def db_update_node(store, request, language):
"""
Update and serialize the node infos
:param store: the store on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
enable_disable_languages(store, request)
if language in request["languages_enabled"]:
node_l10n = NodeL10NFactory(store)
node_l10n.update(request, language)
node = NodeFactory(store)
node.update(request)
if request["basic_auth"] and request["basic_auth_username"] != "" and request["basic_auth_password"] != "":
node.set_val("basic_auth", True)
node.set_val("basic_auth_username", request["basic_auth_username"])
node.set_val("basic_auth_password", request["basic_auth_password"])
else:
node.set_val("basic_auth", False)
db_refresh_memory_variables(store)
# TODO pass instance of db_update_node into admin_serialize
return db_admin_serialize_node(store, language)
def update_notification(session, tid, request, language):
ConfigFactory(session, tid).update('notification', request)
ConfigL10NFactory(session, tid).update('notification', request, language)
db_refresh_memory_variables(session, [tid])
return db_get_notification(session, tid, language)
def db_update_node(session, tid, user_session, request, language):
"""
Transaction to update the node configuration
:param session: An ORM session
:param tid: A tenant ID
:param user_session: The current user session
:param request: The request data
:param language: the language in which to localize data
:return: Return the serialized configuration for the specified tenant
"""
config = ConfigFactory(session, tid)
enable_escrow = not config.get_val('escrow') and request.get('escrow', False)
disable_escrow = user_session.ek and config.get_val('escrow') and not request.get('escrow', False)
config.update('node', request)
if request['enable_ricochet_panel'] and not request['ricochet_address']:
request['enable_ricochet_panel'] = False
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_admin' in request and request['ip_filter_admin_enable'] and request['ip_filter_admin']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session,
tid,
request['languages_enabled'],
request['default_language'])
if language in db_get_languages(session, tid):
ConfigL10NFactory(session, tid).update('node', request, language)
if enable_escrow:
crypto_escrow_prv_key, State.tenant_cache[tid].crypto_escrow_pub_key = GCE.generate_keypair()
user = db_get(session, models.User, models.User.id == user_session.user_id)
user.crypto_escrow_prv_key = Base64Encoder.encode(GCE.asymmetric_encrypt(user.crypto_pub_key, crypto_escrow_prv_key))
if tid == 1:
session.query(models.User).update({'password_change_needed': True}, synchronize_session=False)
else:
session.query(models.User).filter(models.User.tid == tid).update({'password_change_needed': True}, synchronize_session=False)
if disable_escrow:
if tid == 1:
session.query(models.User).update({'crypto_escrow_bkp1_key': ''}, synchronize_session=False)
else:
session.query(models.User).update({'crypto_escrow_bkp2_key': ''}, synchronize_session=False)
session.query(models.User).filter(models.User.tid == tid).update({'crypto_escrow_prv_key': ''}, synchronize_session=False)
config.set_val('crypto_escrow_pub_key', State.tenant_cache[tid].crypto_escrow_pub_key)
db_refresh_memory_variables(session, [tid])
if tid == 1:
log.setloglevel(config.get_val('log_level'))
return db_admin_serialize_node(session, tid, language)
def db_admin_update_user(session, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password:
user.hash_alg = GCE.HASH
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
user.crypto_prv_key = b''
user.crypto_pub_key = b''
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_update_node(session, tid, request, language):
"""
Update and serialize the node infos
:param session: the session on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
node = ConfigFactory(session, tid, 'node')
if tid != 1:
request['enable_signup'] = False
node.update(request)
if request['basic_auth'] and request['basic_auth_username'] and request[
'basic_auth_password']:
node.set_val(u'basic_auth', True)
node.set_val(u'basic_auth_username', request['basic_auth_username'])
node.set_val(u'basic_auth_password', request['basic_auth_password'])
else:
node.set_val(u'basic_auth', False)
db_update_enabled_languages(session, tid, request['languages_enabled'],
request['default_language'])
if language in request['languages_enabled']:
node_l10n = NodeL10NFactory(session, tid)
node_l10n.update(request, language)
db_refresh_memory_variables(session, [tid])
# TODO pass instance of db_update_node into admin_serialize
return db_admin_serialize_node(session, tid, language)
def db_admin_update_user(session, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(
models.User.username == str(request['username']),
models.User.tid == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password and not user.crypto_pub_key:
user.hash_alg = 'ARGON2'
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_create(session, desc):
t = models.Tenant()
t.active = desc['active']
session.add(t)
# required to generate the tenant id
session.flush()
appdata = load_appdata()
if t.id == 1:
db_load_defaults(session)
models.config.initialize_config(session, t.id, desc['mode'])
for var in ['mode', 'name', 'subdomain']:
db_set_config_variable(session, t.id, var, desc[var])
models.config.add_new_lang(session, t.id, 'en', appdata)
db_initialize_tenant_submission_statuses(session, t.id)
db_refresh_memory_variables(session, [t.id])
return t
def db_create(session, desc):
appdata = load_appdata()
t = models.db_forge_obj(session, models.Tenant, desc)
# required to generate/retrive the id
session.flush()
db_update_defaults(session)
models.config.system_cfg_init(session, tid=t.id)
models.config.add_new_lang(session, t.id, u'en', appdata)
file_descs = [
(u'logo', 'data/logo.png'),
(u'favicon', 'data/favicon.ico')
]
for file_desc in file_descs:
with open(os.path.join(Settings.client_path, file_desc[1]), 'r') as f:
data = base64.b64encode(f.read())
file.db_add_file(session, t.id, file_desc[0], u'', data)
db_refresh_memory_variables(session, [t.id])
return t
def db_update_node(store, request, language):
"""
Update and serialize the node infos
:param store: the store on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
enable_disable_languages(store, request)
if language in request['languages_enabled']:
node_l10n = NodeL10NFactory(store)
node_l10n.update(request, language)
node = NodeFactory(store)
node.update(request)
if request[
'basic_auth'] and request['basic_auth_username'] != '' and request[
'basic_auth_password'] != '':
node.set_val('basic_auth', True)
node.set_val('basic_auth_username', request['basic_auth_username'])
node.set_val('basic_auth_password', request['basic_auth_password'])
else:
node.set_val('basic_auth', False)
db_refresh_memory_variables(store)
# TODO pass instance of db_update_node into admin_serialize
return db_admin_serialize_node(store, language)
def _setUp(self, session):
valid_setup = test_tls.get_valid_setup()
config.db_set_config_variable(session, 1, 'https_cert', valid_setup['cert'])
config.db_set_config_variable(session, 1, 'https_enabled', True)
db_refresh_memory_variables(session)
def db_admin_update_user(session, state, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(
models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def _setUp(self, session):
valid_setup = test_tls.get_valid_setup()
config.db_set_config_variable(session, 1, 'https_cert',
valid_setup['cert'])
config.db_set_config_variable(session, 1, 'https_enabled', True)
db_refresh_memory_variables(session)
def _setUp(self, session):
valid_setup = test_tls.get_valid_setup()
config = ConfigFactory(session, 1, 'node')
config.set_val(u'https_cert', valid_setup['cert'])
config.set_val(u'https_enabled', True)
db_refresh_memory_variables(session)
def db_create(session, desc):
t = db_preallocate(session, desc)
db_initialize(session, t, desc['mode'])
db_refresh_memory_variables(session, [t.id])
return t
def _setUp(self, store):
valid_setup = test_tls.get_valid_setup()
prv_fact = PrivateFactory(store)
prv_fact.set_val(u'https_cert', valid_setup['cert'])
prv_fact.set_val(u'https_enabled', True)
db_refresh_memory_variables(store)
def db_create(session, desc):
t = db_preallocate(session, desc)
db_initialize(session, t, desc['mode'])
db_refresh_memory_variables(session, [t.id])
return t
def db_create(session, desc):
t = db_preallocate(session, desc)
t.active = True
db_initialize(session, t.id)
db_refresh_memory_variables(session, [t.id])
return t
def update(session, tid, request):
t = db_get(session, models.Tenant, models.Tenant.id == tid)
t.active = request['active']
for var in ['mode', 'name', 'subdomain']:
db_set_config_variable(session, tid, var, request[var])
db_refresh_memory_variables(session, [t.id])
return serialize_tenant(session, t)
def update(session, id, request):
tenant = models.db_get(session, models.Tenant, models.Tenant.id == id)
tenant.update(request)
# A tenant created via signup but not activated may require initialization
if not session.query(models.Config).filter(models.Config.tid == id).count():
db_initialize(session, tenant, 'default')
db_refresh_memory_variables(session, [id])
return serialize_tenant(session, tenant)
def wizard(store, request, language):
node = NodeFactory(store)
if node.get_val('wizard_done'):
# TODO report as anomaly
log.err("DANGER: Wizard already initialized!")
raise errors.ForbiddenOperation
node._query_group()
node.set_val('name', request['node']['name'])
node.set_val('default_language', language)
node.set_val('wizard_done', True)
if GLSettings.memory_copy.onionservice is not None:
node.set_val('onionservice', GLSettings.memory_copy.onionservice)
node_l10n = NodeL10NFactory(store)
node_l10n.set_val('description', language, request['node']['description'])
node_l10n.set_val('header_title_homepage', language, request['node']['name'])
context = db_create_context(store, request['context'], language)
langs_to_drop = EnabledLanguage.list(store)
langs_to_drop.remove(language)
if len(langs_to_drop):
EnabledLanguage.remove_old_langs(store, langs_to_drop)
request['receiver']['contexts'] = [context.id]
request['receiver']['language'] = language
db_create_receiver(store, request['receiver'], language)
admin_dict = {
'username': u'admin',
'password': request['admin']['password'],
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'public_name': u'Admin',
'description': u'',
'mail_address': request['admin']['mail_address'],
'language': language,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
db_create_admin_user(store, admin_dict, language)
db_refresh_memory_variables(store)
def update(session, id, request):
tenant = models.db_get(session, models.Tenant, models.Tenant.id == id)
tenant.update(request)
# A tenant created via signup but not activate may require initialization
if not session.query(models.Config).filter(models.Config.tid == id).count():
db_initialize(session, id)
db_refresh_memory_variables(session, [id])
return serialize_tenant(session, tenant)
def wizard(store, request, language):
models.db_delete(store, l10n.EnabledLanguage, l10n.EnabledLanguage.name != language)
node = config.NodeFactory(store)
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!")
raise errors.ForbiddenOperation
node._query_group()
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node_l10n = l10n.NodeL10NFactory(store)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(store, request['profile'])
receiver_desc = models.User().dict(language)
receiver_desc['username'] = u'recipient'
receiver_desc['name'] = receiver_desc['public_name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] =u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
_, receiver = db_create_receiver_user(store, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver.id]
context = db_create_context(store, context_desc, language)
admin_desc = models.User().dict(language)
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = admin_desc['public_name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] =u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_desc['password_change_needed'] = False
db_create_admin_user(store, admin_desc, language)
db_refresh_memory_variables(store)
def wizard(store, request, language):
models.db_delete(store, l10n.EnabledLanguage,
l10n.EnabledLanguage.name != language)
node = config.NodeFactory(store)
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!")
raise errors.ForbiddenOperation
node._query_group()
node.set_val(u'name', request['node']['name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node_l10n = l10n.NodeL10NFactory(store)
node_l10n.set_val(u'description', language, request['node']['description'])
node_l10n.set_val(u'header_title_homepage', language,
request['node']['name'])
profiles.load_profile(store, request['profile'])
context = db_create_context(store, request['context'], language)
request['receiver']['username'] = u'recipient'
request['receiver']['contexts'] = [context.id]
request['receiver']['language'] = language
db_create_receiver_user(store, request['receiver'], language)
admin_dict = {
'username': u'admin',
'password': request['admin']['password'],
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'public_name': u'Admin',
'description': u'',
'mail_address': request['admin']['mail_address'],
'language': language,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
db_create_admin_user(store, admin_dict, language)
db_refresh_memory_variables(store)
def db_create_admin_user(store, request, language):
"""
Creates a new admin
Returns:
(dict) the admin descriptor
"""
user = db_create_user(store, request, language)
log.debug("Created new admin")
db_refresh_memory_variables(store)
return user
def update_notification(session, tid, request, language):
config = ConfigFactory(session, tid)
if request['smtp_password'] == '':
del request['smtp_password']
config.update('notification', request)
config_l10n = ConfigL10NFactory(session, tid)
config_l10n.update('notification', request, language)
db_refresh_memory_variables(session, [tid])
return db_get_notification(session, tid, language)
def db_update_node(store, request, wizard_done, language):
"""
Update and serialize the node infos
:param store: the store on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
node = store.find(models.Node).one()
fill_localized_keys(request, models.Node.localized_keys, language)
# verify that the languages enabled are valid 'code' in the languages supported
node.languages_enabled = []
for lang_code in request['languages_enabled']:
if lang_code in LANGUAGES_SUPPORTED_CODES:
node.languages_enabled.append(lang_code)
else:
raise errors.InvalidInputFormat("Invalid lang code enabled: %s" % lang_code)
if not len(node.languages_enabled):
raise errors.InvalidInputFormat("Missing enabled languages")
# enforcing of default_language usage (need to be set, need to be _enabled)
if request['default_language']:
if request['default_language'] not in node.languages_enabled:
raise errors.InvalidInputFormat("Invalid lang code as default")
node.default_language = request['default_language']
else:
node.default_language = node.languages_enabled[0]
log.err("Default language not set!? fallback on %s" % node.default_language)
node.basic_auth = request['basic_auth']
if request['basic_auth'] and request['basic_auth_username'] != '' and request['basic_auth_password'] != '':
node.basic_auth = True
node.basic_auth_username = request['basic_auth_username']
node.basic_auth_password = request['basic_auth_password']
else:
node.basic_auth = False
if wizard_done:
node.wizard_done = True
node.update(request)
db_refresh_memory_variables(store)
return db_admin_serialize_node(store, language)
def db_update_node(session, tid, request, language):
"""
Update and serialize the node infos
:param tid:
:param request:
:param session: the session on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
config = ConfigFactory(session, tid)
config.update('node', request)
if 'basic_auth' in request and request['basic_auth'] and request[
'basic_auth_username'] and request['basic_auth_password']:
config.set_val('basic_auth', True)
config.set_val('basic_auth_username', request['basic_auth_username'])
config.set_val('basic_auth_password', request['basic_auth_password'])
else:
config.set_val('basic_auth', False)
config.set_val('basic_auth_username', '')
config.set_val('basic_auth_password', '')
if request['enable_ricochet_panel'] and not request['ricochet_address']:
request['enable_ricochet_panel'] = False
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_admin' in request and request[
'ip_filter_admin_enable'] and request['ip_filter_admin']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_admin'])
if 'ip_filter_whistleblower_enable' in request and request[
'ip_filter_whistleblower_enable'] and request[
'ip_filter_whistleblower']:
parse_csv_ip_ranges_to_ip_networks(request['ip_filter_whistleblower'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session, tid, request['languages_enabled'],
request['default_language'])
if language in models.EnabledLanguage.list(session, tid):
ConfigL10NFactory(session, tid).update('node', request, language)
db_refresh_memory_variables(session, [tid])
if tid == 1:
log.setloglevel(config.get_val('log_level'))
return db_admin_serialize_node(session, tid, language)
def update_notification(session, tid, request, language):
config = ConfigFactory(session, tid)
if request['smtp_password'] == '':
del request['smtp_password']
config.update('notification', request)
config_l10n = ConfigL10NFactory(session, tid)
config_l10n.update('notification', request, language)
if request.pop('reset_templates'):
config_l10n.reset('notification', load_appdata())
db_refresh_memory_variables(session, [tid])
return admin_serialize_notification(session, tid, language)
def update_notification(session, tid, request, language):
notif = ConfigFactory(session, tid, 'notification')
if request['smtp_password'] == '':
del request['smtp_password']
notif.update(request)
notif_l10n = NotificationL10NFactory(session, tid)
notif_l10n.update(request, language)
if request.pop('reset_templates'):
notif_l10n.reset_templates(load_appdata())
db_refresh_memory_variables(session, [tid])
return admin_serialize_notification(session, tid, language)
def update_notification(store, request, language):
notif = store.find(Notification).one()
fill_localized_keys(request, Notification.localized_keys, language)
if request['reset_templates']:
appdata_dict = load_appdata()
for k in appdata_dict['templates']:
request[k] = appdata_dict['templates'][k]
notif.update(request)
parse_pgp_options(notif, request)
db_refresh_memory_variables(store)
return admin_serialize_notification(notif, language)
def update_notification(store, request, language):
notif = store.find(Notification).one()
fill_localized_keys(request, Notification.localized_keys, language)
if request['reset_templates']:
appdata_dict = load_appdata()
for k in appdata_dict['templates']:
request[k] = appdata_dict['templates'][k]
notif.update(request)
parse_pgp_options(notif, request)
db_refresh_memory_variables(store)
return admin_serialize_notification(notif, language)
def update_notification(store, request, language):
notif = NotificationFactory(store)
notif.update(request)
smtp_pw = request.pop('smtp_password', u'')
if smtp_pw != u'':
PrivateFactory(store).set_val(u'smtp_password', smtp_pw)
notif_l10n = NotificationL10NFactory(store)
notif_l10n.update(request, language)
if request.pop('reset_templates'):
notif_l10n.reset_templates(load_appdata())
# Since the Notification object has been changed refresh the global copy.
db_refresh_memory_variables(store)
return admin_serialize_notification(store, language)
def db_update_node(store, request, wizard_done, language):
"""
Update and serialize the node infos
:param store: the store on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
node = store.find(models.Node).one()
fill_localized_keys(request, models.Node.localized_keys, language)
# verify that the languages enabled are valid 'code' in the languages supported
node.languages_enabled = []
for lang_code in request['languages_enabled']:
if lang_code in LANGUAGES_SUPPORTED_CODES:
node.languages_enabled.append(lang_code)
else:
raise errors.InvalidInputFormat("Invalid lang code enabled: %s" %
lang_code)
if not len(node.languages_enabled):
raise errors.InvalidInputFormat("Missing enabled languages")
# enforcing of default_language usage (need to be set, need to be _enabled)
if request['default_language']:
if request['default_language'] not in node.languages_enabled:
raise errors.InvalidInputFormat("Invalid lang code as default")
node.default_language = request['default_language']
else:
node.default_language = node.languages_enabled[0]
log.err("Default language not set!? fallback on %s" %
node.default_language)
if wizard_done:
node.wizard_done = True
node.update(request)
db_refresh_memory_variables(store)
return db_admin_serialize_node(store, language)
def db_update_node(session, tid, request, language, config_node):
"""
Update and serialize the node infos
:param session: the session on which perform queries.
:param language: the language in which to localize data
:return: a dictionary representing the serialization of the node
"""
node = ConfigFactory(session, tid, config_node)
node.update(request)
if 'basic_auth' in request:
if request['basic_auth'] and request[
'basic_auth_username'] and request['basic_auth_password']:
node.set_val(u'basic_auth', True)
node.set_val(u'basic_auth_username',
request['basic_auth_username'])
node.set_val(u'basic_auth_password',
request['basic_auth_password'])
else:
node.set_val(u'basic_auth', False)
# Validate that IP addresses/ranges we're getting are goo
if 'ip_filter_authenticated' in request:
if request['ip_filter_authenticated_enable'] and request[
'ip_filter_authenticated']:
# Make sure we can validate and parse the whole thing
parse_csv_ip_ranges_to_ip_networks(
request['ip_filter_authenticated'])
if 'languages_enabled' in request and 'default_language' in request:
db_update_enabled_languages(session, tid, request['languages_enabled'],
request['default_language'])
if language in models.EnabledLanguage.list(session, tid):
node_l10n = NodeL10NFactory(session, tid)
node_l10n.update(request, language)
db_refresh_memory_variables(session, [tid])
return db_admin_serialize_node(session, tid, language)
def update_notification(store, request, language):
notif_l10n = NotificationL10NFactory(store)
notif_l10n.update(request, language)
if request.pop('reset_templates'):
appdata = load_appdata()
notif_l10n.reset_templates(appdata)
smtp_pw = request.pop('smtp_password', u'')
if smtp_pw != u'':
PrivateFactory(store).set_val('smtp_password', smtp_pw)
notif = NotificationFactory(store)
notif.update(request)
parse_pgp_options(notif, request)
# Since the Notification object has been changed refresh the global copy.
db_refresh_memory_variables(store)
return admin_serialize_notification(store, language)
def update_notification(store, request, language):
notif = store.find(Notification).one()
fill_localized_keys(request, Notification.localized_keys, language)
if request['reset_templates']:
appdata_dict = load_appdata()
for k in appdata_dict['templates']:
request[k] = appdata_dict['templates'][k]
if request['password'] == u'':
log.debug('No password set. Using pw already in the DB.')
request['password'] = notif.password
notif.update(request)
parse_pgp_options(notif, request)
# Since the Notification object has been changed refresh the global copy.
db_refresh_memory_variables(store)
return admin_serialize_notification(notif, language)
def db_admin_update_user(session, state, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = models.db_get(session, models.User, models.User.tid == tid,
models.User.id == user_id)
user.update(request)
password = request['password']
if password:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.UserIdNotFound` if the user does not exist.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = models.db_get(store, models.User, id=user_id)
user.update(request)
password = request['password']
if password:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_memory_variables(store)
return user
def delete(session, id):
models.db_delete(session, models.Tenant, models.Tenant.id == id)
db_refresh_memory_variables(session, [id])
def db_wizard(session, state, tid, request, client_using_tor, language):
node = config.ConfigFactory(session, tid, 'node')
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification',
request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node.set_val(u'disable_encryption_warnings', not client_using_tor)
node_l10n = config.NodeL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
_, receiver = db_create_receiver_user(session, state, tid, receiver_desc,
language)
context_desc = models.Context().dict(language)
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver.id]
db_create_context(session, state, tid, context_desc, language)
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_desc['password_change_needed'] = False
db_create_user(session, state, tid, admin_desc, language)
db_refresh_memory_variables(session, [tid])
def set_config_variable(session, tid, var, val):
db_set_config_variable(session, tid, var, val)
db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language):
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid != 1:
root_tenant_node = config.ConfigFactory(session, 1)
else:
root_tenant_node = node
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] =u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['password'] = request['receiver_password']
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] =u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
receiver_user = db_create_user(session, tid, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['status'] = 1
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver_user.id]
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val(u'mode')
if mode != u'default':
node.set_val(u'hostname', tenant.subdomain + '.' + node.get_val(u'rootdomain'))
node.set_val(u'reachable_via_web', True)
node.set_val(u'allow_unencrypted', True)
node.set_val(u'anonymize_outgoing_connections', True)
node.set_val(u'allow_iframes_inclusion', True)
context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire')
# Apply the specific fixes related to whistleblowing.it projects
if mode == u'whistleblowing.it':
node.set_val(u'disable_key_code_hint', True)
node.set_val(u'disable_privacy_badge', True)
node.set_val(u'disable_donation_panel', True)
node.set_val(u'simplified_login', True)
node.set_val(u'can_delete_submission', False)
node.set_val(u'enable_user_pgp_key_upload', False)
node.set_val(u'tor', False)
# Delete the admin user
session.delete(admin_user)
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set data retention policy to 18 months
context.tip_timetolive = 540
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
db_refresh_memory_variables(session, [tid])