" string_of_metadata [metadata] >>
152 153
  create_file "election.json" (fun x -> x) [raw_election] >>
  (* construct Web_election instance *)
154
  let election = Group.election_params_of_string raw_election in
155 156
  let module W = Web_election.Make ((val election)) (LwtRandom) in
  (* set up authentication *)
157
  let%lwt () =
158
    match metadata.e_auth_config with
159 160 161 162 163 164 165 166 167 168
    | None -> return ()
    | Some xs ->
       let auth_config =
         List.map (fun {auth_system; auth_instance; auth_config} ->
           auth_instance, (auth_system, List.map snd auth_config)
         ) xs
       in
       Web_persist.set_auth_config uuid_s auth_config
  in
  (* inject credentials *)
169
  let%lwt () =
170 171 172 173 174 175 176
    let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
    Lwt_io.lines_of_file fname |>
    Lwt_stream.iter_s W.B.inject_cred >>
    W.B.update_files () >>
    Lwt_unix.unlink fname
  in
  (* create file with private key, if any *)
177
  let%lwt () =
178 179 180 181 182 183 184
    match private_key with
    | None -> return_unit
    | Some x -> create_file "private_key.json" string_of_number [x]
  in
  (* clean up setup database *)
  Ocsipersist.remove election_credtokens se.se_public_creds >>
  Lwt_list.iter_s
185 186
    (fun {st_token; _} ->
      Ocsipersist.remove election_pktokens st_token)
187 188 189
    se.se_public_keys >>
  Ocsipersist.remove election_stable uuid_s >>
  (* inject passwords *)
190
  (match metadata.e_auth_config with
191 192 193 194 195 196 197 198 199 200
  | Some [{auth_system = "password"; _}] ->
     let table = "password_" ^ underscorize uuid_s in
     let table = Ocsipersist.open_table table in
     Lwt_list.iter_s
       (fun v ->
         let _, login = split_identity v.sv_id in
         match v.sv_password with
         | Some x -> Ocsipersist.add table login x
         | None -> return_unit
       ) se.se_voters >>
201
       dump_passwords (!spool_dir / uuid_s) table
202 203
  | _ -> return_unit) >>
  (* finish *)
Stephane Glondu's avatar
Stephane Glondu committed
204
  Web_persist.set_election_state uuid_s `Open >>
205
  Web_persist.set_election_date uuid_s (now ())
Stephane Glondu's avatar
Stephane Glondu committed
206

Stephane Glondu's avatar
Stephane Glondu committed
207 208 209 210
let cleanup_table ?uuid_s table =
  let table = Ocsipersist.open_table table in
  match uuid_s with
  | None ->
211
     let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
Stephane Glondu's avatar
Stephane Glondu committed
212 213 214 215 216 217
       return (k :: accu)) table []
     in
     Lwt_list.iter_s (Ocsipersist.remove table) indexes
  | Some u -> Ocsipersist.remove table u

let cleanup_file f =
218
  try%lwt Lwt_unix.unlink f
Stephane Glondu's avatar
Stephane Glondu committed
219 220 221 222
  with _ -> return_unit

let archive_election uuid_s =
  let uuid_u = underscorize uuid_s in
223 224 225 226 227 228 229 230
  let%lwt () = cleanup_table ~uuid_s "election_states" in
  let%lwt () = cleanup_table ~uuid_s "election_pds" in
  let%lwt () = cleanup_table ~uuid_s "auth_configs" in
  let%lwt () = cleanup_table ("password_" ^ uuid_u) in
  let%lwt () = cleanup_table ("records_" ^ uuid_u) in
  let%lwt () = cleanup_table ("creds_" ^ uuid_u) in
  let%lwt () = cleanup_table ("ballots_" ^ uuid_u) in
  let%lwt () = cleanup_file (!spool_dir / uuid_s / "private_key.json") in
Stephane Glondu's avatar
Stephane Glondu committed
231 232
  return_unit

Stephane Glondu's avatar
Stephane Glondu committed
233 234
let () = Any.register ~service:home
  (fun () () ->
235
    Eliom_reference.unset Web_state.cont >>
236
    Redirection.send admin
Stephane Glondu's avatar
Stephane Glondu committed
237 238
  )

239
let get_finalized_elections_by_owner u =
240
  let%lwt elections, tallied, archived =
241 242
    Web_persist.get_elections_by_owner u >>=
    Lwt_list.fold_left_s (fun accu uuid_s ->
243 244 245
        let%lwt w = find_election uuid_s in
        let%lwt state = Web_persist.get_election_state uuid_s in
        let%lwt date = Web_persist.get_election_date uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
246
        let elections, tallied, archived = accu in
247
        match state with
Stephane Glondu's avatar
Stephane Glondu committed
248 249 250 251
        | `Tallied _ -> return (elections, (date, w) :: tallied, archived)
        | `Archived -> return (elections, tallied, (date, w) :: archived)
        | _ -> return ((date, w) :: elections, tallied, archived)
    ) ([], [], [])
252 253 254 255 256
  in
  let sort l =
    List.sort (fun (x, _) (y, _) -> datetime_compare x y) l |>
    List.map (fun (_, x) -> x)
  in
Stephane Glondu's avatar
Stephane Glondu committed
257
  return (sort elections, sort tallied, sort archived)
258

Stephane Glondu's avatar
Stephane Glondu committed
259 260
let () = Html5.register ~service:admin
  (fun () () ->
Stephane Glondu's avatar
Stephane Glondu committed
261
    let cont () = Redirection.send admin in
262
    Eliom_reference.set Web_state.cont [cont] >>
263 264
    let%lwt site_user = Web_state.get_site_user () in
    let%lwt elections =
265
      match site_user with
266
      | None -> return None
Stephane Glondu's avatar
Stephane Glondu committed
267
      | Some u ->
268 269
         let%lwt elections, tallied, archived = get_finalized_elections_by_owner u in
         let%lwt setup_elections =
270
           Ocsipersist.fold_step (fun k v accu ->
271
             let v = setup_election_of_string v in
272
             if v.se_owner = u
273
             then return ((uuid_of_string k, v.se_questions.t_name) :: accu)
274 275
             else return accu
           ) election_stable []
276
         in
Stephane Glondu's avatar
Stephane Glondu committed
277
         return @@ Some (elections, tallied, archived, setup_elections)
Stephane Glondu's avatar
Stephane Glondu committed
278
    in
279
    T.admin ~elections ()
Stephane Glondu's avatar
Stephane Glondu committed
280 281 282 283 284 285 286 287 288
  )

let () = File.register
  ~service:source_code
  ~content_type:"application/x-gzip"
  (fun () () -> return !source_file)

let generate_uuid = Uuidm.v4_gen (Random.State.make_self_init ())

Stephane Glondu's avatar
Stephane Glondu committed
289 290 291 292 293 294 295 296 297 298 299 300
let create_new_election owner cred auth =
  let e_cred_authority = match cred with
    | `Automatic -> Some "server"
    | `Manual -> None
  in
  let e_auth_config = match auth with
    | `Password -> Some [{auth_system = "password"; auth_instance = "password"; auth_config = []}]
    | `Dummy -> Some [{auth_system = "dummy"; auth_instance = "dummy"; auth_config = []}]
    | `CAS server -> Some [{auth_system = "cas"; auth_instance = "cas"; auth_config = ["server", server]}]
  in
  let uuid = generate_uuid () in
  let uuid_s = Uuidm.to_string uuid in
301
  let%lwt token = generate_token () in
Stephane Glondu's avatar
Stephane Glondu committed
302 303 304 305
  let se_metadata = {
    e_owner = Some owner;
    e_auth_config;
    e_cred_authority;
306
    e_trustees = None;
307
    e_languages = Some ["en"; "fr"];
Stephane Glondu's avatar
Stephane Glondu committed
308 309 310
  } in
  let question = {
    q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
311
    q_blank = None;
Stephane Glondu's avatar
Stephane Glondu committed
312 313 314 315 316 317 318 319 320 321 322
    q_min = 1;
    q_max = 1;
    q_question = "Question 1?";
  } in
  let se_questions = {
    t_description = "Description of the election.";
    t_name = "Name of the election";
    t_questions = [| question |];
  } in
  let se = {
    se_owner = owner;
323
    se_group = "{\"g\":\"2402352677501852209227687703532399932712287657378364916510075318787663274146353219320285676155269678799694668298749389095083896573425601900601068477164491735474137283104610458681314511781646755400527402889846139864532661215055797097162016168270312886432456663834863635782106154918419982534315189740658186868651151358576410138882215396016043228843603930989333662772848406593138406010231675095763777982665103606822406635076697764025346253773085133173495194248967754052573659049492477631475991575198775177711481490920456600205478127054728238140972518639858334115700568353695553423781475582491896050296680037745308460627\",\"p\":\"20694785691422546401013643657505008064922989295751104097100884787057374219242717401922237254497684338129066633138078958404960054389636289796393038773905722803605973749427671376777618898589872735865049081167099310535867780980030790491654063777173764198678527273474476341835600035698305193144284561701911000786737307333564123971732897913240474578834468260652327974647951137672658693582180046317922073668860052627186363386088796882120769432366149491002923444346373222145884100586421050242120365433561201320481118852408731077014151666200162313177169372189248078507711827842317498073276598828825169183103125680162072880719\",\"q\":\"78571733251071885079927659812671450121821421258408794611510081919805623223441\"}"; (* generated by fips.sage *)
Stephane Glondu's avatar
Stephane Glondu committed
324 325 326 327 328
    se_voters = [];
    se_questions;
    se_public_keys = [];
    se_metadata;
    se_public_creds = token;
329
    se_public_creds_received = false;
Stephane Glondu's avatar
Stephane Glondu committed
330
  } in
331 332
  let%lwt () = set_setup_election uuid_s se in
  let%lwt () = Ocsipersist.add election_credtokens token uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
333 334 335 336 337
  return (preapply election_setup uuid)

let () = Html5.register ~service:election_setup_pre
  (fun () () -> T.election_setup_pre ())

Stephane Glondu's avatar
Stephane Glondu committed
338
let () = Redirection.register ~service:election_setup_new
Stephane Glondu's avatar
Stephane Glondu committed
339
  (fun () (credmgmt, (auth, cas_server)) ->
340
   match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
341
   | Some u ->
342
      let%lwt credmgmt = match credmgmt with
Stephane Glondu's avatar
Stephane Glondu committed
343 344 345 346
        | Some "auto" -> return `Automatic
        | Some "manual" -> return `Manual
        | _ -> fail_http 400
      in
347
      let%lwt auth = match auth with
Stephane Glondu's avatar
Stephane Glondu committed
348 349 350 351 352 353 354
        | Some "password" -> return `Password
        | Some "dummy" -> return `Dummy
        | Some "cas" -> return @@ `CAS cas_server
        | _ -> fail_http 400
      in
      create_new_election u credmgmt auth
   | None -> forbidden ())
Stephane Glondu's avatar
Stephane Glondu committed
355

356
let generic_setup_page f uuid () =
357
  match%lwt Web_state.get_site_user () with
358 359
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
360
     let%lwt se = get_setup_election uuid_s in
361 362 363 364 365
     if se.se_owner = u
     then f uuid se ()
     else forbidden ()
  | None -> forbidden ()

Stephane Glondu's avatar
Stephane Glondu committed
366
let () = Html5.register ~service:election_setup
367
  (generic_setup_page T.election_setup)
Stephane Glondu's avatar
Stephane Glondu committed
368

369
let () = Html5.register ~service:election_setup_trustees
370 371 372 373
  (generic_setup_page T.election_setup_trustees)

let () = Html5.register ~service:election_setup_credential_authority
  (generic_setup_page T.election_setup_credential_authority)
374

Stephane Glondu's avatar
Stephane Glondu committed
375 376
let election_setup_mutex = Lwt_mutex.create ()

377
let handle_setup f uuid x =
378
  match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
379 380 381
  | Some u ->
     let uuid_s = Uuidm.to_string uuid in
     Lwt_mutex.with_lock election_setup_mutex (fun () ->
382
       let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
383
       if se.se_owner = u then (
384 385
         try%lwt
           let%lwt cont = f se x u uuid in
386
           set_setup_election uuid_s se >>
387
           cont ()
Stephane Glondu's avatar
Stephane Glondu committed
388
         with e ->
389 390
           let service = preapply election_setup uuid in
           T.generic_page ~title:"Error" ~service (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
391 392 393
       ) else forbidden ()
     )
  | None -> forbidden ()
394

395 396
let redir_preapply s u () = Redirection.send (preapply s u)

397 398 399 400 401
let () =
  Any.register
    ~service:election_setup_languages
    (handle_setup
       (fun se languages _ uuid ->
402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430
         let langs = languages_of_string languages in
         match langs with
         | None -> assert false
         | Some [] ->
            return (fun () ->
                let service = preapply election_setup uuid in
                T.generic_page ~title:"Error" ~service
                  "You must select at least one language!" () >>= Html5.send
              )
         | Some ls ->
            let unavailable =
              List.filter (fun x ->
                  not (List.mem x available_languages)
                ) ls
            in
            match unavailable with
            | [] ->
               se.se_metadata <- {
                  se.se_metadata with
                  e_languages = langs
                };
               return (redir_preapply election_setup uuid)
            | l :: _ ->
               return (fun () ->
                   let service = preapply election_setup uuid in
                   T.generic_page ~title:"Error" ~service
                     ("No such language: " ^ l) () >>= Html5.send
                 )
    ))
431

432 433 434 435
let () =
  Any.register
    ~service:election_setup_description
    (handle_setup
436
       (fun se (name, description) _ uuid ->
437 438 439
         se.se_questions <- {se.se_questions with
           t_name = name;
           t_description = description;
440 441
         };
         return (redir_preapply election_setup uuid)))
442

Stephane Glondu's avatar
Stephane Glondu committed
443
let generate_password langs title url id =
444
  let email, login = split_identity id in
445 446
  let%lwt salt = generate_token () in
  let%lwt password = generate_token () in
447
  let hashed = sha256_hex (salt ^ password) in
Stephane Glondu's avatar
Stephane Glondu committed
448 449 450 451 452 453
  let bodies = List.map (fun lang ->
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password title login password url
  ) langs in
  let body = PString.concat "\n\n----------\n\n" bodies in
  let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
454 455 456 457 458
  let subject =
    let lang = List.hd langs in
    let module L = (val Web_i18n.get_lang lang) in
    Printf.sprintf L.mail_password_subject title
  in
459
  send_email email subject body >>
460
  return (salt, hashed)
461

462
let handle_password se uuid ~force voters =
463 464 465
  if List.length voters > !maxmailsatonce then
    Lwt.fail (Failure (Printf.sprintf "Cannot send passwords, there are too many voters (max is %d)" !maxmailsatonce))
  else
466 467 468 469
  let title = se.se_questions.t_name in
  let url = Eliom_uri.make_string_uri ~absolute:true ~service:election_home
    (uuid, ()) |> rewrite_prefix
  in
470
  let langs = get_languages se.se_metadata.e_languages in
471 472 473 474
  Lwt_list.iter_s (fun id ->
    match id.sv_password with
    | Some _ when not force -> return_unit
    | None | Some _ ->
475
       let%lwt x = generate_password langs title url id.sv_id in
476 477 478
       return (id.sv_password <- Some x)
  ) voters >>
  return (fun () ->
Stephane Glondu's avatar
Stephane Glondu committed
479
    let service = preapply election_setup uuid in
480
    T.generic_page ~title:"Success" ~service
481 482
      "Passwords have been generated and mailed!" () >>= Html5.send)

483 484 485 486 487
let () =
  Any.register
    ~service:election_setup_auth_genpwd
    (handle_setup
       (fun se () _ uuid ->
488
         handle_password se uuid ~force:false se.se_voters))
489

490 491 492
let () =
  Any.register
    ~service:election_regenpwd
Stephane Glondu's avatar
Stephane Glondu committed
493
    (fun (uuid, ()) () ->
494 495 496 497 498 499
      T.regenpwd uuid () >>= Html5.send)

let () =
  Any.register
    ~service:election_regenpwd_post
    (fun (uuid, ()) user ->
500
      let uuid_s = Uuidm.to_string uuid in
501 502
      let%lwt w = find_election uuid_s in
      let%lwt metadata = Web_persist.get_election_metadata uuid_s in
503
      let module W = (val w) in
504
      let%lwt site_user = Web_state.get_site_user () in
505
      match site_user with
506
      | Some u when metadata.e_owner = Some u ->
507 508 509 510 511 512 513
         let table = "password_" ^ underscorize uuid_s in
         let table = Ocsipersist.open_table table in
         let title = W.election.e_params.e_name in
         let url = Eliom_uri.make_string_uri
           ~absolute:true ~service:election_home
           (uuid, ()) |> rewrite_prefix
         in
514
         let service = preapply election_admin (uuid, ()) in
515 516
         begin try%lwt
           let%lwt _ = Ocsipersist.find table user in
517
           let langs = get_languages metadata.e_languages in
518
           let%lwt x = generate_password langs title url user in
519
           Ocsipersist.add table user x >>
520
           dump_passwords (!spool_dir / uuid_s) table >>
521
           T.generic_page ~title:"Success" ~service
522 523 524
             ("A new password has been mailed to " ^ user ^ ".") ()
           >>= Html5.send
         with Not_found ->
525
           T.generic_page ~title:"Error" ~service
526 527 528 529 530 531
             (user ^ " is not a registered user for this election.") ()
           >>= Html5.send
         end
      | _ -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
532 533 534 535
let () =
  Html5.register
    ~service:election_setup_questions
    (fun uuid () ->
536
     match%lwt Web_state.get_site_user () with
537 538
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
539
        let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
540
        if se.se_owner = u
541
        then T.election_setup_questions uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
542 543
        else forbidden ()
     | None -> forbidden ()
544 545
    )

Stephane Glondu's avatar
Stephane Glondu committed
546 547 548 549
let () =
  Any.register
    ~service:election_setup_questions_post
    (handle_setup
550 551
       (fun se x _ uuid ->
        se.se_questions <- template_of_string x;
552
         return (redir_preapply election_setup uuid)))
Stephane Glondu's avatar
Stephane Glondu committed
553

Stephane Glondu's avatar
Stephane Glondu committed
554 555 556 557
let () =
  Html5.register
    ~service:election_setup_voters
    (fun uuid () ->
558
      match%lwt Web_state.get_site_user () with
Stephane Glondu's avatar
Stephane Glondu committed
559 560
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
561
         let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
562
         if se.se_owner = u
563
         then T.election_setup_voters uuid se !maxmailsatonce ()
Stephane Glondu's avatar
Stephane Glondu committed
564 565 566 567 568
         else forbidden ()
      | None -> forbidden ()
    )

(* see http://www.regular-expressions.info/email.html *)
Stephane Glondu's avatar
Stephane Glondu committed
569
let identity_rex = Pcre.regexp
Stephane Glondu's avatar
Stephane Glondu committed
570
  ~flags:[`CASELESS]
571
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}(,[A-Z0-9._%+-]+)?$"
Stephane Glondu's avatar
Stephane Glondu committed
572

Stephane Glondu's avatar
Stephane Glondu committed
573 574
let is_identity x =
  try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
Stephane Glondu's avatar
Stephane Glondu committed
575 576
  with Not_found -> false

577 578 579 580 581 582 583 584
let email_rex = Pcre.regexp
  ~flags:[`CASELESS]
  "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"

let is_email x =
  try ignore (Pcre.pcre_exec ~rex:email_rex x); true
  with Not_found -> false

585 586
module SSet = Set.Make (PString)

587
let merge_voters a b f =
588 589 590 591 592 593 594
  let existing = List.fold_left (fun accu sv ->
    SSet.add sv.sv_id accu
  ) SSet.empty a in
  let _, res = List.fold_left (fun (existing, accu) sv_id ->
    if SSet.mem sv_id existing then
      (existing, accu)
    else
595
      (SSet.add sv_id existing, {sv_id; sv_password = f sv_id} :: accu)
596 597 598
  ) (existing, List.rev a) b in
  List.rev res

Stephane Glondu's avatar
Stephane Glondu committed
599 600
let () =
  Any.register
601
    ~service:election_setup_voters_add
Stephane Glondu's avatar
Stephane Glondu committed
602
    (handle_setup
603
       (fun se x _ uuid ->
604
         if se.se_public_creds_received then forbidden () else (
Stephane Glondu's avatar
Stephane Glondu committed
605 606 607
         let xs = Pcre.split x in
         let () =
           try
Stephane Glondu's avatar
Stephane Glondu committed
608 609
             let bad = List.find (fun x -> not (is_identity x)) xs in
             Printf.ksprintf failwith "%S is not a valid identity" bad
Stephane Glondu's avatar
Stephane Glondu committed
610 611
           with Not_found -> ()
         in
612
         se.se_voters <- merge_voters se.se_voters xs (fun _ -> None);
613
         return (redir_preapply election_setup_voters uuid))))
614 615 616 617 618 619

let () =
  Any.register
    ~service:election_setup_voters_remove
    (handle_setup
       (fun se voter _ uuid ->
620
         if se.se_public_creds_received then forbidden () else (
621 622 623
         se.se_voters <- List.filter (fun v ->
           v.sv_id <> voter
         ) se.se_voters;
624
         return (redir_preapply election_setup_voters uuid))))
Stephane Glondu's avatar
Stephane Glondu committed
625

626 627 628 629 630 631 632
let () =
  Any.register ~service:election_setup_voters_passwd
    (handle_setup
       (fun se voter _ uuid ->
         let voter = List.filter (fun v -> v.sv_id = voter) se.se_voters in
         handle_password se uuid ~force:true voter))

Stephane Glondu's avatar
Stephane Glondu committed
633
let () =
634
  Any.register
Stephane Glondu's avatar
Stephane Glondu committed
635
    ~service:election_setup_trustee_add
636 637
    (fun uuid st_id ->
     if is_email st_id then
638
     match%lwt Web_state.get_site_user () with
639 640
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
Stephane Glondu's avatar
Stephane Glondu committed
641
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
642
          let%lwt se = get_setup_election uuid_s in
Stephane Glondu's avatar
Stephane Glondu committed
643 644
          if se.se_owner = u
          then (
645
            let%lwt st_token = generate_token () in
646 647
            let trustee = {st_id; st_token; st_public_key = ""} in
            se.se_public_keys <- se.se_public_keys @ [trustee];
648
            set_setup_election uuid_s se >>
649
            Ocsipersist.add election_pktokens st_token uuid_s
Stephane Glondu's avatar
Stephane Glondu committed
650 651
          ) else forbidden ()
        ) >>
652
        Redirection.send (preapply election_setup_trustees uuid)
653
     | None -> forbidden ()
654 655
     else
       let msg = st_id ^ " is not a valid e-mail address!" in
656 657
       let service = preapply election_setup_trustees uuid in
       T.generic_page ~title:"Error" ~service msg () >>= Html5.send
658 659 660 661 662
    )

let () =
  Redirection.register
    ~service:election_setup_trustee_del
663
    (fun uuid index ->
664
     match%lwt Web_state.get_site_user () with
665 666 667
     | Some u ->
        let uuid_s = Uuidm.to_string uuid in
        Lwt_mutex.with_lock election_setup_mutex (fun () ->
668
          let%lwt se = get_setup_election uuid_s in
669 670
          if se.se_owner = u
          then (
671 672 673 674 675 676 677
            let trustees, old =
              se.se_public_keys |>
              List.mapi (fun i x -> i, x) |>
              List.partition (fun (i, _) -> i <> index) |>
              (fun (x, y) -> List.map snd x, List.map snd y)
            in
            se.se_public_keys <- trustees;
678
            set_setup_election uuid_s se >>
679 680 681
            Lwt_list.iter_s (fun {st_token; _} ->
              Ocsipersist.remove election_pktokens st_token
            ) old
682 683
          ) else forbidden ()
        ) >>
684
        return (preapply election_setup_trustees uuid)
685 686 687
     | None -> forbidden ()
    )

Stephane Glondu's avatar
Stephane Glondu committed
688 689 690 691
let () =
  Html5.register
    ~service:election_setup_credentials
    (fun token () ->
692 693
     let%lwt uuid = Ocsipersist.find election_credtokens token in
     let%lwt se = get_setup_election uuid in
694 695 696 697
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from credtokens"
       | Some u -> u
     in
Stephane Glondu's avatar
Stephane Glondu committed
698 699
     T.election_setup_credentials token uuid se ()
    )
700

Stephane Glondu's avatar
Stephane Glondu committed
701 702 703 704 705
let () =
  File.register
    ~service:election_setup_credentials_download
    ~content_type:"text/plain"
    (fun token () ->
706
     let%lwt uuid = Ocsipersist.find election_credtokens token in
Stephane Glondu's avatar
Stephane Glondu committed
707 708
     return (!spool_dir / uuid ^ ".public_creds.txt")
    )
709

Stephane Glondu's avatar
Stephane Glondu committed
710
let wrap_handler f =
711
  try%lwt f ()
Stephane Glondu's avatar
Stephane Glondu committed
712
  with
713
  | e -> T.generic_page ~title:"Error" (Printexc.to_string e) () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
714 715

let handle_credentials_post token creds =
716 717
  let%lwt uuid = Ocsipersist.find election_credtokens token in
  let%lwt se = get_setup_election uuid in
718
  if se.se_public_creds_received then forbidden () else
Stephane Glondu's avatar
Stephane Glondu committed
719 720 721 722 723 724 725 726 727 728
  let module G = (val Group.of_string se.se_group : GROUP) in
  let fname = !spool_dir / uuid ^ ".public_creds.txt" in
  Lwt_mutex.with_lock
    election_setup_mutex
    (fun () ->
     Lwt_io.with_file
       ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
       ~perm:0o600 ~mode:Lwt_io.Output fname
       (fun oc -> Lwt_io.write_chars oc creds)
    ) >>
729
  let%lwt () =
Stephane Glondu's avatar
Stephane Glondu committed
730 731 732 733 734 735 736 737 738 739 740
    let i = ref 1 in
    Lwt_stream.iter
      (fun x ->
       try
         let x = G.of_string x in
         if not (G.check x) then raise Exit;
         incr i
       with _ ->
         Printf.ksprintf failwith "invalid credential at line %d" !i)
      (Lwt_io.lines_of_file fname)
  in
741
  let () = se.se_metadata <- {se.se_metadata with e_cred_authority = None} in
742
  let () = se.se_public_creds_received <- true in
743
  set_setup_election uuid se >>
744
  T.generic_page ~title:"Success" ~service:home
745
    "Credentials have been received and checked!" () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
746 747 748 749 750 751 752

let () =
  Any.register
    ~service:election_setup_credentials_post
    (fun token creds ->
     let s = Lwt_stream.of_string creds in
     wrap_handler (fun () -> handle_credentials_post token s))
753

Stephane Glondu's avatar
Stephane Glondu committed
754 755 756 757 758 759 760
let () =
  Any.register
    ~service:election_setup_credentials_post_file
    (fun token creds ->
     let s = Lwt_io.chars_of_file creds.Ocsigen_extensions.tmp_filename in
     wrap_handler (fun () -> handle_credentials_post token s))

761
module CG = Credential.MakeGenerate (LwtRandom)
762 763 764 765

let () =
  Any.register
    ~service:election_setup_credentials_server
766
    (handle_setup (fun se () _ uuid ->
767 768
      let nvoters = List.length se.se_voters in
      if nvoters > !maxmailsatonce then
769
        Lwt.fail (Failure (Printf.sprintf "Cannot send credentials, there are too many voters (max is %d)" !maxmailsatonce))
770 771
      else if nvoters = 0 then
        Lwt.fail (Failure "No voters")
772
      else
773
      if se.se_public_creds_received then forbidden () else
774 775 776
      let () = se.se_metadata <- {se.se_metadata with
        e_cred_authority = Some "server"
      } in
777
      let uuid_s = Uuidm.to_string uuid in
778 779 780 781 782
      let title = se.se_questions.t_name in
      let url = Eliom_uri.make_string_uri
        ~absolute:true ~service:election_home
        (uuid, ()) |> rewrite_prefix
      in
783 784
      let module S = Set.Make (PString) in
      let module G = (val Group.of_string se.se_group : GROUP) in
785
      let module CD = Credential.MakeDerive (G) in
786
      let%lwt creds =
787 788
        Lwt_list.fold_left_s (fun accu v ->
          let email, login = split_identity v.sv_id in
789
          let%lwt cred = CG.generate () in
790
          let pub_cred =
791
            let x = CD.derive uuid cred in
792 793 794
            let y = G.(g **~ x) in
            G.to_string y
          in
795
          let langs = get_languages se.se_metadata.e_languages in
Stephane Glondu's avatar
Stephane Glondu committed
796 797 798 799 800 801
          let bodies = List.map (fun lang ->
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential title login cred url
          ) langs in
          let body = PString.concat "\n\n----------\n\n" bodies in
          let body = body ^ "\n\n-- \nBelenios" in
Stephane Glondu's avatar
Stephane Glondu committed
802 803 804 805 806
          let subject =
            let lang = List.hd langs in
            let module L = (val Web_i18n.get_lang lang) in
            Printf.sprintf L.mail_credential_subject title
          in
807
          let%lwt () = send_email email subject body in
808 809 810 811 812
          return @@ S.add pub_cred accu
        ) S.empty se.se_voters
      in
      let creds = S.elements creds in
      let fname = !spool_dir / uuid_s ^ ".public_creds.txt" in
813
      let%lwt () =
814 815 816 817
          Lwt_io.with_file
            ~flags:(Unix.([O_WRONLY; O_NONBLOCK; O_CREAT; O_TRUNC]))
            ~perm:0o600 ~mode:Lwt_io.Output fname
            (fun oc ->
818
              Lwt_list.iter_s (Lwt_io.write_line oc) creds)
819
      in
820
      se.se_public_creds_received <- true;
821
      return (fun () ->
822 823
        let service = preapply election_setup uuid in
        T.generic_page ~title:"Success" ~service
824
          "Credentials have been generated and mailed!" () >>= Html5.send)))
825

Stephane Glondu's avatar
Stephane Glondu committed
826 827 828 829
let () =
  Html5.register
    ~service:election_setup_trustee
    (fun token () ->
830 831
     let%lwt uuid = Ocsipersist.find election_pktokens token in
     let%lwt se = get_setup_election uuid in
832 833 834 835 836
     let uuid = match Uuidm.of_string uuid with
       | None -> failwith "invalid UUID extracted from pktokens"
       | Some u -> u
     in
     T.election_setup_trustee token uuid se ()
Stephane Glondu's avatar
Stephane Glondu committed
837 838 839 840 841 842 843 844
    )

let () =
  Any.register
    ~service:election_setup_trustee_post
    (fun token public_key ->
     wrap_handler
       (fun () ->
845
        let%lwt uuid = Ocsipersist.find election_pktokens token in
Stephane Glondu's avatar
Stephane Glondu committed
846 847 848
        Lwt_mutex.with_lock
          election_setup_mutex
          (fun () ->
849
           let%lwt se = get_setup_election uuid in
850
           let t = List.find (fun x -> token = x.st_token) se.se_public_keys in
Stephane Glondu's avatar
Stephane Glondu committed
851 852
           let module G = (val Group.of_string se.se_group : GROUP) in
           let pk = trustee_public_key_of_string G.read public_key in
853
           let module KG = Trustees.MakeSimpleDistKeyGen (G) (LwtRandom) in
Stephane Glondu's avatar
Stephane Glondu committed
854 855
           if not (KG.check pk) then failwith "invalid public key";
           (* we keep pk as a string because of G.t *)
856
           t.st_public_key <- public_key;
857
           set_setup_election uuid se
858
          ) >> T.generic_page ~title:"Success"
859 860
            "Your key has been received and checked!"
            () >>= Html5.send
Stephane Glondu's avatar
Stephane Glondu committed
861 862 863
       )
    )

864 865 866 867
let () =
  Any.register
    ~service:election_setup_confirm
    (fun uuid () ->
868
      match%lwt Web_state.get_site_user () with
869 870 871
      | None -> forbidden ()
      | Some u ->
         let uuid_s = Uuidm.to_string uuid in
872
         let%lwt se = get_setup_election uuid_s in
873 874 875
         if se.se_owner <> u then forbidden () else
         T.election_setup_confirm uuid se () >>= Html5.send)

Stephane Glondu's avatar