paul@0 | 1 | # -*- coding: iso-8859-1 -*- |
paul@0 | 2 | """ |
paul@0 | 3 | MoinMoin - PostMessage Action |
paul@0 | 4 | |
paul@16 | 5 | @copyright: 2012, 2013 by Paul Boddie <paul@boddie.org.uk> |
paul@0 | 6 | @license: GNU GPL (v2 or later), see COPYING.txt for details. |
paul@0 | 7 | """ |
paul@0 | 8 | |
paul@16 | 9 | from MoinMoin.Page import Page |
paul@0 | 10 | from MoinMoin.PageEditor import PageEditor |
paul@2 | 11 | from MoinMoin.log import getLogger |
paul@11 | 12 | from MoinMoin.user import User |
paul@0 | 13 | from MoinSupport import * |
paul@16 | 14 | from MoinMessage import GPG, Message, MessageStore, MoinMessageError |
paul@0 | 15 | from email.parser import Parser |
paul@0 | 16 | |
paul@0 | 17 | try: |
paul@0 | 18 | from cStringIO import StringIO |
paul@0 | 19 | except ImportError: |
paul@0 | 20 | from StringIO import StringIO |
paul@0 | 21 | |
paul@0 | 22 | Dependencies = ['pages'] |
paul@0 | 23 | |
paul@0 | 24 | class PostMessage: |
paul@0 | 25 | |
paul@0 | 26 | "A posted message handler." |
paul@0 | 27 | |
paul@0 | 28 | def __init__(self, pagename, request): |
paul@0 | 29 | |
paul@0 | 30 | """ |
paul@0 | 31 | On the page with the given 'pagename', use the given 'request' when |
paul@0 | 32 | reading posted messages, modifying the Wiki. |
paul@0 | 33 | """ |
paul@0 | 34 | |
paul@0 | 35 | self.pagename = pagename |
paul@0 | 36 | self.request = request |
paul@0 | 37 | self.page = Page(request, pagename) |
paul@0 | 38 | |
paul@0 | 39 | def do_action(self): |
paul@0 | 40 | request = self.request |
paul@0 | 41 | content_length = getHeader(request, "Content-Length", "HTTP") |
paul@0 | 42 | if content_length: |
paul@0 | 43 | content_length = int(content_length) |
paul@0 | 44 | |
paul@5 | 45 | self.handle_message_text(request.read(content_length)) |
paul@0 | 46 | |
paul@5 | 47 | def handle_message_text(self, message_text): |
paul@1 | 48 | |
paul@1 | 49 | "Handle the given 'message_text'." |
paul@1 | 50 | |
paul@5 | 51 | message = Parser().parse(StringIO(message_text)) |
paul@5 | 52 | self.handle_message(message) |
paul@5 | 53 | |
paul@5 | 54 | def handle_message(self, message): |
paul@5 | 55 | |
paul@5 | 56 | "Handle the given 'message'." |
paul@5 | 57 | |
paul@1 | 58 | request = self.request |
paul@1 | 59 | mimetype = message.get_content_type() |
paul@1 | 60 | encoding = message.get_content_charset() |
paul@1 | 61 | |
paul@1 | 62 | # Detect PGP/GPG-encoded payloads. |
paul@1 | 63 | # See: http://tools.ietf.org/html/rfc3156 |
paul@1 | 64 | |
paul@3 | 65 | if mimetype == "multipart/signed" and \ |
paul@3 | 66 | message.get_param("protocol") == "application/pgp-signature": |
paul@1 | 67 | |
paul@5 | 68 | self.handle_signed_message(message) |
paul@2 | 69 | |
paul@5 | 70 | elif mimetype == "multipart/encrypted" and \ |
paul@5 | 71 | message.get_param("protocol") == "application/pgp-encrypted": |
paul@2 | 72 | |
paul@5 | 73 | self.handle_encrypted_message(message) |
paul@1 | 74 | |
paul@1 | 75 | # Reject unsigned payloads. |
paul@1 | 76 | |
paul@1 | 77 | else: |
paul@1 | 78 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@1 | 79 | request.write("Only PGP/GPG-signed payloads are supported.") |
paul@1 | 80 | |
paul@5 | 81 | def handle_encrypted_message(self, message): |
paul@5 | 82 | |
paul@5 | 83 | "Handle the given encrypted 'message'." |
paul@5 | 84 | |
paul@5 | 85 | request = self.request |
paul@5 | 86 | |
paul@5 | 87 | try: |
paul@5 | 88 | declaration, content = message.get_payload() |
paul@5 | 89 | except ValueError: |
paul@5 | 90 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@5 | 91 | request.write("There must be a declaration and a content part for encrypted uploads.") |
paul@5 | 92 | return |
paul@5 | 93 | |
paul@5 | 94 | # Verify the message format. |
paul@5 | 95 | |
paul@5 | 96 | if content.get_content_type() != "application/octet-stream": |
paul@5 | 97 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@5 | 98 | request.write("Encrypted data must be provided as application/octet-stream.") |
paul@5 | 99 | return |
paul@5 | 100 | |
paul@5 | 101 | homedir = self.get_homedir() |
paul@5 | 102 | if not homedir: |
paul@5 | 103 | return |
paul@5 | 104 | |
paul@8 | 105 | gpg = GPG(homedir) |
paul@1 | 106 | |
paul@8 | 107 | # Get the decrypted message text. |
paul@5 | 108 | |
paul@5 | 109 | try: |
paul@8 | 110 | text = gpg.decryptMessage(content.get_payload()) |
paul@5 | 111 | |
paul@8 | 112 | # Log non-fatal errors. |
paul@5 | 113 | |
paul@8 | 114 | if gpg.errors: |
paul@8 | 115 | getLogger(__name__).warning(gpg.errors) |
paul@5 | 116 | |
paul@8 | 117 | # Handle the embedded message. |
paul@8 | 118 | |
paul@8 | 119 | self.handle_message_text(text) |
paul@5 | 120 | |
paul@8 | 121 | # Otherwise, reject the unverified message. |
paul@5 | 122 | |
paul@8 | 123 | except MoinMessageError: |
paul@8 | 124 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@8 | 125 | request.write("The message could not be decrypted.") |
paul@5 | 126 | |
paul@5 | 127 | def handle_signed_message(self, message): |
paul@5 | 128 | |
paul@5 | 129 | "Handle the given signed 'message'." |
paul@5 | 130 | |
paul@5 | 131 | request = self.request |
paul@1 | 132 | |
paul@5 | 133 | # NOTE: RFC 3156 states that signed messages should employ a detached |
paul@5 | 134 | # NOTE: signature but then shows "BEGIN PGP MESSAGE" for signatures |
paul@5 | 135 | # NOTE: instead of "BEGIN PGP SIGNATURE". |
paul@5 | 136 | # NOTE: The "micalg" parameter is currently not supported. |
paul@5 | 137 | |
paul@5 | 138 | try: |
paul@5 | 139 | content, signature = message.get_payload() |
paul@5 | 140 | except ValueError: |
paul@5 | 141 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@5 | 142 | request.write("There must be a content part and a signature for signed uploads.") |
paul@5 | 143 | return |
paul@5 | 144 | |
paul@5 | 145 | # Verify the message format. |
paul@5 | 146 | |
paul@5 | 147 | if signature.get_content_type() != "application/pgp-signature": |
paul@5 | 148 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@5 | 149 | request.write("Signature data must be provided in the second part as application/pgp-signature.") |
paul@5 | 150 | return |
paul@5 | 151 | |
paul@5 | 152 | homedir = self.get_homedir() |
paul@5 | 153 | if not homedir: |
paul@5 | 154 | return |
paul@5 | 155 | |
paul@8 | 156 | gpg = GPG(homedir) |
paul@3 | 157 | |
paul@8 | 158 | # Verify the message. |
paul@8 | 159 | |
paul@5 | 160 | try: |
paul@11 | 161 | fingerprint, identity = gpg.verifyMessage(signature.get_payload(), content.as_string()) |
paul@11 | 162 | |
paul@11 | 163 | # Map the fingerprint to a Wiki user. |
paul@11 | 164 | |
paul@11 | 165 | old_user = None |
paul@11 | 166 | request = self.request |
paul@5 | 167 | |
paul@11 | 168 | try: |
paul@11 | 169 | if fingerprint: |
paul@11 | 170 | gpg_users = getWikiDict( |
paul@11 | 171 | getattr(request.cfg, "moinmessage_gpg_users_page", "MoinMessageUserDict"), |
paul@11 | 172 | request |
paul@11 | 173 | ) |
paul@11 | 174 | |
paul@11 | 175 | # With a user mapping and a fingerprint corresponding to a known |
paul@11 | 176 | # user, temporarily switch user in order to make the edit. |
paul@5 | 177 | |
paul@11 | 178 | if gpg_users and gpg_users.has_key(fingerprint): |
paul@11 | 179 | old_user = request.user |
paul@11 | 180 | request.user = User(request, auth_method="gpg", auth_username=gpg_users[fingerprint]) |
paul@11 | 181 | |
paul@11 | 182 | # Log non-fatal errors. |
paul@11 | 183 | |
paul@11 | 184 | if gpg.errors: |
paul@11 | 185 | getLogger(__name__).warning(gpg.errors) |
paul@5 | 186 | |
paul@11 | 187 | # Handle the embedded message. |
paul@11 | 188 | |
paul@11 | 189 | self.handle_message_content(content) |
paul@3 | 190 | |
paul@11 | 191 | # Restore any user identity. |
paul@11 | 192 | |
paul@11 | 193 | finally: |
paul@11 | 194 | if old_user: |
paul@11 | 195 | request.user = old_user |
paul@5 | 196 | |
paul@8 | 197 | # Otherwise, reject the unverified message. |
paul@5 | 198 | |
paul@8 | 199 | except MoinMessageError: |
paul@8 | 200 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@8 | 201 | request.write("The message could not be verified.") |
paul@5 | 202 | |
paul@15 | 203 | def handle_message_content(self, content): |
paul@5 | 204 | |
paul@15 | 205 | "Handle the given message 'content'." |
paul@3 | 206 | |
paul@1 | 207 | request = self.request |
paul@0 | 208 | |
paul@15 | 209 | # Interpret the content as one or more updates. |
paul@0 | 210 | |
paul@15 | 211 | message = Message() |
paul@15 | 212 | message.handle_message(content) |
paul@0 | 213 | |
paul@15 | 214 | for update in message.updates: |
paul@15 | 215 | |
paul@15 | 216 | # Handle a single part. |
paul@0 | 217 | |
paul@15 | 218 | if not update.is_multipart(): |
paul@16 | 219 | self.handle_message_parts([update], update) |
paul@0 | 220 | |
paul@15 | 221 | # Or a collection of alternative representations for a single |
paul@15 | 222 | # update. |
paul@0 | 223 | |
paul@15 | 224 | else: |
paul@16 | 225 | self.handle_message_parts(update.get_payload(), update) |
paul@0 | 226 | |
paul@0 | 227 | # Default output. |
paul@0 | 228 | |
paul@0 | 229 | writeHeaders(request, "text/plain", getMetadata(self.page), "204 No Content") |
paul@0 | 230 | |
paul@16 | 231 | def handle_message_parts(self, parts, update): |
paul@0 | 232 | |
paul@0 | 233 | """ |
paul@16 | 234 | Handle the given message 'parts', using the original 'update' to |
paul@16 | 235 | determine whether the content is to replace or update page content, or |
paul@16 | 236 | whether it will be placed in a message store. |
paul@0 | 237 | """ |
paul@0 | 238 | |
paul@16 | 239 | # Handle the different update actions. |
paul@16 | 240 | # Update a message store for the page. |
paul@16 | 241 | |
paul@16 | 242 | if to_store(update): |
paul@16 | 243 | store = MessageStore(self.page) |
paul@16 | 244 | store.append(update) |
paul@0 | 245 | |
paul@16 | 246 | # Update the page. |
paul@16 | 247 | |
paul@16 | 248 | else: |
paul@16 | 249 | # NOTE: Should either choose preferred content types or somehow retain them |
paul@16 | 250 | # NOTE: all but present one at a time. |
paul@16 | 251 | |
paul@16 | 252 | body = [] |
paul@16 | 253 | replace = to_replace(update) |
paul@0 | 254 | |
paul@16 | 255 | for part in parts: |
paul@16 | 256 | mimetype = part.get_content_type() |
paul@16 | 257 | encoding = part.get_content_charset() |
paul@16 | 258 | if mimetype == "text/moin": |
paul@16 | 259 | body.append(part.get_payload()) |
paul@16 | 260 | if replace: |
paul@16 | 261 | break |
paul@0 | 262 | |
paul@16 | 263 | if not replace: |
paul@16 | 264 | body.append(self.page.get_raw_body()) |
paul@0 | 265 | |
paul@16 | 266 | page_editor = PageEditor(self.request, self.pagename) |
paul@16 | 267 | page_editor.saveText("\n\n".join(body), 0) |
paul@0 | 268 | |
paul@16 | 269 | # Refresh the page. |
paul@11 | 270 | |
paul@16 | 271 | self.page = Page(self.request, self.pagename) |
paul@11 | 272 | |
paul@5 | 273 | def get_homedir(self): |
paul@5 | 274 | |
paul@5 | 275 | "Locate the GPG home directory." |
paul@5 | 276 | |
paul@11 | 277 | homedir = getattr(self.request.cfg, "moinmessage_gpg_homedir") |
paul@5 | 278 | if not homedir: |
paul@5 | 279 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@5 | 280 | request.write("Encoded data cannot currently be understood. Please notify the site administrator.") |
paul@5 | 281 | return homedir |
paul@5 | 282 | |
paul@0 | 283 | def to_replace(message): |
paul@0 | 284 | return message.get("Update-Action") == "replace" |
paul@0 | 285 | |
paul@16 | 286 | def to_store(message): |
paul@16 | 287 | return message.get("Update-Action") == "store" |
paul@16 | 288 | |
paul@0 | 289 | # Action function. |
paul@0 | 290 | |
paul@0 | 291 | def execute(pagename, request): |
paul@12 | 292 | PostMessage(pagename, request).do_action() # instead of render |
paul@0 | 293 | |
paul@0 | 294 | # vim: tabstop=4 expandtab shiftwidth=4 |