def put(self, target_id=None):
"""Handles PUT requests."""
if not target_id:
target_id = self.request.get('volume_uuid')
email = self._VerifyEscrowPermission()
self.VerifyXsrfToken(base_settings.SET_PASSPHRASE_ACTION)
if not self.IsValidTargetId(target_id):
raise base.AccessError('target_id is malformed')
secret = self.GetSecretFromBody()
if not target_id or not secret:
self.AUDIT_LOG_MODEL.Log(message='Unknown PUT',
request=self.request)
self.error(httplib.BAD_REQUEST)
return
if not self.IsValidSecret(secret):
raise base.AccessError('secret is malformed')
owner = self.SanitizeEntityValue('owner', self.request.get('owner'))
if email:
owner = owner or email
self.PutNewSecret(owner, target_id, secret, self.request)
def RetrieveSecret(self, target_id):
"""Handles a GET request to retrieve a secret."""
self.VerifyXsrfToken(base_settings.GET_PASSPHRASE_ACTION)
if self.request.get('id'):
try:
entity = self.SECRET_MODEL.get(db.Key(self.request.get('id')))
except datastore_errors.BadKeyError:
raise base.AccessError('target_id is malformed')
else:
entity = self.SECRET_MODEL.GetLatestForTarget(target_id,
tag=self.request.get(
'tag',
'default'))
if not entity:
raise base.AccessError('Passphrase not found: target_id %s' %
target_id)
user = base.GetCurrentUser()
self.CheckRetrieveAuthorization(entity=entity, user=user)
self.AUDIT_LOG_MODEL.Log(message='GET',
entity=entity,
request=self.request)
# Send retrieval email if user is not retrieving their own secret.
if entity.owner != user.email:
SendRetrievalEmail(self.PERMISSION_TYPE, entity, user)
escrow_secret = str(entity.secret).strip()
escrow_barcode_svg = None
qr_img_url = None
if self.QRCODE_DURING_PASSPHRASE_RETRIEVAL:
if len(escrow_secret) <= 100:
qr_img_url = (
'https://chart.googleapis.com/chart?chs=245x245&cht=qr&chl='
+ cgi.escape(escrow_secret))
recovery_str = self._PassphraseTypeName(entity)
params = {
'volume_type': self.SECRET_MODEL.ESCROW_TYPE_NAME,
'volume_uuid': entity.target_id,
'qr_img_url': qr_img_url,
'escrow_secret': escrow_secret,
'checksum': entity.checksum,
'recovery_str': recovery_str,
}
params[self.JSON_SECRET_NAME] = escrow_secret
if entity.active:
entity.UpdateMutableProperty('force_rekeying', True)
self.response.out.write(util.ToSafeJson(params))
def PutNewSecret(self, owner, target_id, secret, metadata):
"""Puts a new DuplicityKeyPair entity to Datastore.
Args:
owner: str, email address of the key pair's owner.
target_id: str, target id associated with this passphrase.
secret: str, secret data to escrow.
metadata: dict, dict of str metadata with keys matching
model's property names.
"""
if not target_id:
raise base.AccessError('target_id is required')
entity = self._CreateNewSecretEntity(owner, target_id, secret)
for prop_name in entity.properties():
value = metadata.get(prop_name)
if value:
setattr(entity, prop_name, self.SanitizeEntityValue(prop_name, value))
try:
entity.put()
self.AUDIT_LOG_MODEL.Log(
entity=entity, message='PUT', request=self.request)
except base.DuplicateEntity:
logging.info('New entity duplicate active passphrase with same uuid.')
self.response.out.write('Secret successfully escrowed!')
def get(self, target_id):
"""Handles GET requests."""
if not self.IsValidTargetId(target_id):
raise base.AccessError('target_id is malformed')
self.RetrieveSecret(target_id)
