def wizard(store, request, language):
try:
request['node']['default_language'] = language
request['node']['languages_enabled'] = [language]
# Header title of the homepage is initially set with the node title
request['node']['header_title_homepage'] = request['node']['name']
db_update_node(store, request['node'], True, language)
context = db_create_context(store, request['context'], language)
# associate the new context to the receiver
request['receiver']['contexts'] = [context.id]
db_create_receiver(store, request['receiver'], language)
admin = store.find(models.User, (models.User.username == unicode('admin'))).one()
admin.mail_address = request['admin']['mail_address']
password = request['admin']['password']
old_password = request['admin']['old_password']
if password and old_password and len(password) and len(old_password):
admin.password = security.change_password(admin.password,
old_password,
password,
admin.salt)
except Exception as excep:
log.err("Failed wizard initialization %s" % excep)
raise excep
def wizard(store, request, language):
node = NodeFactory(store)
if node.get_val('wizard_done'):
# TODO report as anomaly
log.err("DANGER: Wizard already initialized!")
raise errors.ForbiddenOperation
try:
node._query_group()
nn = unicode(request['node']['name'])
node.set_val('name', nn)
node.set_val('default_language', language)
node.set_val('wizard_done', True)
node_l10n = NodeL10NFactory(store)
node_l10n.set_val('description', language, nn)
node_l10n.set_val('header_title_homepage', language, nn)
node_l10n.set_val('presentation', language, nn)
context = db_create_context(store, request['context'], language)
langs_to_drop = EnabledLanguage.list(store)
langs_to_drop.remove(language)
if len(langs_to_drop):
EnabledLanguage.remove_old_langs(store, langs_to_drop)
request['receiver']['contexts'] = [context.id]
request['receiver']['language'] = language
db_create_receiver(store, request['receiver'], language)
admin_dict = {
'username': u'admin',
'password': request['admin']['password'],
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'public_name': u'Admin',
'description': u'',
'mail_address': request['admin']['mail_address'],
'language': language,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
db_create_admin_user(store, admin_dict, language)
except Exception as excep:
log.err("Failed wizard initialization %s" % excep)
raise excep
def db_wizard(session, tid, request, client_using_tor, language):
language = request['node_language']
node = config.ConfigFactory(session, tid)
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] =u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['password'] = request['receiver_password']
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] =u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
receiver_user = db_create_user(session, tid, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['status'] = 1
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver_user.id]
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val(u'mode')
# Apply the specific fixes related to whistleblowing.it projects
if mode == u'whistleblowing.it':
root_tenant_node = config.ConfigFactory(session, 1)
node.set_val(u'hostname', tenant.subdomain + '.' + 'whistleblowing.it')
node.set_val(u'password_change_period', 365)
node.set_val(u'disable_key_code_hint', True)
node.set_val(u'disable_privacy_badge', True)
node.set_val(u'disable_donation_panel', True)
node.set_val(u'simplified_login', True)
node.set_val(u'reachable_via_web', True)
node.set_val(u'allow_unencrypted', True)
node.set_val(u'anonymize_outgoing_connections', True)
node.set_val(u'allow_iframes_inclusion', True)
node.set_val(u'can_delete_submission', False)
node.set_val(u'enable_graphic_customization', False)
node.set_val(u'enable_user_pgp_key_upload', False)
node.set_val(u'tor', False)
# Delete the admin user
session.delete(admin_user)
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set data retention policy to 18 months
context.tip_timetolive = 540
context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire')
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, hostname, request):
"""
Transaction for the handling of wizard request
:param session: An ORM session
:param tid: A tenant ID
:param request: A user request
"""
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid == 1:
root_tenant_node = node
encryption = True
else:
root_tenant_node = node
encryption = root_tenant_node.get_val('encryption')
if node.get_val('wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val('encryption', encryption)
node.set_val('name', request['node_name'])
node.set_val('default_language', language)
node.set_val('wizard_done', True)
node.set_val('enable_developers_exception_notification',
request['enable_developers_exception_notification'])
node.set_val('hostname', hostname)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val('header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
if encryption:
crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair()
node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key)
admin_desc = models.User().dict(language)
admin_desc['username'] = request['admin_username']
admin_desc['name'] = request['admin_name']
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = 'admin'
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password = GCE.hash_password(request['admin_password'],
admin_user.salt)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
if encryption:
db_gen_user_keys(session, tid, admin_user, request['admin_password'])
admin_user.crypto_escrow_prv_key = Base64Encoder.encode(
GCE.asymmetric_encrypt(admin_user.crypto_pub_key,
crypto_escrow_prv_key))
receiver_user = None
if not request['skip_recipient_account_creation']:
receiver_desc = models.User().dict(language)
receiver_desc['username'] = request['receiver_username']
receiver_desc['name'] = request['receiver_name']
receiver_desc['password'] = request['receiver_password']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = 'receiver'
receiver_desc['pgp_key_remove'] = False
receiver_desc['send_account_activation_link'] = receiver_desc[
'password'] == ''
receiver_user = db_create_user(session, tid, receiver_desc, language)
if receiver_desc['password']:
receiver_user.password = GCE.hash_password(
receiver_desc['password'], receiver_user.salt)
if encryption:
db_gen_user_keys(session, tid, receiver_user,
receiver_desc['password'])
context_desc = models.Context().dict(language)
context_desc['name'] = 'Default'
context_desc['status'] = 'enabled'
context_desc['receivers'] = [receiver_user.id] if receiver_user else []
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val('mode')
if mode != 'default':
node.set_val(
'hostname',
tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain'))
for varname in [
'reachable_via_web', 'enable_receipt_hint',
'disable_privacy_badge', 'simplified_login',
'can_delete_submission', 'can_postpone_expiration',
'anonymize_outgoing_connections', 'frame_ancestors',
'password_change_period', 'default_questionnaire',
'enable_password_reset'
]:
node.set_val(varname, root_tenant_node.get_val(varname))
# Set data retention policy to 18 months
context.tip_timetolive = 540
context.questionnaire_id = root_tenant_node.get_val(
'default_questionnaire')
if receiver_user is not None:
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Delete the admin user
request['admin_password'] = ''
session.delete(admin_user)
# Apply the specific fixes related to whistleblowing.it projects
if mode == 'whistleblowing.it':
node.set_val('simplified_login', True)
node.set_val('tor', False)
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
if receiver_user is not None:
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language):
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid != 1:
root_tenant_node = config.ConfigFactory(session, 1)
else:
root_tenant_node = node
if node.get_val('wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val('name', request['node_name'])
node.set_val('default_language', language)
node.set_val('wizard_done', True)
node.set_val('enable_developers_exception_notification',
request['enable_developers_exception_notification'])
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val('header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = '******'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = 'admin'
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = '******'
receiver_desc['password'] = request['receiver_password']
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = 'receiver'
receiver_desc['pgp_key_remove'] = False
receiver_user = db_create_user(session, tid, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['status'] = 1
context_desc['name'] = 'Default'
context_desc['receivers'] = [receiver_user.id]
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val('mode')
if mode != 'default':
node.set_val(
'hostname',
tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain'))
for varname in [
'reachable_via_web', 'enable_receipt_hint',
'disable_privacy_badge', 'simplified_login',
'can_delete_submission', 'can_postpone_expiration',
'enable_user_pgp_key_upload', 'anonymize_outgoing_connections',
'frame_ancestors', 'password_change_period',
'default_questionnaire', 'enable_password_reset'
]:
node.set_val(varname, root_tenant_node.get_val(varname))
context.questionnaire_id = root_tenant_node.get_val(
'default_questionnaire')
# Apply the general settings to apply on all mode != default
if mode in ['whistleblowing.it', 'eat']:
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set data retention policy to 18 months
context.tip_timetolive = 540
# Delete the admin user
request['admin_password'] = ''
session.delete(admin_user)
# Apply the specific fixes related to whistleblowing.it projects
if mode == 'whistleblowing.it':
node.set_val('simplified_login', True)
node.set_val('tor', False)
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language):
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid != 1:
root_tenant_node = config.ConfigFactory(session, 1)
else:
root_tenant_node = node
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] =u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['password'] = request['receiver_password']
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] =u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
receiver_user = db_create_user(session, tid, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['status'] = 1
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver_user.id]
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val(u'mode')
if mode != u'default':
node.set_val(u'hostname', tenant.subdomain + '.' + node.get_val(u'rootdomain'))
node.set_val(u'reachable_via_web', True)
node.set_val(u'allow_unencrypted', True)
node.set_val(u'anonymize_outgoing_connections', True)
node.set_val(u'allow_iframes_inclusion', True)
context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire')
# Apply the specific fixes related to whistleblowing.it projects
if mode == u'whistleblowing.it':
node.set_val(u'disable_key_code_hint', True)
node.set_val(u'disable_privacy_badge', True)
node.set_val(u'disable_donation_panel', True)
node.set_val(u'simplified_login', True)
node.set_val(u'can_delete_submission', False)
node.set_val(u'enable_user_pgp_key_upload', False)
node.set_val(u'tor', False)
# Delete the admin user
session.delete(admin_user)
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set data retention policy to 18 months
context.tip_timetolive = 540
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
db_refresh_memory_variables(session, [tid])
def db_wizard(session, state, tid, request, client_using_tor, language):
node = config.ConfigFactory(session, tid, 'node')
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification',
request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node_l10n = l10n.NodeL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
_, receiver = db_create_receiver_user(session, state, tid, receiver_desc,
language)
context_desc = models.Context().dict(language)
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver.id]
db_create_context(session, state, tid, context_desc, language)
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_desc['password_change_needed'] = False
db_create_user(session, state, tid, admin_desc, language)
db_refresh_memory_variables(session, [tid])