Changeset 172

Timestamp:

04/08/09 02:59:14 (15 years ago)

Author:

nanardon

Message:

• add password to session after request confirm

Location:

trunk

Files:

• lib/Vote/Controller/Admin.pm (modified) (1 diff)
• lib/Vote/Controller/Newpoll.pm (modified) (1 diff)
• lib/Vote/DB.pm (modified) (1 diff)
• lib/Vote/DB/Poll.pm (modified) (9 diffs)
• root/templates/admin/default.tt (modified) (2 diffs)
• sql/postgres.dump (modified) (previous)

trunk/lib/Vote/Controller/Admin.pm

@@ -177 +177 @@
 }
 
+sub dec: LocalRegex('^(\d+)/dec$') {
+    my ($self, $c, $id, @sub) = @_;
+    ($c->stash->{voteid}) = @{ $c->req->snippets || [] };
+    my $vote = $c->model('Vote');
+
+    $vote->vote_info($id) or do {
+        $c->res->redirect($c->uri_for('/'));
+        return;
+    };
+
+    $c->forward('auth') or return;
+    $c->stash->{page}{title} = $c->model('Vote')->vote_info(
+        $c->stash->{voteid}
+    )->{label} . ': Administration, bulletin';
+    $c->model('Vote')->poll($c->stash->{voteid})->decrypted_ballots;
+}
+
 =head1 AUTHOR
 

trunk/lib/Vote/Controller/Newpoll.pm

@@ -57 +57 @@
     if ($c->req->param('passwd')) {
         my $pid = $c->model('Vote')->poll_from_request($id, $c->req->param('passwd'));
+        $c->session->{vpassword} = $c->req->param('passwd'); # avoid auth on admin page
         $c->res->redirect($c->uri_for('/admin', $pid));
     }

trunk/lib/Vote/DB.pm

@@ -334 +334 @@
     $newpoll->execute($newpollid, $rinfo->{label}, $rinfo->{mail}, $encpasswd);
     # set some default
-    $self->vote_param($newpollid,
-        free_choice => 0,
-        choice_count => 1,
-    );     
+    $self->poll($newpollid)->setup() or do {
+        $self->db->rollback;
+        return;
+    };
 
     my $delreq = $self->db->prepare_cached(

trunk/lib/Vote/DB/Poll.pm

@@ -8 +8 @@
 use Mail::Mailer;
 use Crypt::RSA;
+use Crypt::RSA::Key::Public::SSH;
+use Crypt::RSA::Key::Private::SSH;
 use Crypt::CBC;
 use XML::Simple;
@@ -37 +39 @@
 
 sub voteid { $_[0]->{voteid} }
+
+sub setup {
+    my ($self) = @_;
+    $self->param(
+        free_choice => 0,
+        choice_count => 1,
+    );
+}
 
 sub param {
@@ -294 +304 @@
     my ($self, $choice, $fchoice) = @_;
 
+    my $uid = ($self->is_crypted
+        ? $self->_register_ballot_crypted($choice, $fchoice)
+        : $self->_register_ballot_clear($choice, $fchoice))
+        or do {
+            self->db->rollback;
+            return;
+        };
+
+    $uid
+}
+
+sub _register_ballot_clear {
+    my ($self, $choice, $fchoice, $uid) = @_;
+
     my $addb = $self->db->prepare_cached(
         q{
@@ -299 +323 @@
         }
     );
-    my $uid = Vote::DB::common::gen_uid();
+    $uid ||= Vote::DB::common::gen_uid();
     $addb->execute($uid, $self->voteid, scalar(@{$fchoice || []}) ? undef : 'f') or do {
         self->db->rollback;
@@ -336 +360 @@
 
     $uid;
+}
+
+sub _register_ballot_crypted {
+    my ($self, $choice, $fchoice) = @_;
+    my $xml = XML::Simple->new(ForceArray => 1, RootName => 'ballot');
+    my $symkey = map{ chr(rand(256)) } (1 .. (256 / 8));
+    my $cipher = new Crypt::CBC($symkey, 'DES');
+    my $ballotuid = Vote::DB::common::gen_uid();
+    my $encryptedballot = $cipher->encrypt_hex(
+        $xml->XMLout({
+            id => $ballotuid,
+            sbal => $choice,
+            fsbal => $fchoice
+        })
+    );
+    my $encsymkey = $self->rsa->encrypt (
+        Message    => $symkey,
+        Key        => $self->public_key,
+        Armour     => 1,
+    ) || die $self->rsa->errstr();
+
+    my $addenc = $self->db->prepare_cached(
+        q{insert into ballot_enc (id, data, enckey, poll) values (?,?,?,?)}
+    );
+
+    my $uid = Vote::DB::common::gen_uid();
+    $addenc->execute($uid, $encryptedballot, $encsymkey, $self->voteid);
+    $ballotuid;
+}
+
+sub _decrypted_ballot {
+    my ($self, $ballotid, $privkey) = @_;
+    my $sth = $self->db->prepare_cached(
+        q{select * from ballot_enc where id = ? for update}
+    );
+    $sth->execute($ballotid);
+    my $ballot = $sth->fetchrow_hashref;
+    $sth->finish;
+    my $encsymkey = $ballot->{enckey};
+    my $data = $ballot->{data};
+    my $symkey = $self->rsa->decrypt (
+        Cyphertext => $encsymkey,
+        Key        => $privkey,
+        Armour     => 1,
+    ) || die $self->rsa->errstr();
+    my $cipher = new Crypt::CBC($symkey, 'DES');
+    my $xmldata = XMLin($cipher->decrypt_hex($data), ForceArray => 1);
+    $self->_register_ballot_clear($xmldata->{sbal}, $xmldata->{fsbal}, $xmldata->{id});
+    my $upd = $self->db->prepare_cached(q{update ballot_enc set decrypted = true where id = ?});
+    if ($upd->execute($ballotid)) {
+        $self->db->commit;
+        return;
+    } else {
+        $self->db->rollback;
+        return 1;
+    }
+}    
+
+sub decrypted_ballots {
+    my ($self, $password) = @_;
+    my $privkey = $self->private_key($password);
+    foreach ($self->list_ballot_need_dec) {
+        $self->_decrypted_ballot($_, $privkey);
+    }
 }
 
@@ -422 +510 @@
 }
 
+sub is_crypted {
+    my ($self) = @_;
+    return $self->info->{public_key} ? 1 : 0;
+}
+
 sub ballot_count {
     my ($self) = @_;
-
-    my $sth = $self->db->prepare_cached(
-        q{
-        select count(*) from ballot where poll = ?
-        }
+    return $self->is_crypted
+        ? $self->ballot_count_crypt
+        : $self->ballot_count_clear;
+}
+
+sub ballot_count_clear {
+    my ($self) = @_;
+
+    my $sth = $self->db->prepare_cached(
+        q{select count(*) from ballot where poll = ?}
+    );
+
+    $sth->execute($self->voteid);
+    my $res = $sth->fetchrow_hashref;
+    $sth->finish;
+    $res->{count}
+}
+
+sub ballot_count_crypt {
+    my ($self) = @_;
+
+    my $sth = $self->db->prepare_cached(
+        q{select count(*) from ballot_enc where poll = ?}
     );
 
@@ -565 +676 @@
         q{
         select id from ballot where poll = ?
+        order by id
+        }
+    );
+    $sth->execute($self->voteid);
+    my @ids;
+    while (my $res = $sth->fetchrow_hashref) {
+        push(@ids, $res->{id});
+    }
+    @ids
+}
+
+sub list_ballot_enc {
+    my ($self) = @_;
+
+    my $sth = $self->db->prepare_cached(
+        q{
+        select id from ballot_enc where poll = ?
+        order by id
+        }
+    );
+    $sth->execute($self->voteid);
+    my @ids;
+    while (my $res = $sth->fetchrow_hashref) {
+        push(@ids, $res->{id});
+    }
+    @ids
+}
+
+sub list_ballot_need_dec {
+    my ($self) = @_;
+
+    my $sth = $self->db->prepare_cached(
+        q{
+        select id from ballot_enc where poll = ? and decrypted = 'false'
         order by id
         }
@@ -715 +860 @@
 
 sub gen_poll_keys {
-    my ($self) = @_;
+    my ($self, $password) = @_;
     my ($public, $private) = $self->rsa->keygen (
         Identity  => 'Epoll Vote ' . $self->voteid,
         Size      => 768,
-        Password  => undef,
+        Password  => $password,
         Verbosity => 0,
         KF=>'SSH',
@@ -732 +877 @@
     my ($self) = @_;
     my $serialize = $self->info->{public_key} or return;
-    my $pubkey = Crypt::RSA::Key::Public->new;
-    $pubkey->deserialize($serialize);
-
+    my $pubkey = Crypt::RSA::Key::Public::SSH->new;
+    $pubkey->deserialize(String => [ $serialize ]);
     $pubkey
 }
 
+sub private_key {
+    my ($self, $password) = @_;
+    my $serialize = $self->info->{private_key} or return;
+    my $privkey = Crypt::RSA::Key::Private::SSH->new;
+    $privkey->deserialize(String => [ decode_base64($serialize) ], Passphrase => $password);
+    $privkey
+}
 =head1 AUTHOR
 

trunk/root/templates/admin/default.tt

@@ -8 +8 @@
 [% IF vote.vote_status(voteid) == 'BEFORE' %]
 <table border="1">
-<tr><th>Vote</th><th>Possibilité de vote</th></tr>
+<tr><th>Vote</th><th></th></tr>
 <tr>
 <td valign="TOP">
@@ -49 +49 @@
 </td>
 <td valign="TOP">
-[% IF ! vote.vote_choices(voteid).size %]
-<p class="alert">Aucun choix configuré</p>
-[% ELSE %]
-[% FOREACH choice = vote.vote_choices(voteid) %]
-<form action="[% c.uri_for(voteid) %]" method="POST">
-[% loop.count %] - [% vote.choice_info(choice).label | html %]
-<input type="hidden" name="delch" value="[% vote.choice_info(choice).key %]">
-<input type="submit" name="del" value="Effacer">
-</form>
-<br>
-[% END %]
-[% END %]
-<form action="[% c.uri_for(voteid) %]" method="POST">
-Ajouter un choix:<br>
-<input type="text" name="addch">
-<input type="submit" value="Ajouter">
-</form>
 </td>
 </tr>