def login():
if logged_in():
return redirect(url_for('user',
fingerprint=session['fp']))
if request.method == 'GET':
if 'fingerprint' not in session:
return None
if request.method == 'POST':
try:
fp = request.form.get('fingerprint').replace(' ', '').lower()
if not is_fingerprint(fp):
flash(err_messages['not_fp'], 'error')
return redirect(url_for('login'))
user = User.query.filter(User.fingerprint == fp).one()
session['fp'] = fp
ciphertext = Challenge.generate(user, fp)
return dict(ciphertext=ciphertext)
except NoResultFound:
flash(err_messages['no_account'], 'error')
except Exception as e:
flash(err_messages['generic'], 'error')
app.logger.error(e)
return redirect(url_for('login'))
def test_generate_challenge(self):
"""Test generating a challenge."""
chal = str(Challenge.generate(self.user, self.user.fingerprint))
self.assertIn('-----BEGIN PGP MESSAGE-----', chal)
self.assertIn('-----END PGP MESSAGE-----', chal)
chals = Challenge.query.all()
self.assertEqual(self.user.chal_id, chals[1].id)
def publish_canary(sigid_base64):
canary = get_canary(sigid_base64)
if canary is None:
return page_not_found('canary')
fp = canary.user.fingerprint
if request.method == 'GET':
ciphertext = Challenge.generate(canary, fp)
return dict(canary=canary, ciphertext=ciphertext)
if request.method == 'POST':
"""If the request originated from a logged in user's manage canary
page, republish the canary."""
if logged_in() and session['fp'] == fp:
return republish_canary(canary)
else:
if Challenge.check(canary, request.form['decrypted'].strip()):
return republish_canary(canary)
else:
flash(err_messages['decrypt_fail'], 'error')
return None
def new_canary():
if request.method == 'GET':
return None
if request.method == 'POST':
try:
signed = request.form['signedMessage']
frequency_num = int(request.form['frequencyNum'])
frequency_type = request.form['frequency']
except KeyError:
flash(err_messages['incomplete_form'], 'error')
return None
allowed_freqs = 'day', 'week', 'month'
in_range = 1 <= frequency_num <= 100
if frequency_type not in allowed_freqs or not in_range:
flash(err_messages['invalid_freq'], 'error')
return None
# Get the frequency in days
frequency = days(frequency_num, frequency_type)
verified, err = gpg.verify(signed)
# Start over if the message wasn't verified.
if err and not verified:
flash(err, 'error')
return None
fp = verified.fingerprint
sigid_base64 = base64.urlsafe_b64encode(verified.signature_id)
try:
canary = Canary(sigid_base64, frequency, frequency_type)
db_session.add(canary)
db_session.commit()
except IntegrityError:
# Throw an error if a canary with that sigid already exists
db_session.rollback()
db_session.flush()
flash(err_messages['dupe_canary'], 'error')
return redirect(url_for('new_canary'))
except Exception as e:
db_session.rollback()
db_session.flush()
app.logger.error(e)
"""An unexpected database error should not reveal any
error details to the user."""
flash(err_messages['generic'], 'error')
return None
ciphertext = Challenge.generate(canary, fp)
# TODO: This is sloppy.
session['canary'] = dict(fp=verified.fingerprint.lower(),
text=signed,
uid=verified.username,
keyid=verified.key_id,
sigid_base64=sigid_base64,
frequency=frequency,
freq_type=frequency_type,
ciphertext=str(ciphertext))
flash(messages['verified'], 'message')
return dict(canary=session['canary'])
