diff options
Diffstat (limited to 'src/mailman_pgp/rest')
| -rw-r--r-- | src/mailman_pgp/rest/lists.py | 22 | ||||
| -rw-r--r-- | src/mailman_pgp/rest/tests/test_lists.py | 59 |
2 files changed, 50 insertions, 31 deletions
diff --git a/src/mailman_pgp/rest/lists.py b/src/mailman_pgp/rest/lists.py index bbe2e20..b8175d2 100644 --- a/src/mailman_pgp/rest/lists.py +++ b/src/mailman_pgp/rest/lists.py @@ -19,11 +19,14 @@ from lazr.config import as_boolean from mailman.interfaces.action import Action from mailman.interfaces.listmanager import IListManager +from mailman.interfaces.member import MemberRole from mailman.rest.helpers import (accepted, bad_request, child, CollectionMixin, etag, GetterSetter, - no_content, not_found, NotFound, okay) + no_content, not_found, NotFound, okay, + ChildError) from mailman.rest.validator import (enum_validator, PatchValidator, UnknownPATCHRequestError, Validator) +from pgpy.errors import PGPError from public import public from zope.component import getUtility @@ -31,6 +34,9 @@ from mailman_pgp.config import config from mailman_pgp.database import transaction from mailman_pgp.model.list import PGPMailingList from mailman_pgp.utils.pgp import key_from_blob +from mailman_pgp.utils.rest import enumflag_validator, workflow_validator +from mailman_pgp.workflows.key_change import (KeyChangeWorkflow, + KeyChangeModWorkflow) CONFIGURATION = dict( unsigned_msg_action=GetterSetter(enum_validator(Action)), @@ -42,7 +48,10 @@ CONFIGURATION = dict( strip_original_sig=GetterSetter(as_boolean), sign_outgoing=GetterSetter(as_boolean), nonencrypted_msg_action=GetterSetter(enum_validator(Action)), - encrypt_outgoing=GetterSetter(as_boolean) + encrypt_outgoing=GetterSetter(as_boolean), + key_change_workflow=GetterSetter( + workflow_validator(KeyChangeWorkflow, KeyChangeModWorkflow)), + key_signing_allowed=GetterSetter(enumflag_validator(MemberRole)) ) @@ -120,9 +129,8 @@ class APGPList(_PGPListBase): try: validator = PatchValidator(request, CONFIGURATION) except UnknownPATCHRequestError as error: - bad_request( - response, - 'Unknown attribute: {}'.format(error.attribute)) + bad_request(response, + 'Unknown attribute: {}'.format(error.attribute)) return try: with transaction(): @@ -136,6 +144,8 @@ class APGPList(_PGPListBase): def key(self, context, segments): if self._mlist is None: return NotFound(), [] + if not config.get_value('rest', 'expose_private_key'): + return ChildError(403), [] return AListKey(self._mlist), [] @child() @@ -167,7 +177,7 @@ class AListKey: try: validator = Validator(key=GetterSetter(key_from_blob)) values = validator(request) - except ValueError as error: + except (ValueError, PGPError) as error: bad_request(response, str(error)) return with transaction(): diff --git a/src/mailman_pgp/rest/tests/test_lists.py b/src/mailman_pgp/rest/tests/test_lists.py index 365cd05..900e8b9 100644 --- a/src/mailman_pgp/rest/tests/test_lists.py +++ b/src/mailman_pgp/rest/tests/test_lists.py @@ -24,6 +24,7 @@ from mailman.interfaces.action import Action from mailman.testing.helpers import call_api from pgpy import PGPKey +from mailman_pgp.config import config from mailman_pgp.database import mm_transaction, transaction from mailman_pgp.model.list import PGPMailingList from mailman_pgp.testing.layers import PGPRESTLayer @@ -91,44 +92,52 @@ class TestListConfig(TestCase): self.pgp_list.key = self.list_key def test_put(self): - config = dict(unsigned_msg_action='defer', - inline_pgp_action='defer', - expired_sig_action='defer', - revoked_sig_action='defer', - invalid_sig_action='defer', - duplicate_sig_action='defer', - strip_original_sig=False, - sign_outgoing=True, - nonencrypted_msg_action='defer', - encrypt_outgoing=False) + cfg = dict(unsigned_msg_action='defer', + inline_pgp_action='defer', + expired_sig_action='defer', + revoked_sig_action='defer', + invalid_sig_action='defer', + duplicate_sig_action='defer', + strip_original_sig=False, + sign_outgoing=True, + nonencrypted_msg_action='defer', + encrypt_outgoing=False, + key_change_workflow='pgp-key-change-mod-workflow', + key_signing_allowed=['member', 'owner']) json, response = call_api( 'http://localhost:9001/3.1/plugins/pgp/lists/' 'test.example.com', - data=config, + data=cfg, method='PUT') self.assertEqual(response.status_code, 204) - for key in config: + for key in cfg: attr = getattr(self.pgp_list, key) if isinstance(attr, Action): - attr = attr.name - self.assertEqual(attr, config[key]) + self.assertEqual(attr.name, cfg[key]) + elif key == 'key_signing_allowed': + attr = [enum.name for enum in attr] + self.assertEqual(attr, sorted(cfg[key])) + else: + self.assertEqual(attr, cfg[key]) def test_put_wrong_value(self): - config = dict(unsigned_msg_action='not-an-action', - inline_pgp_action='defer', - expired_sig_action='defer', - revoked_sig_action='defer', - invalid_sig_action='defer', - duplicate_sig_action='defer', - strip_original_sig=False, - sign_outgoing=True, - nonencrypted_msg_action='defer', - encrypt_outgoing=False) + cfg = dict(unsigned_msg_action='not-an-action', + inline_pgp_action='defer', + expired_sig_action='defer', + revoked_sig_action='defer', + invalid_sig_action='defer', + duplicate_sig_action='defer', + strip_original_sig=False, + sign_outgoing=True, + nonencrypted_msg_action='defer', + encrypt_outgoing=False, + key_change_workflow='pgp-key-change-mod-workflow', + key_signing_allowed=['member', 'owner']) with self.assertRaises(HTTPError) as cm: call_api('http://localhost:9001/3.1/plugins/pgp/lists/' 'test.example.com', - data=config, + data=cfg, method='PUT') self.assertEqual(cm.exception.code, 400) |