git-annex/Assistant/WebApp/Configurators/Pairing.hs

{- git-annex assistant webapp configurator for pairing
 -
 - Copyright 2012 Joey Hess <joey@kitenet.net>
 -
 - Licensed under the GNU AGPL version 3 or higher.
 -}

{-# LANGUAGE TypeFamilies, QuasiQuotes, MultiParamTypeClasses, TemplateHaskell, OverloadedStrings, RankNTypes #-}
{-# LANGUAGE CPP #-}

module Assistant.WebApp.Configurators.Pairing where

import Assistant.Pairing
import Assistant.WebApp
import Assistant.WebApp.Types
import Assistant.WebApp.SideBar
import Utility.Yesod
#ifdef WITH_PAIRING
import Assistant.Common
import Assistant.Pairing.Network
import Assistant.Pairing.MakeRemote
import Assistant.Ssh
import Assistant.Alert
import Assistant.DaemonStatus
import Utility.Verifiable
import Utility.Network
import Annex.UUID
#endif
import Utility.UserInfo

import Yesod
import Data.Text (Text)
#ifdef WITH_PAIRING
import qualified Data.Text as T
import qualified Data.Text.Encoding as T
import qualified Data.ByteString.Lazy as B
import Data.Char
import qualified Control.Exception as E
import Control.Concurrent
#endif

{- Starts sending out pair requests. -}
getStartPairR :: Handler RepHtml
#ifdef WITH_PAIRING
getStartPairR = promptSecret Nothing $ startPairing PairReq noop pairingAlert Nothing
#else
getStartPairR = noPairing
#endif

{- Runs on the system that responds to a pair request; sets up the ssh
 - authorized key first so that the originating host can immediately sync
 - with us. -}
getFinishPairR :: PairMsg -> Handler RepHtml
#ifdef WITH_PAIRING
getFinishPairR msg = promptSecret (Just msg) $ \_ secret -> do
	liftIO $ setup
	startPairing PairAck cleanup alert uuid "" secret
	where
		alert = pairRequestAcknowledgedAlert (pairRepo msg) . Just
		setup  = setupAuthorizedKeys msg
		cleanup = removeAuthorizedKeys False $
			remoteSshPubKey $ pairMsgData msg
		uuid = Just $ pairUUID $ pairMsgData msg
#else
getFinishPairR _ = noPairing
#endif

getInprogressPairR :: SecretReminder -> Handler RepHtml
#ifdef WITH_PAIRING
getInprogressPairR s = pairPage $ do
	let secret = fromSecretReminder s
	$(widgetFile "configurators/pairing/inprogress")
#else
getInprogressPairR _ = noPairing
#endif

#ifdef WITH_PAIRING

{- Starts pairing, at either the PairReq (initiating host) or 
 - PairAck (responding host) stage.
 -
 - Displays an alert, and starts a thread sending the pairing message,
 - which will continue running until the other host responds, or until
 - canceled by the user. If canceled by the user, runs the oncancel action.
 -
 - Redirects to the pairing in progress page.
 -}
startPairing :: PairStage -> IO () -> (AlertButton -> Alert) -> Maybe UUID -> Text -> Secret -> Widget
startPairing stage oncancel alert muuid displaysecret secret = do
	urlrender <- lift getUrlRender
	reldir <- fromJust . relDir <$> lift getYesod

	sendrequests <- lift $ liftAssistant $ asIO2 $ mksendrequests urlrender
	{- Generating a ssh key pair can take a while, so do it in the
	 - background. -}
	thread <- lift $ liftAssistant $ asIO $ do
		keypair <- liftIO $ genSshKeyPair
		pairdata <- liftIO $ PairData
			<$> getHostname
			<*> myUserName
			<*> pure reldir
			<*> pure (sshPubKey keypair)
			<*> (maybe genUUID return muuid)
		let sender = multicastPairMsg Nothing secret pairdata
		let pip = PairingInProgress secret Nothing keypair pairdata stage
		startSending pip stage $ sendrequests sender
	void $ liftIO $ forkIO thread

	lift $ redirect $ InprogressPairR $ toSecretReminder displaysecret
	where
		{- Sends pairing messages until the thread is killed,
		 - and shows an activity alert while doing it.
		 -
		 - The cancel button returns the user to the HomeR. This is
		 - not ideal, but they have to be sent somewhere, and could
		 - have been on a page specific to the in-process pairing
		 - that just stopped, so can't go back there.
		 -}
		mksendrequests urlrender sender _stage = do
			tid <- liftIO myThreadId
			let selfdestruct = AlertButton
				{ buttonLabel = "Cancel"
				, buttonUrl = urlrender HomeR
				, buttonAction = Just $ const $ do
					oncancel
					killThread tid
				}
			alertDuring (alert selfdestruct) $ liftIO $ do
				_ <- E.try (sender stage) :: IO (Either E.SomeException ())
				return ()

data InputSecret = InputSecret { secretText :: Maybe Text }

{- If a PairMsg is passed in, ensures that the user enters a secret
 - that can validate it. -}
promptSecret :: Maybe PairMsg -> (Text -> Secret -> Widget) -> Handler RepHtml
promptSecret msg cont = pairPage $ do
	((result, form), enctype) <- lift $
		runFormGet $ renderBootstrap $
			InputSecret <$> aopt textField "Secret phrase" Nothing
        case result of
                FormSuccess v -> do
			let rawsecret = fromMaybe "" $ secretText v
			let secret = toSecret rawsecret
			case msg of
				Nothing -> case secretProblem secret of
					Nothing -> cont rawsecret secret
					Just problem ->
						showform form enctype $ Just problem
				Just m ->
					if verify (fromPairMsg m) secret
						then cont rawsecret secret
						else showform form enctype $ Just
							"That's not the right secret phrase."
                _ -> showform form enctype Nothing
        where
                showform form enctype mproblem = do
			let start = isNothing msg
			let badphrase = isJust mproblem
			let problem = fromMaybe "" mproblem
			let (username, hostname) = maybe ("", "")
				(\(_, v, a) -> (T.pack $ remoteUserName v, T.pack $ fromMaybe (showAddr a) (remoteHostName v)))
				(verifiableVal . fromPairMsg <$> msg)
			u <- T.pack <$> liftIO myUserName
			let sameusername = username == u
                        let authtoken = webAppFormAuthToken
                        $(widgetFile "configurators/pairing/prompt")

{- This counts unicode characters as more than one character,
 - but that's ok; they *do* provide additional entropy. -}
secretProblem :: Secret -> Maybe Text
secretProblem s
	| B.null s = Just "The secret phrase cannot be left empty. (Remember that punctuation and white space is ignored.)"
	| B.length s < 7 = Just "Enter a longer secret phrase, at least 6 characters, but really, a phrase is best! This is not a password you'll need to enter every day."
	| s == toSecret sampleQuote = Just "Speaking of foolishness, don't paste in the example I gave. Enter a different phrase, please!"
	| otherwise = Nothing

toSecret :: Text -> Secret
toSecret s = B.fromChunks [T.encodeUtf8 $ T.toLower $ T.filter isAlphaNum s]

{- From Dickens -}
sampleQuote :: Text
sampleQuote = T.unwords
	[ "It was the best of times,"
	, "it was the worst of times,"
	, "it was the age of wisdom,"
	, "it was the age of foolishness."
	]

#else

noPairing :: Handler RepHtml
noPairing = pairPage $
	$(widgetFile "configurators/pairing/disabled")

#endif

pairPage :: Widget -> Handler RepHtml
pairPage w = bootstrap (Just Config) $ do
	sideBarDisplay
	setTitle "Pairing"
	w
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
+								{- git-annex assistant webapp configurator for pairing
 								 -
 								 - Copyright 2012 Joey Hess <joey@kitenet.net>
 								 -
-												license the webapp under the AGPL 3+

This means that anyone serving up the webapp to users as a service
(ie, without providing any git-annex binary at all to the user) still needs
to provide a link to the source code for it, including any modifications
they may make.

This may make git-annex be covered by the AGPL as a whole when it is built
with the webapp. If in doubt, you should ask a lawyer.

When git-annex is built with the webapp disabled, no AGPLed code is used.
Even building in the assistant does not pull in AGPLed code.

											
										
										
											2012-09-24 18:48:47 +00:00
+								 - Licensed under the GNU AGPL version 3 or higher.
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
+								 -}
 								{-# LANGUAGE TypeFamilies, QuasiQuotes, MultiParamTypeClasses, TemplateHaskell, OverloadedStrings, RankNTypes #-}
-												added pair listener thread

											
										
										
											2012-09-08 19:07:44 +00:00
+								{-# LANGUAGE CPP #-}
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
 								module Assistant.WebApp.Configurators.Pairing where
 								import Assistant.Pairing
-												broke out fairly generic ssh stuff to Assistant.Ssh so pairing can use it too

I'd rather Utility.Ssh, but the SshData type is not sufficiently clean and
generic for Utility.

											
										
										
											2012-09-10 19:20:18 +00:00
+								import Assistant.WebApp
 								import Assistant.WebApp.Types
 								import Assistant.WebApp.SideBar
 								import Utility.Yesod
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								#ifdef WITH_PAIRING
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								import Assistant.Common
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								import Assistant.Pairing.Network
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+								import Assistant.Pairing.MakeRemote
-												broke out fairly generic ssh stuff to Assistant.Ssh so pairing can use it too

I'd rather Utility.Ssh, but the SshData type is not sufficiently clean and
generic for Utility.

											
										
										
											2012-09-10 19:20:18 +00:00
+								import Assistant.Ssh
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+								import Assistant.Alert
-												split remaining assistant types

											
										
										
											2012-10-30 18:34:48 +00:00
+								import Assistant.DaemonStatus
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+								import Utility.Verifiable
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								import Utility.Network
-												add a UUID to pair requests

Pair requests the the same UUID are part of the same pairing session,
which allows us to detect attempts to brute force the shared secret,
as that will result in pair requests with the same UUID that are
not verified with the right secret.

											
										
										
											2012-09-11 07:16:00 +00:00
+								import Annex.UUID
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								#endif
-												Use USER and HOME environment when set, and only fall back to getpwent, which doesn't work with LDAP or NIS.

											
										
										
											2012-10-25 22:17:32 +00:00
+								import Utility.UserInfo
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
 								import Yesod
 								import Data.Text (Text)
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								#ifdef WITH_PAIRING
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
+								import qualified Data.Text as T
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+								import qualified Data.Text.Encoding as T
 								import qualified Data.ByteString.Lazy as B
 								import Data.Char
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+								import qualified Control.Exception as E
 								import Control.Concurrent
-												fix build without pairing support

											
										
										
											2012-09-08 19:21:34 +00:00
+								#endif
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+								{- Starts sending out pair requests. -}
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
+								getStartPairR :: Handler RepHtml
-												added pair listener thread

											
										
										
											2012-09-08 19:07:44 +00:00
+								#ifdef WITH_PAIRING
-												pairing works!!

Finally.

Last bug fixes here: Send PairResp with same UUID in the PairReq.
Fix off-by-one in code that filters out our own pairing messages.

Also reworked the pairing alerts, which are still slightly buggy.

											
										
										
											2012-09-11 19:06:29 +00:00
+								getStartPairR = promptSecret Nothing $ startPairing PairReq noop pairingAlert Nothing
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								#else
 								getStartPairR = noPairing
 								#endif
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+								{- Runs on the system that responds to a pair request; sets up the ssh
 								 - authorized key first so that the originating host can immediately sync
 								 - with us. -}
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								getFinishPairR :: PairMsg -> Handler RepHtml
 								#ifdef WITH_PAIRING
 								getFinishPairR msg = promptSecret (Just msg) $ \_ secret -> do
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+									liftIO $ setup
-												pairing works!!

Finally.

Last bug fixes here: Send PairResp with same UUID in the PairReq.
Fix off-by-one in code that filters out our own pairing messages.

Also reworked the pairing alerts, which are still slightly buggy.

											
										
										
											2012-09-11 19:06:29 +00:00
+									startPairing PairAck cleanup alert uuid "" secret
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+									where
-												fix combining of pairing alerts

											
										
										
											2012-09-11 19:43:33 +00:00
+										alert = pairRequestAcknowledgedAlert (pairRepo msg) . Just
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+										setup  = setupAuthorizedKeys msg
 										cleanup = removeAuthorizedKeys False $
 											remoteSshPubKey $ pairMsgData msg
-												pairing works!!

Finally.

Last bug fixes here: Send PairResp with same UUID in the PairReq.
Fix off-by-one in code that filters out our own pairing messages.

Also reworked the pairing alerts, which are still slightly buggy.

											
										
										
											2012-09-11 19:06:29 +00:00
+										uuid = Just $ pairUUID $ pairMsgData msg
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								#else
 								getFinishPairR _ = noPairing
 								#endif
-												work around a bug in Yesod

The PathPiece instance for Text results in a 404 for T.empty.

											
										
										
											2012-09-11 16:26:42 +00:00
+								getInprogressPairR :: SecretReminder -> Handler RepHtml
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								#ifdef WITH_PAIRING
-												work around a bug in Yesod

The PathPiece instance for Text results in a 404 for T.empty.

											
										
										
											2012-09-11 16:26:42 +00:00
+								getInprogressPairR s = pairPage $ do
 									let secret = fromSecretReminder s
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+									$(widgetFile "configurators/pairing/inprogress")
 								#else
 								getInprogressPairR _ = noPairing
 								#endif
 								#ifdef WITH_PAIRING
 								{- Starts pairing, at either the PairReq (initiating host) or
 								 - PairAck (responding host) stage.
 								 -
 								 - Displays an alert, and starts a thread sending the pairing message,
 								 - which will continue running until the other host responds, or until
 								 - canceled by the user. If canceled by the user, runs the oncancel action.
 								 -
 								 - Redirects to the pairing in progress page.
 								 -}
-												pairing works!!

Finally.

Last bug fixes here: Send PairResp with same UUID in the PairReq.
Fix off-by-one in code that filters out our own pairing messages.

Also reworked the pairing alerts, which are still slightly buggy.

											
										
										
											2012-09-11 19:06:29 +00:00
+								startPairing :: PairStage -> IO () -> (AlertButton -> Alert) -> Maybe UUID -> Text -> Secret -> Widget
 								startPairing stage oncancel alert muuid displaysecret secret = do
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+									urlrender <- lift getUrlRender
-												keep webapp snappy by generating ssh keypair in the background

											
										
										
											2012-09-11 19:51:27 +00:00
+									reldir <- fromJust . relDir <$> lift getYesod
-												finished pushing Assistant monad into all relevant files

All temporary and old functions are removed.

											
										
										
											2012-10-30 21:14:26 +00:00
+									sendrequests <- lift $ liftAssistant $ asIO2 $ mksendrequests urlrender
-												keep webapp snappy by generating ssh keypair in the background

											
										
										
											2012-09-11 19:51:27 +00:00
+									{- Generating a ssh key pair can take a while, so do it in the
 									 - background. -}
-												finished pushing Assistant monad into all relevant files

All temporary and old functions are removed.

											
										
										
											2012-10-30 21:14:26 +00:00
+									thread <- lift $ liftAssistant $ asIO $ do
 										keypair <- liftIO $ genSshKeyPair
 										pairdata <- liftIO $ PairData
-												keep webapp snappy by generating ssh keypair in the background

											
										
										
											2012-09-11 19:51:27 +00:00
+											<$> getHostname
-												Use USER and HOME environment when set, and only fall back to getpwent, which doesn't work with LDAP or NIS.

											
										
										
											2012-10-25 22:17:32 +00:00
+											<*> myUserName
-												keep webapp snappy by generating ssh keypair in the background

											
										
										
											2012-09-11 19:51:27 +00:00
+											<*> pure reldir
 											<*> pure (sshPubKey keypair)
 											<*> (maybe genUUID return muuid)
-												keep track of the stage we're at in pairing

This avoids us responding to our own pairing messages, as well
as ignoring any out of order messages that might be received somehow.

											
										
										
											2012-09-11 16:58:00 +00:00
+										let sender = multicastPairMsg Nothing secret pairdata
 										let pip = PairingInProgress secret Nothing keypair pairdata stage
-												finished pushing Assistant monad into all relevant files

All temporary and old functions are removed.

											
										
										
											2012-10-30 21:14:26 +00:00
+										startSending pip stage $ sendrequests sender
 									void $ liftIO $ forkIO thread
-												keep webapp snappy by generating ssh keypair in the background

											
										
										
											2012-09-11 19:51:27 +00:00
-												work around a bug in Yesod

The PathPiece instance for Text results in a 404 for T.empty.

											
										
										
											2012-09-11 16:26:42 +00:00
+									lift $ redirect $ InprogressPairR $ toSecretReminder displaysecret
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+									where
 										{- Sends pairing messages until the thread is killed,
 										 - and shows an activity alert while doing it.
 										 -
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+										 - The cancel button returns the user to the HomeR. This is
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+										 - not ideal, but they have to be sent somewhere, and could
 										 - have been on a page specific to the in-process pairing
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+										 - that just stopped, so can't go back there.
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+										 -}
-												lift alertWhile

											
										
										
											2012-10-29 20:49:47 +00:00
+										mksendrequests urlrender sender _stage = do
 											tid <- liftIO myThreadId
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+											let selfdestruct = AlertButton
 												{ buttonLabel = "Cancel"
-												clean up authorized_keys handling

Including rollback of adding the key when a pairing response
gets canceled by the user.

											
										
										
											2012-09-11 04:23:34 +00:00
+												, buttonUrl = urlrender HomeR
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+												, buttonAction = Just $ const $ do
 													oncancel
 													killThread tid
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+												}
-												lift alertWhile

											
										
										
											2012-10-29 20:49:47 +00:00
+											alertDuring (alert selfdestruct) $ liftIO $ do
-												keep track of the stage we're at in pairing

This avoids us responding to our own pairing messages, as well
as ignoring any out of order messages that might be received somehow.

											
										
										
											2012-09-11 16:58:00 +00:00
+												_ <- E.try (sender stage) :: IO (Either E.SomeException ())
-												add an alert while a locally initiated pairing request is in progress

Has a button to cancel the request.

											
										
										
											2012-09-09 20:24:34 +00:00
+												return ()
-												yesod skelton and routes for pairing

yet more changes to pairing message data types

											
										
										
											2012-09-08 04:26:47 +00:00
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+								data InputSecret = InputSecret { secretText :: Maybe Text }
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								{- If a PairMsg is passed in, ensures that the user enters a secret
 								 - that can validate it. -}
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+								promptSecret :: Maybe PairMsg -> (Text -> Secret -> Widget) -> Handler RepHtml
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								promptSecret msg cont = pairPage $ do
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+									((result, form), enctype) <- lift $
 										runFormGet $ renderBootstrap $
 											InputSecret <$> aopt textField "Secret phrase" Nothing
 								        case result of
 								                FormSuccess v -> do
-												implement pair request broadcasts

Pair requests are sent on all network interfaces, and contain the best
available hostname to use to contact the host on that interface.

Added a pairing in progress page.

Revert "reduce some boilerplate using ghc extensions", because it caused
overlapping instances for Text.

											
										
										
											2012-09-08 17:04:19 +00:00
+											let rawsecret = fromMaybe "" $ secretText v
 											let secret = toSecret rawsecret
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+											case msg of
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+												Nothing -> case secretProblem secret of
-												implement pair request broadcasts

Pair requests are sent on all network interfaces, and contain the best
available hostname to use to contact the host on that interface.

Added a pairing in progress page.

Revert "reduce some boilerplate using ghc extensions", because it caused
overlapping instances for Text.

											
										
										
											2012-09-08 17:04:19 +00:00
+													Nothing -> cont rawsecret secret
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+													Just problem ->
 														showform form enctype $ Just problem
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+												Just m ->
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+													if verify (fromPairMsg m) secret
-												implement pair request broadcasts

Pair requests are sent on all network interfaces, and contain the best
available hostname to use to contact the host on that interface.

Added a pairing in progress page.

Revert "reduce some boilerplate using ghc extensions", because it caused
overlapping instances for Text.

											
										
										
											2012-09-08 17:04:19 +00:00
+														then cont rawsecret secret
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+														else showform form enctype $ Just
 															"That's not the right secret phrase."
 								                _ -> showform form enctype Nothing
 								        where
 								                showform form enctype mproblem = do
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+											let start = isNothing msg
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+											let badphrase = isJust mproblem
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+											let problem = fromMaybe "" mproblem
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+											let (username, hostname) = maybe ("", "")
-												pairing probably works now (untested)

											
										
										
											2012-09-11 01:55:59 +00:00
+												(\(_, v, a) -> (T.pack $ remoteUserName v, T.pack $ fromMaybe (showAddr a) (remoteHostName v)))
-												moved the PairStage inside the Verifiable data

											
										
										
											2012-09-09 01:06:10 +00:00
+												(verifiableVal . fromPairMsg <$> msg)
-												Use USER and HOME environment when set, and only fall back to getpwent, which doesn't work with LDAP or NIS.

											
										
										
											2012-10-25 22:17:32 +00:00
+											u <- T.pack <$> liftIO myUserName
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
+											let sameusername = username == u
 								                        let authtoken = webAppFormAuthToken
-												reorg templates

											
										
										
											2012-09-09 03:32:08 +00:00
+								                        $(widgetFile "configurators/pairing/prompt")
-												pairing passphrase entry form, validation, etc

Actually 3 forms in one, this handles the initial passphrase entry, and the
confirmation, and also varys wording if the same user or a different user
is confirming.

											
										
										
											2012-09-08 06:02:39 +00:00
 								{- This counts unicode characters as more than one character,
 								 - but that's ok; they *do* provide additional entropy. -}
 								secretProblem :: Secret -> Maybe Text
 								secretProblem s
 									| B.null s = Just "The secret phrase cannot be left empty. (Remember that punctuation and white space is ignored.)"
 									| B.length s < 7 = Just "Enter a longer secret phrase, at least 6 characters, but really, a phrase is best! This is not a password you'll need to enter every day."
 									| s == toSecret sampleQuote = Just "Speaking of foolishness, don't paste in the example I gave. Enter a different phrase, please!"
 									| otherwise = Nothing
 								toSecret :: Text -> Secret
 								toSecret s = B.fromChunks [T.encodeUtf8 $ T.toLower $ T.filter isAlphaNum s]
 								{- From Dickens -}
 								sampleQuote :: Text
 								sampleQuote = T.unwords
 									[ "It was the best of times,"
 									, "it was the worst of times,"
 									, "it was the age of wisdom,"
 									, "it was the age of foolishness."
 									]
-												implement pair request broadcasts

Pair requests are sent on all network interfaces, and contain the best
available hostname to use to contact the host on that interface.

Added a pairing in progress page.

Revert "reduce some boilerplate using ghc extensions", because it caused
overlapping instances for Text.

											
										
										
											2012-09-08 17:04:19 +00:00
-												added pair listener thread

											
										
										
											2012-09-08 19:07:44 +00:00
+								#else
 								noPairing :: Handler RepHtml
-												responding to pair requests *almost* works

											
										
										
											2012-09-10 21:53:51 +00:00
+								noPairing = pairPage $
-												reorg templates

											
										
										
											2012-09-09 03:32:08 +00:00
+									$(widgetFile "configurators/pairing/disabled")
-												added pair listener thread

											
										
										
											2012-09-08 19:07:44 +00:00
 								#endif
-												build fix with pairing disabled

											
										
										
											2012-10-26 16:56:19 +00:00
 								pairPage :: Widget -> Handler RepHtml
 								pairPage w = bootstrap (Just Config) $ do
 									sideBarDisplay
 									setTitle "Pairing"
 									w