Moved extensions to their own folder, so support has more meaning

9 files changed, 303 insertions, 0 deletions

diff --git a/service/pixelated/extensions/__init__.py b/service/pixelated/extensions/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/service/pixelated/extensions/__init__.py
diff --git a/service/pixelated/extensions/esmtp_sender_factory.py b/service/pixelated/extensions/esmtp_sender_factory.py
new file mode 100644
index 00000000..59aa90c8
--- /dev/null
+++ b/service/pixelated/extensions/esmtp_sender_factory.py
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2014 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+
+from twisted.mail import smtp
+
+
+def no_require_transport_security(f):
+    def wrapper(*args, **kwargs):
+        kwargs['requireTransportSecurity'] = False
+        return f(*args, **kwargs)
+    return wrapper
+
+
+smtp.ESMTPSenderFactory = no_require_transport_security(smtp.ESMTPSenderFactory)
diff --git a/service/pixelated/extensions/incoming_decrypt_header.py b/service/pixelated/extensions/incoming_decrypt_header.py
new file mode 100644
index 00000000..2db5dd1d
--- /dev/null
+++ b/service/pixelated/extensions/incoming_decrypt_header.py
@@ -0,0 +1,35 @@
+import leap.mail.imap.fetch as fetch
+
+
+def mark_as_encrypted_inline(f):
+
+    def w(*args, **kwargs):
+        msg, valid_sign = f(*args)
+        is_encrypted = fetch.PGP_BEGIN in args[1].as_string() and fetch.PGP_END in args[1].as_string()
+        decrypted_successfully = fetch.PGP_BEGIN not in msg.as_string() and fetch.PGP_END not in msg.as_string()
+
+        if not is_encrypted:
+            encrypted = 'false'
+        else:
+            if decrypted_successfully:
+                encrypted = 'true'
+            else:
+                encrypted = 'fail'
+
+        msg.add_header('X-Pixelated-encryption-status', encrypted)
+        return msg, valid_sign
+
+    return w
+
+
+def mark_as_encrypted_multipart(f):
+
+    def w(*args, **kwargs):
+        msg, valid_sign = f(*args)
+        msg.add_header('X-Pixelated-encryption-status', 'true')
+        return msg, valid_sign
+    return w
+
+
+fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg = mark_as_encrypted_inline(fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg)
+fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg = mark_as_encrypted_multipart(fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg)
diff --git a/service/pixelated/extensions/keymanager_fetch_key.py b/service/pixelated/extensions/keymanager_fetch_key.py
new file mode 100644
index 00000000..d39d1f96
--- /dev/null
+++ b/service/pixelated/extensions/keymanager_fetch_key.py
@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2014 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import leap.keymanager
+import requests
+import logging
+from leap.keymanager.errors import KeyNotFound
+from leap.keymanager.openpgp import OpenPGPKey
+
+
+logger = logging.getLogger(__name__)
+
+
+def patched_fetch_keys_from_server(self, address):
+    """
+    Fetch keys bound to C{address} from nickserver and insert them in
+    local database.
+
+    Instead of raising a KeyNotFound only for 404 responses, this implementation
+    raises a KeyNotFound exception for all problems.
+
+    For original see: https://github.com/leapcode/keymanager/blob/develop/src/leap/keymanager/__init__.py
+
+    :param address: The address bound to the keys.
+    :type address: str
+
+    :raise KeyNotFound: If the key was not found on nickserver.
+    """
+    # request keys from the nickserver
+    res = None
+    try:
+        res = self._get(self._nickserver_uri, {'address': address})
+        res.raise_for_status()
+        server_keys = res.json()
+        # insert keys in local database
+        if self.OPENPGP_KEY in server_keys:
+            self._wrapper_map[OpenPGPKey].put_ascii_key(
+                server_keys['openpgp'])
+    except requests.exceptions.HTTPError as e:
+        logger.warning("HTTP error retrieving key: %r" % (e,))
+        logger.warning("%s" % (res.content,))
+        raise KeyNotFound(address)
+    except Exception as e:
+        logger.warning("Error retrieving key: %r" % (e,))
+        raise KeyNotFound(address)
+
+
+leap.keymanager.KeyManager._fetch_keys_from_server = patched_fetch_keys_from_server
diff --git a/service/pixelated/extensions/protobuf_socket.py b/service/pixelated/extensions/protobuf_socket.py
new file mode 100644
index 00000000..548f5fd6
--- /dev/null
+++ b/service/pixelated/extensions/protobuf_socket.py
@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2014 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import print_function
+from sys import platform as _platform
+
+import protobuf.socketrpc.server
+
+# protobuf throws a lot of 'Socket is not connected' exceptions on OSX but they are not an issue.
+# refer too https://code.google.com/p/protobuf-socket-rpc/issues/detail?id=10 and
+# or https://leap.se/code/issues/2187
+if _platform == 'darwin':
+    def try_except_decorator(func):
+        def wrapper(*args, **kwargs):
+            try:
+                func(*args, **kwargs)
+                pass
+            except:
+                pass
+
+        return wrapper
+
+    protobuf.socketrpc.server.SocketHandler.handle = try_except_decorator(
+        protobuf.socketrpc.server.SocketHandler.handle)
diff --git a/service/pixelated/extensions/requests_urllib3.py b/service/pixelated/extensions/requests_urllib3.py
new file mode 100644
index 00000000..c4ec2438
--- /dev/null
+++ b/service/pixelated/extensions/requests_urllib3.py
@@ -0,0 +1,82 @@
+#
+# Copyright (c) 2014 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+
+import requests
+
+
+if requests.__version__ == '2.0.0':
+    try:
+        import requests.packages.urllib3.connectionpool
+        from socket import error as SocketError, timeout as SocketTimeout
+        from requests.packages.urllib3.packages.ssl_match_hostname import CertificateError, match_hostname
+        import socket
+        import ssl
+
+        from requests.packages.urllib3.exceptions import (
+            ClosedPoolError,
+            ConnectTimeoutError,
+            EmptyPoolError,
+            HostChangedError,
+            MaxRetryError,
+            SSLError,
+            ReadTimeoutError,
+            ProxyError,
+        )
+
+        from requests.packages.urllib3.util import (
+            assert_fingerprint,
+            get_host,
+            is_connection_dropped,
+            resolve_cert_reqs,
+            resolve_ssl_version,
+            ssl_wrap_socket,
+            Timeout,
+        )
+
+        def patched_connect(self):
+            # Add certificate verification
+            try:
+                sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout)
+            except SocketTimeout:
+                raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout))
+
+            resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
+            resolved_ssl_version = resolve_ssl_version(self.ssl_version)
+
+            if self._tunnel_host:
+                self.sock = sock
+                # Calls self._set_hostport(), so self.host is
+                # self._tunnel_host below.
+                self._tunnel()
+
+            # Wrap socket using verification with the root certs in
+            # trusted_root_certs
+            self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file,
+                                        cert_reqs=resolved_cert_reqs,
+                                        ca_certs=self.ca_certs,
+                                        server_hostname=self.host,
+                                        ssl_version=resolved_ssl_version)
+
+            if self.assert_fingerprint:
+                assert_fingerprint(self.sock.getpeercert(binary_form=True),
+                                   self.assert_fingerprint)
+            elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False:
+                match_hostname(self.sock.getpeercert(),
+                               self.assert_hostname or self.host)
+
+        requests.packages.urllib3.connectionpool.VerifiedHTTPSConnection.connect = patched_connect
+    except ImportError:
+        pass    # The patch is specific for the debian package. Ignore it if it can't be found
diff --git a/service/pixelated/extensions/shared_db.py b/service/pixelated/extensions/shared_db.py
new file mode 100644
index 00000000..3e8a978e
--- /dev/null
+++ b/service/pixelated/extensions/shared_db.py
@@ -0,0 +1,16 @@
+from leap.soledad.client.auth import TokenBasedAuth
+import base64
+from u1db import errors
+
+
+def patched_sign_request(self, method, url_query, params):
+    if 'token' in self._creds:
+        uuid, token = self._creds['token']
+        auth = '%s:%s' % (uuid, token)
+        return [('Authorization', 'Token %s' % base64.b64encode(auth))]
+    else:
+        raise errors.UnknownAuthMethod(
+            'Wrong credentials: %s' % self._creds)
+
+
+TokenBasedAuth._sign_request = patched_sign_request
diff --git a/service/pixelated/extensions/soledad_sync_exception.py b/service/pixelated/extensions/soledad_sync_exception.py
new file mode 100644
index 00000000..cb3204ad
--- /dev/null
+++ b/service/pixelated/extensions/soledad_sync_exception.py
@@ -0,0 +1,22 @@
+import leap.soledad.client as client
+import urlparse
+from leap.soledad.client.events import (
+    SOLEDAD_DONE_DATA_SYNC,
+    signal
+)
+
+
+def patched_sync(self, defer_decryption=True):
+    if self._db:
+        try:
+            local_gen = self._db.sync(
+                urlparse.urljoin(self.server_url, 'user-%s' % self._uuid),
+                creds=self._creds, autocreate=False,
+                defer_decryption=defer_decryption)
+            signal(SOLEDAD_DONE_DATA_SYNC, self._uuid)
+            return local_gen
+        except Exception as e:
+            client.logger.error("Soledad exception when syncing: %s - %s" % (e.__class__.__name__, e.message))
+
+
+client.Soledad.sync = patched_sync
diff --git a/service/pixelated/extensions/sqlcipher_wal.py b/service/pixelated/extensions/sqlcipher_wal.py
new file mode 100644
index 00000000..776087bf
--- /dev/null
+++ b/service/pixelated/extensions/sqlcipher_wal.py
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2014 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+
+from sys import platform as _platform
+
+import leap.soledad.client.sqlcipher
+
+# WAL is breaking for the debian sqlcipher package so we need to disable it
+# refer to https://leap.se/code/issues/5562
+if _platform == 'linux2':
+    leap.soledad.client.sqlcipher.SQLCipherDatabase._pragma_write_ahead_logging = lambda x, y: None