def db_admin_update_user(session, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password:
user.hash_alg = GCE.HASH
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
user.crypto_prv_key = b''
user.crypto_pub_key = b''
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.name = request['name']
user.description = request['description']
user.state = request['state']
user.password_change_needed = request['password_change_needed']
user.mail_address = request['mail_address']
user.language = request.get('language', GLSettings.memory_copy.default_language)
user.timezone = request.get('timezone', GLSettings.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_admin_update_user(session, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(
models.User.username == str(request['username']),
models.User.tid == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password and not user.crypto_pub_key:
user.hash_alg = 'ARGON2'
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if not request['username']:
user.username = user.id
password = request['password'] if request['password'] else State.tenant_cache[1].default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def db_admin_update_user(session, state, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(
models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.UserIdNotFound` if the user does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.update(request)
password = request['password']
if len(password) > 0:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_exception_delivery_list(store)
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.name = request['name']
user.description = request['description']
user.state = request['state']
user.password_change_needed = request['password_change_needed']
user.mail_address = request['mail_address']
user.language = request.get('language',
GLSettings.memory_copy.default_language)
user.timezone = request.get('timezone',
GLSettings.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_create_user(session, tid, request, language):
"""
Transaction for creating a new user
:param session: An ORM session
:param tid: A tenant ID
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the created object
"""
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if not request['public_name']:
request['public_name'] = request['name']
user = models.User(request)
if not request['username']:
user.username = user.id
user.salt = GCE.generate_salt()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
session.add(user)
session.flush()
if request.get('send_account_activation_link', False):
db_generate_password_reset_token(session, user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] != '' else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
password = request['password']
if len(password) == 0:
password = GLSettings.memory_copy.default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def db_create_user(session, state, tid, request, language):
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if request['username']:
user = session.query(models.User).filter(
models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if user is not None:
raise errors.InputValidationError('Username already in use')
user = models.User({
'tid':
tid,
'username':
request['username'],
'role':
request['role'],
'state':
u'enabled',
'name':
request['name'],
'description':
request['description'],
'language':
language,
'password_change_needed':
request['password_change_needed'],
'mail_address':
request['mail_address'],
'can_edit_general_settings':
request['can_edit_general_settings']
})
if not request['username']:
user.username = user.id = uuid4()
if request['password']:
password = request['password']
else:
password = u'password'
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
session.add(user)
session.flush()
db_create_usertenant_association(session, user.id, tid)
return user
def db_create_user(session, state, tid, request, language):
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if request['username']:
user = session.query(models.User).filter(
models.User.tid == tid, models.User.username == text_type(
request['username'])).one_or_none()
if user is not None:
raise errors.InputValidationError('Username already in use')
user = models.User({
'tid':
tid,
'username':
request['username'],
'role':
request['role'],
'state':
u'enabled',
'name':
request['name'],
'description':
request['description'],
'name':
request['name'],
'language':
language,
'password_change_needed':
request['password_change_needed'],
'mail_address':
request['mail_address']
})
if request['password']:
password = request['password']
elif user.role == 'receiver':
# code necessary because the user.role for recipient is receiver
password = '******'
else:
password = user.role
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
session.add(user)
session.flush()
if not request['username']:
user.username = user.id
return user
def db_admin_update_user(session, tid, user_session, user_id, request,
language):
"""
Transaction for updating an existing user
:param session: An ORM session
:param tid: A tenant ID
:param user_session: The current user session
:param user_id: The ID of the user to update
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the updated object
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
if user.username != request['username']:
check = session.query(models.User).filter(
models.User.username == request['username'],
models.User.tid == tid).one_or_none()
if check is not None:
raise errors.InputValidationError('Username already in use')
user.update(request)
password = request['password']
if password and (not user.crypto_pub_key or user_session.ek):
if user.crypto_pub_key and user_session.ek:
enc_key = GCE.derive_key(password.encode(), user.salt)
crypto_escrow_prv_key = GCE.asymmetric_decrypt(
user_session.cc, Base64Encoder.decode(user_session.ek))
if tid == 1:
user_cc = GCE.asymmetric_decrypt(
crypto_escrow_prv_key,
Base64Encoder.decode(user.crypto_escrow_bkp1_key))
else:
user_cc = GCE.asymmetric_decrypt(
crypto_escrow_prv_key,
Base64Encoder.decode(user.crypto_escrow_bkp2_key))
user.crypto_prv_key = Base64Encoder.encode(
GCE.symmetric_encrypt(enc_key, user_cc))
if user.hash_alg != 'ARGON2':
user.hash_alg = 'ARGON2'
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
user.password_change_needed = True
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user_serialize_user(session, user, language)
def db_create_user(session, tid, request, language):
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if request['username']:
user = session.query(models.User).filter(models.User.username == text_type(request['username']),
models.UserTenant.user_id == models.User.id,
models.UserTenant.tenant_id == tid).one_or_none()
if user is not None:
raise errors.InputValidationError('Username already in use')
user = models.User({
'tid': tid,
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'name': request['name'],
'description': request['description'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address'],
'can_edit_general_settings': request['can_edit_general_settings']
})
if not request['username']:
user.username = user.id = uuid4()
password = u'password'
if request['password']:
password = request['password']
user.hash_alg = GCE.HASH
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
session.add(user)
session.flush()
db_create_usertenant_association(session, user.id, tid)
return user
def db_admin_update_user(session, tid, user_session, user_id, request, language):
"""
Transaction for updating an existing user
:param session: An ORM session
:param tid: A tenant ID
:param user_session: The current user session
:param user_id: The ID of the user to update
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the updated object
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = db_get_user(session, tid, user_id)
user.update(request)
password = request['password']
if password and (not user.crypto_pub_key or user_session.ek):
if user.crypto_pub_key and user_session.ek:
enc_key = GCE.derive_key(password.encode(), user.salt)
crypto_escrow_prv_key = GCE.asymmetric_decrypt(user_session.cc, Base64Encoder.decode(user_session.ek))
if user_session.user_tid == 1:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key))
else:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key))
user.crypto_prv_key = Base64Encoder.encode(GCE.symmetric_encrypt(enc_key, user_cc))
if user.hash_alg != 'ARGON2':
user.hash_alg = 'ARGON2'
user.salt = GCE.generate_salt()
user.password = GCE.hash_password(password, user.salt)
user.password_change_date = datetime_now()
State.log(tid=tid, type='change_password', user_id=user_session.user_id, object_id=user_id)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user_serialize_user(session, user, language)
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.update(request)
password = request['password']
if len(password) > 0:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.generateRandomSalt()
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_admin_update_user(session, state, tid, user_id, request, language):
"""
Updates the specified user.
"""
fill_localized_keys(request, models.User.localized_keys, language)
user = models.db_get(session, models.User, models.User.tid == tid,
models.User.id == user_id)
user.update(request)
password = request['password']
if password:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(state, user, request)
if user.role == 'admin':
db_refresh_memory_variables(session, [tid])
return user
def db_create_user(session, tid, request, language):
"""
Transaction for creating a new user
:param session: An ORM session
:param tid: A tenant ID
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the created object
"""
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if request['username']:
user = session.query(models.User).filter(
models.User.username == request['username'],
models.User.tid == tid).one_or_none()
if user is not None:
raise errors.InputValidationError('Username already in use')
user = models.User({
'tid':
tid,
'username':
request['username'],
'role':
request['role'],
'state':
'enabled',
'name':
request['name'],
'description':
request['description'],
'public_name':
request['public_name'] if request['public_name'] else request['name'],
'language':
language,
'password_change_needed':
request['password_change_needed'],
'mail_address':
request['mail_address'],
'can_edit_general_settings':
request['can_edit_general_settings']
})
if not request['username']:
user.username = user.id = uuid4()
user.salt = GCE.generate_salt()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
session.add(user)
session.flush()
if request.get('send_account_activation_link', False):
db_generate_password_reset_token(session, user)
return user
