Maj terminée. Pour consulter la release notes associée voici le lien :
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

Commit 0f30d24b authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Add an e-mail address to trustees

parent 09c97a36
...@@ -184,6 +184,7 @@ type setup_voter = { ...@@ -184,6 +184,7 @@ type setup_voter = {
} }
type setup_trustee = { type setup_trustee = {
st_id : string;
st_token : string; st_token : string;
mutable st_public_key : string; mutable st_public_key : string;
} }
......
...@@ -101,6 +101,7 @@ type setup_voter = { ...@@ -101,6 +101,7 @@ type setup_voter = {
} }
type setup_trustee = { type setup_trustee = {
st_id : string;
st_token : string; st_token : string;
mutable st_public_key : string; mutable st_public_key : string;
} }
......
...@@ -49,6 +49,7 @@ type metadata = { ...@@ -49,6 +49,7 @@ type metadata = {
?owner: user option; ?owner: user option;
?auth_config: auth_config list option; ?auth_config: auth_config list option;
?cred_authority : string option; ?cred_authority : string option;
?trustees : string list option;
} <ocaml field_prefix="e_"> } <ocaml field_prefix="e_">
type datadir_item = { type datadir_item = {
......
...@@ -46,8 +46,8 @@ let election_setup_voters = service ~path:["setup"; "voters"] ~get_params:(uuid ...@@ -46,8 +46,8 @@ let election_setup_voters = service ~path:["setup"; "voters"] ~get_params:(uuid
let election_setup_voters_add = post_service ~fallback:election_setup_voters ~post_params:(string "voters") () let election_setup_voters_add = post_service ~fallback:election_setup_voters ~post_params:(string "voters") ()
let election_setup_voters_remove = post_coservice ~fallback:election_setup_voters ~post_params:(string "voter") () let election_setup_voters_remove = post_coservice ~fallback:election_setup_voters ~post_params:(string "voter") ()
let election_setup_voters_passwd = post_coservice ~fallback:election_setup_voters ~post_params:(string "voter") () let election_setup_voters_passwd = post_coservice ~fallback:election_setup_voters ~post_params:(string "voter") ()
let election_setup_trustee_add = post_coservice ~fallback:election_setup ~post_params:unit () let election_setup_trustee_add = post_coservice ~fallback:election_setup ~post_params:(string "id") ()
let election_setup_trustee_del = post_coservice ~fallback:election_setup ~post_params:unit () let election_setup_trustee_del = post_coservice ~fallback:election_setup ~post_params:(int "index") ()
let election_setup_credential_authority = service ~path:["setup"; "credential-authority"] ~get_params:(uuid "uuid") () let election_setup_credential_authority = service ~path:["setup"; "credential-authority"] ~get_params:(uuid "uuid") ()
let election_setup_credentials = service ~path:["setup"; "credentials"] ~get_params:(string "token") () let election_setup_credentials = service ~path:["setup"; "credentials"] ~get_params:(string "token") ()
let election_setup_credentials_download = service ~path:["setup"; "public_creds.txt"] ~get_params:(string "token") () let election_setup_credentials_download = service ~path:["setup"; "public_creds.txt"] ~get_params:(string "token") ()
......
...@@ -113,21 +113,24 @@ let finalize_election uuid se = ...@@ -113,21 +113,24 @@ let finalize_election uuid se =
let group = Group.of_string se.se_group in let group = Group.of_string se.se_group in
let module G = (val group : GROUP) in let module G = (val group : GROUP) in
let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
lwt public_keys, private_key = lwt trustees, public_keys, private_key =
match se.se_public_keys with match se.se_public_keys with
| [] -> | [] ->
lwt private_key, public_key = KG.generate_and_prove () in lwt private_key, public_key = KG.generate_and_prove () in
return ([public_key], Some private_key) return (None, [public_key], Some private_key)
| _ :: _ -> | _ :: _ ->
return return (
(List.rev_map Some (List.map (fun {st_id; _} -> st_id) se.se_public_keys),
(List.map
(fun {st_public_key; _} -> (fun {st_public_key; _} ->
if st_public_key = "" then failwith "some public keys are missing"; if st_public_key = "" then failwith "some public keys are missing";
trustee_public_key_of_string G.read st_public_key trustee_public_key_of_string G.read st_public_key
) se.se_public_keys, None) ) se.se_public_keys),
None)
in in
let y = KG.combine (Array.of_list public_keys) in let y = KG.combine (Array.of_list public_keys) in
(* election parameters *) (* election parameters *)
let metadata = { se.se_metadata with e_trustees = trustees } in
let template = se.se_questions in let template = se.se_questions in
let params = { let params = {
e_description = template.t_description; e_description = template.t_description;
...@@ -153,11 +156,11 @@ let finalize_election uuid se = ...@@ -153,11 +156,11 @@ let finalize_election uuid se =
Lwt_unix.mkdir dir 0o700 >> Lwt_unix.mkdir dir 0o700 >>
create_file "public_keys.jsons" (string_of_trustee_public_key G.write) public_keys >> create_file "public_keys.jsons" (string_of_trustee_public_key G.write) public_keys >>
create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >> create_file "voters.txt" (fun x -> x.sv_id) se.se_voters >>
create_file "metadata.json" string_of_metadata [se.se_metadata] >> create_file "metadata.json" string_of_metadata [metadata] >>
create_file "election.json" (fun x -> x) [raw_election] >> create_file "election.json" (fun x -> x) [raw_election] >>
(* construct Web_election instance *) (* construct Web_election instance *)
let module X = struct let module X = struct
let metadata = se.se_metadata let metadata = metadata
let dir = dir let dir = dir
end in end in
let web_params = (module X : WEB_PARAMS) in let web_params = (module X : WEB_PARAMS) in
...@@ -197,7 +200,7 @@ let finalize_election uuid se = ...@@ -197,7 +200,7 @@ let finalize_election uuid se =
se.se_public_keys >> se.se_public_keys >>
Ocsipersist.remove election_stable uuid_s >> Ocsipersist.remove election_stable uuid_s >>
(* inject passwords *) (* inject passwords *)
(match se.se_metadata.e_auth_config with (match metadata.e_auth_config with
| Some [{auth_system = "password"; _}] -> | Some [{auth_system = "password"; _}] ->
let table = "password_" ^ underscorize uuid_s in let table = "password_" ^ underscorize uuid_s in
let table = Ocsipersist.open_table table in let table = Ocsipersist.open_table table in
...@@ -306,6 +309,7 @@ let create_new_election owner cred auth = ...@@ -306,6 +309,7 @@ let create_new_election owner cred auth =
e_owner = Some owner; e_owner = Some owner;
e_auth_config; e_auth_config;
e_cred_authority; e_cred_authority;
e_trustees = None;
} in } in
let question = { let question = {
q_answers = [| "Answer 1"; "Answer 2"; "Blank" |]; q_answers = [| "Answer 1"; "Answer 2"; "Blank" |];
...@@ -607,6 +611,14 @@ let is_identity x = ...@@ -607,6 +611,14 @@ let is_identity x =
try ignore (Pcre.pcre_exec ~rex:identity_rex x); true try ignore (Pcre.pcre_exec ~rex:identity_rex x); true
with Not_found -> false with Not_found -> false
let email_rex = Pcre.regexp
~flags:[`CASELESS]
"^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,7}$"
let is_email x =
try ignore (Pcre.pcre_exec ~rex:email_rex x); true
with Not_found -> false
module SSet = Set.Make (PString) module SSet = Set.Make (PString)
let merge_voters a b f = let merge_voters a b f =
...@@ -656,9 +668,10 @@ let () = ...@@ -656,9 +668,10 @@ let () =
handle_password se uuid ~force:true voter)) handle_password se uuid ~force:true voter))
let () = let () =
Redirection.register Any.register
~service:election_setup_trustee_add ~service:election_setup_trustee_add
(fun uuid () -> (fun uuid st_id ->
if is_email st_id then
match_lwt Web_auth_state.get_site_user () with match_lwt Web_auth_state.get_site_user () with
| Some u -> | Some u ->
let uuid_s = Uuidm.to_string uuid in let uuid_s = Uuidm.to_string uuid in
...@@ -667,20 +680,23 @@ let () = ...@@ -667,20 +680,23 @@ let () =
if se.se_owner = u if se.se_owner = u
then ( then (
lwt st_token = generate_token () in lwt st_token = generate_token () in
let trustee = {st_token; st_public_key = ""} in let trustee = {st_id; st_token; st_public_key = ""} in
se.se_public_keys <- trustee :: se.se_public_keys; se.se_public_keys <- se.se_public_keys @ [trustee];
Ocsipersist.add election_stable uuid_s se >> Ocsipersist.add election_stable uuid_s se >>
Ocsipersist.add election_pktokens st_token uuid_s Ocsipersist.add election_pktokens st_token uuid_s
) else forbidden () ) else forbidden ()
) >> ) >>
return (preapply election_setup_trustees uuid) Redirection.send (preapply election_setup_trustees uuid)
| None -> forbidden () | None -> forbidden ()
else
let msg = st_id ^ " is not a valid e-mail address!" in
T.generic_page ~title:"Error" msg () >>= Html5.send
) )
let () = let () =
Redirection.register Redirection.register
~service:election_setup_trustee_del ~service:election_setup_trustee_del
(fun uuid () -> (fun uuid index ->
match_lwt Web_auth_state.get_site_user () with match_lwt Web_auth_state.get_site_user () with
| Some u -> | Some u ->
let uuid_s = Uuidm.to_string uuid in let uuid_s = Uuidm.to_string uuid in
...@@ -688,12 +704,17 @@ let () = ...@@ -688,12 +704,17 @@ let () =
lwt se = Ocsipersist.find election_stable uuid_s in lwt se = Ocsipersist.find election_stable uuid_s in
if se.se_owner = u if se.se_owner = u
then ( then (
match se.se_public_keys with let trustees, old =
| {st_token; _} :: xs -> se.se_public_keys |>
se.se_public_keys <- xs; List.mapi (fun i x -> i, x) |>
Ocsipersist.add election_stable uuid_s se >> List.partition (fun (i, _) -> i <> index) |>
Ocsipersist.remove election_pktokens st_token (fun (x, y) -> List.map snd x, List.map snd y)
| _ -> return () in
se.se_public_keys <- trustees;
Ocsipersist.add election_stable uuid_s se >>
Lwt_list.iter_s (fun {st_token; _} ->
Ocsipersist.remove election_pktokens st_token
) old
) else forbidden () ) else forbidden ()
) >> ) >>
return (preapply election_setup_trustees uuid) return (preapply election_setup_trustees uuid)
......
...@@ -478,32 +478,51 @@ let election_setup_trustees uuid se () = ...@@ -478,32 +478,51 @@ let election_setup_trustees uuid se () =
let form_trustees_add = let form_trustees_add =
post_form post_form
~service:election_setup_trustee_add ~service:election_setup_trustee_add
(fun () -> (fun name ->
[string_input ~input_type:`Submit ~value:"Add" ()]) uuid [
string_input ~input_type:`Text ~name ();
string_input ~input_type:`Submit ~value:"Add" ();
]
) uuid
in in
let form_trustees_del = let mk_form_trustee_del value =
post_form post_form
~service:election_setup_trustee_del ~service:election_setup_trustee_del
(fun () -> (fun name ->
[string_input ~input_type:`Submit ~value:"Delete" ()]) uuid [
int_input ~input_type:`Hidden ~name ~value ();
string_input ~input_type:`Submit ~value:"Remove" ();
]) uuid
in
let trustees = match se.se_public_keys with
| [] -> pcdata ""
| ts ->
table (
tr [
th [pcdata "Trustee link"];
th [pcdata "Done?"];
th [pcdata "Remove"];
] ::
List.mapi (fun i t ->
tr [
td [
a ~service:election_setup_trustee [
pcdata t.st_id
] t.st_token;
];
td [
pcdata (if t.st_public_key = "" then "No" else "Yes");
];
td [mk_form_trustee_del i];
]
) ts
)
in in
let div_content = let div_content =
div [ div [
div [pcdata "If you do not wish the server to store any keys, you may nominate trustees. In that case, each trustee will create her own secret key. Be careful, once the election is over, you will need the contribution of each trustee to compute the result!"]; div [pcdata "If you do not wish the server to store any keys, you may nominate trustees. In that case, each trustee will create her own secret key. Be careful, once the election is over, you will need the contribution of each trustee to compute the result!"];
br (); br ();
ol trustees;
(List.rev_map
(fun {st_token; _} ->
li [
a ~service:election_setup_trustee [
pcdata @@ rewrite_prefix @@ Eliom_uri.make_string_uri
~absolute:true
~service:election_setup_trustee
st_token
] st_token
];
) se.se_public_keys
);
(if se.se_public_keys <> [] then (if se.se_public_keys <> [] then
div [ div [
pcdata "There is one link per trustee. Send each trustee her link."; pcdata "There is one link per trustee. Send each trustee her link.";
...@@ -512,7 +531,6 @@ let election_setup_trustees uuid se () = ...@@ -512,7 +531,6 @@ let election_setup_trustees uuid se () =
] ]
else pcdata ""); else pcdata "");
form_trustees_add; form_trustees_add;
form_trustees_del;
] ]
in in
let back_link = div [ let back_link = div [
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment