def wizard(store, request, language): try: request['node']['default_language'] = language request['node']['languages_enabled'] = [language] # Header title of the homepage is initially set with the node title request['node']['header_title_homepage'] = request['node']['name'] db_update_node(store, request['node'], True, language) context = db_create_context(store, request['context'], language) # associate the new context to the receiver request['receiver']['contexts'] = [context.id] db_create_receiver(store, request['receiver'], language) admin = store.find(models.User, (models.User.username == unicode('admin'))).one() admin.mail_address = request['admin']['mail_address'] password = request['admin']['password'] old_password = request['admin']['old_password'] if password and old_password and len(password) and len(old_password): admin.password = security.change_password(admin.password, old_password, password, admin.salt) except Exception as excep: log.err("Failed wizard initialization %s" % excep) raise excep
def wizard(store, request, language): node = NodeFactory(store) if node.get_val('wizard_done'): # TODO report as anomaly log.err("DANGER: Wizard already initialized!") raise errors.ForbiddenOperation try: node._query_group() nn = unicode(request['node']['name']) node.set_val('name', nn) node.set_val('default_language', language) node.set_val('wizard_done', True) node_l10n = NodeL10NFactory(store) node_l10n.set_val('description', language, nn) node_l10n.set_val('header_title_homepage', language, nn) node_l10n.set_val('presentation', language, nn) context = db_create_context(store, request['context'], language) langs_to_drop = EnabledLanguage.list(store) langs_to_drop.remove(language) if len(langs_to_drop): EnabledLanguage.remove_old_langs(store, langs_to_drop) request['receiver']['contexts'] = [context.id] request['receiver']['language'] = language db_create_receiver(store, request['receiver'], language) admin_dict = { 'username': u'admin', 'password': request['admin']['password'], 'role': u'admin', 'state': u'enabled', 'deletable': False, 'name': u'Admin', 'public_name': u'Admin', 'description': u'', 'mail_address': request['admin']['mail_address'], 'language': language, 'password_change_needed': False, 'pgp_key_remove': False, 'pgp_key_fingerprint': '', 'pgp_key_public': '', 'pgp_key_expiration': datetime_null() } db_create_admin_user(store, admin_dict, language) except Exception as excep: log.err("Failed wizard initialization %s" % excep) raise excep
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] =u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] =u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = u'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val(u'mode') # Apply the specific fixes related to whistleblowing.it projects if mode == u'whistleblowing.it': root_tenant_node = config.ConfigFactory(session, 1) node.set_val(u'hostname', tenant.subdomain + '.' + 'whistleblowing.it') node.set_val(u'password_change_period', 365) node.set_val(u'disable_key_code_hint', True) node.set_val(u'disable_privacy_badge', True) node.set_val(u'disable_donation_panel', True) node.set_val(u'simplified_login', True) node.set_val(u'reachable_via_web', True) node.set_val(u'allow_unencrypted', True) node.set_val(u'anonymize_outgoing_connections', True) node.set_val(u'allow_iframes_inclusion', True) node.set_val(u'can_delete_submission', False) node.set_val(u'enable_graphic_customization', False) node.set_val(u'enable_user_pgp_key_upload', False) node.set_val(u'tor', False) # Delete the admin user session.delete(admin_user) # Set the recipient name equal to the node name receiver_user.name = request['node_name'] # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire') # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, hostname, request): """ Transaction for the handling of wizard request :param session: An ORM session :param tid: A tenant ID :param request: A user request """ language = request['node_language'] node = config.ConfigFactory(session, tid) if tid == 1: root_tenant_node = node encryption = True else: root_tenant_node = node encryption = root_tenant_node.get_val('encryption') if node.get_val('wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val('encryption', encryption) node.set_val('name', request['node_name']) node.set_val('default_language', language) node.set_val('wizard_done', True) node.set_val('enable_developers_exception_notification', request['enable_developers_exception_notification']) node.set_val('hostname', hostname) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val('header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) if encryption: crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair() node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key) admin_desc = models.User().dict(language) admin_desc['username'] = request['admin_username'] admin_desc['name'] = request['admin_name'] admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = 'admin' admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password = GCE.hash_password(request['admin_password'], admin_user.salt) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() if encryption: db_gen_user_keys(session, tid, admin_user, request['admin_password']) admin_user.crypto_escrow_prv_key = Base64Encoder.encode( GCE.asymmetric_encrypt(admin_user.crypto_pub_key, crypto_escrow_prv_key)) receiver_user = None if not request['skip_recipient_account_creation']: receiver_desc = models.User().dict(language) receiver_desc['username'] = request['receiver_username'] receiver_desc['name'] = request['receiver_name'] receiver_desc['password'] = request['receiver_password'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = 'receiver' receiver_desc['pgp_key_remove'] = False receiver_desc['send_account_activation_link'] = receiver_desc[ 'password'] == '' receiver_user = db_create_user(session, tid, receiver_desc, language) if receiver_desc['password']: receiver_user.password = GCE.hash_password( receiver_desc['password'], receiver_user.salt) if encryption: db_gen_user_keys(session, tid, receiver_user, receiver_desc['password']) context_desc = models.Context().dict(language) context_desc['name'] = 'Default' context_desc['status'] = 'enabled' context_desc['receivers'] = [receiver_user.id] if receiver_user else [] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val('mode') if mode != 'default': node.set_val( 'hostname', tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain')) for varname in [ 'reachable_via_web', 'enable_receipt_hint', 'disable_privacy_badge', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'anonymize_outgoing_connections', 'frame_ancestors', 'password_change_period', 'default_questionnaire', 'enable_password_reset' ]: node.set_val(varname, root_tenant_node.get_val(varname)) # Set data retention policy to 18 months context.tip_timetolive = 540 context.questionnaire_id = root_tenant_node.get_val( 'default_questionnaire') if receiver_user is not None: # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Delete the admin user request['admin_password'] = '' session.delete(admin_user) # Apply the specific fixes related to whistleblowing.it projects if mode == 'whistleblowing.it': node.set_val('simplified_login', True) node.set_val('tor', False) # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True if receiver_user is not None: # Set the recipient name equal to the node name receiver_user.name = request['node_name'] db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if tid != 1: root_tenant_node = config.ConfigFactory(session, 1) else: root_tenant_node = node if node.get_val('wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val('name', request['node_name']) node.set_val('default_language', language) node.set_val('wizard_done', True) node.set_val('enable_developers_exception_notification', request['enable_developers_exception_notification']) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val('header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = '******' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = 'admin' admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = '******' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = 'receiver' receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = 'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val('mode') if mode != 'default': node.set_val( 'hostname', tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain')) for varname in [ 'reachable_via_web', 'enable_receipt_hint', 'disable_privacy_badge', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'enable_user_pgp_key_upload', 'anonymize_outgoing_connections', 'frame_ancestors', 'password_change_period', 'default_questionnaire', 'enable_password_reset' ]: node.set_val(varname, root_tenant_node.get_val(varname)) context.questionnaire_id = root_tenant_node.get_val( 'default_questionnaire') # Apply the general settings to apply on all mode != default if mode in ['whistleblowing.it', 'eat']: # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 # Delete the admin user request['admin_password'] = '' session.delete(admin_user) # Apply the specific fixes related to whistleblowing.it projects if mode == 'whistleblowing.it': node.set_val('simplified_login', True) node.set_val('tor', False) # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True # Set the recipient name equal to the node name receiver_user.name = request['node_name'] db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if tid != 1: root_tenant_node = config.ConfigFactory(session, 1) else: root_tenant_node = node if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] =u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] =u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = u'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val(u'mode') if mode != u'default': node.set_val(u'hostname', tenant.subdomain + '.' + node.get_val(u'rootdomain')) node.set_val(u'reachable_via_web', True) node.set_val(u'allow_unencrypted', True) node.set_val(u'anonymize_outgoing_connections', True) node.set_val(u'allow_iframes_inclusion', True) context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire') # Apply the specific fixes related to whistleblowing.it projects if mode == u'whistleblowing.it': node.set_val(u'disable_key_code_hint', True) node.set_val(u'disable_privacy_badge', True) node.set_val(u'disable_donation_panel', True) node.set_val(u'simplified_login', True) node.set_val(u'can_delete_submission', False) node.set_val(u'enable_user_pgp_key_upload', False) node.set_val(u'tor', False) # Delete the admin user session.delete(admin_user) # Set the recipient name equal to the node name receiver_user.name = request['node_name'] # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True db_refresh_memory_variables(session, [tid])
def db_wizard(session, state, tid, request, client_using_tor, language): node = config.ConfigFactory(session, tid, 'node') if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = l10n.NodeL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False _, receiver = db_create_receiver_user(session, state, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['name'] = u'Default' context_desc['receivers'] = [receiver.id] db_create_context(session, state, tid, context_desc, language) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_desc['password_change_needed'] = False db_create_user(session, state, tid, admin_desc, language) db_refresh_memory_variables(session, [tid])