aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/mailman_pgp/config/mailman_pgp.cfg7
-rw-r--r--src/mailman_pgp/config/schema.cfg4
-rw-r--r--src/mailman_pgp/model/list.py3
-rw-r--r--src/mailman_pgp/rest/lists.py22
-rw-r--r--src/mailman_pgp/rest/tests/test_lists.py59
-rw-r--r--src/mailman_pgp/testing/mailman_pgp.cfg7
-rw-r--r--src/mailman_pgp/utils/rest.py40
7 files changed, 110 insertions, 32 deletions
diff --git a/src/mailman_pgp/config/mailman_pgp.cfg b/src/mailman_pgp/config/mailman_pgp.cfg
index 6a65ad9..756d16e 100644
--- a/src/mailman_pgp/config/mailman_pgp.cfg
+++ b/src/mailman_pgp/config/mailman_pgp.cfg
@@ -86,3 +86,10 @@ in: in_default
[misc]
# The lifetime for `key change` request confirmation.
change_request_lifetime: 1d
+
+
+[rest]
+# Allow the acessing/modification of a list private key through the REST API?
+# This is necessary for the django-pgpmailman web ui to allow a list owner
+# to change/export the list private key.
+expose_private_key: yes \ No newline at end of file
diff --git a/src/mailman_pgp/config/schema.cfg b/src/mailman_pgp/config/schema.cfg
index 9967485..92c3f1a 100644
--- a/src/mailman_pgp/config/schema.cfg
+++ b/src/mailman_pgp/config/schema.cfg
@@ -54,3 +54,7 @@ in: str
[misc]
change_request_lifetime: lazr.config.as_timedelta
+
+
+[rest]
+expose_private_key: lazr.config.as_boolean \ No newline at end of file
diff --git a/src/mailman_pgp/model/list.py b/src/mailman_pgp/model/list.py
index 84cb3bc..6087f54 100644
--- a/src/mailman_pgp/model/list.py
+++ b/src/mailman_pgp/model/list.py
@@ -16,11 +16,12 @@
# this program. If not, see <http://www.gnu.org/licenses/>.
"""Model for PGP enabled mailing lists."""
+from os import system
+
from mailman.database.types import Enum, SAUnicode
from mailman.interfaces.action import Action
from mailman.interfaces.listmanager import IListManager, ListDeletingEvent
from mailman.interfaces.member import MemberRole
-from os import system
from public import public
from sqlalchemy import Boolean, Column, Integer
from sqlalchemy.orm import reconstructor
diff --git a/src/mailman_pgp/rest/lists.py b/src/mailman_pgp/rest/lists.py
index bbe2e20..b8175d2 100644
--- a/src/mailman_pgp/rest/lists.py
+++ b/src/mailman_pgp/rest/lists.py
@@ -19,11 +19,14 @@
from lazr.config import as_boolean
from mailman.interfaces.action import Action
from mailman.interfaces.listmanager import IListManager
+from mailman.interfaces.member import MemberRole
from mailman.rest.helpers import (accepted, bad_request,
child, CollectionMixin, etag, GetterSetter,
- no_content, not_found, NotFound, okay)
+ no_content, not_found, NotFound, okay,
+ ChildError)
from mailman.rest.validator import (enum_validator, PatchValidator,
UnknownPATCHRequestError, Validator)
+from pgpy.errors import PGPError
from public import public
from zope.component import getUtility
@@ -31,6 +34,9 @@ from mailman_pgp.config import config
from mailman_pgp.database import transaction
from mailman_pgp.model.list import PGPMailingList
from mailman_pgp.utils.pgp import key_from_blob
+from mailman_pgp.utils.rest import enumflag_validator, workflow_validator
+from mailman_pgp.workflows.key_change import (KeyChangeWorkflow,
+ KeyChangeModWorkflow)
CONFIGURATION = dict(
unsigned_msg_action=GetterSetter(enum_validator(Action)),
@@ -42,7 +48,10 @@ CONFIGURATION = dict(
strip_original_sig=GetterSetter(as_boolean),
sign_outgoing=GetterSetter(as_boolean),
nonencrypted_msg_action=GetterSetter(enum_validator(Action)),
- encrypt_outgoing=GetterSetter(as_boolean)
+ encrypt_outgoing=GetterSetter(as_boolean),
+ key_change_workflow=GetterSetter(
+ workflow_validator(KeyChangeWorkflow, KeyChangeModWorkflow)),
+ key_signing_allowed=GetterSetter(enumflag_validator(MemberRole))
)
@@ -120,9 +129,8 @@ class APGPList(_PGPListBase):
try:
validator = PatchValidator(request, CONFIGURATION)
except UnknownPATCHRequestError as error:
- bad_request(
- response,
- 'Unknown attribute: {}'.format(error.attribute))
+ bad_request(response,
+ 'Unknown attribute: {}'.format(error.attribute))
return
try:
with transaction():
@@ -136,6 +144,8 @@ class APGPList(_PGPListBase):
def key(self, context, segments):
if self._mlist is None:
return NotFound(), []
+ if not config.get_value('rest', 'expose_private_key'):
+ return ChildError(403), []
return AListKey(self._mlist), []
@child()
@@ -167,7 +177,7 @@ class AListKey:
try:
validator = Validator(key=GetterSetter(key_from_blob))
values = validator(request)
- except ValueError as error:
+ except (ValueError, PGPError) as error:
bad_request(response, str(error))
return
with transaction():
diff --git a/src/mailman_pgp/rest/tests/test_lists.py b/src/mailman_pgp/rest/tests/test_lists.py
index 365cd05..900e8b9 100644
--- a/src/mailman_pgp/rest/tests/test_lists.py
+++ b/src/mailman_pgp/rest/tests/test_lists.py
@@ -24,6 +24,7 @@ from mailman.interfaces.action import Action
from mailman.testing.helpers import call_api
from pgpy import PGPKey
+from mailman_pgp.config import config
from mailman_pgp.database import mm_transaction, transaction
from mailman_pgp.model.list import PGPMailingList
from mailman_pgp.testing.layers import PGPRESTLayer
@@ -91,44 +92,52 @@ class TestListConfig(TestCase):
self.pgp_list.key = self.list_key
def test_put(self):
- config = dict(unsigned_msg_action='defer',
- inline_pgp_action='defer',
- expired_sig_action='defer',
- revoked_sig_action='defer',
- invalid_sig_action='defer',
- duplicate_sig_action='defer',
- strip_original_sig=False,
- sign_outgoing=True,
- nonencrypted_msg_action='defer',
- encrypt_outgoing=False)
+ cfg = dict(unsigned_msg_action='defer',
+ inline_pgp_action='defer',
+ expired_sig_action='defer',
+ revoked_sig_action='defer',
+ invalid_sig_action='defer',
+ duplicate_sig_action='defer',
+ strip_original_sig=False,
+ sign_outgoing=True,
+ nonencrypted_msg_action='defer',
+ encrypt_outgoing=False,
+ key_change_workflow='pgp-key-change-mod-workflow',
+ key_signing_allowed=['member', 'owner'])
json, response = call_api(
'http://localhost:9001/3.1/plugins/pgp/lists/'
'test.example.com',
- data=config,
+ data=cfg,
method='PUT')
self.assertEqual(response.status_code, 204)
- for key in config:
+ for key in cfg:
attr = getattr(self.pgp_list, key)
if isinstance(attr, Action):
- attr = attr.name
- self.assertEqual(attr, config[key])
+ self.assertEqual(attr.name, cfg[key])
+ elif key == 'key_signing_allowed':
+ attr = [enum.name for enum in attr]
+ self.assertEqual(attr, sorted(cfg[key]))
+ else:
+ self.assertEqual(attr, cfg[key])
def test_put_wrong_value(self):
- config = dict(unsigned_msg_action='not-an-action',
- inline_pgp_action='defer',
- expired_sig_action='defer',
- revoked_sig_action='defer',
- invalid_sig_action='defer',
- duplicate_sig_action='defer',
- strip_original_sig=False,
- sign_outgoing=True,
- nonencrypted_msg_action='defer',
- encrypt_outgoing=False)
+ cfg = dict(unsigned_msg_action='not-an-action',
+ inline_pgp_action='defer',
+ expired_sig_action='defer',
+ revoked_sig_action='defer',
+ invalid_sig_action='defer',
+ duplicate_sig_action='defer',
+ strip_original_sig=False,
+ sign_outgoing=True,
+ nonencrypted_msg_action='defer',
+ encrypt_outgoing=False,
+ key_change_workflow='pgp-key-change-mod-workflow',
+ key_signing_allowed=['member', 'owner'])
with self.assertRaises(HTTPError) as cm:
call_api('http://localhost:9001/3.1/plugins/pgp/lists/'
'test.example.com',
- data=config,
+ data=cfg,
method='PUT')
self.assertEqual(cm.exception.code, 400)
diff --git a/src/mailman_pgp/testing/mailman_pgp.cfg b/src/mailman_pgp/testing/mailman_pgp.cfg
index d80def0..3e34b48 100644
--- a/src/mailman_pgp/testing/mailman_pgp.cfg
+++ b/src/mailman_pgp/testing/mailman_pgp.cfg
@@ -87,3 +87,10 @@ in: in_default
[misc]
# The lifetime for `key change` request confirmation.
change_request_lifetime: 1d
+
+
+[rest]
+# Allow the acessing/modification of a list private key through the REST API?
+# This is necessary for the django-pgpmailman web ui to allow a list owner
+# to change/export the list private key.
+expose_private_key: yes
diff --git a/src/mailman_pgp/utils/rest.py b/src/mailman_pgp/utils/rest.py
new file mode 100644
index 0000000..4e31b0c
--- /dev/null
+++ b/src/mailman_pgp/utils/rest.py
@@ -0,0 +1,40 @@
+# Copyright (C) 2017 Jan Jancar
+#
+# This file is a part of the Mailman PGP plugin.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+class enumflag_validator:
+ def __init__(self, enum):
+ self.enum = enum
+
+ def __call__(self, value):
+ if isinstance(value, (tuple, list)):
+ result = set()
+ for val in value:
+ result.add(self.enum[val])
+ return result
+
+ return {self.enum[value]}
+
+
+class workflow_validator:
+ def __init__(self, *classes):
+ self.classes = classes
+
+ def __call__(self, value):
+ if value in (workflow.name for workflow in self.classes):
+ return value
+ raise ValueError
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-08 13:05:43 +0000