1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
|
# Copyright 2009 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
# pylint: disable-msg=E0611,W0212
"""A module for CodeOfConduct (CoC) related classes.
https://launchpad.canonical.com/CodeOfConduct
"""
__metaclass__ = type
__all__ = ['CodeOfConduct', 'CodeOfConductSet', 'CodeOfConductConf',
'SignedCodeOfConduct', 'SignedCodeOfConductSet']
from datetime import datetime
import os
import pytz
from sqlobject import (
BoolCol,
ForeignKey,
StringCol,
)
from zope.component import getUtility
from zope.interface import implements
from canonical.config import config
from canonical.database.constants import UTC_NOW
from canonical.database.datetimecol import UtcDateTimeCol
from canonical.database.sqlbase import (
flush_database_updates,
quote,
SQLBase,
)
from canonical.launchpad.webapp import canonical_url
from lp.app.errors import NotFoundError
from lp.registry.interfaces.codeofconduct import (
ICodeOfConduct,
ICodeOfConductConf,
ICodeOfConductSet,
ISignedCodeOfConduct,
ISignedCodeOfConductSet,
)
from lp.registry.interfaces.gpg import IGPGKeySet
from lp.services.gpg.interfaces import (
GPGVerificationError,
IGPGHandler,
)
from lp.services.mail.sendmail import (
format_address,
simple_sendmail,
)
class CodeOfConductConf:
"""Abstract Component to store the current CoC configuration."""
implements(ICodeOfConductConf)
## XXX: cprov 2005-02-17
## Integrate this class with LaunchpadCentral configuration
## in the future.
path = 'lib/lp/registry/codesofconduct/'
prefix = 'Ubuntu Code of Conduct - '
currentrelease = '1.1'
# Set the datereleased to the date that 1.0 CoC was released,
# preserving everyone's Ubuntu Code of Conduct signatory status.
# https://launchpad.net/products/launchpad/+bug/48995
datereleased = datetime(2005, 4, 12, tzinfo=pytz.timezone("UTC"))
class CodeOfConduct:
"""CoC class model.
A set of properties allow us to properly handle the CoC stored
in the filesystem, so it's not a database class.
"""
implements(ICodeOfConduct)
def __init__(self, version):
self.version = version
# verify if the respective file containing the code of conduct exists
if not os.path.exists(self._filename):
# raise something sane
raise NotFoundError(version)
@property
def title(self):
"""Return preformatted title (config_prefix + version)."""
## XXX: cprov 2005-02-18
## Missed doctest, problems initing ZopeComponentLookupError.
# Recover the prefix for CoC from a Component
prefix = getUtility(ICodeOfConductConf).prefix
# Build a fancy title
return '%s' % prefix + self.version
@property
def content(self):
"""Return the content of the CoC file."""
fp = open(self._filename)
data = fp.read()
fp.close()
return data
@property
def current(self):
"""Is this the current release of the Code of Conduct?"""
return getUtility(ICodeOfConductConf).currentrelease == self.version
@property
def _filename(self):
"""Rebuild filename according the local version."""
# Recover the path for CoC from a Component
path = getUtility(ICodeOfConductConf).path
return os.path.join(path, self.version + '.txt')
@property
def datereleased(self):
return getUtility(ICodeOfConductConf).datereleased
class CodeOfConductSet:
"""A set of CodeOfConducts."""
implements(ICodeOfConductSet)
title = 'Launchpad Codes of Conduct'
def __getitem__(self, version):
"""See ICodeOfConductSet."""
# Create an entry point for the Admin Console
# Obviously we are excluding a CoC version called 'console'
if version == 'console':
return SignedCodeOfConductSet()
# in normal conditions return the CoC Release
try:
return CodeOfConduct(version)
except NotFoundError:
return None
def __iter__(self):
"""See ICodeOfConductSet."""
releases = []
# Recover the path for CoC from a component
cocs_path = getUtility(ICodeOfConductConf).path
# iter through files and store the CoC Object
for filename in os.listdir(cocs_path):
# Select the correct filenames
if filename.endswith('.txt'):
# Extract the version from filename
version = filename.replace('.txt', '')
releases.append(CodeOfConduct(version))
# Return the available list of CoCs objects
return iter(releases)
@property
def current_code_of_conduct(self):
# XXX kiko 2006-08-01:
# What a hack, but this whole file needs cleaning up.
currentrelease = getUtility(ICodeOfConductConf).currentrelease
for code in self:
if currentrelease == code.version:
return code
raise AssertionError("No current code of conduct registered")
class SignedCodeOfConduct(SQLBase):
"""Code of Conduct."""
implements(ISignedCodeOfConduct)
_table = 'SignedCodeOfConduct'
owner = ForeignKey(foreignKey="Person", dbName="owner", notNull=True)
signedcode = StringCol(dbName='signedcode', notNull=False, default=None)
signingkey = ForeignKey(foreignKey="GPGKey", dbName="signingkey",
notNull=False, default=None)
datecreated = UtcDateTimeCol(dbName='datecreated', notNull=True,
default=UTC_NOW)
recipient = ForeignKey(foreignKey="Person", dbName="recipient",
notNull=False, default=None)
admincomment = StringCol(dbName='admincomment', notNull=False,
default=None)
active = BoolCol(dbName='active', notNull=True, default=False)
@property
def displayname(self):
"""Build a Fancy Title for CoC."""
displayname = self.datecreated.strftime('%Y-%m-%d')
if self.signingkey:
displayname += (': digitally signed by %s (%s)'
% (self.owner.displayname,
self.signingkey.displayname))
else:
displayname += (': paper submission accepted by %s'
% self.recipient.displayname)
return displayname
def sendAdvertisementEmail(self, subject, content):
"""See ISignedCodeOfConduct."""
assert self.owner.preferredemail
template = open('lib/canonical/launchpad/emailtemplates/'
'signedcoc-acknowledge.txt').read()
fromaddress = format_address(
"Launchpad Code Of Conduct System",
config.canonical.noreply_from_address)
replacements = {'user': self.owner.displayname,
'content': content}
message = template % replacements
simple_sendmail(
fromaddress, str(self.owner.preferredemail.email),
subject, message)
class SignedCodeOfConductSet:
"""A set of CodeOfConducts"""
implements(ISignedCodeOfConductSet)
title = 'Code of Conduct Administrator Page'
def __getitem__(self, id):
"""Get a Signed CoC Entry."""
return SignedCodeOfConduct.get(id)
def __iter__(self):
"""Iterate through the Signed CoC."""
return iter(SignedCodeOfConduct.select())
def verifyAndStore(self, user, signedcode):
"""See ISignedCodeOfConductSet."""
# XXX cprov 2005-02-24:
# Are we missing the version field in SignedCoC table?
# how to figure out which CoC version is signed?
# XXX: cprov 2005-02-27:
# To be implemented:
# * Valid Person (probably always true via permission lp.AnyPerson),
# * Valid GPGKey (valid and active),
# * Person and GPGkey matches (done on DB side too),
# * CoC is the current version available, or the previous
# still-supported version in old.txt,
# * CoC was signed (correctly) by the GPGkey.
# use a utility to perform the GPG operations
gpghandler = getUtility(IGPGHandler)
try:
sane_signedcode = signedcode.encode('utf-8')
except UnicodeEncodeError:
raise TypeError('Signed Code Could not be encoded as UTF-8')
try:
sig = gpghandler.getVerifiedSignature(sane_signedcode)
except GPGVerificationError, e:
return str(e)
if not sig.fingerprint:
return ('The signature could not be verified. '
'Check that the OpenPGP key you used to sign with '
'is published correctly in the global key ring.')
gpgkeyset = getUtility(IGPGKeySet)
gpg = gpgkeyset.getByFingerprint(sig.fingerprint)
if not gpg:
return ('The key you used, which has the fingerprint <code>%s'
'</code>, is not registered in Launchpad. Please '
'<a href="%s/+editpgpkeys">follow the '
'instructions</a> and try again.'
% (sig.fingerprint, canonical_url(user)))
if gpg.owner.id != user.id:
return ('You (%s) do not seem to be the owner of this OpenPGP '
'key (<code>%s</code>).'
% (user.displayname, gpg.owner.displayname))
if not gpg.active:
return ('The OpenPGP key used (<code>%s</code>) has been '
'deactivated. '
'Please <a href="%s/+editpgpkeys">reactivate</a> it and '
'try again.'
% (gpg.displayname, canonical_url(user)))
# recover the current CoC release
coc = CodeOfConduct(getUtility(ICodeOfConductConf).currentrelease)
current = coc.content
# calculate text digest
if sig.plain_data.split() != current.split():
return ('The signed text does not match the Code of Conduct. '
'Make sure that you signed the correct text (white '
'space differences are acceptable).')
# Store the signature
signed = SignedCodeOfConduct(owner=user, signingkey=gpg,
signedcode=signedcode, active=True)
# Send Advertisement Email
subject = 'Your Code of Conduct signature has been acknowledged'
content = ('Digitally Signed by %s\n' % sig.fingerprint)
signed.sendAdvertisementEmail(subject, content)
def searchByDisplayname(self, displayname, searchfor=None):
"""See ISignedCodeOfConductSet."""
clauseTables = ['Person']
# XXX: cprov 2005-02-27:
# FTI presents problems when query by incomplete names
# and I'm not sure if the best solution here is to use
# trivial ILIKE query. Oppinion required on Review.
# glue Person and SignedCoC table
query = 'SignedCodeOfConduct.owner = Person.id'
# XXX cprov 2005-03-02:
# I'm not sure if the it is correct way to query ALL
# entries. If it is it should be part of FTI queries,
# isn't it ?
# the name shoudl work like a filter, if you don't enter anything
# you get everything.
if displayname:
query +=' AND Person.fti @@ ftq(%s)' % quote(displayname)
# Attempt to search for directive
if searchfor == 'activeonly':
query += ' AND SignedCodeOfConduct.active = true'
elif searchfor == 'inactiveonly':
query += ' AND SignedCodeOfConduct.active = false'
return SignedCodeOfConduct.select(
query, clauseTables=clauseTables,
orderBy='SignedCodeOfConduct.active')
def searchByUser(self, user_id, active=True):
"""See ISignedCodeOfConductSet."""
# XXX kiko 2006-08-14:
# What is this user_id nonsense? Use objects!
return SignedCodeOfConduct.selectBy(ownerID=user_id,
active=active)
def modifySignature(self, sign_id, recipient, admincomment, state):
"""See ISignedCodeOfConductSet."""
sign = SignedCodeOfConduct.get(sign_id)
sign.active = state
sign.admincomment = admincomment
sign.recipient = recipient.id
subject = 'Launchpad: Code Of Conduct Signature Modified'
content = ('State: %s\n'
'Comment: %s\n'
'Modified by %s'
% (state, admincomment, recipient.displayname))
sign.sendAdvertisementEmail(subject, content)
flush_database_updates()
def acknowledgeSignature(self, user, recipient):
"""See ISignedCodeOfConductSet."""
active = True
sign = SignedCodeOfConduct(owner=user, recipient=recipient,
active=active)
subject = 'Launchpad: Code Of Conduct Signature Acknowledge'
content = 'Paper Submitted acknowledge by %s' % recipient.displayname
sign.sendAdvertisementEmail(subject, content)
def getLastAcceptedDate(self):
"""See ISignedCodeOfConductSet."""
return getUtility(ICodeOfConductConf).datereleased
|