1 # -*- coding: iso-8859-1 -*- 2 """ 3 MoinMoin - PostMessage Action 4 5 @copyright: 2012 by Paul Boddie <paul@boddie.org.uk> 6 @license: GNU GPL (v2 or later), see COPYING.txt for details. 7 """ 8 9 from MoinMoin.PageEditor import PageEditor 10 from MoinMoin.log import getLogger 11 from MoinSupport import * 12 from email.parser import Parser 13 from subprocess import Popen, PIPE 14 from tempfile import mkstemp 15 import os 16 17 try: 18 from cStringIO import StringIO 19 except ImportError: 20 from StringIO import StringIO 21 22 Dependencies = ['pages'] 23 24 class PostMessage: 25 26 "A posted message handler." 27 28 def __init__(self, pagename, request): 29 30 """ 31 On the page with the given 'pagename', use the given 'request' when 32 reading posted messages, modifying the Wiki. 33 """ 34 35 self.pagename = pagename 36 self.request = request 37 self.page = Page(request, pagename) 38 39 def do_action(self): 40 request = self.request 41 content_length = getHeader(request, "Content-Length", "HTTP") 42 if content_length: 43 content_length = int(content_length) 44 45 # Get the message. 46 47 self.handle_message(StringIO(request.read(content_length))) 48 49 def handle_message(self, message_text): 50 51 "Handle the given 'message_text'." 52 53 request = self.request 54 message = Parser().parse(message_text) 55 mimetype = message.get_content_type() 56 encoding = message.get_content_charset() 57 58 # Detect PGP/GPG-encoded payloads. 59 # See: http://tools.ietf.org/html/rfc3156 60 61 # NOTE: RFC 3156 states that signed messages should employ a detached 62 # NOTE: signature but then shows "BEGIN PGP MESSAGE" for signatures 63 # NOTE: instead of "BEGIN PGP SIGNATURE". 64 65 if mimetype == "multipart/signed" and \ 66 message.get_param("protocol") == "application/pgp-signature": 67 68 try: 69 content, signature = message.get_payload() 70 except ValueError: 71 writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") 72 request.write("There must be a content part and a signature for signed uploads.") 73 return 74 75 # Verify the message format. 76 77 if signature.get_content_type() != "application/pgp-signature": 78 writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") 79 request.write("Signature data must be provided in the second part as application/pgp-signature.") 80 return 81 82 # Locate the keyring. 83 84 homedir = getattr(request.cfg, "postmessage_gpg_homedir") 85 if not homedir: 86 writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") 87 request.write("Encoded data cannot currently be understood. Please notify the site administrator.") 88 return 89 90 # Write the detached signature and content to files. 91 92 signature_fd, signature_filename = mkstemp() 93 content_fd, content_filename = mkstemp() 94 try: 95 signature_fp = os.fdopen(signature_fd, "w") 96 content_fp = os.fdopen(content_fd, "w") 97 try: 98 signature_fp.write(signature.get_payload()) 99 content_fp.write(content.as_string()) 100 finally: 101 signature_fp.close() 102 content_fp.close() 103 104 # Verify the message text. 105 106 cmd = Popen(["gpg", "--homedir", homedir, "--verify", signature_filename, content_filename], 107 stdout=PIPE, stderr=PIPE) 108 109 errors = cmd.stderr.read() 110 if errors: 111 getLogger(__name__).warning(errors) 112 113 # Handle the embedded message. 114 115 try: 116 # With a zero return code, accept the message. 117 118 if not cmd.wait(): 119 self.handle_parsed_message(content) 120 121 # Otherwise, reject the unverified message. 122 123 else: 124 writeHeaders(request, "text/plain", getMetadata(self.page), "403 Forbidden") 125 request.write("The message could not be verified.") 126 127 finally: 128 cmd.stdout.close() 129 cmd.stderr.close() 130 131 finally: 132 os.remove(signature_filename) 133 os.remove(content_filename) 134 135 # Reject unsigned payloads. 136 137 else: 138 writeHeaders(request, "text/plain", getMetadata(self.page), "415 Unsupported Media Type") 139 request.write("Only PGP/GPG-signed payloads are supported.") 140 141 def handle_plaintext_message(self, message_text): 142 143 "Handle the given 'message_text'." 144 145 message = Parser().parse(message_text) 146 self.handle_parsed_message(message) 147 148 def handle_parsed_message(self, message): 149 150 "Handle the given 'message_text'." 151 152 request = self.request 153 154 # Handle a single part. 155 156 if not message.is_multipart(): 157 self.handle_message_parts([message], to_replace(message)) 158 159 # Handle multiple parts. 160 161 # This can be a collection of updates, with each update potentially being a 162 # collection of alternative representations. 163 164 elif is_collection(message): 165 for part in message.get_payload(): 166 if part.is_multipart(): 167 self.handle_message_parts(part.get_payload(), to_replace(part)) 168 else: 169 self.handle_message_parts([part], to_replace(part)) 170 171 # Or it can be a collection of alternative representations for a single 172 # update. 173 174 else: 175 self.handle_message_parts(message.get_payload(), to_replace(message)) 176 177 # Default output. 178 179 writeHeaders(request, "text/plain", getMetadata(self.page), "204 No Content") 180 181 def handle_message_parts(self, parts, replace): 182 183 """ 184 Handle the given message 'parts', replacing the page content if 185 'replace' is set to a true value. 186 """ 187 188 # NOTE: Should either choose preferred content types or somehow retain them 189 # NOTE: all but present one at a time. 190 191 body = [] 192 193 for part in parts: 194 mimetype = part.get_content_type() 195 encoding = part.get_content_charset() 196 if mimetype == "text/moin": 197 body.append(part.get_payload()) 198 if replace: 199 break 200 201 if not replace: 202 body.append(self.page.get_raw_body()) 203 204 page_editor = PageEditor(self.request, self.pagename) 205 page_editor.saveText("\n\n".join(body), 0) 206 207 def is_collection(message): 208 return message.get("Update-Type") == "collection" 209 210 def to_replace(message): 211 return message.get("Update-Action") == "replace" 212 213 # Action function. 214 215 def execute(pagename, request): 216 PostMessage(pagename, request).do_action() 217 218 # vim: tabstop=4 expandtab shiftwidth=4