From 31289cb156540a95dfe51737d9fd4e1a7393f2f2 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Goncalves Date: Wed, 20 Aug 2014 15:43:50 -0300 Subject: Added setup.py and changed app to pixelated because it will be a package --- service/app/__init__.py | 0 service/app/adapter/__init__.py | 0 service/app/adapter/mail_service.py | 98 --------------- service/app/adapter/pixelated_mail.py | 82 ------------- service/app/bitmask_libraries/__init__.py | 0 service/app/bitmask_libraries/auth.py | 27 ---- service/app/bitmask_libraries/certs.py | 33 ----- service/app/bitmask_libraries/config.py | 67 ---------- service/app/bitmask_libraries/leap_srp.py | 131 -------------------- service/app/bitmask_libraries/nicknym.py | 35 ------ service/app/bitmask_libraries/provider.py | 111 ----------------- service/app/bitmask_libraries/session.py | 156 ------------------------ service/app/bitmask_libraries/smtp.py | 81 ------------ service/app/bitmask_libraries/soledad.py | 95 --------------- service/app/pixelated_user_agent.py | 141 --------------------- service/app/reactor_manager.py | 26 ---- service/app/search_query.py | 42 ------- service/app/tags.py | 60 --------- service/go | 2 +- service/pixelated/__init__.py | 0 service/pixelated/adapter/__init__.py | 0 service/pixelated/adapter/mail_service.py | 98 +++++++++++++++ service/pixelated/adapter/pixelated_mail.py | 82 +++++++++++++ service/pixelated/bitmask_libraries/__init__.py | 0 service/pixelated/bitmask_libraries/auth.py | 27 ++++ service/pixelated/bitmask_libraries/certs.py | 33 +++++ service/pixelated/bitmask_libraries/config.py | 67 ++++++++++ service/pixelated/bitmask_libraries/leap_srp.py | 131 ++++++++++++++++++++ service/pixelated/bitmask_libraries/nicknym.py | 35 ++++++ service/pixelated/bitmask_libraries/provider.py | 111 +++++++++++++++++ service/pixelated/bitmask_libraries/session.py | 156 ++++++++++++++++++++++++ service/pixelated/bitmask_libraries/smtp.py | 81 ++++++++++++ service/pixelated/bitmask_libraries/soledad.py | 95 +++++++++++++++ service/pixelated/reactor_manager.py | 26 ++++ service/pixelated/search_query.py | 42 +++++++ service/pixelated/tags.py | 60 +++++++++ service/pixelated/user_agent.py | 141 +++++++++++++++++++++ service/setup.py | 34 ++++++ 38 files changed, 1220 insertions(+), 1186 deletions(-) delete mode 100644 service/app/__init__.py delete mode 100644 service/app/adapter/__init__.py delete mode 100644 service/app/adapter/mail_service.py delete mode 100644 service/app/adapter/pixelated_mail.py delete mode 100644 service/app/bitmask_libraries/__init__.py delete mode 100644 service/app/bitmask_libraries/auth.py delete mode 100644 service/app/bitmask_libraries/certs.py delete mode 100644 service/app/bitmask_libraries/config.py delete mode 100644 service/app/bitmask_libraries/leap_srp.py delete mode 100644 service/app/bitmask_libraries/nicknym.py delete mode 100644 service/app/bitmask_libraries/provider.py delete mode 100644 service/app/bitmask_libraries/session.py delete mode 100644 service/app/bitmask_libraries/smtp.py delete mode 100644 service/app/bitmask_libraries/soledad.py delete mode 100644 service/app/pixelated_user_agent.py delete mode 100644 service/app/reactor_manager.py delete mode 100644 service/app/search_query.py delete mode 100644 service/app/tags.py create mode 100644 service/pixelated/__init__.py create mode 100644 service/pixelated/adapter/__init__.py create mode 100644 service/pixelated/adapter/mail_service.py create mode 100644 service/pixelated/adapter/pixelated_mail.py create mode 100644 service/pixelated/bitmask_libraries/__init__.py create mode 100644 service/pixelated/bitmask_libraries/auth.py create mode 100644 service/pixelated/bitmask_libraries/certs.py create mode 100644 service/pixelated/bitmask_libraries/config.py create mode 100644 service/pixelated/bitmask_libraries/leap_srp.py create mode 100644 service/pixelated/bitmask_libraries/nicknym.py create mode 100644 service/pixelated/bitmask_libraries/provider.py create mode 100644 service/pixelated/bitmask_libraries/session.py create mode 100644 service/pixelated/bitmask_libraries/smtp.py create mode 100644 service/pixelated/bitmask_libraries/soledad.py create mode 100644 service/pixelated/reactor_manager.py create mode 100644 service/pixelated/search_query.py create mode 100644 service/pixelated/tags.py create mode 100644 service/pixelated/user_agent.py create mode 100644 service/setup.py (limited to 'service') diff --git a/service/app/__init__.py b/service/app/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/service/app/adapter/__init__.py b/service/app/adapter/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/service/app/adapter/mail_service.py b/service/app/adapter/mail_service.py deleted file mode 100644 index 0704f0bb..00000000 --- a/service/app/adapter/mail_service.py +++ /dev/null @@ -1,98 +0,0 @@ -import traceback -import sys -import os -from twisted.internet import defer -from app.bitmask_libraries.config import LeapConfig -from app.bitmask_libraries.provider import LeapProvider -from app.bitmask_libraries.session import LeapSessionFactory -from app.bitmask_libraries.auth import LeapCredentials -from app.adapter.pixelated_mail import PixelatedMail -from app.tags import Tags - - -class MailService: - - def __init__(self): - try: - self.username = 'testuser_a003' - self.password = 'testpassword' - self.server_name = 'example.wazokazi.is' - self.mailbox_name = 'INBOX' - self.certs_home = os.path.join(os.path.abspath("."), "leap") - self.tags = Tags() - self._open_leap_session() - except: - traceback.print_exc(file=sys.stdout) - raise - - def _open_leap_session(self): - self.leap_config = LeapConfig(certs_home=self.certs_home) - self.provider = LeapProvider(self.server_name, self.leap_config) - self.leap_session = LeapSessionFactory(self.provider).create(LeapCredentials(self.username, self.password)) - self.account = self.leap_session.account - self.mailbox = self.account.getMailbox(self.mailbox_name) - - def mails(self, query): - mails = self.mailbox.messages or [] - mails = [PixelatedMail(mail) for mail in mails] - return mails - - def update_tags(self, mail_id, new_tags): - mail = self.mail(mail_id) - new_tags = mail.update_tags(new_tags) - self._update_flags(new_tags, mail_id) - self._update_tag_list(new_tags) - return new_tags - - def _update_tag_list(self, tags): - for tag in tags: - self.tags.add(tag) - - def _update_flags(self, new_tags, mail_id): - new_tags_flag_name = ['tag_' + tag.name for tag in new_tags] - self.set_flags(mail_id, new_tags_flag_name) - - def set_flags(self, mail_id, new_tags_flag_name): - observer = defer.Deferred() - self.mailbox.messages.set_flags(self.mailbox, [mail_id], tuple(new_tags_flag_name), 1, observer) - - def mail(self, mail_id): - for message in self.mailbox.messages: - if message.getUID() == int(mail_id): - return PixelatedMail(message) - - def all_tags(self): - return self.tags - - def thread(self, thread_id): - raise NotImplementedError() - - def mark_as_read(self, mail_id): - raise NotImplementedError() - - def tags_for_thread(self, thread): - raise NotImplementedError() - - def add_tag_to_thread(self, thread_id, tag): - raise NotImplementedError() - - def remove_tag_from_thread(self, thread_id, tag): - raise NotImplementedError() - - def delete_mail(self, mail_id): - raise NotImplementedError() - - def save_draft(self, draft): - raise NotImplementedError() - - def send_draft(self, draft): - raise NotImplementedError() - - def draft_reply_for(self, mail_id): - raise NotImplementedError() - - def all_contacts(self, query): - raise NotImplementedError() - - def drafts(self): - raise NotImplementedError() diff --git a/service/app/adapter/pixelated_mail.py b/service/app/adapter/pixelated_mail.py deleted file mode 100644 index 2f1e14e9..00000000 --- a/service/app/adapter/pixelated_mail.py +++ /dev/null @@ -1,82 +0,0 @@ -from app.tags import Tag -from app.tags import Tags -import dateutil.parser as dateparser - - -class PixelatedMail: - - LEAP_FLAGS = ['\\Seen', - '\\Answered', - '\\Flagged', - '\\Deleted', - '\\Draft', - '\\Recent', - 'List'] - - LEAP_FLAGS_STATUSES = { - '\\Seen': 'read', - '\\Answered': 'replied' - } - - LEAP_FLAGS_TAGS = { - '\\Deleted': 'trash', - '\\Draft': 'drafts', - '\\Recent': 'inbox' - } - - def __init__(self, leap_mail): - self.leap_mail = leap_mail - self.body = leap_mail.bdoc.content['raw'] - self.headers = self.extract_headers() - self.date = dateparser.parse(self.headers['date']) - self.ident = leap_mail.getUID() - self.status = self.extract_status() - self.security_casing = {} - self.tags = self.extract_tags() - - def extract_status(self): - flags = self.leap_mail.getFlags() - return [converted for flag, converted in self.LEAP_FLAGS_STATUSES.items() if flag in flags] - - def extract_headers(self): - temporary_headers = {} - for header, value in self.leap_mail.hdoc.content['headers'].items(): - temporary_headers[header.lower()] = value - if(temporary_headers.get('to') is not None): - temporary_headers['to'] = [temporary_headers['to']] - return temporary_headers - - def extract_tags(self): - flags = self.leap_mail.getFlags() - tag_names = self._converted_tags(flags) + self._custom_tags(flags) - tags = [] - for tag in tag_names: - tags.append(Tag(tag)) - return tags - - def _converted_tags(self, flags): - return [converted for flag, converted in self.LEAP_FLAGS_TAGS.items() if flag in flags] - - def _custom_tags(self, flags): - return [self._remove_prefix(flag) for flag in self.leap_mail.getFlags() if flag.startswith('tag_')] - - def _remove_prefix(self, flag_name): - return flag_name.replace('tag_', '', 1) - - def update_tags(self, tags): - self.tags = [Tag(tag) for tag in tags] - return self.tags - - def has_tag(self, tag): - return Tag(tag) in self.tags - - def as_dict(self): - tags = [tag.name for tag in self.tags] - return { - 'header': self.headers, - 'ident': self.ident, - 'tags': tags, - 'status': self.status, - 'security_casing': self.security_casing, - 'body': self.body - } diff --git a/service/app/bitmask_libraries/__init__.py b/service/app/bitmask_libraries/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/service/app/bitmask_libraries/auth.py b/service/app/bitmask_libraries/auth.py deleted file mode 100644 index 0b963587..00000000 --- a/service/app/bitmask_libraries/auth.py +++ /dev/null @@ -1,27 +0,0 @@ -from .leap_srp import LeapSecureRemotePassword -from .certs import which_bundle - -USE_PASSWORD = None - - -class LeapCredentials(object): - def __init__(self, user_name, password, db_passphrase=USE_PASSWORD): - self.user_name = user_name - self.password = password - self.db_passphrase = db_passphrase if db_passphrase is not None else password - - -class LeapAuthenticator(object): - def __init__(self, provider): - self._provider = provider - - def authenticate(self, credentials): - config = self._provider.config - srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) - srp_session = srp.authenticate(self._provider.api_uri, credentials.user_name, credentials.password) - return srp_session - - def register(self, credentials): - config = self._provider.config - srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) - srp.register(self._provider.api_uri, credentials.user_name, credentials.password) diff --git a/service/app/bitmask_libraries/certs.py b/service/app/bitmask_libraries/certs.py deleted file mode 100644 index 22a95591..00000000 --- a/service/app/bitmask_libraries/certs.py +++ /dev/null @@ -1,33 +0,0 @@ -import os - -from leap.common import ca_bundle - -from .config import AUTO_DETECT_CA_BUNDLE - - -def which_bundle(provider): - return LeapCertificate(provider).auto_detect_ca_bundle() - - -class LeapCertificate(object): - def __init__(self, provider): - self._config = provider.config - self._server_name = provider.server_name - self._certs_home = self._config.certs_home - - def auto_detect_ca_bundle(self): - if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE: - local_cert = self._local_server_cert() - if local_cert: - return local_cert - else: - return ca_bundle.where() - else: - return self._config.ca_cert_bundle - - def _local_server_cert(self): - cert_file = os.path.join(self._certs_home, '%s.ca.crt' % self._server_name) - if os.path.isfile(cert_file): - return cert_file - else: - return None diff --git a/service/app/bitmask_libraries/config.py b/service/app/bitmask_libraries/config.py deleted file mode 100644 index 63524389..00000000 --- a/service/app/bitmask_libraries/config.py +++ /dev/null @@ -1,67 +0,0 @@ -import os -from os.path import expanduser -from distutils.spawn import find_executable - - -def discover_gpg_binary(): - path = find_executable('gpg') - if path is None: - raise Exception('Did not find a gpg executable!') - - if os.path.islink(path): - path = os.path.realpath(path) - - return path - - -DEFAULT_LEAP_HOME = os.path.join(expanduser("~"), '.leap') - -SYSTEM_CA_BUNDLE = True -AUTO_DETECT_CA_BUNDLE = None - - -class LeapConfig(object): - """ - LEAP client configuration - - """ - - def __init__(self, leap_home=DEFAULT_LEAP_HOME, ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, verify_ssl=True, - fetch_interval_in_s=30, - timeout_in_s=15, start_background_jobs=True, gpg_binary=discover_gpg_binary(), certs_home=None): - """ - Constructor. - - :param server_name: The LEAP server name, e.g. demo.leap.se - :type server_name: str - - :param user_name: The LEAP account user name, normally the first part of your email, e.g. foobar for foobar@demo.leap.se - :type user_name: str - - :param user_password: The LEAP account password - :type user_password: str - - :param db_passphrase: The passphrase used to encrypt the local soledad database - :type db_passphrase: str - - :param verify_ssl: Set to false to disable strict SSL certificate validation - :type verify_ssl: bool - - :param fetch_interval_in_s: Polling interval for fetching incoming mail from LEAP server - :type fetch_interval_in_s: int - - :param timeout_in_s: Timeout for network operations, e.g. HTTP calls - :type timeout_in_s: int - - :param gpg_binary: Path to the GPG binary (must not be a symlink) - :type gpg_binary: str - - """ - self.leap_home = leap_home - self.certs_home = certs_home - self.ca_cert_bundle = ca_cert_bundle - self.verify_ssl = verify_ssl - self.timeout_in_s = timeout_in_s - self.start_background_jobs = start_background_jobs - self.gpg_binary = gpg_binary - self.fetch_interval_in_s = fetch_interval_in_s diff --git a/service/app/bitmask_libraries/leap_srp.py b/service/app/bitmask_libraries/leap_srp.py deleted file mode 100644 index 2590e731..00000000 --- a/service/app/bitmask_libraries/leap_srp.py +++ /dev/null @@ -1,131 +0,0 @@ -import binascii -import json -import requests - -from requests import Session -from srp import User, srp, create_salted_verification_key -from requests.exceptions import HTTPError, SSLError, Timeout -from config import SYSTEM_CA_BUNDLE - -REGISTER_USER_LOGIN_KEY = 'user[login]' -REGISTER_USER_VERIFIER_KEY = 'user[password_verifier]' -REGISTER_USER_SALT_KEY = 'user[password_salt]' - - -class LeapAuthException(Exception): - def __init__(self, *args, **kwargs): - super(LeapAuthException, self).__init__(*args, **kwargs) - - -class LeapSRPSession(object): - def __init__(self, user_name, api_server_name, uuid, token, session_id, api_version='1'): - self.user_name = user_name - self.api_server_name = api_server_name - self.uuid = uuid - self.token = token - self.session_id = session_id - self.api_version = api_version - - def __str__(self): - return 'LeapSRPSession(%s, %s, %s, %s, %s, %s)' % (self.user_name, self.api_server_name, self.uuid, self.token, self.session_id, self.api_version) - - -class LeapSecureRemotePassword(object): - def __init__(self, hash_alg=srp.SHA256, ng_type=srp.NG_1024, ca_bundle=SYSTEM_CA_BUNDLE, timeout_in_s=15, - leap_api_version='1'): - - self.hash_alg = hash_alg - self.ng_type = ng_type - self.timeout_in_s = timeout_in_s - self.ca_bundle = ca_bundle - self.leap_api_version = leap_api_version - - def authenticate(self, api_uri, username, password): - session = Session() - try: - return self._authenticate_with_session(session, api_uri, username, password) - except Timeout, e: - raise LeapAuthException(e) - finally: - session.close() - - def _authenticate_with_session(self, http_session, api_uri, username, password): - try: - srp_user = User(username.encode('utf-8'), password.encode('utf-8'), self.hash_alg, self.ng_type) - - salt, B_challenge = self._begin_authentication(srp_user, http_session, api_uri) - M2_verfication_code, leap_session = self._process_challenge(srp_user, http_session, api_uri, salt, - B_challenge) - self._verify_session(srp_user, M2_verfication_code) - - return leap_session - except (HTTPError, SSLError), e: - raise LeapAuthException(e) - - def _begin_authentication(self, user, session, api_uri): - _, A = user.start_authentication() - - auth_data = { - "login": user.get_username(), - "A": binascii.hexlify(A) - } - session_url = '%s/%s/sessions' % (api_uri, self.leap_api_version) - response = session.post(session_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s) - response.raise_for_status() - json_content = json.loads(response.content) - - salt = _safe_unhexlify(json_content.get('salt')) - B = _safe_unhexlify(json_content.get('B')) - - return salt, B - - def _process_challenge(self, user, session, api_uri, salt, B): - M = user.process_challenge(salt, B) - - auth_data = { - "client_auth": binascii.hexlify(M) - } - - auth_url = '%s/%s/sessions/%s' % (api_uri, self.leap_api_version, user.get_username()) - response = session.put(auth_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s) - response.raise_for_status() - auth_json = json.loads(response.content) - - M2 = _safe_unhexlify(auth_json.get('M2')) - uuid = auth_json.get('id') - token = auth_json.get('token') - session_id = response.cookies.get('_session_id') - - return M2, LeapSRPSession(user.get_username(), api_uri, uuid, token, session_id) - - def _verify_session(self, user, M2): - user.verify_session(M2) - if not user.authenticated(): - raise LeapAuthException() - - def register(self, api_uri, username, password): - try: - salt, verifier = create_salted_verification_key(username, password, self.hash_alg, self.ng_type) - return self._post_registration_data(api_uri, username, salt, verifier) - except (HTTPError, SSLError, Timeout), e: - raise LeapAuthException(e) - - def _post_registration_data(self, api_uri, username, salt, verifier): - users_url = '%s/%s/users' % (api_uri, self.leap_api_version) - - user_data = { - REGISTER_USER_LOGIN_KEY: username, - REGISTER_USER_SALT_KEY: binascii.hexlify(salt), - REGISTER_USER_VERIFIER_KEY: binascii.hexlify(verifier) - } - - response = requests.post(users_url, data=user_data, verify=self.ca_bundle, timeout=self.timeout_in_s) - response.raise_for_status() - reg_json = json.loads(response.content) - - return reg_json['ok'] - - -def _safe_unhexlify(hex_str): - return binascii.unhexlify(hex_str) \ - if (len(hex_str) % 2 == 0) else binascii.unhexlify('0' + hex_str) diff --git a/service/app/bitmask_libraries/nicknym.py b/service/app/bitmask_libraries/nicknym.py deleted file mode 100644 index c4939e9a..00000000 --- a/service/app/bitmask_libraries/nicknym.py +++ /dev/null @@ -1,35 +0,0 @@ -from leap.keymanager import KeyManager, openpgp, KeyNotFound -from .certs import which_bundle - - -class NickNym(object): - def __init__(self, provider, config, soledad_session, srp_session): - nicknym_url = _discover_nicknym_server(provider) - self._email = '%s@%s' % (srp_session.user_name, provider.domain) - self.keymanager = KeyManager('%s@%s' % (srp_session.user_name, provider.domain), nicknym_url, - soledad_session.soledad, - srp_session.token, which_bundle(provider), provider.api_uri, - provider.api_version, - srp_session.uuid, config.gpg_binary) - - def generate_openpgp_key(self): - if not self._key_exists(self._email): - self._gen_key() - self._send_key_to_leap() - - def _key_exists(self, email): - try: - self.keymanager.get_key(email, openpgp.OpenPGPKey, private=True, fetch_remote=False) - return True - except KeyNotFound: - return False - - def _gen_key(self): - self.keymanager.gen_key(openpgp.OpenPGPKey) - - def _send_key_to_leap(self): - self.keymanager.send_key(openpgp.OpenPGPKey) - - -def _discover_nicknym_server(provider): - return 'https://nicknym.%s:6425/' % provider.domain diff --git a/service/app/bitmask_libraries/provider.py b/service/app/bitmask_libraries/provider.py deleted file mode 100644 index b130af89..00000000 --- a/service/app/bitmask_libraries/provider.py +++ /dev/null @@ -1,111 +0,0 @@ -import json - -from leap.common.certs import get_digest -import requests - -from .certs import which_bundle - - -class LeapProvider(object): - def __init__(self, server_name, config): - self.server_name = server_name - self.config = config - - self.provider_json = self.fetch_provider_json() - - @property - def api_uri(self): - return self.provider_json.get('api_uri') - - @property - def ca_cert_fingerprint(self): - return self.provider_json.get('ca_cert_fingerprint') - - @property - def ca_cert_uri(self): - return self.provider_json.get('ca_cert_uri') - - @property - def api_version(self): - return self.provider_json.get('api_version') - - @property - def domain(self): - return self.provider_json.get('domain') - - @property - def services(self): - return self.provider_json.get('services') - - def __hash__(self): - return hash(self.server_name) - - def __eq__(self, other): - return self.server_name == other.server_name - - def ensure_supports_mx(self): - if 'mx' not in self.services: - raise Exception - - def download_certificate_to(self, filename): - """ - Downloads the server certificate, validates it against the provided fingerprint and stores it to file - """ - cert = self.fetch_valid_certificate() - with open(filename, 'w') as out: - out.write(cert) - - def fetch_valid_certificate(self): - cert = self._fetch_certificate() - self.validate_certificate(cert) - return cert - - def _fetch_certificate(self): - session = requests.session() - try: - cert_url = '%s/ca.crt' % self._provider_base_url() - response = session.get(cert_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) - response.raise_for_status() - - cert_data = response.content - return cert_data - finally: - session.close() - - def validate_certificate(self, cert_data=None): - if cert_data is None: - cert_data = self._fetch_certificate() - - parts = str(self.ca_cert_fingerprint).split(':') - method = parts[0].strip() - fingerprint = parts[1].strip() - - digest = get_digest(cert_data, method) - - if fingerprint.strip() != digest: - raise Exception('Certificate fingerprints don\'t match') - - def fetch_provider_json(self): - url = '%s/provider.json' % self._provider_base_url() - response = requests.get(url, verify=which_bundle(self), timeout=self.config.timeout_in_s) - response.raise_for_status() - - json_data = json.loads(response.content) - return json_data - - def fetch_soledad_json(self): - service_url = "%s/%s/config/soledad-service.json" % ( - self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) - response.raise_for_status() - return json.loads(response.content) - - def fetch_smtp_json(self): - service_url = '%s/%s/config/smtp-service.json' % ( - self.api_uri, self.api_version) - response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) - response.raise_for_status() - return json.loads(response.content) - - def _provider_base_url(self): - return 'https://%s' % self.server_name diff --git a/service/app/bitmask_libraries/session.py b/service/app/bitmask_libraries/session.py deleted file mode 100644 index 4e1dd397..00000000 --- a/service/app/bitmask_libraries/session.py +++ /dev/null @@ -1,156 +0,0 @@ -import os -import errno -import traceback -from leap.mail.imap.fetch import LeapIncomingMail -from leap.mail.imap.account import SoledadBackedAccount -import sys -from leap.mail.imap.memorystore import MemoryStore -from leap.mail.imap.soledadstore import SoledadStore -from twisted.internet import reactor -from .nicknym import NickNym - -from .auth import LeapAuthenticator -from .soledad import SoledadSessionFactory, SoledadSession -from .smtp import LeapSmtp - -SESSIONS = {} - - -class LeapSession(object): - """ - A LEAP session. - - - Properties: - - - ``leap_config`` the configuration for this session (LeapClientConfig). - - - ``srp_session`` the secure remote password session to authenticate with LEAP. See http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol (LeapSecureRemotePassword) - - - ``soledad_session`` the soledad session. See https://leap.se/soledad (LeapSecureRemotePassword) - - - ``nicknym`` the nicknym instance. See https://leap.se/nicknym (NickNym) - - - ``account`` the actual leap mail account. Implements Twisted imap4.IAccount and imap4.INamespacePresenter (SoledadBackedAccount) - - - ``incoming_mail_fetcher`` Background job for fetching incoming mails from LEAP server (LeapIncomingMail) - """ - - def __init__(self, provider, srp_session, soledad_session, nicknym, soledad_account, incoming_mail_fetcher): - """ - Constructor. - - :param leap_config: The config for this LEAP session - :type leap_config: LeapConfig - - """ - self.config = provider.config - self.provider = provider - self.srp_session = srp_session - self.soledad_session = soledad_session - self.nicknym = nicknym - self.account = soledad_account - self.incoming_mail_fetcher = incoming_mail_fetcher - - if self.config.start_background_jobs: - self.start_background_jobs() - - def account_email(self): - domain = self.provider.domain - name = self.srp_session.user_name - return '%s@%s' % (name, domain) - - def close(self): - self.stop_background_jobs() - - def start_background_jobs(self): - reactor.callFromThread(self.incoming_mail_fetcher.start_loop) - - def stop_background_jobs(self): - reactor.callFromThread(self.incoming_mail_fetcher.stop) - - def sync(self): - try: - self.soledad_session.sync() - except: - traceback.print_exc(file=sys.stderr) - raise - - -class LeapSessionFactory(object): - def __init__(self, provider): - self._provider = provider - self._config = provider.config - - def create(self, credentials): - key = self._session_key(credentials) - session = self._lookup_session(key) - if not session: - session = self._create_new_session(credentials) - self._remember_session(key, session) - - return session - - def _create_new_session(self, credentials): - self._create_dir(self._provider.config.leap_home) - self._provider.download_certificate_to('%s/ca.crt' % self._provider.config.leap_home) - - auth = LeapAuthenticator(self._provider).authenticate(credentials) - soledad = SoledadSessionFactory.create(self._provider, auth, credentials.db_passphrase) - - nicknym = self._create_nicknym(auth, soledad) - account = self._create_account(auth, soledad) - incoming_mail_fetcher = self._create_incoming_mail_fetcher(nicknym, soledad, - account, auth) - - smtp = self._create_smtp_service(nicknym, auth) - smtp.start() - - session = LeapSession(self._provider, auth, soledad, nicknym, account, incoming_mail_fetcher) - - return session - - def _lookup_session(self, key): - global SESSIONS - if key in SESSIONS: - return SESSIONS[key] - else: - return None - - def _remember_session(self, key, session): - global SESSIONS - SESSIONS[key] = session - - def _session_key(self, credentials): - return hash((self._provider, credentials.user_name)) - - def _create_dir(self, path): - try: - os.makedirs(path) - except OSError as exc: - if exc.errno == errno.EEXIST and os.path.isdir(path): - pass - else: - raise - - def _create_soledad_session(self, srp_session, db_passphrase): - return SoledadSession(self._provider, db_passphrase, srp_session) - - def _create_nicknym(self, srp_session, soledad_session): - return NickNym(self._provider, self._config, soledad_session, srp_session) - - def _create_account(self, srp_session, soledad_session): - memstore = MemoryStore(permanent_store=SoledadStore(soledad_session.soledad)) - return SoledadBackedAccount(srp_session.uuid, soledad_session.soledad, memstore) - - def _create_incoming_mail_fetcher(self, nicknym, soledad_session, account, auth): - return LeapIncomingMail(nicknym.keymanager, soledad_session.soledad, account, - self._config.fetch_interval_in_s, self._account_email(auth)) - - def _create_smtp_service(self, nicknym, auth): - return LeapSmtp(self._provider, nicknym.keymanager, auth) - - def _account_email(self, auth): - domain = self._provider.domain - name = auth.user_name - return '%s@%s' % (name, domain) diff --git a/service/app/bitmask_libraries/smtp.py b/service/app/bitmask_libraries/smtp.py deleted file mode 100644 index f07a4838..00000000 --- a/service/app/bitmask_libraries/smtp.py +++ /dev/null @@ -1,81 +0,0 @@ -import os -import requests -from .certs import which_bundle -from leap.mail.smtp import setup_smtp_gateway -import random - - -class LeapSmtp(object): - - SMTP_PORT = 2014 - - def __init__(self, provider, keymanager=None, leap_srp_session=None): - self._provider = provider - self._keymanager = keymanager - self._srp_session = leap_srp_session - self._hostname, self._port = self._discover_smtp_server() - self._smtp_port = None - self._smtp_service = None - self._twisted_port = 10000 + int(random.random() * 5000) - - def smtp_info(self): - return ('localhost', LeapSmtp.SMTP_PORT) - - def _discover_smtp_server(self): - json_data = self._provider.fetch_smtp_json() - hosts = json_data['hosts'] - hostname = hosts.keys()[0] - host = hosts[hostname] - - hostname = host['hostname'] - port = host['port'] - - return hostname, port - - def _download_client_certificates(self): - cert_path = self._client_cert_path() - - if not os.path.exists(os.path.dirname(cert_path)): - os.makedirs(os.path.dirname(cert_path)) - - session = requests.session() - cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) - cookies = {"_session_id": self._srp_session.session_id} - - response = requests.get(cert_url, verify=which_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s) - response.raise_for_status() - - client_cert = response.content - - with open(cert_path, 'w') as f: - f.write(client_cert) - - def _client_cert_path(self): - return os.path.join( - self._provider.config.leap_home, - "providers", - self._provider.domain, - "keys", "client", "smtp.pem") - - def start(self): - self._download_client_certificates() - cert_path = self._client_cert_path() - email = '%s@%s' % (self._srp_session.user_name, self._provider.domain) - - self._smtp_service, self._smtp_port = setup_smtp_gateway( - port=(self._twisted_port), - userid=email, - keymanager=self._keymanager, - smtp_host=self._hostname.encode('UTF-8'), - smtp_port=self._port, - smtp_cert=cert_path, - smtp_key=cert_path, - encrypted_only=False - ) - - def stop(self): - if self._smtp_service is not None: - self._smtp_port.stopListening() - self._smtp_service.doStop() - self._smtp_port = None - self._smtp_service = None diff --git a/service/app/bitmask_libraries/soledad.py b/service/app/bitmask_libraries/soledad.py deleted file mode 100644 index 132e671f..00000000 --- a/service/app/bitmask_libraries/soledad.py +++ /dev/null @@ -1,95 +0,0 @@ -import json -import os -import errno -from leap.keymanager import KeyManager -from leap.soledad.client import Soledad -from leap.soledad.common.crypto import WrongMac, UnknownMacMethod, MacMethods -import requests -import sys -import time -from .certs import which_bundle - -SOLEDAD_TIMEOUT = 120 -SOLEDAD_CERT = '/tmp/ca.crt' - - -class SoledadDiscoverException(Exception): - def __init__(self, *args, **kwargs): - super(SoledadDiscoverException, self).__init__(*args, **kwargs) - - -class SoledadWrongPassphraseException(Exception): - def __init__(self, *args, **kwargs): - super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs) - - -class LeapKeyManager(object): - def __init__(self, soledad, leap_session, nicknym_url): - provider = leap_session.provider - self.keymanager = KeyManager(leap_session.account_email(), nicknym_url, soledad, - leap_session.session_id, leap_session.leap_home + '/ca.crt', provider.api_uri, leap_session.api_version, - leap_session.uuid, leap_session.leap_config.gpg_binary) - - -class SoledadSessionFactory(object): - @classmethod - def create(cls, provider, srp_session, encryption_passphrase): - return SoledadSession(provider, encryption_passphrase, srp_session) - - -class SoledadSession(object): - def __init__(self, provider, encryption_passphrase, leap_srp_session): - self.provider = provider - self.config = provider.config - self.leap_srp_session = leap_srp_session - - self.soledad = self._init_soledad(encryption_passphrase) - - def _init_soledad(self, encryption_passphrase): - try: - server_url = self._discover_soledad_server() - - self._create_database_dir() - secrets = self._secrets_path() - local_db = self._local_db_path() - - return Soledad(self.leap_srp_session.uuid, unicode(encryption_passphrase), secrets, - local_db, server_url, which_bundle(self.provider), self.leap_srp_session.token) - - except (WrongMac, UnknownMacMethod, MacMethods), e: - raise SoledadWrongPassphraseException(e) - - def _leap_path(self): - return "%s/soledad" % self.config.leap_home - - def _secrets_path(self): - return "%s/%s.secret" % (self._leap_path(), self.leap_srp_session.uuid) - - def _local_db_path(self): - return "%s/%s.db" % (self._leap_path(), self.leap_srp_session.uuid) - - def _create_database_dir(self): - try: - os.makedirs(self._leap_path()) - except OSError as exc: - if exc.errno == errno.EEXIST and os.path.isdir(self._leap_path()): - pass - else: - raise - - def sync(self): - if self.soledad.need_sync(self.soledad.server_url): - self.soledad.sync() - - def _discover_soledad_server(self): - try: - json_data = self.provider.fetch_soledad_json() - - hosts = json_data['hosts'] - host = hosts.keys()[0] - server_url = 'https://%s:%d/user-%s' % \ - (hosts[host]['hostname'], hosts[host]['port'], - self.leap_srp_session.uuid) - return server_url - except Exception, e: - raise SoledadDiscoverException(e) diff --git a/service/app/pixelated_user_agent.py b/service/app/pixelated_user_agent.py deleted file mode 100644 index 80c97bbb..00000000 --- a/service/app/pixelated_user_agent.py +++ /dev/null @@ -1,141 +0,0 @@ -import json -import datetime -import dateutil.parser as dateparser - -from flask import Flask -from flask import request -from flask import Response - -import app.reactor_manager as reactor_manager -import app.search_query as search_query -from app.adapter.mail_service import MailService -from app.adapter.pixelated_mail import PixelatedMail -from app.tags import Tags - -app = Flask(__name__, static_url_path='', static_folder='../../web-ui/app') - -mail_service = MailService() -account = None - - -def respond_json(entity): - response = json.dumps(entity) - return Response(response=response, mimetype="application/json") - - -@app.route('/disabled_features') -def disabled_features(): - return respond_json([ - 'saveDraft', - 'replySection', - 'signatureStatus', - 'encryptionStatus', - 'contacts' - ]) - - -@app.route('/mails', methods=['POST']) -def save_draft_or_send(): - ident = None - if 'sent' in request.json['tags']: - ident = mail_service.send_draft(converter.to_mail(request.json, account)) - else: - ident = mail_service.save_draft(converter.to_mail(request.json, account)) - return respond_json({'ident': ident}) - - -@app.route('/mails', methods=['PUT']) -def update_draft(): - raw_mail = json.parse(request.json) - ident = mail_service.update_mail(raw_mail) - return respond_json({'ident': ident}) - - -@app.route('/mails') -def mails(): - query = search_query.compile(request.args.get("q")) if request.args.get("q") else {'tags': {}} - - mails = mail_service.mails(query) - - if "inbox" in query['tags']: - mails = [mail for mail in mails if not mail.has_tag('trash')] - - mails = sorted(mails, key=lambda mail: mail.date, reverse=True) - - mails = [mail.as_dict() for mail in mails] - - response = { - "stats": { - "total": len(mails), - "read": 0, - "starred": 0, - "replied": 0 - }, - "mails": mails - } - - return respond_json(response) - - -@app.route('/mail/', methods=['DELETE']) -def delete_mails(mail_id): - mail_service.delete_mail(mail_id) - return respond_json(None) - - -@app.route('/tags') -def tags(): - tags = mail_service.all_tags() - return respond_json(tags.as_dict()) - - -@app.route('/mail/') -def mail(mail_id): - mail = mail_service.mail(mail_id) - return respond_json(mail.as_dict()) - - -@app.route('/mail//tags', methods=['POST']) -def mail_tags(mail_id): - new_tags = request.get_json()['newtags'] - tags = mail_service.update_tags(mail_id, new_tags) - tag_names = [tag.name for tag in tags] - return respond_json(tag_names) - - -@app.route('/mail//read', methods=['POST']) -def mark_mail_as_read(mail_id): - mail_service.mark_as_read(mail_id) - return "" - - -@app.route('/contacts') -def contacts(): - query = search_query.compile(request.args.get("q")) - desired_contacts = [converter.from_contact(contact) for contact in mail_service.all_contacts(query)] - return respond_json({'contacts': desired_contacts}) - - -@app.route('/draft_reply_for/') -def draft_reply_for(mail_id): - draft = mail_service.draft_reply_for(mail_id) - if draft: - return respond_json(converter.from_mail(draft)) - else: - return respond_json(None) - - -@app.route('/') -def index(): - return app.send_static_file('index.html') - - -def setup(): - reactor_manager.start_reactor() - app.config.from_envvar('PIXELATED_UA_CFG') - account = app.config['ACCOUNT'] - app.run(host=app.config['HOST'], debug=app.config['DEBUG'], port=app.config['PORT']) - - -if __name__ == '__main__': - setup() diff --git a/service/app/reactor_manager.py b/service/app/reactor_manager.py deleted file mode 100644 index 01f7f545..00000000 --- a/service/app/reactor_manager.py +++ /dev/null @@ -1,26 +0,0 @@ -import signal -import sys -from threading import Thread -from twisted.internet import reactor - - -def signal_handler(signal, frame): - stop_reactor_on_exit() - sys.exit(0) - - -def start_reactor(): - def start_reactor_run(): - reactor.run(False) - - global REACTOR_THREAD - REACTOR_THREAD = Thread(target=start_reactor_run) - REACTOR_THREAD.start() - - -def stop_reactor_on_exit(): - reactor.callFromThread(reactor.stop) - global REACTOR_THREAD - REACTOR_THREAD = None - -signal.signal(signal.SIGINT, signal_handler) diff --git a/service/app/search_query.py b/service/app/search_query.py deleted file mode 100644 index d31129ba..00000000 --- a/service/app/search_query.py +++ /dev/null @@ -1,42 +0,0 @@ -from scanner import StringScanner, StringRegexp -import re - - -def compile(query): - compiled = {"tags": [], "not_tags": []} - sanitized_query = re.sub(r"['\"]", "", query.encode('utf8')) - scanner = StringScanner(sanitized_query) - first_token = True - while not scanner.is_eos: - token = scanner.scan(_next_token()) - - if not token: - scanner.skip(_separators()) - continue - - if ":" in token: - compiled = _compile_tag(compiled, token) - elif first_token: - compiled["general"] = token - - if not first_token: - first_token = True - - return compiled - - -def _next_token(): - return StringRegexp('[^\s]+') - - -def _separators(): - return StringRegexp('[\s&]+') - - -def _compile_tag(compiled, token): - tag = token.split(":").pop() - if token[0] == "-": - compiled["not_tags"].append(tag) - else: - compiled["tags"].append(tag) - return compiled diff --git a/service/app/tags.py b/service/app/tags.py deleted file mode 100644 index 7452b7d6..00000000 --- a/service/app/tags.py +++ /dev/null @@ -1,60 +0,0 @@ -import json - - -class Tag: - - def __init__(self, name, default=False): - self.name = name - self.default = default - self.ident = name.__hash__() - - def __eq__(self, other): - return self.name == other.name - - def __hash__(self): - return self.name.__hash__() - - def as_dict(self): - return { - 'name': self.name, - 'default': self.default, - 'ident': self.ident, - 'counts': { - 'total': 0, - 'read': 0, - 'starred': 0, - 'replied': 0 - } - } - - -class Tags: - - SPECIAL_TAGS = ['inbox', 'sent', 'drafts', 'trash'] - - def __init__(self): - self.tags = {} - self.create_default_tags() - - def create_default_tags(self): - for name in self.SPECIAL_TAGS: - self.tags[name] = self.add(name) - - def add(self, tag_input): - if tag_input.__class__.__name__ == 'Tag': - tag_input = tag_input.name - tag = Tag(tag_input, tag_input in self.SPECIAL_TAGS) - self.tags[tag_input] = tag - return tag - - def find(self, name): - return self.tags[name] - - def __len__(self): - return len(self.tags) - - def __iter__(self): - return self.tags.itervalues() - - def as_dict(self): - return [tag.as_dict() for tag in self.tags.values()] diff --git a/service/go b/service/go index d0d83096..a937b8b1 100755 --- a/service/go +++ b/service/go @@ -1,5 +1,5 @@ #!/usr/bin/env python -from app.pixelated_user_agent import setup +from pixelated.user_agent import setup import os os.environ['PIXELATED_UA_CFG']='../config/pixelated_ua.cfg' setup() diff --git a/service/pixelated/__init__.py b/service/pixelated/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/service/pixelated/adapter/__init__.py b/service/pixelated/adapter/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/service/pixelated/adapter/mail_service.py b/service/pixelated/adapter/mail_service.py new file mode 100644 index 00000000..6498a2e7 --- /dev/null +++ b/service/pixelated/adapter/mail_service.py @@ -0,0 +1,98 @@ +import traceback +import sys +import os +from twisted.internet import defer +from pixelated.bitmask_libraries.config import LeapConfig +from pixelated.bitmask_libraries.provider import LeapProvider +from pixelated.bitmask_libraries.session import LeapSessionFactory +from pixelated.bitmask_libraries.auth import LeapCredentials +from pixelated.adapter.pixelated_mail import PixelatedMail +from pixelated.tags import Tags + + +class MailService: + + def __init__(self): + try: + self.username = 'testuser_a003' + self.password = 'testpassword' + self.server_name = 'example.wazokazi.is' + self.mailbox_name = 'INBOX' + self.certs_home = os.path.join(os.path.abspath("."), "leap") + self.tags = Tags() + self._open_leap_session() + except: + traceback.print_exc(file=sys.stdout) + raise + + def _open_leap_session(self): + self.leap_config = LeapConfig(certs_home=self.certs_home) + self.provider = LeapProvider(self.server_name, self.leap_config) + self.leap_session = LeapSessionFactory(self.provider).create(LeapCredentials(self.username, self.password)) + self.account = self.leap_session.account + self.mailbox = self.account.getMailbox(self.mailbox_name) + + def mails(self, query): + mails = self.mailbox.messages or [] + mails = [PixelatedMail(mail) for mail in mails] + return mails + + def update_tags(self, mail_id, new_tags): + mail = self.mail(mail_id) + new_tags = mail.update_tags(new_tags) + self._update_flags(new_tags, mail_id) + self._update_tag_list(new_tags) + return new_tags + + def _update_tag_list(self, tags): + for tag in tags: + self.tags.add(tag) + + def _update_flags(self, new_tags, mail_id): + new_tags_flag_name = ['tag_' + tag.name for tag in new_tags] + self.set_flags(mail_id, new_tags_flag_name) + + def set_flags(self, mail_id, new_tags_flag_name): + observer = defer.Deferred() + self.mailbox.messages.set_flags(self.mailbox, [mail_id], tuple(new_tags_flag_name), 1, observer) + + def mail(self, mail_id): + for message in self.mailbox.messages: + if message.getUID() == int(mail_id): + return PixelatedMail(message) + + def all_tags(self): + return self.tags + + def thread(self, thread_id): + raise NotImplementedError() + + def mark_as_read(self, mail_id): + raise NotImplementedError() + + def tags_for_thread(self, thread): + raise NotImplementedError() + + def add_tag_to_thread(self, thread_id, tag): + raise NotImplementedError() + + def remove_tag_from_thread(self, thread_id, tag): + raise NotImplementedError() + + def delete_mail(self, mail_id): + raise NotImplementedError() + + def save_draft(self, draft): + raise NotImplementedError() + + def send_draft(self, draft): + raise NotImplementedError() + + def draft_reply_for(self, mail_id): + raise NotImplementedError() + + def all_contacts(self, query): + raise NotImplementedError() + + def drafts(self): + raise NotImplementedError() diff --git a/service/pixelated/adapter/pixelated_mail.py b/service/pixelated/adapter/pixelated_mail.py new file mode 100644 index 00000000..49a045f2 --- /dev/null +++ b/service/pixelated/adapter/pixelated_mail.py @@ -0,0 +1,82 @@ +from pixelated.tags import Tag +from pixelated.tags import Tags +import dateutil.parser as dateparser + + +class PixelatedMail: + + LEAP_FLAGS = ['\\Seen', + '\\Answered', + '\\Flagged', + '\\Deleted', + '\\Draft', + '\\Recent', + 'List'] + + LEAP_FLAGS_STATUSES = { + '\\Seen': 'read', + '\\Answered': 'replied' + } + + LEAP_FLAGS_TAGS = { + '\\Deleted': 'trash', + '\\Draft': 'drafts', + '\\Recent': 'inbox' + } + + def __init__(self, leap_mail): + self.leap_mail = leap_mail + self.body = leap_mail.bdoc.content['raw'] + self.headers = self.extract_headers() + self.date = dateparser.parse(self.headers['date']) + self.ident = leap_mail.getUID() + self.status = self.extract_status() + self.security_casing = {} + self.tags = self.extract_tags() + + def extract_status(self): + flags = self.leap_mail.getFlags() + return [converted for flag, converted in self.LEAP_FLAGS_STATUSES.items() if flag in flags] + + def extract_headers(self): + temporary_headers = {} + for header, value in self.leap_mail.hdoc.content['headers'].items(): + temporary_headers[header.lower()] = value + if(temporary_headers.get('to') is not None): + temporary_headers['to'] = [temporary_headers['to']] + return temporary_headers + + def extract_tags(self): + flags = self.leap_mail.getFlags() + tag_names = self._converted_tags(flags) + self._custom_tags(flags) + tags = [] + for tag in tag_names: + tags.append(Tag(tag)) + return tags + + def _converted_tags(self, flags): + return [converted for flag, converted in self.LEAP_FLAGS_TAGS.items() if flag in flags] + + def _custom_tags(self, flags): + return [self._remove_prefix(flag) for flag in self.leap_mail.getFlags() if flag.startswith('tag_')] + + def _remove_prefix(self, flag_name): + return flag_name.replace('tag_', '', 1) + + def update_tags(self, tags): + self.tags = [Tag(tag) for tag in tags] + return self.tags + + def has_tag(self, tag): + return Tag(tag) in self.tags + + def as_dict(self): + tags = [tag.name for tag in self.tags] + return { + 'header': self.headers, + 'ident': self.ident, + 'tags': tags, + 'status': self.status, + 'security_casing': self.security_casing, + 'body': self.body + } diff --git a/service/pixelated/bitmask_libraries/__init__.py b/service/pixelated/bitmask_libraries/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/service/pixelated/bitmask_libraries/auth.py b/service/pixelated/bitmask_libraries/auth.py new file mode 100644 index 00000000..0b963587 --- /dev/null +++ b/service/pixelated/bitmask_libraries/auth.py @@ -0,0 +1,27 @@ +from .leap_srp import LeapSecureRemotePassword +from .certs import which_bundle + +USE_PASSWORD = None + + +class LeapCredentials(object): + def __init__(self, user_name, password, db_passphrase=USE_PASSWORD): + self.user_name = user_name + self.password = password + self.db_passphrase = db_passphrase if db_passphrase is not None else password + + +class LeapAuthenticator(object): + def __init__(self, provider): + self._provider = provider + + def authenticate(self, credentials): + config = self._provider.config + srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) + srp_session = srp.authenticate(self._provider.api_uri, credentials.user_name, credentials.password) + return srp_session + + def register(self, credentials): + config = self._provider.config + srp = LeapSecureRemotePassword(ca_bundle=which_bundle(self._provider), timeout_in_s=config.timeout_in_s) + srp.register(self._provider.api_uri, credentials.user_name, credentials.password) diff --git a/service/pixelated/bitmask_libraries/certs.py b/service/pixelated/bitmask_libraries/certs.py new file mode 100644 index 00000000..22a95591 --- /dev/null +++ b/service/pixelated/bitmask_libraries/certs.py @@ -0,0 +1,33 @@ +import os + +from leap.common import ca_bundle + +from .config import AUTO_DETECT_CA_BUNDLE + + +def which_bundle(provider): + return LeapCertificate(provider).auto_detect_ca_bundle() + + +class LeapCertificate(object): + def __init__(self, provider): + self._config = provider.config + self._server_name = provider.server_name + self._certs_home = self._config.certs_home + + def auto_detect_ca_bundle(self): + if self._config.ca_cert_bundle == AUTO_DETECT_CA_BUNDLE: + local_cert = self._local_server_cert() + if local_cert: + return local_cert + else: + return ca_bundle.where() + else: + return self._config.ca_cert_bundle + + def _local_server_cert(self): + cert_file = os.path.join(self._certs_home, '%s.ca.crt' % self._server_name) + if os.path.isfile(cert_file): + return cert_file + else: + return None diff --git a/service/pixelated/bitmask_libraries/config.py b/service/pixelated/bitmask_libraries/config.py new file mode 100644 index 00000000..63524389 --- /dev/null +++ b/service/pixelated/bitmask_libraries/config.py @@ -0,0 +1,67 @@ +import os +from os.path import expanduser +from distutils.spawn import find_executable + + +def discover_gpg_binary(): + path = find_executable('gpg') + if path is None: + raise Exception('Did not find a gpg executable!') + + if os.path.islink(path): + path = os.path.realpath(path) + + return path + + +DEFAULT_LEAP_HOME = os.path.join(expanduser("~"), '.leap') + +SYSTEM_CA_BUNDLE = True +AUTO_DETECT_CA_BUNDLE = None + + +class LeapConfig(object): + """ + LEAP client configuration + + """ + + def __init__(self, leap_home=DEFAULT_LEAP_HOME, ca_cert_bundle=AUTO_DETECT_CA_BUNDLE, verify_ssl=True, + fetch_interval_in_s=30, + timeout_in_s=15, start_background_jobs=True, gpg_binary=discover_gpg_binary(), certs_home=None): + """ + Constructor. + + :param server_name: The LEAP server name, e.g. demo.leap.se + :type server_name: str + + :param user_name: The LEAP account user name, normally the first part of your email, e.g. foobar for foobar@demo.leap.se + :type user_name: str + + :param user_password: The LEAP account password + :type user_password: str + + :param db_passphrase: The passphrase used to encrypt the local soledad database + :type db_passphrase: str + + :param verify_ssl: Set to false to disable strict SSL certificate validation + :type verify_ssl: bool + + :param fetch_interval_in_s: Polling interval for fetching incoming mail from LEAP server + :type fetch_interval_in_s: int + + :param timeout_in_s: Timeout for network operations, e.g. HTTP calls + :type timeout_in_s: int + + :param gpg_binary: Path to the GPG binary (must not be a symlink) + :type gpg_binary: str + + """ + self.leap_home = leap_home + self.certs_home = certs_home + self.ca_cert_bundle = ca_cert_bundle + self.verify_ssl = verify_ssl + self.timeout_in_s = timeout_in_s + self.start_background_jobs = start_background_jobs + self.gpg_binary = gpg_binary + self.fetch_interval_in_s = fetch_interval_in_s diff --git a/service/pixelated/bitmask_libraries/leap_srp.py b/service/pixelated/bitmask_libraries/leap_srp.py new file mode 100644 index 00000000..2590e731 --- /dev/null +++ b/service/pixelated/bitmask_libraries/leap_srp.py @@ -0,0 +1,131 @@ +import binascii +import json +import requests + +from requests import Session +from srp import User, srp, create_salted_verification_key +from requests.exceptions import HTTPError, SSLError, Timeout +from config import SYSTEM_CA_BUNDLE + +REGISTER_USER_LOGIN_KEY = 'user[login]' +REGISTER_USER_VERIFIER_KEY = 'user[password_verifier]' +REGISTER_USER_SALT_KEY = 'user[password_salt]' + + +class LeapAuthException(Exception): + def __init__(self, *args, **kwargs): + super(LeapAuthException, self).__init__(*args, **kwargs) + + +class LeapSRPSession(object): + def __init__(self, user_name, api_server_name, uuid, token, session_id, api_version='1'): + self.user_name = user_name + self.api_server_name = api_server_name + self.uuid = uuid + self.token = token + self.session_id = session_id + self.api_version = api_version + + def __str__(self): + return 'LeapSRPSession(%s, %s, %s, %s, %s, %s)' % (self.user_name, self.api_server_name, self.uuid, self.token, self.session_id, self.api_version) + + +class LeapSecureRemotePassword(object): + def __init__(self, hash_alg=srp.SHA256, ng_type=srp.NG_1024, ca_bundle=SYSTEM_CA_BUNDLE, timeout_in_s=15, + leap_api_version='1'): + + self.hash_alg = hash_alg + self.ng_type = ng_type + self.timeout_in_s = timeout_in_s + self.ca_bundle = ca_bundle + self.leap_api_version = leap_api_version + + def authenticate(self, api_uri, username, password): + session = Session() + try: + return self._authenticate_with_session(session, api_uri, username, password) + except Timeout, e: + raise LeapAuthException(e) + finally: + session.close() + + def _authenticate_with_session(self, http_session, api_uri, username, password): + try: + srp_user = User(username.encode('utf-8'), password.encode('utf-8'), self.hash_alg, self.ng_type) + + salt, B_challenge = self._begin_authentication(srp_user, http_session, api_uri) + M2_verfication_code, leap_session = self._process_challenge(srp_user, http_session, api_uri, salt, + B_challenge) + self._verify_session(srp_user, M2_verfication_code) + + return leap_session + except (HTTPError, SSLError), e: + raise LeapAuthException(e) + + def _begin_authentication(self, user, session, api_uri): + _, A = user.start_authentication() + + auth_data = { + "login": user.get_username(), + "A": binascii.hexlify(A) + } + session_url = '%s/%s/sessions' % (api_uri, self.leap_api_version) + response = session.post(session_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s) + response.raise_for_status() + json_content = json.loads(response.content) + + salt = _safe_unhexlify(json_content.get('salt')) + B = _safe_unhexlify(json_content.get('B')) + + return salt, B + + def _process_challenge(self, user, session, api_uri, salt, B): + M = user.process_challenge(salt, B) + + auth_data = { + "client_auth": binascii.hexlify(M) + } + + auth_url = '%s/%s/sessions/%s' % (api_uri, self.leap_api_version, user.get_username()) + response = session.put(auth_url, data=auth_data, verify=self.ca_bundle, timeout=self.timeout_in_s) + response.raise_for_status() + auth_json = json.loads(response.content) + + M2 = _safe_unhexlify(auth_json.get('M2')) + uuid = auth_json.get('id') + token = auth_json.get('token') + session_id = response.cookies.get('_session_id') + + return M2, LeapSRPSession(user.get_username(), api_uri, uuid, token, session_id) + + def _verify_session(self, user, M2): + user.verify_session(M2) + if not user.authenticated(): + raise LeapAuthException() + + def register(self, api_uri, username, password): + try: + salt, verifier = create_salted_verification_key(username, password, self.hash_alg, self.ng_type) + return self._post_registration_data(api_uri, username, salt, verifier) + except (HTTPError, SSLError, Timeout), e: + raise LeapAuthException(e) + + def _post_registration_data(self, api_uri, username, salt, verifier): + users_url = '%s/%s/users' % (api_uri, self.leap_api_version) + + user_data = { + REGISTER_USER_LOGIN_KEY: username, + REGISTER_USER_SALT_KEY: binascii.hexlify(salt), + REGISTER_USER_VERIFIER_KEY: binascii.hexlify(verifier) + } + + response = requests.post(users_url, data=user_data, verify=self.ca_bundle, timeout=self.timeout_in_s) + response.raise_for_status() + reg_json = json.loads(response.content) + + return reg_json['ok'] + + +def _safe_unhexlify(hex_str): + return binascii.unhexlify(hex_str) \ + if (len(hex_str) % 2 == 0) else binascii.unhexlify('0' + hex_str) diff --git a/service/pixelated/bitmask_libraries/nicknym.py b/service/pixelated/bitmask_libraries/nicknym.py new file mode 100644 index 00000000..c4939e9a --- /dev/null +++ b/service/pixelated/bitmask_libraries/nicknym.py @@ -0,0 +1,35 @@ +from leap.keymanager import KeyManager, openpgp, KeyNotFound +from .certs import which_bundle + + +class NickNym(object): + def __init__(self, provider, config, soledad_session, srp_session): + nicknym_url = _discover_nicknym_server(provider) + self._email = '%s@%s' % (srp_session.user_name, provider.domain) + self.keymanager = KeyManager('%s@%s' % (srp_session.user_name, provider.domain), nicknym_url, + soledad_session.soledad, + srp_session.token, which_bundle(provider), provider.api_uri, + provider.api_version, + srp_session.uuid, config.gpg_binary) + + def generate_openpgp_key(self): + if not self._key_exists(self._email): + self._gen_key() + self._send_key_to_leap() + + def _key_exists(self, email): + try: + self.keymanager.get_key(email, openpgp.OpenPGPKey, private=True, fetch_remote=False) + return True + except KeyNotFound: + return False + + def _gen_key(self): + self.keymanager.gen_key(openpgp.OpenPGPKey) + + def _send_key_to_leap(self): + self.keymanager.send_key(openpgp.OpenPGPKey) + + +def _discover_nicknym_server(provider): + return 'https://nicknym.%s:6425/' % provider.domain diff --git a/service/pixelated/bitmask_libraries/provider.py b/service/pixelated/bitmask_libraries/provider.py new file mode 100644 index 00000000..b130af89 --- /dev/null +++ b/service/pixelated/bitmask_libraries/provider.py @@ -0,0 +1,111 @@ +import json + +from leap.common.certs import get_digest +import requests + +from .certs import which_bundle + + +class LeapProvider(object): + def __init__(self, server_name, config): + self.server_name = server_name + self.config = config + + self.provider_json = self.fetch_provider_json() + + @property + def api_uri(self): + return self.provider_json.get('api_uri') + + @property + def ca_cert_fingerprint(self): + return self.provider_json.get('ca_cert_fingerprint') + + @property + def ca_cert_uri(self): + return self.provider_json.get('ca_cert_uri') + + @property + def api_version(self): + return self.provider_json.get('api_version') + + @property + def domain(self): + return self.provider_json.get('domain') + + @property + def services(self): + return self.provider_json.get('services') + + def __hash__(self): + return hash(self.server_name) + + def __eq__(self, other): + return self.server_name == other.server_name + + def ensure_supports_mx(self): + if 'mx' not in self.services: + raise Exception + + def download_certificate_to(self, filename): + """ + Downloads the server certificate, validates it against the provided fingerprint and stores it to file + """ + cert = self.fetch_valid_certificate() + with open(filename, 'w') as out: + out.write(cert) + + def fetch_valid_certificate(self): + cert = self._fetch_certificate() + self.validate_certificate(cert) + return cert + + def _fetch_certificate(self): + session = requests.session() + try: + cert_url = '%s/ca.crt' % self._provider_base_url() + response = session.get(cert_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response.raise_for_status() + + cert_data = response.content + return cert_data + finally: + session.close() + + def validate_certificate(self, cert_data=None): + if cert_data is None: + cert_data = self._fetch_certificate() + + parts = str(self.ca_cert_fingerprint).split(':') + method = parts[0].strip() + fingerprint = parts[1].strip() + + digest = get_digest(cert_data, method) + + if fingerprint.strip() != digest: + raise Exception('Certificate fingerprints don\'t match') + + def fetch_provider_json(self): + url = '%s/provider.json' % self._provider_base_url() + response = requests.get(url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response.raise_for_status() + + json_data = json.loads(response.content) + return json_data + + def fetch_soledad_json(self): + service_url = "%s/%s/config/soledad-service.json" % ( + self.api_uri, self.api_version) + response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response.raise_for_status() + return json.loads(response.content) + + def fetch_smtp_json(self): + service_url = '%s/%s/config/smtp-service.json' % ( + self.api_uri, self.api_version) + response = requests.get(service_url, verify=which_bundle(self), timeout=self.config.timeout_in_s) + response.raise_for_status() + return json.loads(response.content) + + def _provider_base_url(self): + return 'https://%s' % self.server_name diff --git a/service/pixelated/bitmask_libraries/session.py b/service/pixelated/bitmask_libraries/session.py new file mode 100644 index 00000000..4e1dd397 --- /dev/null +++ b/service/pixelated/bitmask_libraries/session.py @@ -0,0 +1,156 @@ +import os +import errno +import traceback +from leap.mail.imap.fetch import LeapIncomingMail +from leap.mail.imap.account import SoledadBackedAccount +import sys +from leap.mail.imap.memorystore import MemoryStore +from leap.mail.imap.soledadstore import SoledadStore +from twisted.internet import reactor +from .nicknym import NickNym + +from .auth import LeapAuthenticator +from .soledad import SoledadSessionFactory, SoledadSession +from .smtp import LeapSmtp + +SESSIONS = {} + + +class LeapSession(object): + """ + A LEAP session. + + + Properties: + + - ``leap_config`` the configuration for this session (LeapClientConfig). + + - ``srp_session`` the secure remote password session to authenticate with LEAP. See http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol (LeapSecureRemotePassword) + + - ``soledad_session`` the soledad session. See https://leap.se/soledad (LeapSecureRemotePassword) + + - ``nicknym`` the nicknym instance. See https://leap.se/nicknym (NickNym) + + - ``account`` the actual leap mail account. Implements Twisted imap4.IAccount and imap4.INamespacePresenter (SoledadBackedAccount) + + - ``incoming_mail_fetcher`` Background job for fetching incoming mails from LEAP server (LeapIncomingMail) + """ + + def __init__(self, provider, srp_session, soledad_session, nicknym, soledad_account, incoming_mail_fetcher): + """ + Constructor. + + :param leap_config: The config for this LEAP session + :type leap_config: LeapConfig + + """ + self.config = provider.config + self.provider = provider + self.srp_session = srp_session + self.soledad_session = soledad_session + self.nicknym = nicknym + self.account = soledad_account + self.incoming_mail_fetcher = incoming_mail_fetcher + + if self.config.start_background_jobs: + self.start_background_jobs() + + def account_email(self): + domain = self.provider.domain + name = self.srp_session.user_name + return '%s@%s' % (name, domain) + + def close(self): + self.stop_background_jobs() + + def start_background_jobs(self): + reactor.callFromThread(self.incoming_mail_fetcher.start_loop) + + def stop_background_jobs(self): + reactor.callFromThread(self.incoming_mail_fetcher.stop) + + def sync(self): + try: + self.soledad_session.sync() + except: + traceback.print_exc(file=sys.stderr) + raise + + +class LeapSessionFactory(object): + def __init__(self, provider): + self._provider = provider + self._config = provider.config + + def create(self, credentials): + key = self._session_key(credentials) + session = self._lookup_session(key) + if not session: + session = self._create_new_session(credentials) + self._remember_session(key, session) + + return session + + def _create_new_session(self, credentials): + self._create_dir(self._provider.config.leap_home) + self._provider.download_certificate_to('%s/ca.crt' % self._provider.config.leap_home) + + auth = LeapAuthenticator(self._provider).authenticate(credentials) + soledad = SoledadSessionFactory.create(self._provider, auth, credentials.db_passphrase) + + nicknym = self._create_nicknym(auth, soledad) + account = self._create_account(auth, soledad) + incoming_mail_fetcher = self._create_incoming_mail_fetcher(nicknym, soledad, + account, auth) + + smtp = self._create_smtp_service(nicknym, auth) + smtp.start() + + session = LeapSession(self._provider, auth, soledad, nicknym, account, incoming_mail_fetcher) + + return session + + def _lookup_session(self, key): + global SESSIONS + if key in SESSIONS: + return SESSIONS[key] + else: + return None + + def _remember_session(self, key, session): + global SESSIONS + SESSIONS[key] = session + + def _session_key(self, credentials): + return hash((self._provider, credentials.user_name)) + + def _create_dir(self, path): + try: + os.makedirs(path) + except OSError as exc: + if exc.errno == errno.EEXIST and os.path.isdir(path): + pass + else: + raise + + def _create_soledad_session(self, srp_session, db_passphrase): + return SoledadSession(self._provider, db_passphrase, srp_session) + + def _create_nicknym(self, srp_session, soledad_session): + return NickNym(self._provider, self._config, soledad_session, srp_session) + + def _create_account(self, srp_session, soledad_session): + memstore = MemoryStore(permanent_store=SoledadStore(soledad_session.soledad)) + return SoledadBackedAccount(srp_session.uuid, soledad_session.soledad, memstore) + + def _create_incoming_mail_fetcher(self, nicknym, soledad_session, account, auth): + return LeapIncomingMail(nicknym.keymanager, soledad_session.soledad, account, + self._config.fetch_interval_in_s, self._account_email(auth)) + + def _create_smtp_service(self, nicknym, auth): + return LeapSmtp(self._provider, nicknym.keymanager, auth) + + def _account_email(self, auth): + domain = self._provider.domain + name = auth.user_name + return '%s@%s' % (name, domain) diff --git a/service/pixelated/bitmask_libraries/smtp.py b/service/pixelated/bitmask_libraries/smtp.py new file mode 100644 index 00000000..f07a4838 --- /dev/null +++ b/service/pixelated/bitmask_libraries/smtp.py @@ -0,0 +1,81 @@ +import os +import requests +from .certs import which_bundle +from leap.mail.smtp import setup_smtp_gateway +import random + + +class LeapSmtp(object): + + SMTP_PORT = 2014 + + def __init__(self, provider, keymanager=None, leap_srp_session=None): + self._provider = provider + self._keymanager = keymanager + self._srp_session = leap_srp_session + self._hostname, self._port = self._discover_smtp_server() + self._smtp_port = None + self._smtp_service = None + self._twisted_port = 10000 + int(random.random() * 5000) + + def smtp_info(self): + return ('localhost', LeapSmtp.SMTP_PORT) + + def _discover_smtp_server(self): + json_data = self._provider.fetch_smtp_json() + hosts = json_data['hosts'] + hostname = hosts.keys()[0] + host = hosts[hostname] + + hostname = host['hostname'] + port = host['port'] + + return hostname, port + + def _download_client_certificates(self): + cert_path = self._client_cert_path() + + if not os.path.exists(os.path.dirname(cert_path)): + os.makedirs(os.path.dirname(cert_path)) + + session = requests.session() + cert_url = '%s/%s/cert' % (self._provider.api_uri, self._provider.api_version) + cookies = {"_session_id": self._srp_session.session_id} + + response = requests.get(cert_url, verify=which_bundle(self._provider), cookies=cookies, timeout=self._provider.config.timeout_in_s) + response.raise_for_status() + + client_cert = response.content + + with open(cert_path, 'w') as f: + f.write(client_cert) + + def _client_cert_path(self): + return os.path.join( + self._provider.config.leap_home, + "providers", + self._provider.domain, + "keys", "client", "smtp.pem") + + def start(self): + self._download_client_certificates() + cert_path = self._client_cert_path() + email = '%s@%s' % (self._srp_session.user_name, self._provider.domain) + + self._smtp_service, self._smtp_port = setup_smtp_gateway( + port=(self._twisted_port), + userid=email, + keymanager=self._keymanager, + smtp_host=self._hostname.encode('UTF-8'), + smtp_port=self._port, + smtp_cert=cert_path, + smtp_key=cert_path, + encrypted_only=False + ) + + def stop(self): + if self._smtp_service is not None: + self._smtp_port.stopListening() + self._smtp_service.doStop() + self._smtp_port = None + self._smtp_service = None diff --git a/service/pixelated/bitmask_libraries/soledad.py b/service/pixelated/bitmask_libraries/soledad.py new file mode 100644 index 00000000..132e671f --- /dev/null +++ b/service/pixelated/bitmask_libraries/soledad.py @@ -0,0 +1,95 @@ +import json +import os +import errno +from leap.keymanager import KeyManager +from leap.soledad.client import Soledad +from leap.soledad.common.crypto import WrongMac, UnknownMacMethod, MacMethods +import requests +import sys +import time +from .certs import which_bundle + +SOLEDAD_TIMEOUT = 120 +SOLEDAD_CERT = '/tmp/ca.crt' + + +class SoledadDiscoverException(Exception): + def __init__(self, *args, **kwargs): + super(SoledadDiscoverException, self).__init__(*args, **kwargs) + + +class SoledadWrongPassphraseException(Exception): + def __init__(self, *args, **kwargs): + super(SoledadWrongPassphraseException, self).__init__(*args, **kwargs) + + +class LeapKeyManager(object): + def __init__(self, soledad, leap_session, nicknym_url): + provider = leap_session.provider + self.keymanager = KeyManager(leap_session.account_email(), nicknym_url, soledad, + leap_session.session_id, leap_session.leap_home + '/ca.crt', provider.api_uri, leap_session.api_version, + leap_session.uuid, leap_session.leap_config.gpg_binary) + + +class SoledadSessionFactory(object): + @classmethod + def create(cls, provider, srp_session, encryption_passphrase): + return SoledadSession(provider, encryption_passphrase, srp_session) + + +class SoledadSession(object): + def __init__(self, provider, encryption_passphrase, leap_srp_session): + self.provider = provider + self.config = provider.config + self.leap_srp_session = leap_srp_session + + self.soledad = self._init_soledad(encryption_passphrase) + + def _init_soledad(self, encryption_passphrase): + try: + server_url = self._discover_soledad_server() + + self._create_database_dir() + secrets = self._secrets_path() + local_db = self._local_db_path() + + return Soledad(self.leap_srp_session.uuid, unicode(encryption_passphrase), secrets, + local_db, server_url, which_bundle(self.provider), self.leap_srp_session.token) + + except (WrongMac, UnknownMacMethod, MacMethods), e: + raise SoledadWrongPassphraseException(e) + + def _leap_path(self): + return "%s/soledad" % self.config.leap_home + + def _secrets_path(self): + return "%s/%s.secret" % (self._leap_path(), self.leap_srp_session.uuid) + + def _local_db_path(self): + return "%s/%s.db" % (self._leap_path(), self.leap_srp_session.uuid) + + def _create_database_dir(self): + try: + os.makedirs(self._leap_path()) + except OSError as exc: + if exc.errno == errno.EEXIST and os.path.isdir(self._leap_path()): + pass + else: + raise + + def sync(self): + if self.soledad.need_sync(self.soledad.server_url): + self.soledad.sync() + + def _discover_soledad_server(self): + try: + json_data = self.provider.fetch_soledad_json() + + hosts = json_data['hosts'] + host = hosts.keys()[0] + server_url = 'https://%s:%d/user-%s' % \ + (hosts[host]['hostname'], hosts[host]['port'], + self.leap_srp_session.uuid) + return server_url + except Exception, e: + raise SoledadDiscoverException(e) diff --git a/service/pixelated/reactor_manager.py b/service/pixelated/reactor_manager.py new file mode 100644 index 00000000..01f7f545 --- /dev/null +++ b/service/pixelated/reactor_manager.py @@ -0,0 +1,26 @@ +import signal +import sys +from threading import Thread +from twisted.internet import reactor + + +def signal_handler(signal, frame): + stop_reactor_on_exit() + sys.exit(0) + + +def start_reactor(): + def start_reactor_run(): + reactor.run(False) + + global REACTOR_THREAD + REACTOR_THREAD = Thread(target=start_reactor_run) + REACTOR_THREAD.start() + + +def stop_reactor_on_exit(): + reactor.callFromThread(reactor.stop) + global REACTOR_THREAD + REACTOR_THREAD = None + +signal.signal(signal.SIGINT, signal_handler) diff --git a/service/pixelated/search_query.py b/service/pixelated/search_query.py new file mode 100644 index 00000000..d31129ba --- /dev/null +++ b/service/pixelated/search_query.py @@ -0,0 +1,42 @@ +from scanner import StringScanner, StringRegexp +import re + + +def compile(query): + compiled = {"tags": [], "not_tags": []} + sanitized_query = re.sub(r"['\"]", "", query.encode('utf8')) + scanner = StringScanner(sanitized_query) + first_token = True + while not scanner.is_eos: + token = scanner.scan(_next_token()) + + if not token: + scanner.skip(_separators()) + continue + + if ":" in token: + compiled = _compile_tag(compiled, token) + elif first_token: + compiled["general"] = token + + if not first_token: + first_token = True + + return compiled + + +def _next_token(): + return StringRegexp('[^\s]+') + + +def _separators(): + return StringRegexp('[\s&]+') + + +def _compile_tag(compiled, token): + tag = token.split(":").pop() + if token[0] == "-": + compiled["not_tags"].append(tag) + else: + compiled["tags"].append(tag) + return compiled diff --git a/service/pixelated/tags.py b/service/pixelated/tags.py new file mode 100644 index 00000000..7452b7d6 --- /dev/null +++ b/service/pixelated/tags.py @@ -0,0 +1,60 @@ +import json + + +class Tag: + + def __init__(self, name, default=False): + self.name = name + self.default = default + self.ident = name.__hash__() + + def __eq__(self, other): + return self.name == other.name + + def __hash__(self): + return self.name.__hash__() + + def as_dict(self): + return { + 'name': self.name, + 'default': self.default, + 'ident': self.ident, + 'counts': { + 'total': 0, + 'read': 0, + 'starred': 0, + 'replied': 0 + } + } + + +class Tags: + + SPECIAL_TAGS = ['inbox', 'sent', 'drafts', 'trash'] + + def __init__(self): + self.tags = {} + self.create_default_tags() + + def create_default_tags(self): + for name in self.SPECIAL_TAGS: + self.tags[name] = self.add(name) + + def add(self, tag_input): + if tag_input.__class__.__name__ == 'Tag': + tag_input = tag_input.name + tag = Tag(tag_input, tag_input in self.SPECIAL_TAGS) + self.tags[tag_input] = tag + return tag + + def find(self, name): + return self.tags[name] + + def __len__(self): + return len(self.tags) + + def __iter__(self): + return self.tags.itervalues() + + def as_dict(self): + return [tag.as_dict() for tag in self.tags.values()] diff --git a/service/pixelated/user_agent.py b/service/pixelated/user_agent.py new file mode 100644 index 00000000..b70ed37c --- /dev/null +++ b/service/pixelated/user_agent.py @@ -0,0 +1,141 @@ +import json +import datetime +import dateutil.parser as dateparser + +from flask import Flask +from flask import request +from flask import Response + +import pixelated.reactor_manager as reactor_manager +import pixelated.search_query as search_query +from pixelated.adapter.mail_service import MailService +from pixelated.adapter.pixelated_mail import PixelatedMail +from pixelated.tags import Tags + +app = Flask(__name__, static_url_path='', static_folder='../../web-ui/app') + +mail_service = MailService() +account = None + + +def respond_json(entity): + response = json.dumps(entity) + return Response(response=response, mimetype="application/json") + + +@app.route('/disabled_features') +def disabled_features(): + return respond_json([ + 'saveDraft', + 'replySection', + 'signatureStatus', + 'encryptionStatus', + 'contacts' + ]) + + +@app.route('/mails', methods=['POST']) +def save_draft_or_send(): + ident = None + if 'sent' in request.json['tags']: + ident = mail_service.send_draft(converter.to_mail(request.json, account)) + else: + ident = mail_service.save_draft(converter.to_mail(request.json, account)) + return respond_json({'ident': ident}) + + +@app.route('/mails', methods=['PUT']) +def update_draft(): + raw_mail = json.parse(request.json) + ident = mail_service.update_mail(raw_mail) + return respond_json({'ident': ident}) + + +@app.route('/mails') +def mails(): + query = search_query.compile(request.args.get("q")) if request.args.get("q") else {'tags': {}} + + mails = mail_service.mails(query) + + if "inbox" in query['tags']: + mails = [mail for mail in mails if not mail.has_tag('trash')] + + mails = sorted(mails, key=lambda mail: mail.date, reverse=True) + + mails = [mail.as_dict() for mail in mails] + + response = { + "stats": { + "total": len(mails), + "read": 0, + "starred": 0, + "replied": 0 + }, + "mails": mails + } + + return respond_json(response) + + +@app.route('/mail/', methods=['DELETE']) +def delete_mails(mail_id): + mail_service.delete_mail(mail_id) + return respond_json(None) + + +@app.route('/tags') +def tags(): + tags = mail_service.all_tags() + return respond_json(tags.as_dict()) + + +@app.route('/mail/') +def mail(mail_id): + mail = mail_service.mail(mail_id) + return respond_json(mail.as_dict()) + + +@app.route('/mail//tags', methods=['POST']) +def mail_tags(mail_id): + new_tags = request.get_json()['newtags'] + tags = mail_service.update_tags(mail_id, new_tags) + tag_names = [tag.name for tag in tags] + return respond_json(tag_names) + + +@app.route('/mail//read', methods=['POST']) +def mark_mail_as_read(mail_id): + mail_service.mark_as_read(mail_id) + return "" + + +@app.route('/contacts') +def contacts(): + query = search_query.compile(request.args.get("q")) + desired_contacts = [converter.from_contact(contact) for contact in mail_service.all_contacts(query)] + return respond_json({'contacts': desired_contacts}) + + +@app.route('/draft_reply_for/') +def draft_reply_for(mail_id): + draft = mail_service.draft_reply_for(mail_id) + if draft: + return respond_json(converter.from_mail(draft)) + else: + return respond_json(None) + + +@app.route('/') +def index(): + return app.send_static_file('index.html') + + +def setup(): + reactor_manager.start_reactor() + app.config.from_envvar('PIXELATED_UA_CFG') + account = app.config['ACCOUNT'] + app.run(host=app.config['HOST'], debug=app.config['DEBUG'], port=app.config['PORT']) + + +if __name__ == '__main__': + setup() diff --git a/service/setup.py b/service/setup.py new file mode 100644 index 00000000..2e575d84 --- /dev/null +++ b/service/setup.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python + +from setuptools import setup +import os + +def read(fname): + return open(os.path.join(os.path.dirname(__file__), fname)).read() + +setup(name='Pixelated User Agent Service', + version='0.1', + description='API to serve the pixelated front-end requests', + long_description=read('README.md'), + author='Thoughtworks', + author_email='pixelated-team@thoughtworks.com', + url='http://pixelated-project.github.io', + packages=['pixelated'], + install_requires=[ + 'scrypt', + 'Twisted==12.2.0', + 'flask==0.10.1', + 'scanner==0.0.5', + 'requests==2.3.0', + 'pytest==2.6.0', + 'mock==1.0.1', + 'httmock==1.2.2', + 'srp==1.0.4', + 'dirspec==13.10', + 'u1db==13.09', + 'leap.keymanager==0.3.8', + 'leap.soledad.common==0.5.2', + 'leap.soledad.client==0.5.2', + 'leap.mail==0.3.9-1-gc1f9c92', + ], + ) -- cgit v1.2.3