Mercurial > libervia-backend
view libervia/cli/cmd_encryption.py @ 4212:5f2d496c633f
core: get rid of `pickle`:
Use of `pickle` to serialise data was a technical legacy that was causing trouble to store
in database, to update (if a class was serialised, a change could break update), and to
security (pickle can lead to code execution).
This patch remove all use of Pickle in favour in JSON, notably:
- for caching data, a Pydantic model is now used instead
- for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation
- in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and
`to_dict` method have been implemented to do serialisation.
- new methods to (de)serialise data can now be specified with Identity data types. It is
notably used to (de)serialise `path` of avatars.
A migration script has been created to convert data (for upgrade or downgrade), with
special care for XEP-0373 case. Depending of size of database, this migration script can
be long to run.
rel 443
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 23 Feb 2024 13:31:04 +0100 |
parents | 47401850dec6 |
children | 0d7bb4df2343 |
line wrap: on
line source
#!/usr/bin/env python3 # Libervia CLI # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. from libervia.cli import base from libervia.cli.constants import Const as C from libervia.backend.core.i18n import _ from libervia.backend.tools.common import data_format from libervia.cli import xmlui_manager __commands__ = ["Encryption"] class EncryptionAlgorithms(base.CommandBase): def __init__(self, host): extra_outputs = {"default": self.default_output} super(EncryptionAlgorithms, self).__init__( host, "algorithms", use_output=C.OUTPUT_LIST_DICT, extra_outputs=extra_outputs, use_profile=False, help=_("show available encryption algorithms")) def add_parser_options(self): pass def default_output(self, plugins): if not plugins: self.disp(_("No encryption plugin registered!")) else: self.disp(_("Following encryption algorithms are available: {algos}").format( algos=', '.join([p['name'] for p in plugins]))) async def start(self): try: plugins_ser = await self.host.bridge.encryption_plugins_get() plugins = data_format.deserialise(plugins_ser, type_check=list) except Exception as e: self.disp(f"can't retrieve plugins: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) else: await self.output(plugins) self.host.quit() class EncryptionGet(base.CommandBase): def __init__(self, host): super(EncryptionGet, self).__init__( host, "get", use_output=C.OUTPUT_DICT, help=_("get encryption session data")) def add_parser_options(self): self.parser.add_argument( "jid", help=_("jid of the entity to check") ) async def start(self): jids = await self.host.check_jids([self.args.jid]) jid = jids[0] try: serialised = await self.host.bridge.message_encryption_get(jid, self.profile) except Exception as e: self.disp(f"can't get session: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) session_data = data_format.deserialise(serialised) if session_data is None: self.disp( "No encryption session found, the messages are sent in plain text.") self.host.quit(C.EXIT_NOT_FOUND) await self.output(session_data) self.host.quit() class EncryptionStart(base.CommandBase): def __init__(self, host): super(EncryptionStart, self).__init__( host, "start", help=_("start encrypted session with an entity")) def add_parser_options(self): self.parser.add_argument( "--encrypt-noreplace", action="store_true", help=_("don't replace encryption algorithm if an other one is already used")) algorithm = self.parser.add_mutually_exclusive_group() algorithm.add_argument( "-n", "--name", help=_("algorithm name (DEFAULT: choose automatically)")) algorithm.add_argument( "-N", "--namespace", help=_("algorithm namespace (DEFAULT: choose automatically)")) self.parser.add_argument( "jid", help=_("jid of the entity to stop encrypted session with") ) async def start(self): if self.args.name is not None: try: namespace = await self.host.bridge.encryption_namespace_get(self.args.name) except Exception as e: self.disp(f"can't get encryption namespace: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) elif self.args.namespace is not None: namespace = self.args.namespace else: namespace = "" jids = await self.host.check_jids([self.args.jid]) jid = jids[0] try: await self.host.bridge.message_encryption_start( jid, namespace, not self.args.encrypt_noreplace, self.profile) except Exception as e: self.disp(f"can't get encryption namespace: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) self.host.quit() class EncryptionStop(base.CommandBase): def __init__(self, host): super(EncryptionStop, self).__init__( host, "stop", help=_("stop encrypted session with an entity")) def add_parser_options(self): self.parser.add_argument( "jid", help=_("jid of the entity to stop encrypted session with") ) async def start(self): jids = await self.host.check_jids([self.args.jid]) jid = jids[0] try: await self.host.bridge.message_encryption_stop(jid, self.profile) except Exception as e: self.disp(f"can't end encrypted session: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) self.host.quit() class TrustUI(base.CommandBase): def __init__(self, host): super(TrustUI, self).__init__( host, "ui", help=_("get UI to manage trust")) def add_parser_options(self): self.parser.add_argument( "jid", help=_("jid of the entity to stop encrypted session with") ) algorithm = self.parser.add_mutually_exclusive_group() algorithm.add_argument( "-n", "--name", help=_("algorithm name (DEFAULT: current algorithm)")) algorithm.add_argument( "-N", "--namespace", help=_("algorithm namespace (DEFAULT: current algorithm)")) async def start(self): if self.args.name is not None: try: namespace = await self.host.bridge.encryption_namespace_get(self.args.name) except Exception as e: self.disp(f"can't get encryption namespace: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) elif self.args.namespace is not None: namespace = self.args.namespace else: namespace = "" jids = await self.host.check_jids([self.args.jid]) jid = jids[0] try: xmlui_raw = await self.host.bridge.encryption_trust_ui_get( jid, namespace, self.profile) except Exception as e: self.disp(f"can't get encryption session trust UI: {e}", error=True) self.host.quit(C.EXIT_BRIDGE_ERRBACK) xmlui = xmlui_manager.create(self.host, xmlui_raw) await xmlui.show() if xmlui.type != C.XMLUI_DIALOG: await xmlui.submit_form() self.host.quit() class EncryptionTrust(base.CommandBase): subcommands = (TrustUI,) def __init__(self, host): super(EncryptionTrust, self).__init__( host, "trust", use_profile=False, help=_("trust manangement") ) class Encryption(base.CommandBase): subcommands = (EncryptionAlgorithms, EncryptionGet, EncryptionStart, EncryptionStop, EncryptionTrust) def __init__(self, host): super(Encryption, self).__init__( host, "encryption", use_profile=False, help=_("encryption sessions handling") )