def update(self, answer):
resolved = "%s%d" % (self.id, answer)
x = sha256(resolved.encode())
self.solved = x.endswith(b'00')
if not self.solved:
self.tokenlist.pop(self.id)
return self.solved
def db_archive_questionnaire_schema(session, questionnaire):
hash = str(sha256(json.dumps(questionnaire, sort_keys=True)))
if session.query(models.ArchivedSchema).filter(models.ArchivedSchema.hash == hash).count():
return hash
aqs = models.ArchivedSchema()
aqs.hash = hash
aqs.schema = questionnaire
aqs.preview = [f for s in questionnaire for f in s['children'] if f['preview']]
session.add(aqs)
return hash
def db_archive_questionnaire_schema(session, questionnaire):
hash = str(sha256(json.dumps(questionnaire, sort_keys=True)))
if session.query(models.ArchivedSchema).filter(
models.ArchivedSchema.hash == hash).count():
return hash
aqs = models.ArchivedSchema()
aqs.hash = hash
aqs.schema = questionnaire
session.add(aqs)
return hash
def db_archive_questionnaire_schema(session, questionnaire):
hash = text_type(sha256(json.dumps(questionnaire, sort_keys=True)))
if session.query(models.ArchivedSchema).filter(models.ArchivedSchema.hash == hash).count():
return hash
aqs = models.ArchivedSchema()
aqs.hash = hash
aqs.schema = questionnaire
aqs.preview = [f for s in questionnaire for f in s['children'] if f['preview']]
session.add(aqs)
return hash
def get_api_session(self):
token = ''
if b'x-api-token' in self.request.headers:
token = bytes(self.request.headers[b'x-api-token'])
# Assert the input is okay and the api_token state is acceptable
if self.request.tid != 1 or \
self.state.api_token_session is None or \
not self.state.tenant_cache[self.request.tid].admin_api_token_digest:
return
stored_token_hash = self.state.tenant_cache[
self.request.tid].admin_api_token_digest.encode()
if constant_time.bytes_eq(sha256(token), stored_token_hash):
return self.state.api_token_session
def schedule_exception_email(self, exception_text, *args):
if not hasattr(self.tenant_cache[1], 'notification'):
log.err(
"Error: Cannot send mail exception before complete initialization."
)
return
if self.exceptions_email_count >= self.settings.exceptions_email_hourly_limit:
return
exception_text = (exception_text % args) if args else exception_text
sha256_hash = sha256(exception_text.encode())
if sha256_hash not in self.exceptions:
self.exceptions[sha256_hash] = 0
self.exceptions[sha256_hash] += 1
if self.exceptions[sha256_hash] > 5:
log.err(
"Exception mail suppressed for (%s) [reason: threshold exceeded]",
sha256_hash)
return
self.exceptions_email_count += 1
mail_subject = "GlobaLeaks Exception"
delivery_list = self.tenant_cache[
1].notification.exception_delivery_list
mail_body = text_type("Platform: %s\nHost: %s (%s)\nVersion: %s\n\n%s" \
% (self.tenant_cache[1].name,
self.tenant_cache[1].hostname,
self.tenant_cache[1].onionservice,
__version__,
exception_text))
for mail_address, pgp_key_public in delivery_list:
# Opportunisticly encrypt the mail body. NOTE that mails will go out
# unencrypted if one address in the list does not have a public key set.
if pgp_key_public:
pgpctx = PGPContext(self.settings.tmp_path)
fingerprint = pgpctx.load_key(pgp_key_public)['fingerprint']
mail_body = pgpctx.encrypt_message(fingerprint, mail_body)
# avoid waiting for the notification to send and instead rely on threads to handle it
tw(db_schedule_email, 1, mail_address, mail_subject, mail_body)
def schedule_exception_email(self, exception_text, *args):
if not hasattr(self.tenant_cache[1], 'notification'):
log.err("Error: Cannot send mail exception before complete initialization.")
return
if self.exceptions_email_count >= self.settings.exceptions_email_hourly_limit:
return
exception_text = (exception_text % args) if args else exception_text
sha256_hash = sha256(exception_text.encode())
if sha256_hash not in self.exceptions:
self.exceptions[sha256_hash] = 0
self.exceptions[sha256_hash] += 1
if self.exceptions[sha256_hash] > 5:
log.err("Exception mail suppressed for (%s) [reason: threshold exceeded]", sha256_hash)
return
self.exceptions_email_count += 1
mail_subject = "GlobaLeaks Exception"
delivery_list = self.tenant_cache[1].notification.exception_delivery_list
mail_body = text_type("Platform: %s\nHost: %s (%s)\nVersion: %s\n\n%s"
% (self.tenant_cache[1].name,
self.tenant_cache[1].hostname,
self.tenant_cache[1].onionservice,
__version__,
exception_text))
for mail_address, pgp_key_public in delivery_list:
# Opportunisticly encrypt the mail body. NOTE that mails will go out
# unencrypted if one address in the list does not have a public key set.
if pgp_key_public:
pgpctx = PGPContext(self.settings.tmp_path)
fingerprint = pgpctx.load_key(pgp_key_public)['fingerprint']
mail_body = pgpctx.encrypt_message(fingerprint, mail_body)
# avoid waiting for the notification to send and instead rely on threads to handle it
tw(db_schedule_email, 1, mail_address, mail_subject, mail_body)
def validate(self, answer):
resolved = "%s%d" % (self.question, answer)
x = sha256(resolved.encode())
self.solved = x.endswith(b'00')
