async def workspace_start_reencryption(
self, workspace_id: EntryID) -> ReencryptionJob:
"""
Raises:
FSError
FSBackendOfflineError
FSWorkspaceNoAccess
FSWorkspaceNotFoundError
"""
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(
f"Unknown workspace `{workspace_id}`")
timestamp = self.device.timestamp()
new_workspace_entry = workspace_entry.evolve(
encryption_revision=workspace_entry.encryption_revision + 1,
encrypted_on=timestamp,
key=SecretKey.generate(),
)
while True:
# In order to provide the new key to each participant, we must
# encrypt a message for each of them
participants = await self._retrieve_participants(workspace_entry.id
)
reencryption_msgs = self._generate_reencryption_messages(
new_workspace_entry, participants, timestamp)
# Actually ask the backend to start the reencryption
ok = await self._send_start_reencryption_cmd(
workspace_entry.id,
new_workspace_entry.encryption_revision,
timestamp,
reencryption_msgs,
)
if not ok:
# Participant list has changed concurrently, retry
continue
else:
break
# Note we don't update the user manifest here, this will be done when
# processing the `realm.updated` message from the backend
return ReencryptionJob(self.backend_cmds, new_workspace_entry,
workspace_entry)
async def workspace_continue_reencryption(self, workspace_id: EntryID) -> ReencryptionJob:
"""
Raises:
FSError
FSBackendOfflineError
FSWorkspaceNoAccess
FSWorkspaceNotFoundError
"""
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(f"Unknown workspace `{workspace_id}`")
# First make sure the workspace is under maintenance
rep = await self.backend_cmds.realm_status(workspace_entry.id)
if rep["status"] == "not_allowed":
raise FSWorkspaceNoAccess(f"Not allowed to access workspace {workspace_id}: {rep}")
elif rep["status"] != "ok":
raise FSError(f"Error while getting status for workspace {workspace_id}: {rep}")
if not rep["in_maintenance"] or rep["maintenance_type"] != MaintenanceType.REENCRYPTION:
raise FSWorkspaceNotInMaintenance("Not in reencryption maintenance")
current_encryption_revision = rep["encryption_revision"]
if rep["encryption_revision"] != workspace_entry.encryption_revision:
raise FSError("Bad encryption revision")
# Must retreive the previous encryption revision's key
version_to_fetch = None
while True:
previous_user_manifest = await self._fetch_remote_user_manifest(
version=version_to_fetch
)
previous_workspace_entry = previous_user_manifest.get_workspace_entry(
workspace_entry.id
)
if not previous_workspace_entry:
raise FSError(
f"Never had access to encryption revision {current_encryption_revision - 1}"
)
if previous_workspace_entry.encryption_revision == current_encryption_revision - 1:
break
else:
version_to_fetch = previous_workspace_entry.version - 1
return ReencryptionJob(self.backend_cmds, workspace_entry, previous_workspace_entry)
async def workspace_continue_reencryption(
self, workspace_id: EntryID) -> ReencryptionJob:
"""
Raises:
FSError
FSBackendOfflineError
FSWorkspaceNoAccess
FSWorkspaceNotFoundError
"""
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(
f"Unknown workspace `{workspace_id}`")
# First make sure the workspace is under maintenance
try:
rep = await self.backend_cmds.realm_status(workspace_entry.id)
except BackendNotAvailable as exc:
raise FSBackendOfflineError(str(exc)) from exc
except BackendConnectionError as exc:
raise FSError(
f"Cannot continue maintenance on workspace {workspace_id}: {exc}"
) from exc
if rep["status"] == "not_allowed":
raise FSWorkspaceNoAccess(
f"Not allowed to access workspace {workspace_id}: {rep}")
elif rep["status"] != "ok":
raise FSError(
f"Error while getting status for workspace {workspace_id}: {rep}"
)
if not rep["in_maintenance"] or rep[
"maintenance_type"] != MaintenanceType.REENCRYPTION:
raise FSWorkspaceNotInMaintenance(
"Not in reencryption maintenance")
if rep["encryption_revision"] != workspace_entry.encryption_revision:
raise FSError("Bad encryption revision")
previous_workspace_entry = await self._get_previous_workspace_entry(
workspace_entry)
return ReencryptionJob(self.backend_cmds, workspace_entry,
previous_workspace_entry)
async def workspace_rename(self, workspace_id: EntryID, new_name: AnyEntryName) -> None:
"""
Raises:
FSWorkspaceNotFoundError
"""
new_name = EntryName(new_name)
async with self._update_user_manifest_lock:
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(f"Unknown workspace `{workspace_id}`")
updated_workspace_entry = workspace_entry.evolve(name=new_name)
updated_user_manifest = user_manifest.evolve_workspaces_and_mark_updated(
updated_workspace_entry
)
await self.set_user_manifest(updated_user_manifest)
self.event_bus.send("fs.entry.updated", id=self.user_manifest_id)
async def workspace_rename(self, workspace_id: EntryID,
new_name: AnyEntryName) -> None:
"""
Raises:
FSWorkspaceNotFoundError
ValueError: if name is passed as str but cannot be converted to `EntryName`
"""
new_name = EntryName(new_name)
async with self._update_user_manifest_lock:
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(
f"Unknown workspace `{workspace_id}`")
updated_workspace_entry = workspace_entry.evolve(name=new_name)
updated_user_manifest = user_manifest.evolve_workspaces_and_mark_updated(
updated_workspace_entry)
await self.set_user_manifest(updated_user_manifest)
self.event_bus.send(CoreEvent.FS_ENTRY_UPDATED,
id=self.user_manifest_id)
async def workspace_rename(self, workspace_id: EntryID,
new_name: EntryName) -> None:
"""
Raises:
FSWorkspaceNotFoundError
"""
assert isinstance(new_name, EntryName)
async with self._update_user_manifest_lock:
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(
f"Unknown workspace `{workspace_id}`")
timestamp = self.device.timestamp()
updated_workspace_entry = workspace_entry.evolve(name=new_name)
updated_user_manifest = user_manifest.evolve_workspaces_and_mark_updated(
timestamp, updated_workspace_entry)
await self.set_user_manifest(updated_user_manifest)
self.event_bus.send(CoreEvent.FS_ENTRY_UPDATED,
id=self.user_manifest_id)
async def workspace_share(
self, workspace_id: EntryID, recipient: UserID, role: Optional[WorkspaceRole]
) -> None:
"""
Raises:
FSError
FSWorkspaceNotFoundError
FSBackendOfflineError
FSSharingNotAllowedError
"""
if self.device.user_id == recipient:
raise FSError("Cannot share to oneself")
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(f"Unknown workspace `{workspace_id}`")
# Make sure the workspace is not a placeholder
await self._workspace_minimal_sync(workspace_entry)
# Retrieve the user
try:
recipient_user, revoked_recipient_user = await self.remote_devices_manager.get_user(
recipient
)
except RemoteDevicesManagerBackendOfflineError as exc:
raise FSBackendOfflineError(str(exc)) from exc
except RemoteDevicesManagerError as exc:
raise FSError(f"Cannot retreive recipient: {exc}") from exc
if revoked_recipient_user:
raise FSError(f"User {recipient} revoked")
# Note we don't bother to check workspace's access roles given they
# could be outdated (and backend will do the check anyway)
now = pendulum_now()
# Build the sharing message
try:
if role is not None:
recipient_message = SharingGrantedMessageContent(
author=self.device.device_id,
timestamp=now,
name=workspace_entry.name,
id=workspace_entry.id,
encryption_revision=workspace_entry.encryption_revision,
encrypted_on=workspace_entry.encrypted_on,
key=workspace_entry.key,
)
else:
recipient_message = SharingRevokedMessageContent(
author=self.device.device_id, timestamp=now, id=workspace_entry.id
)
ciphered_recipient_message = recipient_message.dump_sign_and_encrypt_for(
author_signkey=self.device.signing_key, recipient_pubkey=recipient_user.public_key
)
except DataError as exc:
raise FSError(f"Cannot create sharing message for `{recipient}`: {exc}") from exc
# Build role certificate
role_certificate = RealmRoleCertificateContent(
author=self.device.device_id,
timestamp=now,
realm_id=workspace_id,
user_id=recipient,
role=role,
).dump_and_sign(self.device.signing_key)
# Actually send the command to the backend
try:
rep = await self.backend_cmds.realm_update_roles(
role_certificate, ciphered_recipient_message
)
except BackendNotAvailable as exc:
raise FSBackendOfflineError(str(exc)) from exc
except BackendConnectionError as exc:
raise FSError(f"Error while trying to set vlob group roles in backend: {exc}") from exc
if rep["status"] == "not_allowed":
raise FSSharingNotAllowedError(
f"Must be Owner or Manager on the workspace is mandatory to share it: {rep}"
)
elif rep["status"] == "in_maintenance":
raise FSWorkspaceInMaintenance(
f"Cannot share workspace while it is in maintenance: {rep}"
)
elif rep["status"] == "already_granted":
# Stay idempotent
return
elif rep["status"] != "ok":
raise FSError(f"Error while trying to set vlob group roles in backend: {rep}")
def get_workspace_entry():
user_manifest = self.get_user_manifest()
workspace_entry = user_manifest.get_workspace_entry(workspace_id)
if not workspace_entry:
raise FSWorkspaceNotFoundError(f"Unknown workspace `{workspace_id}`")
return workspace_entry
def find_workspace_from_name(self, workspace_name: str):
for workspace in self.user_fs.get_user_manifest().workspaces:
if workspace_name == workspace.name:
return workspace
raise FSWorkspaceNotFoundError(f"Unknown workspace {workspace_name}")