schleuder 2.2.4 → 3.2.2

data/lib/schleuder/gpgme/sub_key.rb

@@ -0,0 +1,13 @@
+module GPGME
+  class SubKey
+    # Overwrite to specify the full fingerprint instead of the short key-ID.
+    def to_s
+      sprintf("%s   %4d%s/%s %s\n",
+              secret? ? 'ssc' : 'sub',
+              length,
+              pubkey_algo_letter,
+              fingerprint,
+              timestamp.strftime('%Y-%m-%d'))
+    end
+  end
+end

data/lib/schleuder/gpgme/user_id.rb

@@ -0,0 +1,22 @@
+module GPGME
+  class UserID
+    def name
+      sanitize_encoding(@name)
+    end
+    def comment
+      sanitize_encoding(@comment)
+    end
+    def uid
+      sanitize_encoding(@uid)
+    end
+
+    private
+    def sanitize_encoding(str)
+      if str.is_a?(String) && str.encoding != 'UTF-8'
+        str.encode(Encoding::UTF_8, invalid: :replace, undef: :replace, replace: '')
+      else
+        str
+      end
+    end
+  end
+end

data/lib/schleuder/list.rb

@@ -1,193 +1,384 @@
 module Schleuder
-  # Represents a single list: name, config, members.
-  class List
-    # Name of this list. Must match the name of the subdirectory in
-    # +SchleuderConfig::lists_dir+
-    attr_reader :listname
-    
-    # Prepare some variables, set up the SchleuderLogger and set GNUPGHOME
-    def initialize(listname,newlist=false)
-      @listname = listname
-      @config = ListConfig.new if newlist
-      @log = ListLogger.new listname, listdir, config
-      
-      # setting GNUPGHOME to list's home, to make use of the keys there
-      Schleuder.log.debug "setting ENV[GNUPGHOME] to #{listdir}"
-      ENV["GNUPGHOME"] = listdir
-      @members = nil
-    end
-    
-    # Provides an array of Schleuder::Member's, read from +members.conf+
-    def members
-      unless @members
-        Schleuder.log.debug("reading #{members_file}")
-        @members = YAML::load_file(members_file).collect do |h|
-          h.kind_of?(Schleuder::Member) ? h : Schleuder::Member.new(h)
+  class List < ActiveRecord::Base
+
+    has_many :subscriptions, dependent: :destroy
+    before_destroy :delete_listdirs
+
+    serialize :headers_to_meta, JSON
+    serialize :bounces_drop_on_headers, JSON
+    serialize :keywords_admin_only, JSON
+    serialize :keywords_admin_notify, JSON
+
+    validates :email, presence: true, uniqueness: true, email: true
+    validates :fingerprint, presence: true, fingerprint: true
+    validates :send_encrypted_only,
+        :receive_encrypted_only,
+        :receive_signed_only,
+        :receive_authenticated_only,
+        :receive_from_subscribed_emailaddresses_only,
+        :receive_admin_only,
+        :keep_msgid,
+        :bounces_drop_all,
+        :bounces_notify_admins,
+        :include_list_headers,
+        :include_openpgp_header,
+        :forward_all_incoming_to_admins, boolean: true
+    validates_each :headers_to_meta,
+        :keywords_admin_only,
+        :keywords_admin_notify do |record, attrib, value|
+          value.each do |word|
+            if word !~ /\A[a-z_-]+\z/i
+              record.errors.add(attrib, I18n.t("errors.invalid_characters"))
+            end
+          end
+        end
+    validates_each :bounces_drop_on_headers do |record, attrib, value|
+          value.each do |key, val|
+            if key.to_s !~ /\A[a-z-]+\z/i || val.to_s !~ /\A[[:graph:]]+\z/i
+              record.errors.add(attrib, I18n.t("errors.invalid_characters"))
+            end
+          end
         end
+    validates :subject_prefix,
+        :subject_prefix_in,
+        :subject_prefix_out,
+        no_line_breaks: true
+    validates :openpgp_header_preference,
+                presence: true,
+                inclusion: {
+                  in: %w(sign encrypt signencrypt unprotected none),
+                }
+    validates :max_message_size_kb, :logfiles_to_keep, greater_than_zero: true
+    validates :log_level,
+              presence: true,
+              inclusion: {
+                in: %w(debug info warn error),
+              }
+    validates :language,
+              presence: true,
+              inclusion: {
+                # TODO: find out why we break translations and available_locales if we use I18n.available_locales here.
+                in: %w(de en),
+              }
+    validates :public_footer, :internal_footer,
+              allow_blank: true,
+              format: {
+                with: /\A[[:graph:]\s]*\z/i,
+              }
+
+    default_scope { order(:email) }
+
+    def self.configurable_attributes
+      @configurable_attributes ||= begin
+        all = self.validators.map(&:attributes).flatten.uniq.compact.sort
+        all - [:email, :fingerprint]
       end
-      @members
     end
 
-    def members_file
-      @members_file ||= File.join(listdir, Schleuder.config.lists_memberfile)
+    def logfile
+      @logfile ||= File.join(Conf.listlogs_dir, self.email.split('@').reverse, 'list.log')
+    end
+
+    def logger
+      @logger ||= Listlogger.new(self)
     end
-    
-    # Saves an array of Schleuder::Member's into +members.conf++
-    def members=(arr)
-      Schleuder.log.debug 'writing members'
-      Schleuder.log.info("writing #{members_file}")
-      @members = arr.collect { |m| m.kind_of?(Hash) ? Member.new(m) : m }
-      _write(YAML.dump(@members.collect { |m| m.to_hash }), members_file)
-      @members
+
+    def to_s
+      email
     end
-    
-    # Finds a member by email address.
-    def find_member_by_email(addresses)
-      addresses = Array(addresses)
-      members.detect { |m| addresses.include?(m.email) } || false
+
+    def admins
+      subscriptions.where(admin: true)
     end
 
-    def find_admin_by_email(addresses)
-      addresses = Array(addresses)
-      if admin_email = self.config.admins.detect { |a| addresses.include?(a.email) }
-        Member.new(:email => admin_email)
-      else
-        false
-      end
+    def subscriptions_without_fingerprint
+      subscriptions.without_fingerprint
     end
 
-    def find_member_by_key(key)
-      Schleuder.log.debug "Looking for member for key #{key}"
-      find_by_key(members, key)
+    def key(fingerprint=self.fingerprint)
+      keys(fingerprint).first
     end
 
-    def find_admin_by_key(key)
-      Schleuder.log.debug "Looking for admin for key #{key}"
-      find_by_key(config.admins, key)
+    def secret_key
+      keys(self.fingerprint, true).first
     end
 
-    def find_admin_by_address(address)
-      config.admins.detect { |admin| admin.email == address }
+    def keys(identifier=nil, secret_only=nil)
+      gpg.find_keys(identifier, secret_only)
     end
 
-    def find_member_by_address(address)
-      members.detect { |member| member.email == address }
+    # TODO: find better name for this method. It does more than the current
+    # name suggests (filtering for capability).
+    def distinct_key(identifier)
+      keys = keys(identifier).select { |key| key.usable_for?(:encrypt) }
+      if keys.size == 1
+        return keys.first
+      else
+        return nil
+      end
     end
 
-    # Provides the list config as Schleuder::ListConfig-object 
-    def config
-      @config ||= _load_config
+    def import_key(importable)
+      gpg.keyimport(importable)
     end
 
-    # Saves +data+ into the list-config-file (default: list.conf). +data+ must
-    # be a Schleuder::ListConfig or valid input to +ListConfig.new+
-    def config=(data)
-      Schleuder.log.info("writing list-config for: #{listname}")
-      if data.is_a?(ListConfig)
-        @config = data
+    def import_key_and_find_fingerprint(key_material)
+      return nil if key_material.blank?
+      
+      import_result = import_key(key_material)
+      gpg.interpret_import_result(import_result)
+    end
+
+    def delete_key(fingerprint)
+      if key = keys(fingerprint).first
+        key.delete!
+        true
       else
-        @config = ListConfig.new(data)
+        false
+      end
+    end
+
+    def export_key(fingerprint=self.fingerprint)
+      key = keys(fingerprint).first
+      if key.blank?
+        return false
       end
-      _write(YAML::dump(@config.to_hash), configfile)
-      @config
+      key.armored
+    end
+
+    def check_keys
+      now = Time.now
+      checkdate = now + (60 * 60 * 24 * 14) # two weeks
+      unusable = []
+      expiring = []
+
+      keys.each do |key|
+        expiry = key.subkeys.first.expires
+        if expiry && expiry > now && expiry < checkdate
+          # key expires in the near future
+          expdays = ((expiry - now)/86400).to_i
+          expiring << [key, expdays]
+        end
+
+        if ! key.usable?
+          unusable << [key, key.usability_issue]
+        end
+      end
+
+      text = ''
+      expiring.each do |key,days|
+        text << I18n.t('key_expires', {
+                          days: days,
+                          key_oneline: key.oneline
+                      })
+        text << "\n"
+      end
+
+      unusable.each do |key,usability_issue|
+        text << I18n.t('key_unusable', {
+                          usability_issue: usability_issue,
+                          key_oneline: key.oneline
+                      })
+        text << "\n"
+      end
+      text
+    end
+
+    def refresh_keys
+      gpg.refresh_keys(self.keys)
+    end
+
+    def fetch_keys(input)
+      gpg.fetch_key(input)
     end
 
-    # Returns path to the list configuration file
-    def configfile
-      # If `lists_configfile` ends with a '/', assume its pointing to a
-      # directory where configuration files are named "$DOMAIN/$LISTNAME.conf".
-      if Schleuder.config.lists_configfile.end_with?('/')
-        local_part, domain = listname.split('@')
-        if domain.nil?
-          # pre 2.2 style
-          File.join(Schleuder.config.lists_configfile, "#{local_part}.conf")
+    def pin_keys
+      updated_emails = subscriptions_without_fingerprint.collect do |subscription|
+        key = distinct_key(subscription.email)
+        if key
+          subscription.update(fingerprint: key.fingerprint)
+          "#{subscription.email}: #{key.fingerprint}"
         else
-          File.join(Schleuder.config.lists_configfile, domain, "#{local_part}.conf")
+          nil
         end
-      else
-        File.join(@listdir, Schleuder.config.lists_configfile)
       end
+      updated_emails.compact.join("\n")
     end
 
-    # Builds the bounce-address for the list
-    def bounce_addr
-      @bounce_addr ||= self.config.myaddr.gsub(/^(.*)@(.*)$/, '\1-bounce@\2')
+    def self.by_recipient(recipient)
+      listname = recipient.gsub(/-(sendkey|request|owner|bounce)@/, '@')
+      where(email: listname).first
     end
 
-    # Builds the owner-address for the list
-    def owner_addr
-      @owner_addr ||= self.config.myaddr.gsub(/^(.*)@(.*)$/, '\1-owner@\2')
+    def sendkey_address
+      @sendkey_address ||= email.gsub('@', '-sendkey@')
     end
 
-    # Builds the request-address for the list
-    def request_addr
-      @request_addr ||= self.config.myaddr.gsub(/^(.*)@(.*)$/, '\1-request@\2')
+    def request_address
+      @request_address ||= email.gsub('@', '-request@')
     end
 
-    # builds the send-key-command-address for the list
-    def sendkey_addr
-      self.config.myaddr.gsub(/^(.*)@(.*)$/, '\1-sendkey@\2')
+    def owner_address
+      @owner_address ||= email.gsub('@', '-owner@')
     end
 
-    def self.listdir(listname)
-      name = listname.split('@')
-      if name.size < 2
-        Schleuder.log.warn 'Listname should be a full email-address, using only the local part is deprecated. Please fix this!'
+    def bounce_address
+      @bounce_address ||= email.gsub('@', '-bounce@')
+    end
+
+    def gpg
+      @gpg_ctx ||= begin
+        # TODO: figure out why set it again...
+        # Set GNUPGHOME when list is created.
+        set_gnupg_home
+        GPGME::Ctx.new armor: true
+      end
+    end
+
+    # TODO: place this somewhere sensible.
+    # Call cleanup when script finishes.
+    #Signal.trap(0, proc { @list.cleanup })
+    def cleanup
+      if @gpg_agent_pid
+        Process.kill('TERM', @gpg_agent_pid.to_i)
       end
-      File.expand_path(File.join([Schleuder.config.lists_dir, name.reverse].flatten))
+    rescue => e
+      $stderr.puts "Failed to kill gpg-agent: #{e}"
+    end
+
+    def gpg_sign_options
+      {sign: true, sign_as: self.fingerprint}
+    end
+
+    def fingerprint=(arg)
+      # Strip whitespace from incoming arg.
+      if arg
+        write_attribute(:fingerprint, arg.gsub(/\s*/, '').chomp)
+      end
+    end
+
+    def self.listdir(listname)
+      File.join(
+          Conf.lists_dir,
+          listname.split('@').reverse
+        )
     end
 
     def listdir
-      @listdir ||=  List.listdir(@listname)
+      @listdir ||= self.class.listdir(self.email)
     end
 
-    def listid
-      @listid ||= config.myaddr.gsub(/@/, '.')
+    # A convenience-method to simplify other code.
+    def subscribe(email, fingerprint=nil, adminflag=nil, deliveryflag=nil, key_material=nil)
+      messages = nil
+      args = {
+          list_id: self.id,
+          email: email
+      }
+      if key_material.present?
+        fingerprint, messages = import_key_and_find_fingerprint(key_material)
+      end
+      args[:fingerprint] = fingerprint
+      # ActiveRecord does not treat nil as falsy for boolean columns, so we
+      # have to avoid that in order to not receive an invalid object. The
+      # database will use the column's default-value if no value is being
+      # given. (I'd rather not duplicate the defaults here.)
+      if ! adminflag.nil?
+        args[:admin] = adminflag
+      end
+      if ! deliveryflag.nil?
+        args[:delivery_enabled] = deliveryflag
+      end
+      subscription = Subscription.create(args)
+      [subscription, messages]
     end
 
-    def key
-      @key ||= lookup_list_key
+    def unsubscribe(email, delete_key=false)
+      sub = subscriptions.where(email: email).first
+      if sub.blank?
+        false
+      end
+
+      if ! sub.destroy
+        return sub
+      end
+
+      if delete_key
+        sub.delete_key
+      end
     end
 
-    def key_fingerprint
-      key.subkeys.first.fingerprint
+    def keywords_admin_notify
+      Array(read_attribute(:keywords_admin_notify))
     end
 
-    def archive(mail)
-      @list_archiver ||= Schleuder::Archiver.new
-      @list_archiver.archive(mail)
+    def keywords_admin_only
+      Array(read_attribute(:keywords_admin_only))
     end
 
-    private
+    def admin_only?(keyword)
+      keywords_admin_only.include?(keyword)
+    end
 
-    # Loads the configuration
-    def _load_config
-        Schleuder.log.debug("reading list-config for: #{@listname}") unless Schleuder.log.nil?
-        @config = ListConfig.new(configfile)
+    def from_admin?(mail)
+      return false if ! mail.was_validly_signed?
+      admins.find do |admin|
+        admin.fingerprint == mail.signing_key.fingerprint
+      end.presence || false
     end
 
-    def find_by_key(ary, key)
-      return false unless key.kind_of?(GPGME::Key)
-      res = ary.detect { |elem| elem.kind_of?(Member) && elem.uses_key?(key) }
-      Schleuder.log.debug "Found #{res} for #{key}" unless res.nil?
-      res || false
+    def set_attribute(attrib, value)
+      self.send("#{attrib}=", value)
     end
 
-    def _write(data,filename)
-      File.open(filename, 'w') { |f| f << data }
+    def send_list_key_to_subscriptions
+      mail = Mail.new
+      mail.from = self.email
+      mail.subject = I18n.t('list_public_key_subject')
+      mail.body = I18n.t('list_public_key_attached')
+      mail.attach_list_key!(self)
+      send_to_subscriptions(mail)
+      true
     end
 
-    def lookup_list_key
-      key, msg = crypt.get_key(config.key_fingerprint||config.myaddr)
-      unless key
-        raise "Could not find a key for this List! Reason: #{msg}"
+    def send_to_subscriptions(mail)
+      logger.debug "Sending to subscriptions."
+      mail.add_internal_footer!
+      self.subscriptions.each do |subscription|
+        begin
+          subscription.send_mail(mail)
+        rescue => exc
+          msg = I18n.t('errors.delivery_error',
+                       { email: subscription.email, error: exc.to_s })
+          logger.error msg
+          logger.error exc
+        end
       end
-      key
     end
 
-    def crypt
-      @@crypt ||= Crypt.new(nil)
+    private
+
+    def set_gnupg_home
+      ENV['GNUPGHOME'] = listdir
     end
 
+    def delete_listdirs
+      if File.exists?(self.listdir)
+        FileUtils.rm_rf(self.listdir, secure: true)
+        Schleuder.logger.info "Deleted #{self.listdir}"
+      end
+      # If listlogs_dir is different from lists_dir, the logfile still exists
+      # and needs to be deleted, too.
+      logfile_dir = File.dirname(self.logfile)
+      if File.exists?(logfile_dir)
+        FileUtils.rm_rf(logfile_dir, secure: true)
+        Schleuder.logger.info "Deleted #{logfile_dir}"
+      end
+      true
+    rescue => exc
+      # Don't use list-logger here — if the list-dir isn't present we can't log to it!
+      Schleuder.logger.error "Error while deleting listdir: #{exc}"
+      return false
+    end
   end
 end