diff options
| author | J08nY | 2017-08-10 20:48:24 +0200 |
|---|---|---|
| committer | J08nY | 2017-08-10 20:48:24 +0200 |
| commit | fc2ef7bf00a540b335ed6d75e7684e717774bfcf (patch) | |
| tree | 6bc2003a36bac8c72c03575a870342cb30b77fcd /src | |
| parent | a973479205cec0d5fbf162030906ce405b3698b2 (diff) | |
| download | mailman-pgp-fc2ef7bf00a540b335ed6d75e7684e717774bfcf.tar.gz mailman-pgp-fc2ef7bf00a540b335ed6d75e7684e717774bfcf.tar.zst mailman-pgp-fc2ef7bf00a540b335ed6d75e7684e717774bfcf.zip | |
Diffstat (limited to 'src')
| -rw-r--r-- | src/mailman_pgp/config/mailman_pgp.cfg | 7 | ||||
| -rw-r--r-- | src/mailman_pgp/config/schema.cfg | 4 | ||||
| -rw-r--r-- | src/mailman_pgp/model/list.py | 3 | ||||
| -rw-r--r-- | src/mailman_pgp/rest/lists.py | 22 | ||||
| -rw-r--r-- | src/mailman_pgp/rest/tests/test_lists.py | 59 | ||||
| -rw-r--r-- | src/mailman_pgp/testing/mailman_pgp.cfg | 7 | ||||
| -rw-r--r-- | src/mailman_pgp/utils/rest.py | 40 |
7 files changed, 110 insertions, 32 deletions
diff --git a/src/mailman_pgp/config/mailman_pgp.cfg b/src/mailman_pgp/config/mailman_pgp.cfg index 6a65ad9..756d16e 100644 --- a/src/mailman_pgp/config/mailman_pgp.cfg +++ b/src/mailman_pgp/config/mailman_pgp.cfg @@ -86,3 +86,10 @@ in: in_default [misc] # The lifetime for `key change` request confirmation. change_request_lifetime: 1d + + +[rest] +# Allow the acessing/modification of a list private key through the REST API? +# This is necessary for the django-pgpmailman web ui to allow a list owner +# to change/export the list private key. +expose_private_key: yes
\ No newline at end of file diff --git a/src/mailman_pgp/config/schema.cfg b/src/mailman_pgp/config/schema.cfg index 9967485..92c3f1a 100644 --- a/src/mailman_pgp/config/schema.cfg +++ b/src/mailman_pgp/config/schema.cfg @@ -54,3 +54,7 @@ in: str [misc] change_request_lifetime: lazr.config.as_timedelta + + +[rest] +expose_private_key: lazr.config.as_boolean
\ No newline at end of file diff --git a/src/mailman_pgp/model/list.py b/src/mailman_pgp/model/list.py index 84cb3bc..6087f54 100644 --- a/src/mailman_pgp/model/list.py +++ b/src/mailman_pgp/model/list.py @@ -16,11 +16,12 @@ # this program. If not, see <http://www.gnu.org/licenses/>. """Model for PGP enabled mailing lists.""" +from os import system + from mailman.database.types import Enum, SAUnicode from mailman.interfaces.action import Action from mailman.interfaces.listmanager import IListManager, ListDeletingEvent from mailman.interfaces.member import MemberRole -from os import system from public import public from sqlalchemy import Boolean, Column, Integer from sqlalchemy.orm import reconstructor diff --git a/src/mailman_pgp/rest/lists.py b/src/mailman_pgp/rest/lists.py index bbe2e20..b8175d2 100644 --- a/src/mailman_pgp/rest/lists.py +++ b/src/mailman_pgp/rest/lists.py @@ -19,11 +19,14 @@ from lazr.config import as_boolean from mailman.interfaces.action import Action from mailman.interfaces.listmanager import IListManager +from mailman.interfaces.member import MemberRole from mailman.rest.helpers import (accepted, bad_request, child, CollectionMixin, etag, GetterSetter, - no_content, not_found, NotFound, okay) + no_content, not_found, NotFound, okay, + ChildError) from mailman.rest.validator import (enum_validator, PatchValidator, UnknownPATCHRequestError, Validator) +from pgpy.errors import PGPError from public import public from zope.component import getUtility @@ -31,6 +34,9 @@ from mailman_pgp.config import config from mailman_pgp.database import transaction from mailman_pgp.model.list import PGPMailingList from mailman_pgp.utils.pgp import key_from_blob +from mailman_pgp.utils.rest import enumflag_validator, workflow_validator +from mailman_pgp.workflows.key_change import (KeyChangeWorkflow, + KeyChangeModWorkflow) CONFIGURATION = dict( unsigned_msg_action=GetterSetter(enum_validator(Action)), @@ -42,7 +48,10 @@ CONFIGURATION = dict( strip_original_sig=GetterSetter(as_boolean), sign_outgoing=GetterSetter(as_boolean), nonencrypted_msg_action=GetterSetter(enum_validator(Action)), - encrypt_outgoing=GetterSetter(as_boolean) + encrypt_outgoing=GetterSetter(as_boolean), + key_change_workflow=GetterSetter( + workflow_validator(KeyChangeWorkflow, KeyChangeModWorkflow)), + key_signing_allowed=GetterSetter(enumflag_validator(MemberRole)) ) @@ -120,9 +129,8 @@ class APGPList(_PGPListBase): try: validator = PatchValidator(request, CONFIGURATION) except UnknownPATCHRequestError as error: - bad_request( - response, - 'Unknown attribute: {}'.format(error.attribute)) + bad_request(response, + 'Unknown attribute: {}'.format(error.attribute)) return try: with transaction(): @@ -136,6 +144,8 @@ class APGPList(_PGPListBase): def key(self, context, segments): if self._mlist is None: return NotFound(), [] + if not config.get_value('rest', 'expose_private_key'): + return ChildError(403), [] return AListKey(self._mlist), [] @child() @@ -167,7 +177,7 @@ class AListKey: try: validator = Validator(key=GetterSetter(key_from_blob)) values = validator(request) - except ValueError as error: + except (ValueError, PGPError) as error: bad_request(response, str(error)) return with transaction(): diff --git a/src/mailman_pgp/rest/tests/test_lists.py b/src/mailman_pgp/rest/tests/test_lists.py index 365cd05..900e8b9 100644 --- a/src/mailman_pgp/rest/tests/test_lists.py +++ b/src/mailman_pgp/rest/tests/test_lists.py @@ -24,6 +24,7 @@ from mailman.interfaces.action import Action from mailman.testing.helpers import call_api from pgpy import PGPKey +from mailman_pgp.config import config from mailman_pgp.database import mm_transaction, transaction from mailman_pgp.model.list import PGPMailingList from mailman_pgp.testing.layers import PGPRESTLayer @@ -91,44 +92,52 @@ class TestListConfig(TestCase): self.pgp_list.key = self.list_key def test_put(self): - config = dict(unsigned_msg_action='defer', - inline_pgp_action='defer', - expired_sig_action='defer', - revoked_sig_action='defer', - invalid_sig_action='defer', - duplicate_sig_action='defer', - strip_original_sig=False, - sign_outgoing=True, - nonencrypted_msg_action='defer', - encrypt_outgoing=False) + cfg = dict(unsigned_msg_action='defer', + inline_pgp_action='defer', + expired_sig_action='defer', + revoked_sig_action='defer', + invalid_sig_action='defer', + duplicate_sig_action='defer', + strip_original_sig=False, + sign_outgoing=True, + nonencrypted_msg_action='defer', + encrypt_outgoing=False, + key_change_workflow='pgp-key-change-mod-workflow', + key_signing_allowed=['member', 'owner']) json, response = call_api( 'http://localhost:9001/3.1/plugins/pgp/lists/' 'test.example.com', - data=config, + data=cfg, method='PUT') self.assertEqual(response.status_code, 204) - for key in config: + for key in cfg: attr = getattr(self.pgp_list, key) if isinstance(attr, Action): - attr = attr.name - self.assertEqual(attr, config[key]) + self.assertEqual(attr.name, cfg[key]) + elif key == 'key_signing_allowed': + attr = [enum.name for enum in attr] + self.assertEqual(attr, sorted(cfg[key])) + else: + self.assertEqual(attr, cfg[key]) def test_put_wrong_value(self): - config = dict(unsigned_msg_action='not-an-action', - inline_pgp_action='defer', - expired_sig_action='defer', - revoked_sig_action='defer', - invalid_sig_action='defer', - duplicate_sig_action='defer', - strip_original_sig=False, - sign_outgoing=True, - nonencrypted_msg_action='defer', - encrypt_outgoing=False) + cfg = dict(unsigned_msg_action='not-an-action', + inline_pgp_action='defer', + expired_sig_action='defer', + revoked_sig_action='defer', + invalid_sig_action='defer', + duplicate_sig_action='defer', + strip_original_sig=False, + sign_outgoing=True, + nonencrypted_msg_action='defer', + encrypt_outgoing=False, + key_change_workflow='pgp-key-change-mod-workflow', + key_signing_allowed=['member', 'owner']) with self.assertRaises(HTTPError) as cm: call_api('http://localhost:9001/3.1/plugins/pgp/lists/' 'test.example.com', - data=config, + data=cfg, method='PUT') self.assertEqual(cm.exception.code, 400) diff --git a/src/mailman_pgp/testing/mailman_pgp.cfg b/src/mailman_pgp/testing/mailman_pgp.cfg index d80def0..3e34b48 100644 --- a/src/mailman_pgp/testing/mailman_pgp.cfg +++ b/src/mailman_pgp/testing/mailman_pgp.cfg @@ -87,3 +87,10 @@ in: in_default [misc] # The lifetime for `key change` request confirmation. change_request_lifetime: 1d + + +[rest] +# Allow the acessing/modification of a list private key through the REST API? +# This is necessary for the django-pgpmailman web ui to allow a list owner +# to change/export the list private key. +expose_private_key: yes diff --git a/src/mailman_pgp/utils/rest.py b/src/mailman_pgp/utils/rest.py new file mode 100644 index 0000000..4e31b0c --- /dev/null +++ b/src/mailman_pgp/utils/rest.py @@ -0,0 +1,40 @@ +# Copyright (C) 2017 Jan Jancar +# +# This file is a part of the Mailman PGP plugin. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along with +# this program. If not, see <http://www.gnu.org/licenses/>. + + +class enumflag_validator: + def __init__(self, enum): + self.enum = enum + + def __call__(self, value): + if isinstance(value, (tuple, list)): + result = set() + for val in value: + result.add(self.enum[val]) + return result + + return {self.enum[value]} + + +class workflow_validator: + def __init__(self, *classes): + self.classes = classes + + def __call__(self, value): + if value in (workflow.name for workflow in self.classes): + return value + raise ValueError |