paul@29 | 1 | # -*- coding: iso-8859-1 -*- |
paul@29 | 2 | """ |
paul@29 | 3 | MoinMoin - MoinMessageSupport library |
paul@29 | 4 | |
paul@29 | 5 | @copyright: 2012, 2013 by Paul Boddie <paul@boddie.org.uk> |
paul@29 | 6 | @license: GNU GPL (v2 or later), see COPYING.txt for details. |
paul@29 | 7 | """ |
paul@29 | 8 | |
paul@29 | 9 | from MoinMoin.Page import Page |
paul@29 | 10 | from MoinMoin.log import getLogger |
paul@29 | 11 | from MoinMoin.user import User |
paul@30 | 12 | from MoinMoin import wikiutil |
paul@36 | 13 | from MoinSupport import ItemStore, getHeader, getMetadata, getWikiDict, \ |
paul@36 | 14 | writeHeaders |
paul@36 | 15 | from MoinMessage import GPG, Message, MoinMessageError, \ |
paul@36 | 16 | is_signed, is_encrypted, getContentAndSignature |
paul@29 | 17 | from email.parser import Parser |
paul@30 | 18 | import time |
paul@29 | 19 | |
paul@29 | 20 | try: |
paul@29 | 21 | from cStringIO import StringIO |
paul@29 | 22 | except ImportError: |
paul@29 | 23 | from StringIO import StringIO |
paul@29 | 24 | |
paul@29 | 25 | Dependencies = ['pages'] |
paul@29 | 26 | |
paul@29 | 27 | class MoinMessageAction: |
paul@29 | 28 | |
paul@29 | 29 | "Common message handling support for actions." |
paul@29 | 30 | |
paul@29 | 31 | def __init__(self, pagename, request): |
paul@29 | 32 | |
paul@29 | 33 | """ |
paul@29 | 34 | On the page with the given 'pagename', use the given 'request' when |
paul@29 | 35 | reading posted messages, modifying the Wiki. |
paul@29 | 36 | """ |
paul@29 | 37 | |
paul@29 | 38 | self.pagename = pagename |
paul@29 | 39 | self.request = request |
paul@29 | 40 | self.page = Page(request, pagename) |
paul@29 | 41 | self.store = ItemStore(self.page, "messages", "message-locks") |
paul@29 | 42 | |
paul@29 | 43 | def do_action(self): |
paul@29 | 44 | request = self.request |
paul@29 | 45 | content_length = getHeader(request, "Content-Length", "HTTP") |
paul@29 | 46 | if content_length: |
paul@29 | 47 | content_length = int(content_length) |
paul@29 | 48 | |
paul@29 | 49 | self.handle_message_text(request.read(content_length)) |
paul@29 | 50 | |
paul@29 | 51 | def handle_message_text(self, message_text): |
paul@29 | 52 | |
paul@29 | 53 | "Handle the given 'message_text'." |
paul@29 | 54 | |
paul@29 | 55 | message = Parser().parse(StringIO(message_text)) |
paul@29 | 56 | self.handle_message(message) |
paul@29 | 57 | |
paul@29 | 58 | def handle_message(self, message): |
paul@29 | 59 | |
paul@29 | 60 | "Handle the given 'message'." |
paul@29 | 61 | |
paul@29 | 62 | # Detect PGP/GPG-encoded payloads. |
paul@29 | 63 | # See: http://tools.ietf.org/html/rfc3156 |
paul@29 | 64 | |
paul@33 | 65 | if is_signed(message): |
paul@29 | 66 | self.handle_signed_message(message) |
paul@33 | 67 | elif is_encrypted(message): |
paul@29 | 68 | self.handle_encrypted_message(message) |
paul@29 | 69 | |
paul@33 | 70 | # Reject unsigned and unencrypted payloads. |
paul@29 | 71 | |
paul@29 | 72 | else: |
paul@33 | 73 | request = self.request |
paul@29 | 74 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@29 | 75 | request.write("Only PGP/GPG-signed payloads are supported.") |
paul@29 | 76 | |
paul@29 | 77 | def handle_encrypted_message(self, message): |
paul@29 | 78 | |
paul@29 | 79 | "Handle the given encrypted 'message'." |
paul@29 | 80 | |
paul@29 | 81 | request = self.request |
paul@29 | 82 | |
paul@29 | 83 | homedir = self.get_homedir() |
paul@29 | 84 | if not homedir: |
paul@29 | 85 | return |
paul@29 | 86 | |
paul@29 | 87 | gpg = GPG(homedir) |
paul@29 | 88 | |
paul@33 | 89 | try: |
paul@33 | 90 | text = gpg.decryptMessage(message) |
paul@29 | 91 | |
paul@33 | 92 | # Reject messages without a declaration. |
paul@29 | 93 | |
paul@33 | 94 | except MoinMessageMissingPart: |
paul@33 | 95 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@33 | 96 | request.write("There must be a declaration and a content part for encrypted uploads.") |
paul@33 | 97 | return |
paul@33 | 98 | |
paul@33 | 99 | # Reject messages without appropriate content. |
paul@29 | 100 | |
paul@33 | 101 | except MoinMessageBadContent: |
paul@33 | 102 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@33 | 103 | request.write("Encrypted data must be provided as application/octet-stream.") |
paul@33 | 104 | return |
paul@29 | 105 | |
paul@33 | 106 | # Reject any unencryptable message. |
paul@29 | 107 | |
paul@29 | 108 | except MoinMessageError: |
paul@29 | 109 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@29 | 110 | request.write("The message could not be decrypted.") |
paul@33 | 111 | return |
paul@33 | 112 | |
paul@33 | 113 | # Log non-fatal errors. |
paul@33 | 114 | |
paul@33 | 115 | if gpg.errors: |
paul@33 | 116 | getLogger(__name__).warning(gpg.errors) |
paul@33 | 117 | |
paul@33 | 118 | # Handle the embedded message which may itself be a signed message. |
paul@33 | 119 | |
paul@33 | 120 | self.handle_message_text(text) |
paul@29 | 121 | |
paul@29 | 122 | def handle_signed_message(self, message): |
paul@29 | 123 | |
paul@29 | 124 | "Handle the given signed 'message'." |
paul@29 | 125 | |
paul@29 | 126 | request = self.request |
paul@29 | 127 | |
paul@36 | 128 | # Accept any message whose sender was authenticated by the PGP method. |
paul@33 | 129 | |
paul@36 | 130 | if request.user and request.user.valid and request.user.auth_method == "pgp": |
paul@33 | 131 | |
paul@36 | 132 | # Handle the embedded message. |
paul@29 | 133 | |
paul@36 | 134 | content, signature = getContentAndSignature(message) |
paul@36 | 135 | self.handle_message_content(content) |
paul@29 | 136 | |
paul@33 | 137 | # Reject any unverified message. |
paul@29 | 138 | |
paul@36 | 139 | else: |
paul@29 | 140 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@39 | 141 | request.write("The message could not be verified. " |
paul@39 | 142 | "Maybe this site is not performing authentication using PGP signatures.") |
paul@29 | 143 | |
paul@29 | 144 | def handle_message_content(self, content): |
paul@29 | 145 | |
paul@29 | 146 | "Handle the given message 'content'." |
paul@29 | 147 | |
paul@30 | 148 | request = self.request |
paul@30 | 149 | |
paul@30 | 150 | # Interpret the content as one or more updates. |
paul@30 | 151 | |
paul@30 | 152 | message = Message() |
paul@30 | 153 | message.handle_message(content) |
paul@30 | 154 | |
paul@30 | 155 | # Test any date against the page or message store. |
paul@30 | 156 | |
paul@30 | 157 | if message.date: |
paul@30 | 158 | store_date = time.gmtime(self.store.mtime()) |
paul@30 | 159 | page_date = time.gmtime(wikiutil.version2timestamp(self.page.mtime_usecs())) |
paul@30 | 160 | last_date = max(store_date, page_date) |
paul@30 | 161 | |
paul@30 | 162 | # Reject messages older than the page date. |
paul@30 | 163 | |
paul@30 | 164 | if message.date < last_date: |
paul@30 | 165 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@30 | 166 | request.write("The message is too old: %s versus %s." % (message.date, last_date)) |
paul@30 | 167 | return |
paul@30 | 168 | |
paul@30 | 169 | # Reject messages without dates if so configured. |
paul@30 | 170 | |
paul@30 | 171 | elif getattr(request.cfg, "moinmessage_reject_messages_without_dates", True): |
paul@30 | 172 | writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") |
paul@30 | 173 | request.write("The message has no date information.") |
paul@30 | 174 | return |
paul@30 | 175 | |
paul@30 | 176 | # Handle the message as an object. |
paul@30 | 177 | |
paul@30 | 178 | self.handle_message_object(message) |
paul@29 | 179 | |
paul@29 | 180 | def get_homedir(self): |
paul@29 | 181 | |
paul@29 | 182 | "Locate the GPG home directory." |
paul@29 | 183 | |
paul@34 | 184 | request = self.request |
paul@34 | 185 | homedir = get_homedir(self.request) |
paul@34 | 186 | |
paul@29 | 187 | if not homedir: |
paul@29 | 188 | writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") |
paul@29 | 189 | request.write("Encoded data cannot currently be understood. Please notify the site administrator.") |
paul@34 | 190 | |
paul@29 | 191 | return homedir |
paul@29 | 192 | |
paul@34 | 193 | def get_homedir(request): |
paul@34 | 194 | |
paul@34 | 195 | "Locate the GPG home directory." |
paul@34 | 196 | |
paul@34 | 197 | return getattr(request.cfg, "moinmessage_gpg_homedir") |
paul@34 | 198 | |
paul@29 | 199 | # vim: tabstop=4 expandtab shiftwidth=4 |