def init_journalist(is_admin=False):
"""Initialize a journalist into the database. Return their
:class:`db.Journalist` object and password string.
:param bool is_admin: Whether the user is an admin.
:returns: A 2-tuple. The first entry, an :obj:`db.Journalist`
corresponding to the row just added to the database. The
second, their password string.
"""
username = crypto_util.genrandomid()
user_pw = crypto_util.genrandomid()
user = db.Journalist(username, user_pw, is_admin)
db.db_session.add(user)
db.db_session.commit()
return user, user_pw
def init_journalist(is_admin=False):
"""Initialize a journalist into the database. Return their
:class:`db.Journalist` object and password string.
:param bool is_admin: Whether the user is an admin.
:returns: A 2-tuple. The first entry, an :obj:`db.Journalist`
corresponding to the row just added to the database. The
second, their password string.
"""
username = crypto_util.genrandomid()
user_pw = crypto_util.genrandomid()
user = db.Journalist(username, user_pw, is_admin)
db.db_session.add(user)
db.db_session.commit()
return user, user_pw
def generate_unique_codename(num_words):
"""Generate random codenames until we get an unused one"""
while True:
codename = crypto_util.genrandomid(num_words)
sid = crypto_util.hash_codename(codename) # scrypt (slow)
matching_sources = Source.query.filter(Source.filesystem_id == sid).all()
if len(matching_sources) == 0:
return codename
def _make_password():
while True:
password = crypto_util.genrandomid(7)
try:
Journalist.check_password_acceptable(password)
return password
except PasswordError:
continue
def generate():
number_words = 8
if request.method == 'POST':
number_words = int(request.form['number-words'])
if number_words not in range(7, 11):
abort(403)
session['codename'] = crypto_util.genrandomid(number_words)
return render_template('generate.html', codename=session['codename'])
def _make_password():
while True:
password = crypto_util.genrandomid(7)
try:
Journalist.check_password_acceptable(password)
return password
except PasswordError:
continue
def generate():
number_words = 8
if request.method == "POST":
number_words = int(request.form["number-words"])
if number_words not in range(7, 11):
abort(403)
session["codename"] = crypto_util.genrandomid(number_words)
return render_template("generate.html", codename=session["codename"])
def test_genrandomid(self):
id = crypto_util.genrandomid()
id_words = id.split()
self.assertEqual(id, crypto_util.clean(id))
self.assertEqual(len(id_words), crypto_util.DEFAULT_WORDS_IN_RANDOM_ID)
for word in id_words:
self.assertIn(word, crypto_util.words)
def generate():
number_words = 8
if request.method == 'POST':
number_words = int(request.form['number-words'])
if number_words not in range(7, 11):
abort(403)
session['codename'] = crypto_util.genrandomid(number_words)
return render_template('generate.html', codename=session['codename'])
def verify_genrandomid(self, locale):
id = crypto_util.genrandomid(locale=locale)
id_words = id.split()
self.assertEqual(id, crypto_util.clean(id))
self.assertEqual(len(id_words), crypto_util.DEFAULT_WORDS_IN_RANDOM_ID)
for word in id_words:
self.assertIn(word, crypto_util._get_wordlist(locale))
def make_password(config):
while True:
password = crypto_util.genrandomid(7, i18n.get_language(config))
try:
Journalist.check_password_acceptable(password)
return password
except PasswordError:
continue
def make_password(config):
while True:
password = crypto_util.genrandomid(7, i18n.get_language(config))
try:
Journalist.check_password_acceptable(password)
return password
except PasswordError:
continue
def test_genkeypair(self):
codename = crypto_util.genrandomid()
filesystem_id = crypto_util.hash_codename(codename)
journalist_filename = crypto_util.display_id()
source = db.Source(filesystem_id, journalist_filename)
db.db_session.add(source)
db.db_session.commit()
crypto_util.genkeypair(source.filesystem_id, codename)
self.assertIsNotNone(crypto_util.getkey(filesystem_id))
def init_source_without_keypair():
"""Initialize a source: create their database record and the
filesystem directory that stores their submissions & replies.
Return a source object and their codename string.
:returns: A 2-tuple. The first entry, the :class:`db.Source`
initialized. The second, their codename string.
"""
# Create source identity and database record
codename = crypto_util.genrandomid()
filesystem_id = crypto_util.hash_codename(codename)
journalist_filename = crypto_util.display_id()
source = db.Source(filesystem_id, journalist_filename)
db.db_session.add(source)
db.db_session.commit()
# Create the directory to store their submissions and replies
os.mkdir(store.path(source.filesystem_id))
return source, codename
def init_source_without_keypair():
"""Initialize a source: create their database record and the
filesystem directory that stores their submissions & replies.
Return a source object and their codename string.
:returns: A 2-tuple. The first entry, the :class:`db.Source`
initialized. The second, their codename string.
"""
# Create source identity and database record
codename = crypto_util.genrandomid()
filesystem_id = crypto_util.hash_codename(codename)
journalist_filename = crypto_util.display_id()
source = db.Source(filesystem_id, journalist_filename)
db.db_session.add(source)
db.db_session.commit()
# Create the directory to store their submissions and replies
os.mkdir(store.path(source.filesystem_id))
return source, codename
def generate_unique_codename():
"""Generate random codenames until we get an unused one"""
while True:
codename = crypto_util.genrandomid(Source.NUM_WORDS)
# The maximum length of a word in the wordlist is 9 letters and the
# codename length is 7 words, so it is currently impossible to
# generate a codename that is longer than the maximum codename length
# (currently 128 characters). This code is meant to be defense in depth
# to guard against potential future changes, such as modifications to
# the word list or the maximum codename length.
if len(codename) > Source.MAX_CODENAME_LEN:
app.logger.warning(
"Generated a source codename that was too long, "
"skipping it. This should not happen. "
"(Codename='{}')".format(codename))
continue
filesystem_id = crypto_util.hash_codename(codename) # scrypt (slow)
matching_sources = Source.query.filter(
Source.filesystem_id == filesystem_id).all()
if len(matching_sources) == 0:
return codename
def test_hash_codename(self):
codename = crypto_util.genrandomid()
hashed_codename = crypto_util.hash_codename(codename)
self.assertRegexpMatches(hashed_codename, '^[2-7A-Z]{103}=$')
