schleuder 3.6.0 → 4.0.0

data/lib/schleuder/keyword_handlers/sign_this.rb

@@ -0,0 +1,54 @@
+module Schleuder
+  module KeywordHandlers
+    class SignThis < Base
+      handles_request_keyword 'sign-this', with_method: :sign_this
+
+      def sign_this
+        if @mail.has_attachments?
+          @list.logger.debug "Signing each attachment's body"
+          intro = I18n.t('keyword_handlers.sign_this.signatures_attached')
+          parts = @mail.attachments.map do |attachment|
+            make_signature_part(attachment)
+          end
+          [intro, parts].flatten
+        elsif @mail.first_plaintext_part.body.to_s.present?
+          @list.logger.debug 'Clear-signing first available text/plain part'
+          clearsign(@mail.first_plaintext_part.body.to_s)
+        else
+          @list.logger.debug 'Found no attachments and an empty body - sending error message'
+          I18n.t('keyword_handlers.sign_this.no_content_found')
+        end
+      end
+
+
+      private
+
+
+      def make_signature_part(attachment)
+        material = attachment.body.to_s
+        return nil if material.strip.blank?
+        file_basename = attachment.filename.presence || Digest::SHA256.hexdigest(material)
+        @list.logger.debug "Signing #{file_basename}"
+        filename = "#{file_basename}.sig"
+        part = Mail::Part.new
+        part.body = detachsign(material)
+        part.content_type = 'application/pgp-signature'
+        part.content_disposition = "attachment; filename=#{filename}"
+        part.content_description = "OpenPGP signature for '#{file_basename}'"
+        part
+      end
+
+      def detachsign(thing)
+        crypto.sign(thing, mode: GPGME::SIG_MODE_DETACH).to_s
+      end
+
+      def clearsign(string)
+        crypto.clearsign(string.to_s).to_s
+      end
+
+      def crypto
+        @crypto ||= GPGME::Crypto.new(armor: true)
+      end
+    end
+  end
+end

data/lib/schleuder/keyword_handlers/subscription_management.rb

@@ -0,0 +1,213 @@
+module Schleuder
+  module KeywordHandlers
+    class SubscriptionManangement < Base
+      handles_request_keyword 'subscribe', with_method: :subscribe
+      handles_request_keyword 'unsubscribe', with_method: :unsubscribe
+      handles_request_keyword 'list-subscriptions', with_method: :list_subscriptions
+      handles_request_keyword 'set-fingerprint', with_method: :set_fingerprint
+      handles_request_keyword 'unset-fingerprint', with_method: :unset_fingerprint
+
+      def subscribe
+        if @arguments.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.subscribe_requires_arguments'
+          )
+        end
+
+        email = @arguments.shift.to_s.downcase
+
+        if @arguments.present?
+          # Collect all arguments that look like fingerprint-material
+          fingerprint = ''
+          while @arguments.first.present? && @arguments.first.match(/^(0x)?[a-f0-9]+$/i)
+            fingerprint << @arguments.shift.downcase
+          end
+          # Use possibly remaining args as flags.
+          adminflag = @arguments.shift.to_s.downcase.presence
+          deliveryflag = @arguments.shift.to_s.downcase.presence
+        end
+
+        sub, _ = @list.subscribe(email, fingerprint, adminflag, deliveryflag)
+
+        if sub.persisted?
+          I18n.t(
+            'keyword_handlers.subscription_management.subscribed',
+            email: sub.email,
+            fingerprint: sub.fingerprint,
+            admin: sub.admin,
+            delivery_enabled: sub.delivery_enabled
+          )
+        else
+          I18n.t(
+            'keyword_handlers.subscription_management.subscribing_failed',
+            email: sub.email,
+            errors: sub.errors.full_messages.join(".\n")
+          )
+        end
+      end
+
+      def unsubscribe
+        # If no address was given we unsubscribe the sender.
+        email = @arguments.first.to_s.downcase.presence || @mail.signer.email
+
+        # Refuse to unsubscribe the last admin.
+        if @list.admins.size == 1 && @list.admins.first.email == email
+          return I18n.t(
+            'keyword_handlers.subscription_management.cannot_unsubscribe_last_admin', email: email
+          )
+        end
+
+        # TODO: May signers have multiple UIDs? We don't match those currently.
+        if ! @list.from_admin?(@mail) && email != @mail.signer.email
+          # Only admins may unsubscribe others.
+          return I18n.t(
+            'keyword_handlers.subscription_management.forbidden', email: email
+          )
+        end
+
+        sub = @list.subscriptions.where(email: email).first
+
+        if sub.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.is_not_subscribed', email: email
+          )
+        end
+
+        if res = sub.delete
+          I18n.t(
+            'keyword_handlers.subscription_management.unsubscribed', email: email
+          )
+        else
+          I18n.t(
+            'keyword_handlers.subscription_management.unsubscribing_failed',
+            email: email,
+            error: res.errors.to_a
+          )
+        end
+      end
+
+      def list_subscriptions
+        subs = if @arguments.blank?
+                  @list.subscriptions.all.to_a
+               else
+                 @arguments.map do |argument|
+                   @list.subscriptions.where('email like ?', "%#{argument}%").to_a
+                 end.flatten
+               end
+
+        if subs.blank?
+          return nil
+        end
+
+        out = [ I18n.t('keyword_handlers.subscription_management.list_of_subscriptions') ]
+
+        out << subs.map do |subscription|
+          # Fingerprints are at most 40 characters long, and lines shouldn't
+          # exceed 80 characters if possible.
+          s = subscription.email
+          if subscription.fingerprint.present?
+            s << "\t0x#{subscription.fingerprint}"
+          end
+          if ! subscription.delivery_enabled?
+            s << "\tDelivery disabled!"
+          end
+          s
+        end
+
+        out.join("\n")
+      end
+
+      def set_fingerprint
+        if @arguments.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.set_fingerprint_requires_arguments'
+          )
+        end
+
+        if @arguments.first.match(/@/)
+          email = @arguments.shift.downcase
+          if email != @mail.signer.email && ! @list.from_admin?(@mail)
+            return I18n.t(
+              'keyword_handlers.subscription_management.set_fingerprint_only_self'
+            )
+          end
+        else
+          email = @mail.signer.email
+        end
+
+        sub = @list.subscriptions.where(email: email).first
+
+        if sub.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.is_not_subscribed', email: email
+          )
+        end
+
+        fingerprint = @arguments.join
+        unless GPGME::Key.valid_fingerprint?(fingerprint)
+          return I18n.t(
+            'keyword_handlers.subscription_management.set_fingerprint_requires_valid_fingerprint',
+            fingerprint: fingerprint
+          )
+        end
+
+        sub.fingerprint = fingerprint
+        if sub.save
+          I18n.t(
+            'keyword_handlers.subscription_management.fingerprint_set',
+            email: email,
+            fingerprint: sub.fingerprint
+          )
+        else
+          I18n.t(
+            'keyword_handlers.subscription_management.setting_fingerprint_failed',
+            email: email,
+            fingerprint: sub.fingerprint,
+            errors: sub.errors.to_a.join("\n")
+          )
+        end
+      end
+
+      def unset_fingerprint
+        if @arguments.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.unset_fingerprint_requires_arguments'
+          )
+        end
+
+        email = @arguments.shift.to_s.downcase
+        if email != @mail.signer.email && ! @list.from_admin?(mail)
+            return I18n.t(
+              'keyword_handlers.subscription_management.unset_fingerprint_only_self'
+            )
+        end
+        if email == @mail.signer.email && @list.from_admin?(@mail) && @arguments.last.to_s.downcase != 'force'
+          return I18n.t(
+            'keyword_handlers.subscription_management.unset_fingerprint_requires_arguments'
+          )
+        end
+
+        sub = @list.subscriptions.where(email: email).first
+        if sub.blank?
+          return I18n.t(
+            'keyword_handlers.subscription_management.is_not_subscribed', email: email
+          )
+        end
+
+        sub.fingerprint = ''
+        if sub.save
+          I18n.t(
+            'keyword_handlers.subscription_management.fingerprint_unset',
+            email: email
+          )
+        else
+          I18n.t(
+            'keyword_handlers.subscription_management.unsetting_fingerprint_failed',
+            email: email,
+            errors: sub.errors.to_a.join("\n")
+          )
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/keyword_handlers_runner.rb

@@ -0,0 +1,146 @@
+module Schleuder
+  class KeywordHandlersRunner
+    REGISTERED_KEYWORDS = {list: {}, request: {}}
+    RESERVED_KEYWORDS = %w[list-name]
+
+    class << self
+      attr_reader :keywords
+
+      def register_keyword(type:, keyword:, handler_class:, handler_method:, aliases:)
+        assert_valid_input!(type: type, keyword: keyword, handler_class: handler_class, handler_method: handler_method)
+
+        identifiers = [keyword] + Array(aliases)
+        identifiers.each do |identifier|
+          REGISTERED_KEYWORDS[type.to_sym][identifier.to_s.dasherize] = {
+              klass: handler_class,
+              method: handler_method.to_sym
+            }
+        end
+      end
+
+      def run(type:, list:, mail:)
+        list.logger.debug "Starting #{self}"
+        assert_valid_type!(type)
+        load_additional_keyword_handlers
+
+        error = check_unknown_keywords(mail, type)
+        return error if error.present?
+
+        error = check_mandatory_keywords(mail, list)
+        return [error] if error.present?
+
+        output = mail.keywords.map do |keyword, arguments|
+          if ! is_reserved_keyword?(keyword)
+            run_handler(mail, list, type, keyword.to_s.dasherize, Array(arguments))
+          end
+        end
+
+        output.flatten.compact
+      end
+
+
+      private
+
+
+      def check_unknown_keywords(mail, type)
+        known_keywords = REGISTERED_KEYWORDS[type.to_sym].keys + RESERVED_KEYWORDS
+        given_keywords = mail.keywords.map(&:first)
+        unknown_keywords = given_keywords - known_keywords
+        if unknown_keywords.present?
+          error_messages = unknown_keywords.map do |keyword|
+            I18n.t('errors.unknown_keyword', keyword: keyword)
+          end
+          return error_messages
+        end
+      end
+
+      def run_handler(mail, list, type, keyword, arguments)
+        list.logger.debug "run_handler() with keyword '#{keyword}'"
+
+        if list.admin_only?(keyword) && !list.from_admin?(mail)
+          return Schleuder::Errors::KeywordAdminOnly.new(keyword).to_s
+        end
+
+        keyword_data = REGISTERED_KEYWORDS[type.to_sym][keyword]
+        handler_class = keyword_data[:klass]
+        handler_method = keyword_data[:method]
+        output = handler_class.new(mail: mail, arguments: arguments).send(handler_method)
+
+        if list.keywords_admin_notify.include?(keyword)
+          notify_admins(type, mail, list, keyword, arguments, output)
+        end
+        return output
+      rescue => exc
+        # Log to system, this information is probably more useful for
+        # system-admins than for list-admins.
+        Schleuder.logger.error(exc.message_with_backtrace)
+        I18n.t('keyword_handlers.handler_failed', keyword: keyword)
+      end
+
+      def notify_admins(type, mail, list, keyword, arguments, response)
+        msg = I18n.t("keyword_handlers.keyword_admin_notify.#{type}",
+                      sender: mail.signer,
+                      keyword: keyword,
+                      arguments: arguments.join(' '),
+                      response: Array(response).join("\n\n")
+                    )
+        list.logger.notify_admin(msg, nil, 'Notice')
+      end
+
+      def load_additional_keyword_handlers
+        Dir["#{Schleuder::Conf.keyword_handlers_dir}/*.rb"].each do |file|
+          load file
+        end
+      end
+
+      def check_mandatory_keywords(mail, list)
+        return nil if mail.keywords.blank?
+
+        listname_keyword = mail.keywords.assoc('list-name')
+        if listname_keyword.blank?
+          return I18n.t(:missing_listname_keyword_error)
+        else
+          listname_args = listname_keyword.last
+          if ! [list.email, list.request_address].include?(listname_args.first)
+            return I18n.t(:wrong_listname_keyword_error)
+          end
+        end
+      end
+
+      def is_reserved_keyword?(keyword)
+        RESERVED_KEYWORDS.include?(keyword)
+      end
+
+      def assert_valid_input!(type:, keyword:, handler_class:, handler_method:)
+        assert_valid_type!(type)
+        assert_valid_keyword!(keyword)
+        assert_valid_handler_class!(handler_class)
+        assert_valid_handler_method!(handler_method)
+      end
+
+      def assert_valid_type!(type)
+        if ! REGISTERED_KEYWORDS.keys.include?(type)
+          raise ArgumentError.new("Argument must be one of #{REGISTERED_KEYWORDS.keys.inspect}, got: #{type.inspect}")
+        end
+      end
+
+      def assert_valid_keyword!(keyword)
+        if keyword.blank?
+          raise ArgumentError.new("Invalid keyword: #{keyword.inspect}")
+        end
+      end
+
+      def assert_valid_handler_class!(handler_class)
+        if ! handler_class.is_a?(Class)
+          raise ArgumentError.new("Invalid input for handler_class: #{handler_class.inspect} is not a class")
+        end
+      end
+
+      def assert_valid_handler_method!(handler_method)
+        if handler_method.blank?
+          raise ArgumentError.new("Invalid input for handler_method: #{handler_method.inspect} is not a valid method name")
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/list.rb

@@ -29,14 +29,14 @@ module Schleuder
         :keywords_admin_notify do |record, attrib, value|
           value.each do |word|
             if word !~ /\A[a-z_-]+\z/i
-              record.errors.add(attrib, I18n.t("errors.invalid_characters"))
+              record.errors.add(attrib, I18n.t('errors.invalid_characters'))
             end
           end
         end
     validates_each :bounces_drop_on_headers do |record, attrib, value|
           value.each do |key, val|
             if key.to_s !~ /\A[a-z-]+\z/i || val.to_s !~ /\A[[:graph:]]+\z/i
-              record.errors.add(attrib, I18n.t("errors.invalid_characters"))
+              record.errors.add(attrib, I18n.t('errors.invalid_characters'))
             end
           end
         end
@@ -108,10 +108,6 @@ module Schleuder
       subscriptions.where(admin: true)
     end
 
-    def subscriptions_without_fingerprint
-      subscriptions.without_fingerprint
-    end
-
     def key(fingerprint=self.fingerprint)
       keys(fingerprint).first
     end
@@ -124,17 +120,6 @@ module Schleuder
       gpg.find_keys(identifier, secret_only)
     end
 
-    # TODO: find better name for this method. It does more than the current
-    # name suggests (filtering for capability).
-    def distinct_key(identifier)
-      keys = keys(identifier).select { |key| key.usable_for?(:encrypt) }
-      if keys.size == 1
-        return keys.first
-      else
-        return nil
-      end
-    end
-
     def import_key(importable)
       gpg.keyimport(importable)
     end
@@ -193,19 +178,19 @@ module Schleuder
       end
 
       text = ''
-      expiring.each do |key,days|
-        text << I18n.t('key_expires', {
+      expiring.each do |key, days|
+        text << I18n.t('key_expires',
                           days: days,
-                          key_oneline: key.oneline
-                      })
+                          key_summary: key.summary
+                      )
         text << "\n"
       end
 
-      unusable.each do |key,usability_issue|
-        text << I18n.t('key_unusable', {
+      unusable.each do |key, usability_issue|
+        text << I18n.t('key_unusable',
                           usability_issue: usability_issue,
-                          key_oneline: key.oneline
-                      })
+                          key_summary: key.summary
+                      )
         text << "\n"
       end
       text
@@ -219,19 +204,6 @@ module Schleuder
       gpg.fetch_key(input)
     end
 
-    def pin_keys
-      updated_emails = subscriptions_without_fingerprint.collect do |subscription|
-        key = distinct_key(subscription.email)
-        if key
-          subscription.update(fingerprint: key.fingerprint)
-          "#{subscription.email}: #{key.fingerprint}"
-        else
-          nil
-        end
-      end
-      updated_emails.compact.join("\n")
-    end
-
     def self.by_recipient(recipient)
       listname = recipient.gsub(/-(sendkey|request|owner|bounce)@/, '@')
       where(email: listname).first
@@ -368,7 +340,7 @@ module Schleuder
     end
 
     def send_to_subscriptions(mail, incoming_mail=nil)
-      logger.debug "Sending to subscriptions."
+      logger.debug 'Sending to subscriptions.'
       mail.add_internal_footer!
       self.subscriptions.each do |subscription|
         begin