def perform_pgp_validation_checks(self, store): expired_or_expiring = [] for user in store.find(models.User): if user.pgp_key_public and user.pgp_key_expiration != datetime_null(): if user.pgp_key_expiration < datetime_now(): expired_or_expiring.append(user_serialize_user(user, GLSettings.memory_copy.default_language)) if GLSettings.memory_copy.allow_unencrypted: # The PGP key status should be downgraded only if the node # accept non PGP mails/files to be sent/stored. # If the node wont accept this the pgp key status # will remain enabled and mail won't be sent by regular flow. user.pgp_key_status = u'disabled' user.pgp_key_info = None user.pgp_key_public = None user.pgp_key_fingerprint = None user.pgp_key_expiration = None elif user.pgp_key_expiration < datetime_now() - timedelta(days=15): expired_or_expiring.append(user_serialize_user(user, GLSettings.memory_copy.default_language)) if expired_or_expiring: if not GLSettings.memory_copy.disable_admin_notification_emails: self.prepare_admin_pgp_alerts(store, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(store, user_desc)
def perform_pgp_validation_checks(self, store): expired_or_expiring = [] for user in store.find(models.User): if user.pgp_key_public and user.pgp_key_expiration != datetime_null( ): if user.pgp_key_expiration < datetime_now(): expired_or_expiring.append( user_serialize_user( user, GLSettings.memory_copy.default_language)) user.pgp_key_status = u'disabled' user.pgp_key_info = None user.pgp_key_public = None user.pgp_key_fingerprint = None user.pgp_key_expiration = None elif user.pgp_key_expiration < datetime_now() - timedelta( days=15): expired_or_expiring.append( user_serialize_user( user, GLSettings.memory_copy.default_language)) if expired_or_expiring: if not GLSettings.memory_copy.disable_admin_notification_emails: self.prepare_admin_pgp_alerts(store, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(store, user_desc)
def generate_password_reset_token(session, state, tid, username_or_email): from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node from globaleaks.handlers.user import user_serialize_user users = session.query(models.User).filter( or_(models.User.username == username_or_email, models.User.mail_address == username_or_email), models.User.tid == tid).distinct() for user in users: user.reset_password_token = generateRandomKey(32) user.reset_password_date = datetime_now() user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'password_reset_validation', 'user': user_desc, 'reset_token': user.reset_password_token, 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language) } state.format_and_send_mail(session, tid, user_desc, template_vars) return {'redirect': '/login/passwordreset/requested'}
def serialize_obj(self, session, key, obj, tid, language): obj_id = obj.id cache_key = gen_cache_key(key, tid, obj_id, language) cache_obj = None if cache_key not in self.cache: if key == 'user': cache_obj = user_serialize_user(session, obj, language) elif key == 'context': cache_obj = admin_serialize_context(session, obj, language) elif key == 'tip': itip = session.query(models.InternalTip).filter( models.InternalTip.id == obj.internaltip_id).one() cache_obj = serialize_rtip(session, obj, itip, language) elif key == 'message': cache_obj = serialize_message(session, obj) elif key == 'comment': cache_obj = serialize_comment(session, obj) elif key == 'file': cache_obj = models.serializers.serialize_ifile(session, obj) self.cache[cache_key] = cache_obj return self.cache[cache_key]
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip, iar): users = session.query(models.User).filter(models.User.role == u'custodian', models.User.notification == True) for user in users: node = db_admin_serialize_node(session, tid, user.language) context = session.query(models.Context).filter(models.Context.id == itip.context_id, models.Context.tid == tid).one() data = { 'type': 'identity_access_request' } data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, tid, user.language) if data['node']['mode'] != u'whistleblowing.it': data['notification'] = db_get_notification(session, tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add(models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid }))
def get_user_list(store, language): """ Returns: (list) the list of users """ users = store.find(models.User) return [user_serialize_user(user, language) for user in users]
def generate_password_reset_token(session, state, tid, username_or_email, allow_admin_reset=False): from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node from globaleaks.handlers.user import user_serialize_user users = session.query(models.User).filter( or_(models.User.username == username_or_email, models.User.mail_address == username_or_email), models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid ).distinct() for user in users: if not allow_admin_reset and user.role == u'admin': continue user.reset_password_token = generateRandomKey(32) user.reset_password_date = datetime_now() user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'password_reset_validation', 'user': user_desc, 'reset_token': user.reset_password_token, 'node': db_admin_serialize_node(session, 1, user.language), 'notification': db_get_notification(session, tid, user.language) } state.format_and_send_mail(session, tid, user_desc, template_vars)
def receiver_serialize_receiver(store, receiver, user, language): user = store.find(models.User, id=receiver.id).one() contexts = [ id for id in store.find(models.ReceiverContext.context_id, models.ReceiverContext.receiver_id == receiver.id) ] ret_dict = user_serialize_user(store, user, language) ret_dict.update({ 'can_postpone_expiration': GLSettings.memory_copy.can_postpone_expiration or receiver.can_postpone_expiration, 'can_delete_submission': GLSettings.memory_copy.can_delete_submission or receiver.can_delete_submission, 'can_grant_permissions': GLSettings.memory_copy.can_grant_permissions or receiver.can_grant_permissions, 'tip_notification': receiver.tip_notification, 'contexts': contexts }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def perform_pgp_validation_checks(self, session): tenant_expiry_map = {1: []} for user in db_get_expired_or_expiring_pgp_users( session, self.state.tenant_cache.keys()): user_desc = user_serialize_user( session, user, self.state.tenant_cache[user.tid].default_language) tenant_expiry_map.setdefault(user.tid, []).append(user_desc) log.info('Removing expired PGP key of: %s', user.username, tid=user.tid) if user.pgp_key_expiration < datetime_now(): user.pgp_key_public = '' user.pgp_key_fingerprint = '' user.pgp_key_expiration = datetime_null() for tid, expired_or_expiring in tenant_expiry_map.items(): if self.state.tenant_cache[ tid].notification.disable_admin_notification_emails: continue if expired_or_expiring: self.prepare_admin_pgp_alerts(session, tid, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(session, tid, user_desc)
def admin_serialize_receiver(store, receiver, language): """ Serialize the specified receiver :param language: the language in which to localize data :return: a dictionary representing the serialization of the receiver """ contexts = [ rc.context_id for rc in store.find(models.ReceiverContext, models.ReceiverContext.receiver_id == receiver.id) ] ret_dict = user_serialize_user(receiver.user, language) ret_dict.update({ 'can_delete_submission': receiver.can_delete_submission, 'can_postpone_expiration': receiver.can_postpone_expiration, 'can_grant_permissions': receiver.can_grant_permissions, 'mail_address': receiver.user.mail_address, 'configuration': receiver.configuration, 'contexts': contexts, 'tip_notification': receiver.tip_notification, 'presentation_order': receiver.presentation_order }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def receiver_serialize_receiver(receiver, language): ret_dict = user_serialize_user(receiver.user, language) if receiver.user.role == 'custodian': can_postpone_expiration = False can_delete_submission = False can_grant_permissions = False tip_notification = False contexts = [] else: can_postpone_expiration = GLSettings.memory_copy.can_postpone_expiration or receiver.can_postpone_expiration can_delete_submission = GLSettings.memory_copy.can_delete_submission or receiver.can_delete_submission can_grant_permissions = GLSettings.memory_copy.can_grant_permissions or receiver.can_grant_permissions tip_notification = receiver.tip_notification contexts = [c.id for c in receiver.contexts] ret_dict.update({ 'can_postpone_expiration': can_postpone_expiration, 'can_delete_submission': can_delete_submission, 'can_grant_permissions': can_grant_permissions, 'tip_notification': tip_notification, 'contexts': contexts }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def get_user_list(session, tid, language): """ Returns: (list) the list of users """ users = session.query(models.User).filter(models.User.tid == tid) return [user_serialize_user(session, user, language) for user in users]
def db_generate_password_reset_token(session, user): """ Transaction for issuing password reset tokens :param session: An ORM session :param user: The user for which issuing a password reset token """ user.reset_password_token = generateRandomKey() user.reset_password_date = datetime_now() if user.last_login > datetime_null(): template = 'password_reset_validation' else: template = 'account_activation' user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': template, 'user': user_desc, 'reset_token': user.reset_password_token, 'node': db_admin_serialize_node(session, user.tid, user.language), 'notification': db_get_notification(session, user.tid, user.language) } State.format_and_send_mail(session, user.tid, user_desc, template_vars)
def db_create_identityaccessrequest_notifications(session, tid, itip, rtip, iar): users = session.query(models.User).filter(models.User.role == u'custodian', models.User.notification == True) for user in users: node = db_admin_serialize_node(session, tid, user.language) context = session.query(models.Context).filter( models.Context.id == itip.context_id, models.Context.tid == tid).one() data = {'type': 'identity_access_request'} data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, tid, user.language) if data['node']['mode'] == u'default': data['notification'] = db_get_notification(session, tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': tid }))
def db_generate_password_reset_token(session, state, tid, username_or_email, allow_admin_reset=False): from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node from globaleaks.handlers.user import user_serialize_user users = session.query(models.User).filter( or_(models.User.username == username_or_email, models.User.mail_address == username_or_email), models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid).distinct() for user in users: if not allow_admin_reset and user.role == u'admin': continue user.reset_password_token = generateRandomKey(32) user.reset_password_date = datetime_now() user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'password_reset_validation', 'user': user_desc, 'reset_token': user.reset_password_token, 'node': db_admin_serialize_node(session, 1, user.language), 'notification': db_get_notification(session, tid, user.language) } state.format_and_send_mail(session, tid, user_desc, template_vars)
def serialize_obj(self, store, key, obj, language): obj_id = obj.id cache_key = key + '-' + obj_id + '-' + language cache_obj = None if cache_key not in self.cache: if key == 'user': cache_obj = user_serialize_user(store, obj, language) elif key == 'context': cache_obj = admin_serialize_context(store, obj, language) elif key == 'tip': itip = store.find(models.InternalTip, id=obj.internaltip_id).one() cache_obj = serialize_rtip(store, obj, itip, language) elif key == 'message': cache_obj = serialize_message(store, obj) elif key == 'comment': cache_obj = serialize_comment(store, obj) elif key == 'file': cache_obj = models.serializers.serialize_ifile(store, obj) self.cache[cache_key] = cache_obj return self.cache[cache_key]
def create_custodian(store, request, language): """ Currently this function simply serialize the custodian user. In the future this will serialize the admin model with its peculiatieis. """ return user_serialize_user(db_create_custodian(store, request, language), language)
def admin_serialize_receiver(receiver, language): """ Serialize the specified receiver :param language: the language in which to localize data :return: a dictionary representing the serialization of the receiver """ ret_dict = user_serialize_user(receiver.user, language) ret_dict.update({ 'can_delete_submission': receiver.can_delete_submission, 'can_postpone_expiration': receiver.can_postpone_expiration, 'mail_address': receiver.user.mail_address, 'ping_mail_address': receiver.ping_mail_address, 'configuration': receiver.configuration, 'contexts': [c.id for c in receiver.contexts], 'tip_notification': receiver.tip_notification, 'ping_notification': receiver.ping_notification, 'presentation_order': receiver.presentation_order, 'tip_expiration_threshold': receiver.tip_expiration_threshold, }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def receiver_serialize_receiver(session, tid, receiver, user, language): user = session.query(models.User).filter( models.User.id == receiver.id, models.User.tid == tid).one_or_none() contexts = [x[0] for x in session.query(models.ReceiverContext.context_id) \ .filter(models.ReceiverContext.receiver_id == receiver.id, \ models.User.id == receiver.id, models.User.tid == tid)] ret_dict = user_serialize_user(session, user, language) ret_dict.update({ 'can_postpone_expiration': State.tenant_cache[tid].can_postpone_expiration or receiver.can_postpone_expiration, 'can_delete_submission': State.tenant_cache[tid].can_delete_submission or receiver.can_delete_submission, 'can_grant_permissions': State.tenant_cache[tid].can_grant_permissions or receiver.can_grant_permissions, 'tip_notification': receiver.tip_notification, 'contexts': contexts }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def receiver_serialize_receiver(session, tid, user, language): # take only contexts for the current tenant contexts = [x[0] for x in session.query(models.ReceiverContext.context_id) \ .filter(models.ReceiverContext.receiver_id == user.id, models.UserTenant.user_id == user.id, models.UserTenant.tenant_id == tid)] ret_dict = user_serialize_user(session, user, language) ret_dict.update({ 'can_postpone_expiration': State.tenant_cache[tid].can_postpone_expiration or user.can_postpone_expiration, 'can_delete_submission': State.tenant_cache[tid].can_delete_submission or user.can_delete_submission, 'can_grant_permissions': State.tenant_cache[tid].can_grant_permissions or user.can_grant_permissions, 'notification': user.notification, 'contexts': contexts }) return ret_dict
def db_get_admin_users(session, tid): return [ user_serialize_user(session, user, State.tenant_cache[tid].default_language) for user in session.query(models.User).filter( models.User.tid == tid, models.User.role == u'admin') ]
def get_tip_export(session, tid, user_id, rtip_id, language): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) user, context = session.query(models.User, models.Context) \ .filter(models.User.id == rtip.receiver_id, models.Context.id == models.InternalTip.context_id, models.InternalTip.id == rtip.internaltip_id, models.User.tid == tid).one() rtip_dict = serialize_rtip(session, rtip, itip, language) export_dict = { 'type': 'export_template', 'node': db_admin_serialize_node(session, tid, language), 'notification': db_get_notification(session, tid, language), 'tip': rtip_dict, 'crypto_tip_prv_key': rtip.crypto_tip_prv_key, 'user': user_serialize_user(session, user, language), 'context': admin_serialize_context(session, context, language), 'comments': rtip_dict['comments'], 'messages': rtip_dict['messages'], 'files': [], 'submission_statuses': db_retrieve_all_submission_statuses(session, tid, language) } for rfile in session.query(models.ReceiverFile).filter( models.ReceiverFile.receivertip_id == rtip_id): rfile.last_access = datetime_now() rfile.downloads += 1 file_dict = models.serializers.serialize_rfile(session, tid, rfile) file_dict['name'] = 'files/' + file_dict['name'] file_dict['path'] = os.path.join(Settings.attachments_path, file_dict['filename']) file_dict['forged'] = False export_dict['files'].append(file_dict) for wf in session.query(models.WhistleblowerFile).filter( models.WhistleblowerFile.receivertip_id == models.ReceiverTip.id, models.ReceiverTip.internaltip_id == rtip.internaltip_id, models.InternalTip.id == rtip.internaltip_id): file_dict = models.serializers.serialize_wbfile(session, tid, wf) file_dict['name'] = 'files_from_recipients/' + file_dict['name'] file_dict['path'] = os.path.join(Settings.attachments_path, file_dict['filename']) file_dict[ 'forged'] = True # To be removed as soon it will be encrypted export_dict['files'].append(file_dict) return export_dict
def get_tip_export(session, tid, user_id, rtip_id, language): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) user, context = session.query(models.User, models.Context) \ .filter(models.User.id == rtip.receiver_id, models.Context.id == models.InternalTip.context_id, models.InternalTip.id == rtip.internaltip_id, models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid).one() rtip_dict = serialize_rtip(session, rtip, itip, language) export_dict = { 'type': u'export_template', 'node': db_admin_serialize_node(session, tid, language), 'notification': db_get_notification(session, tid, language), 'tip': rtip_dict, 'user': user_serialize_user(session, user, language), 'context': admin_serialize_context(session, context, language), 'comments': rtip_dict['comments'], 'messages': rtip_dict['messages'], 'files': [] } export_template = Templating().format_template( export_dict['notification']['export_template'], export_dict).encode('utf-8') export_template = msdos_encode(text_type(export_template, 'utf-8')).encode('utf-8') export_dict['files'].append({ 'fo': BytesIO(export_template), 'name': "data.txt" }) for rfile in session.query(models.ReceiverFile).filter( models.ReceiverFile.receivertip_id == rtip_id): rfile.last_access = datetime_now() rfile.downloads += 1 file_dict = models.serializers.serialize_rfile(session, tid, rfile) file_dict['name'] = 'files/' + file_dict['name'] file_dict['path'] = os.path.join(Settings.attachments_path, file_dict['filename']) export_dict['files'].append(file_dict) for wf in session.query(models.WhistleblowerFile).filter( models.WhistleblowerFile.receivertip_id == models.ReceiverTip.id, models.ReceiverTip.internaltip_id == rtip.internaltip_id, models.InternalTip.id == rtip.internaltip_id): file_dict = models.serializers.serialize_wbfile(session, tid, wf) file_dict['name'] = 'files_from_recipients/' + file_dict['name'] file_dict['path'] = os.path.join(Settings.attachments_path, file_dict['filename']) export_dict['files'].append(file_dict) return export_dict
def db_admin_update_user(session, tid, user_session, user_id, request, language): """ Transaction for updating an existing user :param session: An ORM session :param tid: A tenant ID :param user_session: The current user session :param user_id: The ID of the user to update :param request: The request data :param language: The language of the request :return: The serialized descriptor of the updated object """ fill_localized_keys(request, models.User.localized_keys, language) user = db_get_user(session, tid, user_id) if user.username != request['username']: check = session.query(models.User).filter( models.User.username == request['username'], models.User.tid == tid).one_or_none() if check is not None: raise errors.InputValidationError('Username already in use') user.update(request) password = request['password'] if password and (not user.crypto_pub_key or user_session.ek): if user.crypto_pub_key and user_session.ek: enc_key = GCE.derive_key(password.encode(), user.salt) crypto_escrow_prv_key = GCE.asymmetric_decrypt( user_session.cc, Base64Encoder.decode(user_session.ek)) if tid == 1: user_cc = GCE.asymmetric_decrypt( crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key)) else: user_cc = GCE.asymmetric_decrypt( crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key)) user.crypto_prv_key = Base64Encoder.encode( GCE.symmetric_encrypt(enc_key, user_cc)) if user.hash_alg != 'ARGON2': user.hash_alg = 'ARGON2' user.salt = GCE.generate_salt() user.password = GCE.hash_password(password, user.salt) user.password_change_date = datetime_now() user.password_change_needed = True # The various options related in manage PGP keys are used here. parse_pgp_options(user, request) return user_serialize_user(session, user, language)
def get_receiver_list(session, tid, language): """ Returns: (list) the list of recipients """ users = session.query(models.User).filter(models.User.role == u'receiver', models.User.tid == tid) return [user_serialize_user(session, user, language) for user in users]
def get_user_list(session, tid, language): """ Returns: (list) the list of users """ users = session.query(models.User).filter(models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid) return [user_serialize_user(session, user, language) for user in users]
def perform_pgp_validation_checks(self, store): expired_or_expiring = [] for user in store.find(models.User): if user.pgp_key_public and user.pgp_key_expiration != datetime_null(): if user.pgp_key_expiration < datetime_now(): expired_or_expiring.append(user_serialize_user(user, GLSettings.memory_copy.default_language)) user.pgp_key_public = None user.pgp_key_fingerprint = None user.pgp_key_expiration = None elif user.pgp_key_expiration < datetime_now() - timedelta(days=15): expired_or_expiring.append(user_serialize_user(user, GLSettings.memory_copy.default_language)) if expired_or_expiring: if not GLSettings.memory_copy.notif.disable_admin_notification_emails: self.prepare_admin_pgp_alerts(store, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(store, user_desc)
def create_user(session, tid, request, language): """ Transaction for creating a new user :param session: An ORM session :param tid: A tenant ID :param request: The request data :param language: The language of the request :return: The serialized descriptor of the created object """ return user_serialize_user(session, db_create_user(session, tid, request, language), language)
def receiver_serialize_receiver(receiver, language): ret_dict = user_serialize_user(receiver.user, language) ret_dict.update({ 'can_postpone_expiration': GLSettings.memory_copy.can_postpone_expiration or receiver.can_postpone_expiration, 'can_delete_submission': GLSettings.memory_copy.can_delete_submission or receiver.can_delete_submission, 'can_grant_permissions': GLSettings.memory_copy.can_grant_permissions or receiver.can_grant_permissions, 'tip_notification': receiver.tip_notification, 'contexts': [c.id for c in receiver.contexts] }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def db_check_for_expiring_submissions(self, session): for tid in self.state.tenant_state: threshold = datetime_now() + timedelta( hours=self.state.tenant_cache[tid].notification. tip_expiration_threshold) for user in session.query(models.User).filter( models.User.role == u'receiver', models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid): itip_ids = [ id[0] for id in session.query(models.InternalTip.id).filter( models.InternalTip.tid == tid, models.ReceiverTip. internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.ReceiverTip.receiver_id == user.id) ] if not len(itip_ids): continue earliest_expiration_date = session.query(func.min(models.InternalTip.expiration_date)) \ .filter(models.InternalTip.id.in_(itip_ids)).one()[0] user_desc = user_serialize_user(session, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language), 'user': user_desc, 'expiring_submission_count': len(itip_ids), 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'tid': tid, 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def get_tip_export(store, user_id, rtip_id, language): rtip, itip = db_access_rtip(store, user_id, rtip_id) user, context = store.find( (models.User, models.Context), models.User.id == rtip.receiver_id, models.Context.id == models.InternalTip.context_id, models.InternalTip.id == rtip.internaltip_id).one() rtip_dict = serialize_rtip(store, rtip, itip, language) export_dict = { 'type': u'export_template', 'node': db_admin_serialize_node(store, language), 'notification': db_get_notification(store, language), 'tip': serialize_rtip(store, rtip, itip, language), 'user': user_serialize_user(store, user, language), 'context': admin_serialize_context(store, context, language), 'comments': rtip_dict['comments'], 'messages': rtip_dict['messages'], 'files': [] } export_template = Templating().format_template( export_dict['notification']['export_template'], export_dict).encode('utf-8') export_template = msdos_encode(export_template) export_dict['files'].append({'buf': export_template, 'name': "data.txt"}) for rfile in store.find(models.ReceiverFile, models.ReceiverFile.receivertip_id == rtip_id): rfile.downloads += 1 file_dict = models.serializers.serialize_rfile(store, rfile) file_dict['name'] = 'files/' + file_dict['name'] export_dict['files'].append(file_dict) for wf in store.find( models.WhistleblowerFile, models.WhistleblowerFile.receivertip_id == models.ReceiverTip.id, models.ReceiverTip.internaltip_id == rtip.internaltip_id): file_dict = models.serializers.serialize_wbfile(store, wf) file_dict['name'] = 'files_from_recipients/' + file_dict['name'] export_dict['files'].append(file_dict) return export_dict
def perform_pgp_validation_checks(self, store): expired_or_expiring = [] for user in db_get_expired_or_expiring_pgp_users(store): expired_or_expiring.append(user_serialize_user(store, user, State.tenant_cache[1].default_language)) if user.pgp_key_expiration < datetime_now(): user.pgp_key_public = '' user.pgp_key_fingerprint = '' user.pgp_key_expiration = datetime_null() if expired_or_expiring: if not State.tenant_cache[1].notif.disable_admin_notification_emails: self.prepare_admin_pgp_alerts(store, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(store, user_desc)
def perform_pgp_validation_checks(self, store): expired_or_expiring = [] for user in db_get_expired_or_expiring_pgp_users(store): expired_or_expiring.append(user_serialize_user(user, GLSettings.memory_copy.default_language)) if user.pgp_key_expiration < datetime_now(): user.pgp_key_public = '' user.pgp_key_fingerprint = '' user.pgp_key_expiration = datetime_null() if len(expired_or_expiring): if not GLSettings.memory_copy.notif.disable_admin_notification_emails: self.prepare_admin_pgp_alerts(store, expired_or_expiring) for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(store, user_desc)
def db_check_for_expiring_submissions(self, session, tid): threshold = datetime_now() + timedelta( hours=self.state.tenant_cache[tid].notification. tip_expiration_threshold) result = session.query(models.User, func.count(models.InternalTip.id), func.min(models.InternalTip.expiration_date)) \ .filter(models.InternalTip.tid == tid, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.User.id == models.ReceiverTip.receiver_id) \ .group_by(models.User.id) \ .having(func.count(models.InternalTip.id) > 0) \ .all() for x in result: user = x[0] expiring_submission_count = x[1] earliest_expiration_date = x[2] user_desc = user_serialize_user(session, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language), 'user': user_desc, 'expiring_submission_count': expiring_submission_count, 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'tid': tid, 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def db_create_identity_access_reply_notifications(session, itip, rtip, iar): """ Transaction for the creation of notifications related to identity access replies :param session: An ORM session :param itip: A itip ID of the tip involved in the request :param iar: A identity access request model """ from globaleaks.handlers.rtip import serialize_rtip for user in session.query(models.User) \ .filter(models.User.id == rtip.receiver_id, models.User.notification.is_(True)): context = session.query( models.Context).filter(models.Context.id == itip.context_id).one() data = { 'type': 'identity_access_authorized' if iar.reply == 'authorized' else 'identity_access_denied' } data['user'] = user_serialize_user(session, user, user.language) data['tip'] = serialize_rtip(session, rtip, itip, user.language) data['context'] = admin_serialize_context(session, context, user.language) data['iar'] = serialize_identityaccessrequest(session, iar) data['node'] = db_admin_serialize_node(session, user.tid, user.language) if data['node']['mode'] == 'default': data['notification'] = db_get_notification(session, user.tid, user.language) else: data['notification'] = db_get_notification(session, 1, user.language) subject, body = Templating().get_mail_subject_and_body(data) session.add( models.Mail({ 'address': data['user']['mail_address'], 'subject': subject, 'body': body, 'tid': user.tid }))
def receiver_serialize_receiver(session, tid, user, language): # take only contexts for the current tenant contexts = [x[0] for x in session.query(models.ReceiverContext.context_id) .filter(models.ReceiverContext.receiver_id == user.id, models.UserTenant.user_id == user.id, models.UserTenant.tenant_id == tid)] ret_dict = user_serialize_user(session, user, language) ret_dict.update({ 'can_postpone_expiration': State.tenant_cache[tid].can_postpone_expiration or user.can_postpone_expiration, 'can_delete_submission': State.tenant_cache[tid].can_delete_submission or user.can_delete_submission, 'can_grant_permissions': State.tenant_cache[tid].can_grant_permissions or user.can_grant_permissions, 'notification': user.notification, 'contexts': contexts }) return ret_dict
def admin_serialize_receiver(receiver, language): """ Serialize the specified receiver :param language: the language in which to localize data :return: a dictionary representing the serialization of the receiver """ ret_dict = user_serialize_user(receiver.user, language) ret_dict.update({ 'can_delete_submission': receiver.can_delete_submission, 'can_postpone_expiration': receiver.can_postpone_expiration, 'can_grant_permissions': receiver.can_grant_permissions, 'mail_address': receiver.user.mail_address, 'configuration': receiver.configuration, 'contexts': [c.id for c in receiver.contexts], 'tip_notification': receiver.tip_notification, 'presentation_order': receiver.presentation_order }) return get_localized_values(ret_dict, receiver, receiver.localized_keys, language)
def perform_pgp_validation_checks(self, session): tenant_expiry_map = {1: []} for user in db_get_expired_or_expiring_pgp_users(session, self.state.tenant_cache.keys()): user_desc = user_serialize_user(session, user, user.language) tenant_expiry_map.setdefault(user.tid, []).append(user_desc) log.info('Removing expired PGP key of: %s', user.username, tid=user.tid) if user.pgp_key_expiration < datetime_now(): user.pgp_key_public = '' user.pgp_key_fingerprint = '' user.pgp_key_expiration = datetime_null() for tid, expired_or_expiring in tenant_expiry_map.items(): for user_desc in expired_or_expiring: self.prepare_user_pgp_alerts(session, tid, user_desc) if self.state.tenant_cache[tid].notification.disable_admin_notification_emails: continue if expired_or_expiring: self.prepare_admin_pgp_alerts(session, tid, expired_or_expiring)
def db_check_for_expiring_submissions(self, session): for tid in self.state.tenant_state: threshold = datetime_now() + timedelta(hours=self.state.tenant_cache[tid].notification.tip_expiration_threshold) for user in session.query(models.User).filter(models.User.role == u'receiver', models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid): itip_ids = [id[0] for id in session.query(models.InternalTip.id) .filter(models.InternalTip.tid == tid, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.expiration_date < threshold, models.ReceiverTip.receiver_id == user.id)] if not len(itip_ids): continue earliest_expiration_date = session.query(func.min(models.InternalTip.expiration_date)) \ .filter(models.InternalTip.id.in_(itip_ids)).one()[0] user_desc = user_serialize_user(session, user, user.language) data = { 'type': u'tip_expiration_summary', 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language), 'user': user_desc, 'expiring_submission_count': len(itip_ids), 'earliest_expiration_date': datetime_to_ISO8601(earliest_expiration_date) } subject, body = Templating().get_mail_subject_and_body(data) session.add(models.Mail({ 'tid': tid, 'address': user_desc['mail_address'], 'subject': subject, 'body': body }))
def serialize_obj(self, session, key, obj, tid, language): obj_id = obj.id cache_key = gen_cache_key(key, tid, obj_id, language) cache_obj = None if cache_key not in self.cache: if key == 'user': cache_obj = user_serialize_user(session, obj, language) elif key == 'context': cache_obj = admin_serialize_context(session, obj, language) elif key == 'tip': itip = session.query(models.InternalTip).filter(models.InternalTip.id == obj.internaltip_id).one() cache_obj = serialize_rtip(session, obj, itip, language) elif key == 'message': cache_obj = serialize_message(session, obj) elif key == 'comment': cache_obj = serialize_comment(session, obj) elif key == 'file': cache_obj = models.serializers.serialize_ifile(session, obj) self.cache[cache_key] = cache_obj return self.cache[cache_key]
def create_custodian_user(store, request, language): return user_serialize_user(db_create_custodian(store, request, language), language)
def create_admin_user(store, request, language): return user_serialize_user(db_create_admin(store, request, language), language)
def db_get_admin_users(store): return [user_serialize_user(user, GLSettings.memory_copy.default_language) for user in store.find(models.User,models.User.role == u'admin')]
def create_user(session, tid, request, language): return user_serialize_user(session, db_create_user(session, tid, request, language), language)
def get_user(store, user_id, language): user = db_get_user(store, user_id) return user_serialize_user(user, language)
def admin_update_user(store, user_id, request, language): return user_serialize_user(db_admin_update_user(store, user_id, request, language), language)
def create_receiver_user(store, request, language): receiver = db_create_receiver(store, request, language) return user_serialize_user(receiver.user, language)
def db_get_admin_users(session, tid): users = session.query(models.User).filter(models.User.role == u'admin', models.UserTenant.user_id == models.User.id, models.UserTenant.tenant_id == tid) return [user_serialize_user(session, user, State.tenant_cache[tid].default_language) for user in users]
def admin_update_user(session, tid, user_id, request, language): return user_serialize_user(session, db_admin_update_user(session, tid, user_id, request, language), language)