Add the key ceremony (decidim#6967)

Co-authored-by: slickepinne <[email protected]>
Co-authored-by: Leonardo Diez <[email protected]>
Co-authored-by: Marc Riera <[email protected]>

Author: 4 people

Gemfile.lock

@@ -141,6 +141,7 @@ PATH
       i18n-tasks (~> 0.9.18)
       mdl (~> 0.5)
       nokogiri (>= 1.10.8)
+      puffing-billy (~> 2.4.0)
       puma (>= 4.3)
       rails-controller-testing (~> 1.0)
       rspec-cells (~> 0.3.4)
@@ -159,7 +160,7 @@ PATH
       webmock (~> 3.6)
       wisper-rspec (~> 1.0)
     decidim-elections (0.24.0.dev)
-      decidim-bulletin_board (= 0.2.0)
+      decidim-bulletin_board (= 0.6.1)
       decidim-core (= 0.24.0.dev)
       decidim-forms (= 0.24.0.dev)
       decidim-proposals (= 0.24.0.dev)
@@ -307,7 +308,7 @@ GEM
     browser (2.7.1)
     builder (3.2.4)
     byebug (11.1.3)
-    capybara (3.33.0)
+    capybara (3.34.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -331,7 +332,7 @@ GEM
       actionpack (>= 3.0)
       cells (>= 4.1.6, < 5.0.0)
     charlock_holmes (0.7.7)
-    chef-utils (16.6.14)
+    chef-utils (16.8.14)
     childprocess (3.0.0)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
@@ -344,6 +345,7 @@ GEM
     coffee-script-source (1.12.2)
     colorize (0.8.1)
     concurrent-ruby (1.1.7)
+    cookiejar (0.3.3)
     crack (0.4.4)
     crass (1.0.6)
     css_parser (1.7.1)
@@ -354,12 +356,11 @@ GEM
     db-query-matchers (0.9.0)
       activesupport (>= 4.0, <= 6.0)
       rspec (~> 3.0)
-    decidim-bulletin_board (0.2.0)
-      activemodel (~> 5.0, >= 5.0.0.1)
-      activesupport (~> 5.0, >= 5.0.0.1)
+    decidim-bulletin_board (0.6.1)
       byebug (~> 11.0)
       graphlient (~> 0.4.0)
-      jwt
+      jwt (~> 2.2.2)
+      rails (>= 5.0.0)
       wisper (~> 2.0.0)
     declarative-builder (0.1.0)
       declarative-option (< 0.2.0)
@@ -388,6 +389,16 @@ GEM
     doorkeeper (5.4.0)
       railties (>= 5)
     doorkeeper-i18n (4.0.1)
+    em-http-request (1.1.7)
+      addressable (>= 2.3.4)
+      cookiejar (!= 0.3.1)
+      em-socksify (>= 0.3)
+      eventmachine (>= 1.0.3)
+      http_parser.rb (>= 0.6.0)
+    em-socksify (0.3.2)
+      eventmachine (>= 1.0.0.beta.4)
+    em-synchrony (1.0.6)
+      eventmachine (>= 1.0.0.beta.1)
     equalizer (0.0.11)
     erb_lint (0.0.35)
       activesupport
@@ -402,6 +413,8 @@ GEM
     erubi (1.9.0)
     etherpad-lite (0.3.0)
       rest-client (>= 1.6)
+    eventmachine (1.2.7)
+    eventmachine_httpserver (0.2.1)
     execjs (2.7.0)
     factory_bot (4.11.1)
       activesupport (>= 3.0.0)
@@ -450,9 +463,10 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
+    http_parser.rb (0.6.0)
     i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    i18n-tasks (0.9.31)
+    i18n-tasks (0.9.33)
       activesupport (>= 4.0.2)
       ast (>= 2.1.0)
       erubi
@@ -527,7 +541,7 @@ GEM
     mixlib-cli (2.1.8)
     mixlib-config (3.0.9)
       tomlrb
-    mixlib-shellout (3.1.7)
+    mixlib-shellout (3.2.2)
       chef-utils
     msgpack (1.3.3)
     multi_json (1.15.0)
@@ -589,6 +603,14 @@ GEM
       actionmailer (>= 3)
       premailer (~> 1.7, >= 1.7.9)
     public_suffix (4.0.6)
+    puffing-billy (2.4.0)
+      addressable (~> 2.5)
+      em-http-request (~> 1.1, >= 1.1.0)
+      em-synchrony
+      eventmachine (~> 1.2)
+      eventmachine_httpserver
+      http_parser.rb (~> 0.6.0)
+      multi_json
     puma (5.0.0)
       nio4r (~> 2.0)
     racc (1.5.2)
@@ -768,7 +790,7 @@ GEM
     thor (1.0.1)
     thread_safe (0.3.6)
     tilt (2.0.10)
-    tomlrb (1.3.0)
+    tomlrb (2.0.1)
     truncato (0.7.11)
       htmlentities (~> 4.3.1)
       nokogiri (>= 1.7.0, <= 2.0)
@@ -799,7 +821,7 @@ GEM
       activemodel (>= 5.0)
       bindex (>= 0.4.0)
       railties (>= 5.0)
-    webmock (3.9.3)
+    webmock (3.11.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)

config/i18n-tasks.yml

@@ -294,6 +294,7 @@ ignore_unused:
   - decidim.debates.debate_m.commented_time_ago
   - decidim.elections.trustee_zone.trustees.show.identification_keys.upload_error.*
   - decidim.elections.feedback.answer.*
+  - decidim.elections.trustee_zone.elections.key_ceremony_steps.keys.*
   - decidim.votings.admin_log.*
 
 

decidim-dev/decidim-dev.gemspec

@@ -30,6 +30,7 @@ Gem::Specification.new do |s|
   s.add_dependency "i18n-tasks", "~> 0.9.18"
   s.add_dependency "mdl", "~> 0.5"
   s.add_dependency "nokogiri", ">= 1.10.8"
+  s.add_dependency "puffing-billy", "~> 2.4.0"
   s.add_dependency "puma", ">= 4.3"
   s.add_dependency "rails-controller-testing", "~> 1.0"
   s.add_dependency "rspec-cells", "~> 0.3.4"

decidim-dev/lib/decidim/dev/assets/public_key2.jwk

@@ -0,0 +1 @@
+{"alg":"RS256","e":"AQAB","kty":"RSA","n":"mYW4py55eHVzlAOLeWSlkX-UzFcWmPZNgt38YgfDsrWsMiF99NxeS1hHBBBAIMYVj4DdraunxwxibFZJm4B7JfLedO02pGHXWpx-VUSwRU7TKBO8KGcLIuyIsLAn4VZmcUCfOD4z4D3mOPXJFrmy_db4EQJgQnkRQdop9Nb-zExjYdw9IOnSFYdYLJ6k-g4Onu43kUIVDjBBwBlNHIkr-zpApPWhABUpSV_Vy6WAdku3ix4MyFQLQ48ljJp4KVKrw85km3x5k1p7yXpRXaeAUwdl1ucZUHgeb23ED-q2gwASAbrBLOMlrrRrexObRXlHd7gkQS4fwvLtehENY0EepaS6R9ZDGD5l8AJOlS3jGCBfQdpL9aJT05ZqmB8Vi0Fj8PgDkzselqp9eSwUBb82bp8padX9NsZPaokXLtJls8acSOPpBDwmEPAiUML7LWUwiRylimK4CVDNxulNGnBuPlYl5b4vZQHtpjBEFfKUZxI8qY1Y2qpEehaYD0oXa64yr2Hi5IVdlCOS88hqPskPttoe28cm6YVYflJP9bv4slqeu1cafDSCxX7A4PX83wDpW5gyWC3cXAPTXh2Plxlnn3p9KTae6_YPkI8Id26zkm61LpKi-CkQCvo2fHvfZI23JiSj3Y9KYZR25Ym8O9aaNBdhgvNKhB8VFlizKet3VU8"}

decidim-dev/lib/decidim/dev/test/rspec_support/component_context.rb

@@ -5,7 +5,7 @@
 
   let(:user) { create :user, :confirmed, organization: organization }
 
-  let!(:organization) { create(:organization, available_authorizations: %w(dummy_authorization_handler another_dummy_authorization_handler)) }
+  let!(:organization) { create(:organization, *organization_traits, available_authorizations: %w(dummy_authorization_handler another_dummy_authorization_handler)) }
 
   let(:participatory_process) do
     create(:participatory_process, :with_steps, organization: organization)
@@ -22,8 +22,14 @@
   let!(:category) { create :category, participatory_space: participatory_space }
   let!(:scope) { create :scope, organization: organization }
 
+  let(:organization_traits) { [] }
+
   before do
-    switch_to_host(organization.host)
+    if organization_traits.include?(:secure_context)
+      switch_to_secure_context_host
+    else
+      switch_to_host(organization.host)
+    end
   end
 
   def visit_component
@@ -32,9 +38,12 @@ def visit_component
 end
 
 shared_context "when managing a component" do
-  include_context "with a component"
+  include_context "with a component" do
+    let(:organization_traits) { component_organization_traits }
+  end
 
   let(:current_component) { component }
+  let(:component_organization_traits) { [] }
 
   before do
     login_as user, scope: :user
@@ -56,7 +65,11 @@ def edit_component_path(component)
 end
 
 shared_context "when managing a component as an admin" do
-  include_context "when managing a component"
+  include_context "when managing a component" do
+    let(:component_organization_traits) { admin_component_organization_traits }
+  end
+
+  let(:admin_component_organization_traits) { [] }
 
   let(:user) do
     create :user,

decidim-dev/lib/decidim/dev/test/rspec_support/puffing_billy.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "billy/capybara/rspec"
+
+Billy.configure do |config|
+  config.cache = true
+  config.persist_cache = true
+  config.cache_path = "spec/billy"
+  config.record_requests = true
+  config.proxied_request_connect_timeout = 20
+  config.proxied_request_inactivity_timeout = 20
+end
+
+RSpec.configure do |config|
+  config.before :each, :billy do
+    driven_by :selenium_chrome_headless_billy
+    switch_to_secure_context_host
+    WebMock::HttpLibAdapters::EmHttpRequestAdapter.disable!
+  end
+end

decidim-dev/lib/decidim/dev/test/rspec_support/vcr.rb

@@ -2,16 +2,26 @@
 
 require "vcr"
 
+module BulletinBoardVcr
+  def self.bulletin_board_uri?(uri)
+    uri.hostname == bulletin_board_uri.hostname && uri.port == bulletin_board_uri.port
+  end
+
+  def self.bulletin_board_uri
+    @bulletin_board_uri ||= URI(bulletin_board_server)
+  end
+
+  def self.bulletin_board_server
+    return "" unless defined?(Decidim::Elections)
+
+    Decidim::Elections.bulletin_board.server
+  end
+end
+
 VCR.configure do |config|
   config.default_cassette_options = { serialize_with: :json }
   config.cassette_library_dir = "spec/cassettes"
   config.hook_into :webmock
   config.configure_rspec_metadata!
-  config.ignore_request do |request|
-    if defined?(Decidim::Elections)
-      URI(request.uri).port != URI(Decidim::Elections.bulletin_board.server).port
-    else
-      true
-    end
-  end
+  config.ignore_request { |request| !BulletinBoardVcr.bulletin_board_uri?(URI(request.uri)) }
 end

decidim-dev/lib/decidim/dev/test/rspec_support/download_helper.rb decidim-dev/lib/decidim/dev/test/rspec_support/z_download_helper.rb

@@ -4,28 +4,28 @@ module DownloadHelper
   TIMEOUT = 10
   PATH = Rails.root.join("tmp/downloads").freeze
 
-  def downloads
-    Dir[PATH.join("*")]
+  def downloads(name = nil)
+    Dir[PATH.join(name || "*")]
   end
 
-  def download_path
-    wait_for_download
-    downloads.first
+  def download_path(name = nil)
+    wait_for_download(name)
+    downloads(name).first
   end
 
-  def download_content
-    wait_for_download
-    File.read(download_path)
+  def download_content(name = nil)
+    wait_for_download(name)
+    File.read(download_path(name))
   end
 
-  def wait_for_download
+  def wait_for_download(name = nil)
     Timeout.timeout(TIMEOUT) do
-      sleep 0.1 until downloaded?
+      sleep 0.1 until downloaded?(name)
     end
   end
 
-  def downloaded?
-    downloads.any? && !downloading?
+  def downloaded?(name = nil)
+    downloads(name).any? && !downloading?
   end
 
   def downloading?
@@ -40,8 +40,6 @@ def clear_downloads
 RSpec.configure do |config|
   config.include DownloadHelper, download: true
   config.before :each, download: true do
-    driven_by(:headless_chrome)
-    switch_to_default_host
     FileUtils.mkdir_p DownloadHelper::PATH.to_s
     page.driver.browser.download_path = DownloadHelper::PATH.to_s
     clear_downloads

decidim-elections/app/assets/javascripts/decidim/elections/identification_keys.js.es6

@@ -4,7 +4,7 @@
 
 ((exports) => {
   class IdentificationKeys {
-    constructor(trusteeId, storedPublicKey) {
+    constructor(trusteeUniqueId, storedPublicKey) {
       this.format = "jwk";
       this.algorithm = {
         name: "RSASSA-PKCS1-v1_5",
@@ -16,11 +16,11 @@
       this.publicKeyAttrs = ["alg", "e", "kty", "n"];
       this.jwtHeader = this._encode64(JSON.stringify({alg: "RS256", typ: "JWT"}));
 
-      this.trusteeId = trusteeId;
+      this.trusteeUniqueId = trusteeUniqueId;
       this.privateKey = null;
       this.publicKey = null;
       this.storedPublicKey = JSON.parse(storedPublicKey || null);
-      this.keyIdentifier = `${trusteeId}_identification_key`;
+      this.keyIdentifier = `${trusteeUniqueId}-private-key`;
       this.browserSupport = this._checkBrowserSupport();
       this.textEncoder = new TextEncoder("utf-8");
 
@@ -113,15 +113,14 @@
       return this._clear();
     }
 
-    sign(payload) {
+    async sign(payload) {
       if (!this.browserSupport || this.privateKey === null) {
         return false;
       }
 
       const data = `${this.jwtHeader}.${this._encode64(JSON.stringify(payload))}`;
-      const signature = this.crypto.subtle.sign(this.algorithm.name, this.privateKey, this.textEncoder.encode(data));
-
-      return `${data}.${this._encode64(signature)}`;
+      const signature = await this.crypto.subtle.sign(this.algorithm, this.privateKey, this.textEncoder.encode(data));
+      return `${data}.${btoa(Reflect.apply(String.fromCharCode, null, new Uint8Array(signature))).replace(/[=]/g, "").replace(/\+/g, "-").replace(/\//g, "_")}`;
     }
 
     _checkBrowserSupport() {

decidim-elections/app/assets/javascripts/decidim/elections/trustee_zone.js.es6

@@ -7,10 +7,10 @@ window.Decidim = window.Decidim || {};
 $(() => {
   function identificationKeys() {
     const $form = $(".trustee_zone form");
-    const $trusteeId = $("#trustee_id", $form);
+    const $trusteeUniqueId = $("#trustee_unique_id", $form);
     const $trusteePublicKey = $("#trustee_public_key", $form);
 
-    window.trusteeIdentificationKeys = new window.Decidim.IdentificationKeys(`trustee-${$trusteeId.val()}`, $trusteePublicKey.val());
+    window.trusteeIdentificationKeys = new window.Decidim.IdentificationKeys($trusteeUniqueId.val(), $trusteePublicKey.val());
     if (!window.trusteeIdentificationKeys.browserSupport) {
       $("#not_supported_browser").addClass("visible");
       return;