Mercurial > libervia-pubsub
view sat_pubsub/privilege.py @ 330:82d1259b3e36
backend, pgsql storage: better items/notification handling, various fixes:
- replaced const.VAL_AMODEL_ROSTER by const.VAL_AMODEL_PUBLISHER_ROSTER to follow change in pgsql schema
- implemented whitelist access model
- fixed bad access check during items retrieval (access was checked on recipient instead of requestor/sender)
- getItemsData and notification filtering now use inline callbacks: this make these complexe workflows far mor easy to read, and clarity is imperative in these security critical sections.
- publisher-roster access model now need to have only one owner, else it will fail. The idea is to use this model only when owner=publisher, else there is ambiguity on the roster to use to check access
- replaced getNodeOwner by node.getOwners, as a node can have several owners
- notifications filtering has been fixed in a similar way
- psql: simplified withPEP method, pep_table argument is actually not needed
- removed error.NotInRoster: error.Forbidden is used instead
- notifications now notify all the owners, not only the first one
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 26 Mar 2017 20:52:32 +0200 |
parents | c7fe09894952 |
children | 6d059f07c2d3 |
line wrap: on
line source
#!/usr/bin/python #-*- coding: utf-8 -*- # # Copyright (c) 2015 Jérôme Poisson # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # --- # This module implements XEP-0356 (Privileged Entity) to manage rosters, messages and presences from wokkel import xmppim from wokkel.compat import IQ from wokkel import pubsub from wokkel.iwokkel import IPubSubService from wokkel.subprotocols import XMPPHandler from twisted.python import log from twisted.python import failure from twisted.words.xish import domish from twisted.words.protocols.jabber import jid FORWARDED_NS = 'urn:xmpp:forward:0' PRIV_ENT_NS = 'urn:xmpp:privilege:1' PRIV_ENT_ADV_XPATH = '/message/privilege[@xmlns="{}"]'.format(PRIV_ENT_NS) ROSTER_NS = 'jabber:iq:roster' PERM_ROSTER = 'roster' PERM_MESSAGE = 'message' PERM_PRESENCE = 'presence' ALLOWED_ROSTER = ('none', 'get', 'set', 'both') ALLOWED_MESSAGE = ('none', 'outgoing') ALLOWED_PRESENCE = ('none', 'managed_entity', 'roster') TO_CHECK = {PERM_ROSTER:ALLOWED_ROSTER, PERM_MESSAGE:ALLOWED_MESSAGE, PERM_PRESENCE:ALLOWED_PRESENCE} class InvalidStanza(Exception): pass class NotAllowedError(Exception): pass class PrivilegesHandler(XMPPHandler): #FIXME: need to manage updates, and database sync #TODO: cache def __init__(self, service_jid): super(PrivilegesHandler, self).__init__() self._permissions = {PERM_ROSTER: 'none', PERM_MESSAGE: 'none', PERM_PRESENCE: 'none'} self._pubsub_service = None # FIXME: we use a hack supposing that our privilege come from hostname # and we are a component named [name].hostname # but we need to manage properly server # TODO: do proper server handling self.server_jid = jid.JID(service_jid.host.split('.', 1)[1]) @property def permissions(self): return self._permissions def connectionInitialized(self): for handler in self.parent.handlers: if IPubSubService.providedBy(handler): self._pubsub_service = handler break self.xmlstream.addObserver(PRIV_ENT_ADV_XPATH, self.onAdvertise) def onAdvertise(self, message): """Managage the <message/> advertising privileges self._permissions will be updated according to advertised privileged """ privilege_elt = message.elements(PRIV_ENT_NS, 'privilege').next() for perm_elt in privilege_elt.elements(PRIV_ENT_NS): try: if perm_elt.name != 'perm': raise InvalidStanza(u'unexpected element {}'.format(perm_elt.name)) perm_access = perm_elt['access'] perm_type = perm_elt['type'] try: if perm_type not in TO_CHECK[perm_access]: raise InvalidStanza(u'bad type [{}] for permission {}'.format(perm_type, perm_access)) except KeyError: raise InvalidStanza(u'bad permission [{}]'.format(perm_access)) except InvalidStanza as e: log.msg("Invalid stanza received ({}), setting permission to none".format(e)) for perm in self._permissions: self._permissions[perm] = 'none' break self._permissions[perm_access] = perm_type or 'none' log.msg('Privileges updated: roster={roster}, message={message}, presence={presence}'.format(**self._permissions)) ## roster ## def getRoster(self, to_jid): """ Retrieve contact list. @return: Roster as a mapping from L{JID} to L{RosterItem}. @rtype: L{twisted.internet.defer.Deferred} """ if self._permissions[PERM_ROSTER] not in ('get', 'both'): log.msg("WARNING: permission not allowed to get roster") raise failure.Failure(NotAllowedError('roster get is not allowed')) def processRoster(result): roster = {} for element in result.elements(ROSTER_NS, 'item'): item = xmppim.RosterItem.fromElement(element) roster[item.entity] = item return roster iq = IQ(self.xmlstream, 'get') iq.addElement((ROSTER_NS, 'query')) iq["to"] = to_jid.userhost() d = iq.send() d.addCallback(processRoster) return d ## message ## def sendMessage(self, priv_message, to_jid=None): """ Send privileged message (in the name of the server) @param priv_message(domish.Element): privileged message @param to_jid(jid.JID, None): main message destinee None to use our own server """ if self._permissions[PERM_MESSAGE] not in ('outgoing',): log.msg("WARNING: permission not allowed to send privileged messages") raise failure.Failure(NotAllowedError('privileged messages are not allowed')) main_message = domish.Element((None, "message")) if to_jid is None: to_jid = self.server_jid main_message['to'] = to_jid.full() privilege_elt = main_message.addElement((PRIV_ENT_NS, 'privilege')) forwarded_elt = privilege_elt.addElement((FORWARDED_NS, 'forwarded')) priv_message['xmlns'] = 'jabber:client' forwarded_elt.addChild(priv_message) self.send(main_message) def notifyPublish(self, pep_jid, nodeIdentifier, notifications): """Do notifications using privileges""" for subscriber, subscriptions, items in notifications: message = self._pubsub_service._createNotification('items', pep_jid, nodeIdentifier, subscriber, subscriptions) for item in items: item.uri = pubsub.NS_PUBSUB_EVENT message.event.items.addChild(item) self.sendMessage(message) def notifyRetract(self, pep_jid, nodeIdentifier, notifications): for subscriber, subscriptions, items in notifications: message = self._pubsub_service._createNotification('items', pep_jid, nodeIdentifier, subscriber, subscriptions) for item in items: retract = domish.Element((None, "retract")) retract['id'] = item['id'] message.event.items.addChild(retract) self.sendMessage(message) # def notifyDelete(self, service, nodeIdentifier, subscribers, # redirectURI=None): # # TODO # for subscriber in subscribers: # message = self._createNotification('delete', service, # nodeIdentifier, # subscriber) # if redirectURI: # redirect = message.event.delete.addElement('redirect') # redirect['uri'] = redirectURI # self.send(message)