schleuder 3.2.2 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edc9a5383dea2704c0ea9cfaa947e657221b89a83ff693cc221c5649026711f5
-  data.tar.gz: 8c4117d91098a20ccb9d4f12146524eb8e7d701f60d9a77ce0573510b1dbeb42
+  metadata.gz: 637d9f0b81f2cb7aaee30a9761eeb0f09f49d95649a00d735ce13ecd008abdad
+  data.tar.gz: ca41b305951ef8ac0fb7edfb42e87521cf1d2ce5e51be6ceaa3c57c933846067
 SHA512:
-  metadata.gz: 25adeec03329d06994b3ebada2d8b0dd9f9e50ee8c83e5349496decacf9877e8388f2122656f984516f3b1d8f3872748d8b91366131cd6f21b4c2eef5caa915f
-  data.tar.gz: 83b6170572c99168c6b49471d2a34823b49e878f6d1c03ea5f65f7c9a7d999f80996c92813892942e1940822615ba17c4b8da9c864cc59c46b88f8730d5ebfed
+  metadata.gz: 3b7f8cd46761314484df53f64ba3d929c75eccdfd4c7a2c7ce87d76720b6fa1025d59f370126b107b08a19b9916fe7e160563739a1058dc88a537acd744af212
+  data.tar.gz: 149620dc7fc6549391af197396b68c8cf42b990e037d2224e337db57af00f90edb293e23120a8f2f8156e40cbfadcd35bca1009d066ba2126f98c4b7c90ae29a

data/README.md

@@ -6,7 +6,7 @@ Schleuder is a gpg-enabled mailing list manager with resending-capabilities. Sub
 Version 3 of schleuder is a complete rewrite, which aims to be more robust, flexible, and internationalized. It
 also provides an API for the optional web interface called [schleuder-web](https://0xacab.org/schleuder/schleuder-web).
 
-For more details see <https://schleuder.nadir.org/docs/>.
+For more details see <https://schleuder.org/docs/>.
 
 Requirements
 ------------
@@ -16,9 +16,9 @@ Requirements
 * sqlite3
 * openssl
 
-*If you use Debian stretch or CentOS 7, please have a look at the [installation docs](https://schleuder.nadir.org/docs/#installation). We do provide packages for those platforms, which simplify the installation a lot.*
+*If you use Debian stretch or CentOS 7, please have a look at the [installation docs](https://schleuder.org/docs/#installation). We do provide packages for those platforms, which simplify the installation a lot.*
 
-*🛈 A note regarding Ubuntu: All released Ubuntu versions (including 17.10) don't meet the requirements with their packaged versions of gnupg! To run Schleuder on Ubuntu you currently have to install a more recent version of gnupg manually. A sufficient version of gnupg is included in "bionic-proposed", which might make 18.04 a usable Ubuntu release.*
+*🛈 A note regarding Ubuntu: All Ubuntu versions up to and including 17.10 don't meet the requirements with their packaged versions of gnupg! To run Schleuder on Ubuntu you currently have to install a more recent version of gnupg manually. Only Ubuntu 18.04 ("bionic") provides modern enough versions of Schleuder's requirements.*
 
 On systems that base on Debian 9 ("stretch"), install the dependencies via
 
@@ -47,25 +47,25 @@ Additionally these **rubygems** are required (will be installed automatically un
 Installing Schleuder
 ------------
 
-1. Download [the gem](https://schleuder.nadir.org/downloads/schleuder-3.2.2.gem) and [the OpenPGP-signature](https://schleuder.nadir.org/downloads/schleuder-3.2.2.gem.sig) and verify:
+1. Download [the gem](https://schleuder.org/download/schleuder-3.3.0.gem) and [the OpenPGP-signature](https://schleuder.org/download/schleuder-3.3.0.gem.sig) and verify:
    ```
    gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
-   gpg --verify schleuder-3.2.2.gem.sig
+   gpg --verify schleuder-3.3.0.gem.sig
    ```
 
 2. If all went well install the gem:
    ```
-   gem install schleuder-3.2.2.gem
+   gem install schleuder-3.3.0.gem
    ```
 
 3. Set up schleuder:
   ```
   schleuder install
   ```
-  This creates neccessary directories, copies example configs, etc. If you see errors about missing write permissions please follow the advice given.
+  This creates necessary directories, copies example configs, etc. If you see errors about missing write permissions please follow the advice given.
 
 
-For further information on setup and configuration please read <https://schleuder.nadir.org/docs/#setup>.
+For further information on setup and configuration please read <https://schleuder.org/docs/#setup>.
 
 
 Command line usage
@@ -92,7 +92,7 @@ manage lists from the command line.
 Optionally consider installing
 [schleuder-web](https://0xacab.org/schleuder/schleuder-web), the web
 interface for schleuder. It enables list-admins to manage their lists through
-the web instead of using [request-keywords](https://schleuder.nadir.org/docs/#subscription-and-key-management).
+the web instead of using [request-keywords](https://schleuder.org/docs/#subscription-and-key-management).
 
 
 
@@ -112,6 +112,10 @@ To execute the test suite run:
 
     bundle exec rspec
 
+Please note: Some of the specs use 'pgrep'. On systems that base on Debian 9 ("stretch") install it via 
+
+    apt-get install procps
+
 We are working on extendig the test coverage.
 
 Contributing
@@ -120,6 +124,12 @@ Contributing
 Please see [CONTRIBUTING.md](CONTRIBUTING.md).
 
 
+Mission statement
+-----------------
+
+Please see [MISSION_STATEMENT.md](MISSION_STATEMENT.md).
+
+
 Code of Conduct
 ---------------
 
@@ -135,4 +145,4 @@ GNU GPL 3.0. Please see [LICENSE.txt](LICENSE.txt).
 Alternative Download
 --------------------
 
-Alternatively to the gem-files you can download the latest release as [a tarball](https://schleuder.nadir.org/downloads/schleuder-3.2.2.tar.gz) and [its OpenPGP-signature](https://schleuder.nadir.org/downloads/schleuder-3.2.2.tar.gz.sig).
+Alternatively to the gem-files you can download the latest release as [a tarball](https://schleuder.org/download/schleuder-3.3.0.tar.gz) and [its OpenPGP-signature](https://schleuder.org/download/schleuder-3.3.0.tar.gz.sig).

data/Rakefile

@@ -3,7 +3,7 @@ require_relative "lib/#{project}.rb"
 
 @version = Schleuder::VERSION
 @tagname = "#{project}-#{@version}"
-@gpguid = 'schleuder@nadir.org'
+@gpguid = 'team@schleuder.org'
 @filename_gem = "#{@tagname}.gem"
 @filename_tarball = "#{@tagname}.tar.gz"
 
@@ -52,6 +52,7 @@ task :new_version => [
     :sign_gem,
     :build_tarball,
     :sign_tarball,
+    :ensure_permissions,
     :git_tag
   ] do
 end
@@ -78,7 +79,7 @@ end
 
 desc "Commit changes as new version"
 task :git_commit do
-  `git commit -m "Version #{@version} (README, gems, ...)"`
+  `git commit -m "Version #{@version}"`
 end
 
 desc 'Build, sign and commit a gem-file.'
@@ -88,12 +89,22 @@ end
 
 desc 'OpenPGP-sign gem and tarball'
 task :sign_tarball do
-  `gpg -u #{@gpguid} -b #{@filename_gem}`
+  `gpg -u #{@gpguid} -b #{@filename_tarball}`
 end
 
 desc 'OpenPGP-sign gem'
 task :sign_gem do
-  `gpg -u #{@gpguid} -b #{@filename_tarball}`
+  `gpg -u #{@gpguid} -b #{@filename_gem}`
+end
+
+desc 'Ensure download-files have correct permissions'
+task :ensure_permissions do
+  File.chmod(0644, *Dir.glob("#{@tagname}*"))
+end
+
+desc 'Upload download-files (gem, tarball, signatures) to schleuder.org.'
+task :upload_files do
+  puts `echo "put -p #{@tagname}* www/download/" | sftp schleuder.org@ftp.schleuder.org 2>&1`
 end
 
 desc 'Publish gem-file to rubygems.org'
@@ -114,10 +125,7 @@ end
 
 desc 'Describe manual release-tasks'
 task :website do
-  puts "Please update the website:
-  * Update changelog.
-  * Publish release-announcement.
-"
+  puts "Please remember to publish the release-notes on the website and on schleuder-announce."
 end
 
 desc 'Check if version-tag already exists'

data/bin/schleuder

@@ -8,7 +8,8 @@ trap("INT") { exit 1 }
 
 
 begin
-  require_relative '../lib/schleuder/cli'
+  $LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
+  require 'schleuder/cli'
   Schleuder::Cli.start
 rescue => exc
   $stderr.puts "Technical Error: #{exc}\n#{exc.backtrace.first}"

data/bin/schleuder-api-daemon

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
 
-require_relative '../lib/schleuder-api-daemon'
-SchleuderApiDaemon.run!
+$LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
+require 'schleuder-api-daemon'
+SchleuderApiDaemon.run!

data/db/migrate/20180110203100_add_sig_enc_to_headers_to_meta_defaults.rb

@@ -0,0 +1,30 @@
+class AddSigEncToHeadersToMetaDefaults < ActiveRecord::Migration
+  def up
+    change_column_default :lists, :headers_to_meta, '["from", "to", "cc", "date", "sig", "enc"]'
+    list_klass = create_list_klass
+    list_klass.reset_column_information
+    list_klass.find_each do |list|
+      if (list.headers_to_meta & ['sig', 'enc']).empty?
+        list.update(headers_to_meta: list.headers_to_meta + ['sig', 'enc'])
+      end
+    end
+  end
+
+  def down
+    change_column_default :lists, :headers_to_meta, '["from", "to", "cc", "date"]'
+    list_klass = create_list_klass
+    list_klass.reset_column_information
+    list_klass.find_each do |list|
+      list.update(headers_to_meta: list.headers_to_meta - ['enc','sig'])
+    end
+  end
+
+  def create_list_klass
+    # Use a temporary class-definition to be independent of the
+    # complexities of the actual class.
+    Class.new(ActiveRecord::Base) do
+      self.table_name = 'lists'
+      self.serialize :headers_to_meta, JSON
+    end
+  end
+end

data/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170713215059) do
+ActiveRecord::Schema.define(version: 20180110203100) do
 
   create_table "lists", force: :cascade do |t|
     t.datetime "created_at"
@@ -24,7 +24,7 @@ ActiveRecord::Schema.define(version: 20170713215059) do
     t.string   "subject_prefix_out",                          limit: 255, default: ""
     t.string   "openpgp_header_preference",                   limit: 255, default: "signencrypt"
     t.text     "public_footer",                                           default: ""
-    t.text     "headers_to_meta",                                         default: "[\"from\", \"to\", \"date\", \"cc\"]"
+    t.text     "headers_to_meta",                                         default: "[\"from\", \"to\", \"cc\", \"date\", \"sig\", \"enc\"]"
     t.text     "bounces_drop_on_headers",                                 default: "{\"x-spam-flag\":\"yes\"}"
     t.text     "keywords_admin_only",                                     default: "[\"subscribe\", \"unsubscribe\", \"delete-key\"]"
     t.text     "keywords_admin_notify",                                   default: "[\"add-key\"]"

data/etc/list-defaults.yml

@@ -26,7 +26,7 @@ receive_authenticated_only: false
 # NOTE: This is a very weak restriction mechanism on which you should not rely,
 #       as sending addresses can easily be faked! We recommend you to rather
 #       rely on the `receive_authenticated_only` option. Setting the
-#       `receive_authenticated_only` option to true, will authenticated senders
+#       `receive_authenticated_only` option to true, will authenticate senders
 #       based on the signature on the mail, which is the strongest
 #       authentication mechanism you can get.
 #       This option could be useful, if you would like to have a closed
@@ -43,6 +43,8 @@ headers_to_meta:
 - to
 - cc
 - date
+- sig
+- enc
 
 # Preserve the Message-IDs (In-Reply-To, References) from the incoming email.
 # This setting can lead to information leakage, as replies are connectable
@@ -97,7 +99,7 @@ include_list_headers: true
 # Include OpenPGP-Header into emails?
 include_openpgp_header: true
 
-# Prefered way to receive emails to note in OpenPGP-Header
+# Preferred way to receive emails to note in OpenPGP-Header
 # ('sign'|'encrypt'|'signencrypt'|'unprotected'|'none')
 openpgp_header_preference: signencrypt
 

data/etc/schleuder.yml

@@ -7,6 +7,17 @@ listlogs_dir: /var/lib/schleuder/lists
 # Schleuder reads plugins also from this directory.
 plugins_dir: /etc/schleuder/plugins
 
+# Schleuder reads filters also from this directory path,
+# in the specific pre_decryption or post_decryption subdirectory.
+# Filter files must follow the following convention for the
+# filename: \d+_a_name.rb
+# Where \d+ is any number, that defines the place in the
+# list of filters and a_name must match the method name
+# of the filter.
+# The built-in filters are using round numbers for their
+# positioning within the list. Increased by ten.
+filters_dir: /usr/local/lib/schleuder/filters
+
 # How verbose should Schleuder log to syslog? (list-specific messages are written to the list's log-file).
 log_level: warn
 

data/lib/schleuder-api-daemon.rb

@@ -3,12 +3,18 @@
 # Make sinatra use production as default-environment
 ENV['RACK_ENV'] ||= 'production'
 
+$LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
 require 'sinatra/base'
 require 'sinatra/json'
 require 'sinatra/namespace'
 require 'thin'
-require_relative '../lib/schleuder.rb'
-
+require 'schleuder'
+require 'schleuder-api-daemon/routes/status'
+require 'schleuder-api-daemon/routes/version'
+require 'schleuder-api-daemon/routes/list'
+require 'schleuder-api-daemon/routes/subscription'
+require 'schleuder-api-daemon/routes/key'
+require 'schleuder-api-daemon/helpers/schleuder-api-daemon-helper'
 
 %w[tls_cert_file tls_key_file].each do |config_key|
   path = Conf.api[config_key]
@@ -19,7 +25,7 @@ require_relative '../lib/schleuder.rb'
 end
 
 class SchleuderApiDaemon < Sinatra::Base
-  register Sinatra::Namespace
+  helpers SchleuderApiDaemonHelper
 
   configure do
     set :server, :thin
@@ -57,357 +63,6 @@ class SchleuderApiDaemon < Sinatra::Base
     'Not found'
   end
 
-  get '/status.json' do
-    json status: :ok
-  end
-
-  get '/version.json' do
-    json version: Schleuder::VERSION
-  end
-
-  helpers do
-    def valid_credentials?
-      @auth ||=  Rack::Auth::Basic::Request.new(request.env)
-      if @auth.provided? && @auth.basic? && @auth.credentials.present?
-        username, api_key = @auth.credentials
-        username == 'schleuder' && Conf.api_valid_api_keys.include?(api_key)
-      else
-        false
-      end
-    end
-
-    def authenticate!
-      # Be careful to use path_info() — it can be changed by other filters!
-      return if request.path_info == '/status.json'
-      if ! valid_credentials?
-        headers['WWW-Authenticate'] = 'Basic realm="Schleuder API Daemon"'
-        halt 401, "Not authorized\n"
-      end
-    end
-
-    def list(id_or_email=nil)
-      if id_or_email.blank?
-        if params[:list_id].present?
-          id_or_email = params[:list_id]
-        else
-          client_error "Parameter list_id is required"
-        end
-      end
-      if is_an_integer?(id_or_email)
-        list = List.where(id: id_or_email).first
-      else
-        # list_id is actually an email address
-        list = List.where(email: id_or_email).first
-      end
-      list || halt(404)
-    end
-
-    def subscription(id_or_email)
-      if is_an_integer?(id_or_email)
-        sub = Subscription.where(id: id_or_email.to_i).first
-      else
-        # Email
-        if params[:list_id].blank?
-          client_error "Parameter list_id is required when using email as identifier for subscriptions."
-        else
-          sub = list.subscriptions.where(email: id_or_email).first
-        end
-      end
-      sub || halt(404)
-    end
-
-    def requested_list_id
-      # ActiveResource doesn't want to use query-params with create(), so here
-      # list_id might be included in the request-body.
-      params['list_id'] || parsed_body['list_id'] || client_error('Need list_id')
-    end
-
-    def parsed_body
-      @parsed_body ||= begin
-          b = JSON.parse(request.body.read)
-          logger.debug "parsed body: #{b.inspect}"
-          b
-        end
-    end
-
-    def server_error(msg)
-      logger.warn msg
-      halt(500, json(error: msg))
-    end
-
-    # TODO: unify error messages. This method currently sends an old error format. See <https://github.com/rails/activeresource/blob/d6a5186/lib/active_resource/base.rb#L227>.
-    def client_error(obj_or_msg, http_code=400)
-      text = case obj_or_msg
-             when String, Symbol
-               obj_or_msg.to_s
-             when ActiveRecord::Base
-               obj_or_msg.errors.full_messages
-             else
-               obj_or_msg
-             end
-      logger.error "Sending error to client: #{text.inspect}"
-      halt(http_code, json(errors: text))
-    end
-
-    # poor persons type casting
-    def cast_param_values
-      params.each do |key, value|
-        params[key] =
-            case value
-            when 'true' then true
-            when 'false' then false
-            when '0' then 0
-            when is_an_integer?(value) then value.to_i
-            else value
-            end
-      end
-    end
-
-    def key_to_hash(key, include_keydata=false)
-      hash = {
-        fingerprint: key.fingerprint,
-        email: key.email,
-        expiry: key.expires,
-        generated_at: key.generated_at,
-        primary_uid: key.primary_uid.uid,
-        oneline: key.oneline,
-        trust_issues: key.usability_issue
-      }
-      if include_keydata
-        hash[:description] = key.to_s
-        hash[:ascii] = key.armored
-      end
-      hash
-    end
-
-    def set_x_messages(messages)
-      if messages.present?
-        headers 'X-Messages' => Array(messages).join(' // ').gsub(/\n/, ' // ')
-      end
-    end
-
-    def find_key_material
-      key_material = parsed_body['key_material'].presence
-      # By convention key_material is either ASCII or base64-encoded.
-      if key_material && ! key_material.match('BEGIN PGP')
-        key_material = Base64.decode64(key_material)
-      end
-      key_material
-    end
-
-    def find_attributes_from_body(attribs)
-      Array(attribs).inject({}) do |memo, attrib|
-        if parsed_body.has_key?(attrib)
-          memo[attrib] = parsed_body[attrib]
-        end
-        memo
-      end
-    end
-
-    def is_an_integer?(input)
-      input.to_s.match(/^[0-9]+$/).present?
-    end
-  end
-
-  namespace '/lists' do
-    get '.json' do
-      json List.all, include: :subscriptions
-    end
-
-    post '.json' do
-      listname = parsed_body['email']
-      fingerprint = parsed_body['fingerprint']
-      adminaddress = parsed_body['adminaddress']
-      adminfingerprint = parsed_body['adminfingerprint']
-      adminkey = parsed_body['adminkey']
-      list, messages = ListBuilder.new({email: listname, fingerprint: fingerprint}, adminaddress, adminfingerprint, adminkey).run
-      if list.nil?
-        client_error(messages, 422)
-      elsif ! list.valid?
-        client_error(list, 422)
-      else
-        set_x_messages(messages)
-        body json(list)
-      end
-    end
-
-    get '/configurable_attributes.json' do
-      json(List.configurable_attributes) + "\n"
-    end
-
-    post '/send_list_key_to_subscriptions.json' do
-      json(result: list.send_list_key_to_subscriptions)
-    end
-
-    get '/new.json' do
-      json List.new
-    end
-
-    get '/:id.json' do |id|
-      json list(id)
-    end
-
-    put '/:id.json' do |id|
-      list = list(id)
-      if list.update(parsed_body)
-        204
-      else
-        client_error(list)
-      end
-    end
-
-    patch '/:id.json' do |id|
-      list = list(id)
-      if list.update(parsed_body)
-        204
-      else
-        client_error(list)
-      end
-    end
-
-    delete '/:id.json' do |id|
-      list = list(id)
-      if list.destroy
-        200
-      else
-        client_error(list)
-      end
-    end
-  end
-
-  namespace '/subscriptions' do
-    get '.json' do
-      filterkeys = Subscription.configurable_attributes + [:list_id, :email]
-      filter = params.select do |param|
-        filterkeys.include?(param.to_sym)
-      end
-
-      logger.debug "Subscription filter: #{filter.inspect}"
-      if filter['list_id'] && ! is_an_integer?(filter['list_id'])
-        # Value is an email-address
-        if list = List.where(email: filter['list_id']).first
-          filter['list_id'] = list.id
-        else
-          status 404
-          return json(errors: 'No such list')
-        end
-      end
-
-      json Subscription.where(filter)
-    end
-
-    post '.json' do
-      begin
-        list = list(requested_list_id)
-        # We don't have to care about nil-values, subscribe() does that for us.
-        sub, msgs = list.subscribe(
-            parsed_body['email'],
-            parsed_body['fingerprint'],
-            parsed_body['admin'],
-            parsed_body['delivery_enabled'],
-            find_key_material
-          )
-        set_x_messages(msgs)
-        logger.debug "subcription: #{sub.inspect}"
-        if sub.valid?
-          logger.debug "Subscribed: #{sub.inspect}"
-          # TODO: why redirect instead of respond with result?
-          redirect to("/subscriptions/#{sub.id}.json"), 201
-        else
-          client_error(sub, 422)
-        end
-      rescue ActiveRecord::RecordNotUnique
-        logger.error "Already subscribed"
-        status 422
-        json errors: {email: ['is already subscribed']}
-      end
-    end
-
-    get '/configurable_attributes.json' do
-      json(Subscription.configurable_attributes) + "\n"
-    end
-
-    get '/new.json' do
-      json Subscription.new
-    end
-
-    get '/:id.json' do |id|
-      json subscription(id)
-    end
-
-    put '/:id.json' do |id|
-      sub = subscription(id)
-      list = sub.list
-      args = find_attributes_from_body(%w[email fingerprint admin delivery_enabled])
-      fingerprint, messages = list.import_key_and_find_fingerprint(find_key_material)
-      set_x_messages(messages)
-      # For an already existing subscription, only update fingerprint if a
-      # new one has been selected from the upload.
-      if fingerprint.present?
-        args["fingerprint"] = fingerprint
-      end
-      if sub.update(args)
-        200
-      else
-        client_error(sub, 422)
-      end
-    end
-
-    patch '/:id.json' do |id|
-      sub = subscription(id)
-      if sub.update(parsed_body)
-        200
-      else
-        client_error(sub)
-      end
-    end
-
-    delete '/:id.json' do |id|
-      if sub = subscription(id).destroy
-        200
-      else
-        client_error(sub)
-      end
-    end
-  end
-
-  namespace '/keys' do
-    get '.json' do
-      keys = list.keys.sort_by(&:email).map do |key|
-        key_to_hash(key)
-      end
-      json keys
-    end
-
-    post '.json' do
-      input = parsed_body['keymaterial']
-      if ! input.match('BEGIN PGP')
-        input = Base64.decode64(input)
-      end
-      json list(requested_list_id).import_key(input)
-    end
-
-    get '/check_keys.json' do
-      json result: list.check_keys
-    end
-
-    get '/:fingerprint.json' do |fingerprint|
-      if key = list.key(fingerprint)
-        json key_to_hash(key, true)
-      else
-        404
-      end
-    end
-
-    delete '/:fingerprint.json' do |fingerprint|
-      if list.delete_key(fingerprint)
-        200
-      else
-        404
-      end
-    end
-  end
-
   def self.run!
     super do |server|
       server.ssl = true