1 files changed, 60 insertions, 39 deletions

diff --git a/src/mailman_pgp/workflows/key_change.py b/src/mailman_pgp/workflows/key_change.py
index 290e504..1d07903 100644
--- a/src/mailman_pgp/workflows/key_change.py
+++ b/src/mailman_pgp/workflows/key_change.py
@@ -28,10 +28,11 @@ from zope.interface import implementer
 
 from mailman_pgp.config import config
 from mailman_pgp.database import transaction
-from mailman_pgp.model.address import PGPAddress
-from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.pgp.wrapper import PGPWrapper
 from mailman_pgp.utils.email import copy_headers
+from mailman_pgp.workflows.base import PGPMixin
+from mailman_pgp.workflows.mod_approval import (
+    ModeratorKeyChangeApprovalMixin)
 
 CHANGE_CONFIRM_REQUEST = """\
 ----------
@@ -46,34 +47,18 @@ Token: {}
 """
 
 
-@public
-@implementer(IWorkflow)
-class KeyChangeWorkflow(Workflow):
-    name = 'pgp-key-change-workflow'
-    description = ''
-    initial_state = 'change_key'
+class KeyChangeBase(Workflow, PGPMixin):
     save_attributes = (
         'address_key',
-        'pubkey_key'
+        'pubkey_key',
     )
 
     def __init__(self, mlist, pgp_address=None, pubkey=None):
-        super().__init__()
-        self.mlist = mlist
-        self.pgp_list = PGPMailingList.for_list(mlist)
-        self.pgp_address = pgp_address
+        Workflow.__init__(self)
+        PGPMixin.__init__(self, mlist, pgp_address)
         self.pubkey = pubkey
 
     @property
-    def address_key(self):
-        return self.pgp_address.email
-
-    @address_key.setter
-    def address_key(self, value):
-        self.pgp_address = PGPAddress.for_email(value)
-        self.member = self.mlist.regular_members.get_member(value)
-
-    @property
     def pubkey_key(self):
         return str(self.pubkey)
 
@@ -81,23 +66,27 @@ class KeyChangeWorkflow(Workflow):
     def pubkey_key(self, value):
         self.pubkey, _ = PGPKey.from_blob(value)
 
-    def _step_change_key(self):
-        if self.pgp_address is None or self.pubkey is None:
-            raise ValueError
-
-        self.push('send_key_confirm_request')
-
-    def _step_send_key_confirm_request(self):
+    def _pend(self, token_owner, lifetime=None):
         pendings = getUtility(IPendings)
-        pendable = KeyChangeWorkflow.pendable_class()(
+        pendable = self.pendable_class()(
                 email=self.pgp_address.email,
                 pubkey=str(self.pubkey),
                 fingerprint=self.pubkey.fingerprint
         )
-        lifetime = config.get_value('misc', 'change_request_lifetime')
+
         self.token = pendings.add(pendable, lifetime=lifetime)
-        self.token_owner = TokenOwner.subscriber
+        self.token_owner = token_owner
+
+    def _step_change_key(self):
+        if self.pgp_address is None or self.pubkey is None:
+            raise ValueError
+
+        self.push('send_key_confirm_request')
 
+    def _step_send_key_confirm_request(self):
+        self._pend(TokenOwner.subscriber,
+                   lifetime=config.get_value('misc',
+                                             'change_request_lifetime'))
         self.push('receive_confirmation')
         self.save()
         request_address = self.mlist.request_address
@@ -116,20 +105,52 @@ class KeyChangeWorkflow(Workflow):
         raise StopIteration
 
     def _step_receive_confirmation(self):
+        self._set_token(TokenOwner.no_one)
+
+    def _step_do_change(self):
         with transaction():
             self.pgp_address.key = self.pubkey
             self.pgp_address.key_confirmed = True
 
-        pendings = getUtility(IPendings)
-        if self.token is not None:
-            pendings.confirm(self.token)
-            self.token = None
-            self.token_owner = TokenOwner.no_one
-
     @classmethod
     def pendable_class(cls):
         @implementer(IPendable)
         class Pendable(dict):
-            PEND_TYPE = KeyChangeWorkflow.name
+            PEND_TYPE = cls.name
 
         return Pendable
+
+
+@public
+@implementer(IWorkflow)
+class KeyChangeWorkflow(KeyChangeBase):
+    name = 'pgp-key-change-workflow'
+    description = ''
+    initial_state = 'prepare'
+
+    def _step_prepare(self):
+        self.push('do_change')
+        self.push('change_key')
+
+
+@public
+@implementer(IWorkflow)
+class KeyChangeModWorkflow(KeyChangeBase, ModeratorKeyChangeApprovalMixin):
+    name = 'pgp-key-change-mod-workflow'
+    description = ''
+    initial_state = 'prepare'
+    save_attributes = (
+        'approved',
+        'address_key',
+        'pubkey_key'
+    )
+
+    def __init__(self, mlist, pgp_address=None, pubkey=None,
+                 pre_approved=False):
+        KeyChangeBase.__init__(self, mlist, pgp_address, pubkey)
+        ModeratorKeyChangeApprovalMixin.__init__(self, pre_approved)
+
+    def _step_prepare(self):
+        self.push('do_change')
+        self.push('mod_approval')
+        self.push('change_key')