def put(self, target_id=None): """Handles PUT requests.""" if not target_id: target_id = self.request.get('volume_uuid') email = self._VerifyEscrowPermission() self.VerifyXsrfToken(base_settings.SET_PASSPHRASE_ACTION) if not self.IsValidTargetId(target_id): raise base.AccessError('target_id is malformed') secret = self.GetSecretFromBody() if not target_id or not secret: self.AUDIT_LOG_MODEL.Log(message='Unknown PUT', request=self.request) self.error(httplib.BAD_REQUEST) return if not self.IsValidSecret(secret): raise base.AccessError('secret is malformed') owner = self.SanitizeEntityValue('owner', self.request.get('owner')) if email: owner = owner or email self.PutNewSecret(owner, target_id, secret, self.request)
def RetrieveSecret(self, target_id): """Handles a GET request to retrieve a secret.""" self.VerifyXsrfToken(base_settings.GET_PASSPHRASE_ACTION) if self.request.get('id'): try: entity = self.SECRET_MODEL.get(db.Key(self.request.get('id'))) except datastore_errors.BadKeyError: raise base.AccessError('target_id is malformed') else: entity = self.SECRET_MODEL.GetLatestForTarget(target_id, tag=self.request.get( 'tag', 'default')) if not entity: raise base.AccessError('Passphrase not found: target_id %s' % target_id) user = base.GetCurrentUser() self.CheckRetrieveAuthorization(entity=entity, user=user) self.AUDIT_LOG_MODEL.Log(message='GET', entity=entity, request=self.request) # Send retrieval email if user is not retrieving their own secret. if entity.owner != user.email: SendRetrievalEmail(self.PERMISSION_TYPE, entity, user) escrow_secret = str(entity.secret).strip() escrow_barcode_svg = None qr_img_url = None if self.QRCODE_DURING_PASSPHRASE_RETRIEVAL: if len(escrow_secret) <= 100: qr_img_url = ( 'https://chart.googleapis.com/chart?chs=245x245&cht=qr&chl=' + cgi.escape(escrow_secret)) recovery_str = self._PassphraseTypeName(entity) params = { 'volume_type': self.SECRET_MODEL.ESCROW_TYPE_NAME, 'volume_uuid': entity.target_id, 'qr_img_url': qr_img_url, 'escrow_secret': escrow_secret, 'checksum': entity.checksum, 'recovery_str': recovery_str, } params[self.JSON_SECRET_NAME] = escrow_secret if entity.active: entity.UpdateMutableProperty('force_rekeying', True) self.response.out.write(util.ToSafeJson(params))
def PutNewSecret(self, owner, target_id, secret, metadata): """Puts a new DuplicityKeyPair entity to Datastore. Args: owner: str, email address of the key pair's owner. target_id: str, target id associated with this passphrase. secret: str, secret data to escrow. metadata: dict, dict of str metadata with keys matching model's property names. """ if not target_id: raise base.AccessError('target_id is required') entity = self._CreateNewSecretEntity(owner, target_id, secret) for prop_name in entity.properties(): value = metadata.get(prop_name) if value: setattr(entity, prop_name, self.SanitizeEntityValue(prop_name, value)) try: entity.put() self.AUDIT_LOG_MODEL.Log( entity=entity, message='PUT', request=self.request) except base.DuplicateEntity: logging.info('New entity duplicate active passphrase with same uuid.') self.response.out.write('Secret successfully escrowed!')
def get(self, target_id): """Handles GET requests.""" if not self.IsValidTargetId(target_id): raise base.AccessError('target_id is malformed') self.RetrieveSecret(target_id)