def get_vcards(self):
if not self.config.active:
return []
gnupg = GnuPG()
gnupg.passphrase = self.session.config.gnupg_passphrase.get_reader()
keys = gnupg.list_keys()
results = []
vcards = {}
for key_id, key in keys.iteritems():
vcls = [VCardLine(name='KEY', value=self.VCL_KEY_FMT % key_id)]
card = None
emails = []
for uid in key.get('uids', []):
if uid.get('email'):
vcls.append(VCardLine(name='email', value=uid['email']))
card = card or vcards.get(uid['email'])
emails.append(uid['email'])
if uid.get('name'):
name = uid['name']
vcls.append(VCardLine(name='fn', value=name))
if card and emails:
card.add(*vcls)
elif emails:
# This is us taking care to only create one card for each
# set of e-mail addresses.
card = MailpileVCard(*vcls)
for email in emails:
vcards[email] = card
results.append(card)
return results
def get_vcards(self):
if not self.config.active:
return []
gnupg = GnuPG()
gnupg.passphrase = self.session.config.gnupg_passphrase.get_reader()
keys = gnupg.list_keys()
results = []
vcards = {}
for key_id, key in keys.iteritems():
vcls = [VCardLine(name='KEY', value=self.VCL_KEY_FMT % key_id)]
card = None
emails = []
for uid in key.get('uids', []):
if uid.get('email'):
vcls.append(VCardLine(name='email', value=uid['email']))
card = card or vcards.get(uid['email'])
emails.append(uid['email'])
if uid.get('name'):
name = uid['name']
vcls.append(VCardLine(name='fn', value=name))
if card and emails:
card.add(*vcls)
elif emails:
# This is us taking care to only create one card for each
# set of e-mail addresses.
card = MailpileVCard(*vcls)
for email in emails:
vcards[email] = card
results.append(card)
return results
def _import_key(self, result, keytype):
if keytype == "openpgp":
g = GnuPG()
if self.config:
g.passphrase = self.config.gnupg_passphrase.get_reader()
res = g.import_keys(result[keytype])
if len(res["updated"]):
self._managed_keys_add(result["address"], keytype)
return res
else:
# We currently only support OpenPGP keys
return False
def _import_key(self, result, keytype):
if keytype == "openpgp":
g = GnuPG()
if self.config:
g.passphrase = self.config.gnupg_passphrase.get_reader()
res = g.import_keys(result[keytype])
if len(res["updated"]):
self._managed_keys_add(result["address"], keytype)
return res
else:
# We currently only support OpenPGP keys
return False
def _do_login(self, user, password, load_index=False, redirect=False):
session, config = self.session, self.session.config
session_id = self.session.ui.html_variables.get('http_session')
# This prevents folks from sending us a DEFAULT user (upper case),
# which is an internal security bypass below.
user = user and user.lower()
if not user:
from mailpile.config import SecurePassphraseStorage
sps = SecurePassphraseStorage(password)
password = ''
try:
# Verify the passphrase
gpg = GnuPG(use_agent=False)
if gpg.is_available():
gpg.passphrase = sps.get_reader()
assert(gpg.sign('Sign This!')[0] == 0)
# Store the varified passphrase
config.gnupg_passphrase.data = sps.data
# Load the config and index, if necessary
if not config.loaded_config:
self._config()
if load_index:
self._idx()
else:
pass # FIXME: Start load in background
session.ui.debug('Good passphrase for %s' % session_id)
return self._logged_in(redirect=redirect)
else:
session.ui.debug('No GnuPG, checking DEFAULT user')
# No GnuPG, see if there is a DEFAULT user in the config
user = '******'
except (AssertionError, IOError):
session.ui.debug('Bad passphrase for %s' % session_id)
return self._error(_('Invalid passphrase, please try again'))
if user in config.logins or user == 'DEFAULT':
# FIXME: Salt and hash the password, check if it matches
# the entry in our user/password list (TODO).
# NOTE: This hack effectively disables auth without GnUPG
if user == 'DEFAULT':
session.ui.debug('FIXME: Unauthorized login allowed')
return self._logged_in(redirect=redirect)
raise Exception('FIXME')
self._error(_('Incorrect username or password'))
def VerifyAndStorePassphrase(config, passphrase=None, sps=None):
if passphrase and not sps:
from mailpile.config import SecurePassphraseStorage
sps = SecurePassphraseStorage(passphrase)
passphrase = 'this probably does not really overwrite :-( '
assert(sps is not None)
gpg = GnuPG(use_agent=False)
if gpg.is_available():
gpg.passphrase = sps.get_reader()
gpgr = config.prefs.gpg_recipient
gpgr = gpgr if (gpgr not in (None, '', '!CREATE')) else None
assert(gpg.sign('Sign This!', fromkey=gpgr)[0] == 0)
return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None, key=None):
if passphrase and not sps:
from mailpile.config import SecurePassphraseStorage
sps = SecurePassphraseStorage(passphrase)
passphrase = 'this probably does not really overwrite :-( '
assert (sps is not None)
gpg = GnuPG(use_agent=False)
if gpg.is_available():
gpg.passphrase = sps.get_reader()
gpgr = config.prefs.gpg_recipient
gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None)
assert (gpg.sign('Sign This!', fromkey=gpgr)[0] == 0)
return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None, key=None):
if passphrase and not sps:
from mailpile.config import SecurePassphraseStorage
sps = SecurePassphraseStorage(passphrase)
passphrase = 'this probably does not really overwrite :-( '
assert (sps is not None)
gpg = GnuPG(None, use_agent=False)
if gpg.is_available():
gpg.passphrase = sps.get_reader()
gpgr = config.prefs.gpg_recipient
gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None)
assert (gpg.sign('Sign This!', fromkey=gpgr)[0] == 0)
# Fun side effect: changing the passphrase invalidates the message cache
import mailpile.mailutils
mailpile.mailutils.ClearParseCache(full=True)
return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None,
key=None):
if passphrase and not sps:
from mailpile.config import SecurePassphraseStorage
sps = SecurePassphraseStorage(passphrase)
passphrase = 'this probably does not really overwrite :-( '
assert(sps is not None)
gpg = GnuPG(None, use_agent=False)
if gpg.is_available():
gpg.passphrase = sps.get_reader()
gpgr = config.prefs.gpg_recipient
gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None)
assert(gpg.sign('Sign This!', fromkey=gpgr)[0] == 0)
# Fun side effect: changing the passphrase invalidates the message cache
import mailpile.mailutils
mailpile.mailutils.ClearParseCache(full=True)
return sps
def _GnuPG(session):
gpg = GnuPG()
if session and session.config:
gpg.passphrase = session.config.gnupg_passphrase.get_reader()
return gpg
def _GnuPG(session):
gpg = GnuPG()
if session and session.config:
gpg.passphrase = session.config.gnupg_passphrase.get_reader()
return gpg
