diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/mailman_pgp/commands/eml_key.py | 7 | ||||
| -rw-r--r-- | src/mailman_pgp/workflows/key_revoke.py | 60 | ||||
| -rw-r--r-- | src/mailman_pgp/workflows/mod_approval.py | 91 |
3 files changed, 129 insertions, 29 deletions
diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py index 417fd95..5c53699 100644 --- a/src/mailman_pgp/commands/eml_key.py +++ b/src/mailman_pgp/commands/eml_key.py @@ -42,6 +42,7 @@ from mailman_pgp.workflows.key_change import (CHANGE_CONFIRM_REQUEST, KeyChangeModWorkflow, KeyChangeWorkflow) from mailman_pgp.workflows.key_confirm import CONFIRM_REQUEST +from mailman_pgp.workflows.key_revoke import KeyRevokeWorkflow def _cmd_set(pgp_list, mlist, msg, msgdata, arguments, results): @@ -328,7 +329,11 @@ def _cmd_revoke(pgp_list, mlist, msg, msgdata, arguments, results): if not key_usable(key_copy, {KeyFlags.EncryptCommunications, KeyFlags.Sign}): # Start reset process. - # TODO: finish this. + with transaction(): + pgp_address.key = None + pgp_address.key_confirmed = False + workflow = KeyRevokeWorkflow(mlist, pgp_address) + list(workflow) print('Key needs to be reset.', file=results) else: # Just update key. diff --git a/src/mailman_pgp/workflows/key_revoke.py b/src/mailman_pgp/workflows/key_revoke.py new file mode 100644 index 0000000..523e6df --- /dev/null +++ b/src/mailman_pgp/workflows/key_revoke.py @@ -0,0 +1,60 @@ +# Copyright (C) 2017 Jan Jancar +# +# This file is a part of the Mailman PGP plugin. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along with +# this program. If not, see <http://www.gnu.org/licenses/>. + +"""""" +from mailman.interfaces.workflows import IWorkflow +from mailman.workflows.base import Workflow +from public import public +from zope.interface import implementer + +from mailman_pgp.workflows.base import PGPMixin +from mailman_pgp.workflows.key_confirm import ConfirmPubkeyMixin +from mailman_pgp.workflows.key_set import SetPubkeyMixin +from mailman_pgp.workflows.mod_approval import ModeratorKeyRevokeApprovalMixin + + +class KeyRevokeBase(Workflow, PGPMixin): + def __init__(self, mlist, pgp_address=None): + Workflow.__init__(self) + PGPMixin.__init__(self, mlist, pgp_address) + + +@public +@implementer(IWorkflow) +class KeyRevokeWorkflow(KeyRevokeBase, SetPubkeyMixin, ConfirmPubkeyMixin, + ModeratorKeyRevokeApprovalMixin): + name = 'pgp-key-revoke-workflow' + description = '' + initial_state = 'prepare' + save_attributes = ( + 'approved', + 'address_key', + 'pubkey_key' + ) + + def __init__(self, mlist, pgp_address=None, pubkey=None, + pubkey_pre_confirmed=False, pre_approved=False): + KeyRevokeBase.__init__(self, mlist, pgp_address=pgp_address) + SetPubkeyMixin.__init__(self, pubkey=pubkey) + ConfirmPubkeyMixin.__init__(self, pre_confirmed=pubkey_pre_confirmed) + ModeratorKeyRevokeApprovalMixin.__init__(self, + pre_approved=pre_approved) + + def _step_prepare(self): + self.push('mod_approval') + self.push('pubkey_confirmation') + self.push('pubkey_checks') diff --git a/src/mailman_pgp/workflows/mod_approval.py b/src/mailman_pgp/workflows/mod_approval.py index f610c4c..367f773 100644 --- a/src/mailman_pgp/workflows/mod_approval.py +++ b/src/mailman_pgp/workflows/mod_approval.py @@ -17,7 +17,6 @@ """""" import copy -from enum import Enum from mailman.email.message import UserNotification from mailman.interfaces.pending import IPendings @@ -31,10 +30,10 @@ from mailman_pgp.utils.email import overwrite_message SUBSCRIPTION_MOD_REQUEST = """\ ---------- TODO: this is a pgp enabled list. -A user with address {address} requested subscription -His new key is attached to this message. +A user with address {address} requested subscription. +The key is attached to this message. -Fingerprint: {new_fpr} +Fingerprint: {fingerprint} ---------- """ @@ -42,25 +41,29 @@ KEY_CHANGE_MOD_REQUEST = """\ ---------- TODO: this is a pgp enabled list. A subscriber with address {address} requested a change of his key. -His new key is attached to this message. +The new key is attached to this message. Old key fingerprint: {old_fpr} New key fingerprint: {new_fpr} ---------- """ +KEY_REVOKE_MOD_REQUEST = """\ +---------- +TODO: this is a pgp enabled list. +A subscriber with address {address} revoked a part of his key, +which made it unusable and needs to be reset. The subscriber +supplied a new key. The new key is attached to this message. -@public -class WhichApproval(Enum): - subscription = 1 - key_change = 2 +Old key fingerprint: {old_fpr} +New key fingerprint: {new_fpr} +---------- +""" -@public class ModeratorApprovalMixin: - def __init__(self, approval_type, pre_approved=False): + def __init__(self, pre_approved=False): self.approved = pre_approved - self._approval_type = approval_type def _step_mod_approval(self): if not self.approved: @@ -71,26 +74,15 @@ class ModeratorApprovalMixin: self.push('receive_mod_confirmation') self.save() - params = {'mlist': self.mlist.fqdn_listname, - 'address': self.pgp_address.email} - - if self._approval_type is WhichApproval.subscription: - name = 'subscription' - body = SUBSCRIPTION_MOD_REQUEST - params['old_fpr'] = params['new_fpr'] = self.pubkey.fingerprint - else: - name = 'key change' - body = KEY_CHANGE_MOD_REQUEST - params['old_fpr'] = self.pgp_address.key_fingerprint - params['new_fpr'] = self.pubkey.fingerprint + name = self._request_name + body = self._request_body if self.mlist.admin_immed_notify: subject = 'New {} request from {}'.format(name, self.pgp_address.email) - text = body.format(**params) msg = UserNotification( self.mlist.owner_address, self.mlist.owner_address, - subject, text, self.mlist.preferred_language) + subject, body, self.mlist.preferred_language) out = copy.deepcopy(msg) wrapped = MIMEWrapper(msg) msg = wrapped.attach_keys(self.pubkey) @@ -109,10 +101,53 @@ class ModeratorApprovalMixin: @public class ModeratorSubApprovalMixin(ModeratorApprovalMixin): def __init__(self, pre_approved=False): - super().__init__(WhichApproval.subscription, pre_approved) + super().__init__(pre_approved) + + @property + def _request_name(self): + return 'subscription' + + @property + def _request_body(self): + params = {'mlist': self.mlist.fqdn_listname, + 'address': self.pgp_address.email, + 'fingerprint': self.pubkey.fingerprint} + return SUBSCRIPTION_MOD_REQUEST.format(**params) @public class ModeratorKeyChangeApprovalMixin(ModeratorApprovalMixin): def __init__(self, pre_approved=False): - super().__init__(WhichApproval.key_change, pre_approved) + super().__init__(pre_approved) + + @property + def _request_name(self): + return 'key change' + + @property + def _request_body(self): + params = {'mlist': self.mlist.fqdn_listname, + 'address': self.pgp_address.email, + 'fingerprint': self.pubkey.fingerprint, + 'old_fpr': self.pgp_address.key_fingerprint, + 'new_fpr': self.pubkey.fingerprint} + return KEY_CHANGE_MOD_REQUEST.format(**params) + + +@public +class ModeratorKeyRevokeApprovalMixin(ModeratorApprovalMixin): + def __init__(self, pre_approved=False): + super().__init__(pre_approved) + + @property + def _request_name(self): + return 'key reset' + + @property + def _request_body(self): + params = {'mlist': self.mlist.fqdn_listname, + 'address': self.pgp_address.email, + 'fingerprint': self.pubkey.fingerprint, + 'old_fpr': self.pgp_address.key_fingerprint, + 'new_fpr': self.pubkey.fingerprint} + return KEY_REVOKE_MOD_REQUEST.format(**params) |