def get_vcards(self): if not self.config.active: return [] gnupg = GnuPG() gnupg.passphrase = self.session.config.gnupg_passphrase.get_reader() keys = gnupg.list_keys() results = [] vcards = {} for key_id, key in keys.iteritems(): vcls = [VCardLine(name='KEY', value=self.VCL_KEY_FMT % key_id)] card = None emails = [] for uid in key.get('uids', []): if uid.get('email'): vcls.append(VCardLine(name='email', value=uid['email'])) card = card or vcards.get(uid['email']) emails.append(uid['email']) if uid.get('name'): name = uid['name'] vcls.append(VCardLine(name='fn', value=name)) if card and emails: card.add(*vcls) elif emails: # This is us taking care to only create one card for each # set of e-mail addresses. card = MailpileVCard(*vcls) for email in emails: vcards[email] = card results.append(card) return results
def _import_key(self, result, keytype): if keytype == "openpgp": g = GnuPG() if self.config: g.passphrase = self.config.gnupg_passphrase.get_reader() res = g.import_keys(result[keytype]) if len(res["updated"]): self._managed_keys_add(result["address"], keytype) return res else: # We currently only support OpenPGP keys return False
def _do_login(self, user, password, load_index=False, redirect=False): session, config = self.session, self.session.config session_id = self.session.ui.html_variables.get('http_session') # This prevents folks from sending us a DEFAULT user (upper case), # which is an internal security bypass below. user = user and user.lower() if not user: from mailpile.config import SecurePassphraseStorage sps = SecurePassphraseStorage(password) password = '' try: # Verify the passphrase gpg = GnuPG(use_agent=False) if gpg.is_available(): gpg.passphrase = sps.get_reader() assert(gpg.sign('Sign This!')[0] == 0) # Store the varified passphrase config.gnupg_passphrase.data = sps.data # Load the config and index, if necessary if not config.loaded_config: self._config() if load_index: self._idx() else: pass # FIXME: Start load in background session.ui.debug('Good passphrase for %s' % session_id) return self._logged_in(redirect=redirect) else: session.ui.debug('No GnuPG, checking DEFAULT user') # No GnuPG, see if there is a DEFAULT user in the config user = '******' except (AssertionError, IOError): session.ui.debug('Bad passphrase for %s' % session_id) return self._error(_('Invalid passphrase, please try again')) if user in config.logins or user == 'DEFAULT': # FIXME: Salt and hash the password, check if it matches # the entry in our user/password list (TODO). # NOTE: This hack effectively disables auth without GnUPG if user == 'DEFAULT': session.ui.debug('FIXME: Unauthorized login allowed') return self._logged_in(redirect=redirect) raise Exception('FIXME') self._error(_('Incorrect username or password'))
def VerifyAndStorePassphrase(config, passphrase=None, sps=None): if passphrase and not sps: from mailpile.config import SecurePassphraseStorage sps = SecurePassphraseStorage(passphrase) passphrase = 'this probably does not really overwrite :-( ' assert(sps is not None) gpg = GnuPG(use_agent=False) if gpg.is_available(): gpg.passphrase = sps.get_reader() gpgr = config.prefs.gpg_recipient gpgr = gpgr if (gpgr not in (None, '', '!CREATE')) else None assert(gpg.sign('Sign This!', fromkey=gpgr)[0] == 0) return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None, key=None): if passphrase and not sps: from mailpile.config import SecurePassphraseStorage sps = SecurePassphraseStorage(passphrase) passphrase = 'this probably does not really overwrite :-( ' assert (sps is not None) gpg = GnuPG(use_agent=False) if gpg.is_available(): gpg.passphrase = sps.get_reader() gpgr = config.prefs.gpg_recipient gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None) assert (gpg.sign('Sign This!', fromkey=gpgr)[0] == 0) return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None, key=None): if passphrase and not sps: from mailpile.config import SecurePassphraseStorage sps = SecurePassphraseStorage(passphrase) passphrase = 'this probably does not really overwrite :-( ' assert (sps is not None) gpg = GnuPG(None, use_agent=False) if gpg.is_available(): gpg.passphrase = sps.get_reader() gpgr = config.prefs.gpg_recipient gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None) assert (gpg.sign('Sign This!', fromkey=gpgr)[0] == 0) # Fun side effect: changing the passphrase invalidates the message cache import mailpile.mailutils mailpile.mailutils.ClearParseCache(full=True) return sps
def VerifyAndStorePassphrase(config, passphrase=None, sps=None, key=None): if passphrase and not sps: from mailpile.config import SecurePassphraseStorage sps = SecurePassphraseStorage(passphrase) passphrase = 'this probably does not really overwrite :-( ' assert(sps is not None) gpg = GnuPG(None, use_agent=False) if gpg.is_available(): gpg.passphrase = sps.get_reader() gpgr = config.prefs.gpg_recipient gpgr = key or (gpgr if (gpgr not in (None, '', '!CREATE')) else None) assert(gpg.sign('Sign This!', fromkey=gpgr)[0] == 0) # Fun side effect: changing the passphrase invalidates the message cache import mailpile.mailutils mailpile.mailutils.ClearParseCache(full=True) return sps
def _GnuPG(session): gpg = GnuPG() if session and session.config: gpg.passphrase = session.config.gnupg_passphrase.get_reader() return gpg