def db_create_whistleblower_tip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = models.WhistleblowerTip()
receipt = unicode(rstr.xeger(GLSettings.receipt_regexp))
wbtip.receipt_hash = hash_password(receipt,
GLSettings.memory_copy.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = internaltip.id
store.add(wbtip)
created_rtips = [
db_create_receivertip(store, receiver, internaltip)
for receiver in internaltip.receivers
]
internaltip.new = False
if len(created_rtips):
log.debug(
"The finalized submissions had created %d models.ReceiverTip(s)" %
len(created_rtips))
return receipt, wbtip
def __init__(self, user_id, user_role, user_status):
self.user_id = user_id
self.user_role = user_role
self.user_status = user_status
tempobj.TempObj.__init__(self, GLSettings.sessions,
rstr.xeger(r'[A-Za-z0-9]{42}'),
GLSettings.defaults.authentication_lifetime,
reactor_override)
def __init__(self, user_id, user_role, user_status):
self.user_id = user_id
self.user_role = user_role
self.user_status = user_status
tempobj.TempObj.__init__(self,
GLSettings.sessions,
rstr.xeger(r'[A-Za-z0-9]{42}'),
GLSettings.defaults.authentication_lifetime,
reactor_override)
def __init__(self, token_kind, uses=MAX_USES):
"""
token_kind assumes currently only value 'submission.
we plan to add other kinds like 'file'.
"""
if reactor_override:
reactor = reactor_override
else:
reactor = None
self.kind = token_kind
# both 'validity' variables need to be expressed in seconds
self.start_validity_secs = GLSettings.memory_copy.submission_minimum_delay
self.end_validity_secs = GLSettings.memory_copy.submission_maximum_ttl
# Remind: this is just for developers, because if a clean house
# is a sign of a waste life, a Token object without shortcut
# is a sign of a psycho life. (vecnish!)
if GLSettings.devel_mode:
self.start_validity_secs = 0
self.remaining_uses = uses
# creation_date of token assignment
self.creation_date = datetime.utcnow()
# to keep track of the file uploaded associated
self.uploaded_files = []
self.id = rstr.xeger(r'[A-Za-z0-9]{42}')
# initialization of token configuration
self.human_captcha = False
self.graph_captcha = False
self.proof_of_work = False
self.generate_token_challenge()
TempObj.__init__(
self,
TokenList.token_dict,
# token ID:
self.id,
# seconds of validity:
self.start_validity_secs + self.end_validity_secs,
reactor)
def __init__(self, token_kind, uses = MAX_USES):
"""
token_kind assumes currently only value 'submission.
we plan to add other kinds like 'file'.
"""
if reactor_override:
reactor = reactor_override
else:
reactor = None
self.kind = token_kind
# both 'validity' variables need to be expressed in seconds
self.start_validity_secs = GLSettings.memory_copy.submission_minimum_delay
self.end_validity_secs = GLSettings.memory_copy.submission_maximum_ttl
# Remind: this is just for developers, because if a clean house
# is a sign of a waste life, a Token object without shortcut
# is a sign of a psycho life. (vecnish!)
if GLSettings.devel_mode:
self.start_validity_secs = 0
self.remaining_uses = uses
# creation_date of token assignment
self.creation_date = datetime.utcnow()
# to keep track of the file uploaded associated
self.uploaded_files = []
self.id = rstr.xeger(r'[A-Za-z0-9]{42}')
# initialization of token configuration
self.human_captcha = False
self.graph_captcha = False
self.proof_of_work = False
self.generate_token_challenge()
TempObj.__init__(self,
TokenList.token_dict,
# token ID:
self.id,
# seconds of validity:
self.start_validity_secs + self.end_validity_secs,
reactor)
def migrate_InternalFile(self):
old_objs = self.store_old.find(self.model_from['InternalFile'])
for old_obj in old_objs:
new_obj = self.model_to['InternalFile']()
for _, v in new_obj._storm_columns.iteritems():
if v.name == 'processing_attempts':
new_obj.processing_attempts = 0
continue
if v.name == 'file_path':
new_obj.file_path = os.path.join(
GLSettings.submission_path,
"%s.aes" % rstr.xeger(r'[A-Za-z0-9]{16}'))
continue
setattr(new_obj, v.name, getattr(old_obj, v.name))
self.store_new.add(new_obj)
def init_db(store):
db_create_tables(store)
appdata_dict = db_init_appdata(store)
log.debug("Performing database initialization...")
node = models.Node()
node.wizard_done = GLSettings.skip_wizard
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(node)
store.add(notification)
load_default_fields(store)
admin_dict = {
'username': u'admin',
'password': u'globaleaks',
'deeletable': False,
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'description': u'',
'mail_address': u'',
'language': node.default_language,
'timezone': node.default_timezone,
'password_change_needed': False,
'pgp_key_status': 'disabled',
'pgp_key_info': '',
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
admin = db_create_admin(store, admin_dict, node.default_language)
admin.password_change_needed = False
def init_db(store):
db_create_tables(store)
appdata_dict = db_init_appdata(store)
log.debug("Performing database initialization...")
node = models.Node()
node.wizard_done = GLSettings.skip_wizard
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(node)
store.add(notification)
load_default_fields(store)
admin_dict = {
'username': u'admin',
'password': u'globaleaks',
'deeletable': False,
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'description': u'',
'mail_address': u'',
'language': node.default_language,
'timezone': node.default_timezone,
'password_change_needed': False,
'pgp_key_status': 'disabled',
'pgp_key_info': '',
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
admin = db_create_admin(store, admin_dict, node.default_language)
admin.password_change_needed = False
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_create_whistleblower_tip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = models.WhistleblowerTip()
receipt = unicode(rstr.xeger(GLSettings.receipt_regexp))
wbtip.receipt_hash = hash_password(receipt, GLSettings.memory_copy.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = internaltip.id
store.add(wbtip)
created_rtips = [db_create_receivertip(store, receiver, internaltip) for receiver in internaltip.receivers]
internaltip.new = False
if len(created_rtips):
log.debug("The finalized submissions had created %d models.ReceiverTip(s)" % len(created_rtips))
return receipt, wbtip
def generate_token_challenge(self, challenges_dict=None):
# initialization
self.human_captcha = False
self.graph_captcha = False
self.proof_of_work = False
if challenges_dict is None:
challenges_dict = {
'human_captcha': False,
'graph_captcha': False,
'proof_of_work': False
}
if Alarm.stress_levels['activity'] >= 1:
challenges_dict[
'human_captcha'] = True and GLSettings.memory_copy.enable_captcha
# a proof of work is always required (if enabled at node level)
challenges_dict[
'proof_of_work'] = GLSettings.memory_copy.enable_proof_of_work
if challenges_dict['human_captcha']:
random_a = randint(0, 99)
random_b = randint(0, 99)
self.human_captcha = {
'question': u"%d + %d" % (random_a, random_b),
'answer': u"%d" % (random_a + random_b)
}
if challenges_dict['graph_captcha']:
# still not implemented
pass
if challenges_dict['proof_of_work']:
self.proof_of_work = {'question': rstr.xeger(r'[A-Za-z0-9]{20}')}
def generate_token_challenge(self, challenges_dict = None):
# initialization
self.human_captcha = False
self.graph_captcha = False
self.proof_of_work = False
if challenges_dict is None:
challenges_dict = {
'human_captcha': False,
'graph_captcha': False,
'proof_of_work': False
}
if Alarm.stress_levels['activity'] >= 1:
challenges_dict['human_captcha'] = True and GLSettings.memory_copy.enable_captcha
# a proof of work is always required (if enabled at node level)
challenges_dict['proof_of_work'] = GLSettings.memory_copy.enable_proof_of_work
if challenges_dict['human_captcha']:
random_a = randint(0, 99)
random_b = randint(0, 99)
self.human_captcha = {
'question': u"%d + %d" % (random_a, random_b),
'answer': u"%d" % (random_a + random_b)
}
if challenges_dict['graph_captcha']:
# still not implemented
pass
if challenges_dict['proof_of_work']:
self.proof_of_work = {
'question': rstr.xeger(r'[A-Za-z0-9]{20}')
}
def migrate_InternalFile(self):
old_objs = self.store_old.find(self.model_from['InternalFile'])
for old_obj in old_objs:
new_obj = self.model_to['InternalFile']()
for _, v in new_obj._storm_columns.iteritems():
if v.name == 'processing_attempts':
new_obj.processing_attempts = 0
continue
if v.name == 'file_path':
new_obj.file_path = os.path.join(GLSettings.submission_path, "%s.aes" % rstr.xeger(r'[A-Za-z0-9]{16}'))
continue
setattr(new_obj, v.name, getattr(old_obj, v.name))
self.store_new.add(new_obj)
from globaleaks.handlers.submission import create_submission, serialize_usertip, \
serialize_internalfile, serialize_receiverfile
from globaleaks.jobs import statistics_sched, mailflush_sched
from globaleaks.rest.apicache import GLApiCache
from globaleaks.settings import GLSettings
from globaleaks.security import GLSecureTemporaryFile, rstr
from globaleaks.utils import token, mailutils
from globaleaks.utils.structures import fill_localized_keys
from globaleaks.utils.utility import sum_dicts, datetime_null, datetime_now, log
from . import TEST_DIR
## constants
VALID_PASSWORD1 = u'justapasswordwithaletterandanumberandbiggerthan8chars'
VALID_PASSWORD2 = u'justap455w0rdwithaletterandanumberandbiggerthan8chars'
VALID_SALT1 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_SALT2 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1)
VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2)
INVALID_PASSWORD = u'antani'
FIXTURES_PATH = os.path.join(TEST_DIR, 'fixtures')
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key1.txt')) as pgp_file:
VALID_PGP_KEY1 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key2.txt')) as pgp_file:
VALID_PGP_KEY2 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/expired_pgp_key.txt')) as pgp_file:
EXPIRED_PGP_KEY = unicode(pgp_file.read())
from globaleaks.handlers.submission import create_submission, serialize_usertip, \
serialize_internalfile, serialize_receiverfile
from globaleaks.jobs import statistics_sched, mailflush_sched
from globaleaks.rest.apicache import GLApiCache
from globaleaks.settings import GLSettings
from globaleaks.security import GLSecureTemporaryFile, rstr
from globaleaks.utils import token, mailutils
from globaleaks.utils.structures import fill_localized_keys
from globaleaks.utils.utility import sum_dicts, datetime_null, datetime_now, log
from . import TEST_DIR
## constants
VALID_PASSWORD1 = u'justapasswordwithaletterandanumberandbiggerthan8chars'
VALID_PASSWORD2 = u'justap455w0rdwithaletterandanumberandbiggerthan8chars'
VALID_SALT1 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_SALT2 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1)
VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2)
INVALID_PASSWORD = u'antani'
FIXTURES_PATH = os.path.join(TEST_DIR, 'fixtures')
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key1.txt')) as pgp_file:
VALID_PGP_KEY1 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key2.txt')) as pgp_file:
VALID_PGP_KEY2 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/expired_pgp_key.txt')) as pgp_file:
EXPIRED_PGP_KEY = unicode(pgp_file.read())
