def db_create_whistleblower_tip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = models.WhistleblowerTip()
receipt = unicode(rstr.xeger(GLSettings.receipt_regexp))
wbtip.receipt_hash = hash_password(receipt,
GLSettings.memory_copy.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = internaltip.id
store.add(wbtip)
created_rtips = [
db_create_receivertip(store, receiver, internaltip)
for receiver in internaltip.receivers
]
internaltip.new = False
if len(created_rtips):
log.debug(
"The finalized submissions had created %d models.ReceiverTip(s)" %
len(created_rtips))
return receipt, wbtip
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] != '' else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
password = request['password']
if len(password) == 0:
password = GLSettings.memory_copy.default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.name = request['name']
user.description = request['description']
user.state = request['state']
user.password_change_needed = request['password_change_needed']
user.mail_address = request['mail_address']
user.language = request.get('language',
GLSettings.memory_copy.default_language)
user.timezone = request.get('timezone',
GLSettings.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.UserIdNotFound` if the user does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.update(request)
password = request['password']
if len(password) > 0:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
if user.role == 'admin':
db_refresh_exception_delivery_list(store)
return user
def db_create_whistleblower_tip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = WhistleblowerTip()
node = store.find(Node).one()
receipt = unicode(rstr.xeger(GLSettings.receipt_regexp))
wbtip.receipt_hash = hash_password(receipt, node.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = internaltip.id
store.add(wbtip)
created_rtips = []
for receiver in internaltip.receivers:
rtip_id = db_create_receivertip(store, receiver, internaltip)
internaltip.new = False
if len(created_rtips):
log.debug("The finalized submissions had created %d ReceiverTip(s)" % len(created_rtips))
return receipt
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.name = request['name']
user.description = request['description']
user.state = request['state']
user.password_change_needed = request['password_change_needed']
user.mail_address = request['mail_address']
user.language = request.get('language', GLSettings.memory_copy.default_language)
user.timezone = request.get('timezone', GLSettings.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if not request['username']:
user.username = user.id
password = request['password'] if request['password'] else State.tenant_cache[1].default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def login_whistleblower(store, receipt, using_tor2web):
"""
login_whistleblower returns the WhistleblowerTip.id
"""
hashed_receipt = security.hash_password(
receipt, GLSettings.memory_copy.private.receipt_salt)
wbtip = store.find(
WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
if not wbtip:
log.debug("Whistleblower login: Invalid receipt")
GLSettings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if using_tor2web and not GLSettings.memory_copy.accept_tor2web_access[
'whistleblower']:
log.err("Denied login request on Tor2web for role 'whistleblower'")
raise errors.TorNetworkRequired
else:
log.debug("Accepted login request on Tor2web for role 'whistleblower'")
log.debug("Whistleblower login: Valid receipt")
wbtip.last_access = datetime_now()
store.commit(
) # the transact was read only! on success we apply the commit()
return wbtip.id
def update_receiver(store, receiver_id, request, language=GLSetting.memory_copy.default_language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverIdNotFound` if the receiver does
not exist.
"""
receiver = models.Receiver.get(store, receiver_id)
if not receiver:
raise errors.ReceiverIdNotFound
fill_localized_keys(request, models.Receiver.localized_strings, language)
mail_address = request['mail_address']
homonymous = store.find(models.User, models.User.username == mail_address).one()
if homonymous and homonymous.id != receiver.user_id:
log.err("Update error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
receiver.mail_address = mail_address
# the email address it's also the username, stored in User
receiver.user.username = mail_address
receiver.user.state = request['state']
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
receiver.user.language = request.get('language', GLSetting.memory_copy.default_language)
receiver.user.timezone = request.get('timezone', GLSetting.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(password, receiver.user.salt)
receiver.user.password_change_date = datetime_now()
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
log.err("Update error: unexistent context can't be associated")
raise errors.ContextIdNotFound
receiver.contexts.add(context)
receiver.last_update = datetime_now()
try:
receiver.update(request)
except DatabaseError as dberror:
log.err("Unable to update receiver %s: %s" % (receiver.name, dberror))
raise errors.InvalidInputFormat(dberror)
return admin_serialize_receiver(receiver, language)
def test_pass_hash(self):
dummy_password = "******"
dummy_salt_input = "*****@*****.**"
sure_bin = scrypt.hash(dummy_password, get_salt(dummy_salt_input))
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt_input)
self.assertEqual(sure, not_sure)
def test_001_pass_hash(self):
dummy_password = "******"
dummy_salt_input = "*****@*****.**"
sure_bin = scrypt.hash(dummy_password, get_salt(dummy_salt_input) )
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt_input)
self.assertEqual(sure, not_sure)
def db_create_receiver(store, request, language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
fill_localized_keys(request, models.Receiver.localized_strings, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
# ping_mail_address is duplicated at creation time from mail_address
request.update({'ping_mail_address': request['mail_address']})
receiver = models.Receiver(request)
receiver_user_dict = {
'username': uuid4(),
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
}
receiver_user = models.User(receiver_user_dict)
# The various options related in manage PGP keys are used here.
pgp_options_parse(receiver, request)
# Set receiver.id = receiver.user.username = receiver.user.id
receiver.id = receiver_user.username = receiver_user.id
store.add(receiver_user)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
log.debug("Created receiver %s" % receiver.user.username)
return admin_serialize_receiver(receiver, language)
def db_create_receiver(store, request, language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
fill_localized_keys(request, models.Receiver.localized_strings, language)
password = request['password']
if len(password) and password != GLSetting.default_password:
security.check_password_format(password)
else:
password = GLSetting.default_password
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': uuid4(),
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': True,
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = datetime_null()
receiver_user.password_change_date = datetime_null()
store.add(receiver_user)
# ping_mail_address is duplicated at creation time from mail_address
request.update({'ping_mail_address': request['mail_address']})
receiver = models.Receiver(request)
receiver.user = receiver_user
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def update_receiver(store, id, request, language=GLSetting.memory_copy.default_language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverGusNotFound` if the receiver does
not exist.
"""
receiver = store.find(Receiver, Receiver.id == unicode(id)).one()
v = dict(request)
for attr in getattr(Receiver, "localized_strings"):
v[attr] = getattr(receiver, attr)
v[attr][language] = unicode(request[attr])
request = v
if not receiver:
raise errors.ReceiverGusNotFound
mail_address = utility.acquire_mail_address(request)
if not mail_address:
raise errors.NoEmailSpecified
homonymous = store.find(User, User.username == mail_address).one()
if homonymous and homonymous.id != receiver.user_id:
log.err("Update error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
receiver.notification_fields = request['notification_fields']
receiver.tags = request['tags']
# the email address it's also the username, stored in User
receiver.user.username = mail_address
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
password = request.get('password')
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(password, receiver.user.salt)
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Update error: unexistent context can't be associated")
raise errors.ContextGusNotFound
receiver.contexts.add(context)
receiver.update(request)
receiver.last_update = utility.datetime_now()
return admin_serialize_receiver(receiver, language)
def test_pass_hash(self):
dummy_password = "******"
dummy_salt = generateRandomSalt()
sure_bin = scrypt.hash(dummy_password, dummy_salt)
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt)
self.assertEqual(sure, not_sure)
def update_receiver(store, receiver_id, request, language=GLSetting.memory_copy.default_language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverIdNotFound` if the receiver does
not exist.
"""
receiver = store.find(Receiver, Receiver.id == unicode(receiver_id)).one()
if not receiver:
raise errors.ReceiverIdNotFound
mo = structures.Rosetta()
mo.acquire_request(language, request, Receiver)
for attr in mo.get_localized_attrs():
request[attr] = mo.get_localized_dict(attr)
mail_address = request['mail_address']
homonymous = store.find(User, User.username == mail_address).one()
if homonymous and homonymous.id != receiver.user_id:
log.err("Update error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
receiver.mail_address = mail_address
receiver.tags = request['tags']
# the email address it's also the username, stored in User
receiver.user.username = mail_address
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
password = request['password']
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(password, receiver.user.salt)
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Update error: unexistent context can't be associated")
raise errors.ContextIdNotFound
receiver.contexts.add(context)
receiver.last_update = datetime_now()
try:
receiver.update(request)
except Exception as dberror:
log.err("Unable to update receiver %s: %s" % (receiver.name, dberror))
raise errors.InvalidInputFormat(dberror)
return admin_serialize_receiver(receiver, language)
def test_pass_hash(self):
dummy_password = "******"
dummy_salt = generateRandomSalt()
sure_bin = scrypt.hash(dummy_password, dummy_salt)
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt)
self.assertEqual(sure, not_sure)
def login_wb(store, receipt):
try:
node = store.find(Node).one()
hashed_receipt = security.hash_password(receipt, node.receipt_salt)
wb_tip = store.find(WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
except NotOneError, e:
# This is one of the fatal error that never need to happen
log.err("Expected unique fields (receipt) not unique when hashed %s" % receipt)
return False
def db_create_whistleblowertip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
receipt = unicode(generateRandomReceipt())
wbtip = models.WhistleblowerTip()
wbtip.id = internaltip.id
wbtip.receipt_hash = hash_password(receipt, GLSettings.memory_copy.private.receipt_salt)
store.add(wbtip)
return receipt, wbtip
def update_receiver(store, receiver_id, request, language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverIdNotFound` if the receiver does
not exist.
"""
receiver = models.Receiver.get(store, receiver_id)
if not receiver:
raise errors.ReceiverIdNotFound
fill_localized_keys(request, models.Receiver.localized_strings, language)
receiver.user.state = request['state']
receiver.user.password_change_needed = request['password_change_needed']
receiver.user.mail_address = request['mail_address']
# The various options related in manage PGP keys are used here.
pgp_options_parse(receiver, request)
receiver.user.language = request.get(
'language', GLSettings.memory_copy.default_language)
receiver.user.timezone = request.get(
'timezone', GLSettings.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(
password, receiver.user.salt)
receiver.user.password_change_date = datetime_now()
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
raise errors.ContextIdNotFound
receiver.contexts.add(context)
try:
receiver.update(request)
except DatabaseError as dberror:
log.err("Unable to update receiver %s: %s" % (receiver.name, dberror))
raise errors.InvalidInputFormat(dberror)
return admin_serialize_receiver(receiver, language)
def update_receiver(store, receiver_id, request, language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverIdNotFound` if the receiver does
not exist.
"""
receiver = models.Receiver.get(store, receiver_id)
if not receiver:
raise errors.ReceiverIdNotFound
fill_localized_keys(request, models.Receiver.localized_strings, language)
receiver.user.state = request['state']
receiver.user.password_change_needed = request['password_change_needed']
# The various options related in manage PGP keys are used here.
pgp_options_parse(receiver, request)
receiver.user.language = request.get('language', GLSetting.memory_copy.language)
receiver.user.timezone = request.get('timezone', GLSetting.memory_copy.default_timezone)
password = request['password']
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(password, receiver.user.salt)
receiver.user.password_change_date = datetime_now()
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
raise errors.ContextIdNotFound
receiver.contexts.add(context)
receiver.last_update = datetime_now()
try:
receiver.update(request)
except DatabaseError as dberror:
log.err("Unable to update receiver %s: %s" % (receiver.name, dberror))
raise errors.InvalidInputFormat(dberror)
return admin_serialize_receiver(receiver, language)
def db_create_whistleblowertip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
log.debug("Creating whistleblowertip")
receipt = unicode(generateRandomReceipt())
wbtip = models.WhistleblowerTip()
wbtip.id = internaltip.id
wbtip.receipt_hash = hash_password(
receipt, State.tenant_cache[1].private.receipt_salt)
store.add(wbtip)
return receipt
def login_wb(store, receipt):
"""
Login wb return the WhistleblowerTip.id
"""
node = store.find(Node).one()
hashed_receipt = security.hash_password(receipt, node.receipt_salt)
wb_tip = store.find(WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
if not wb_tip:
log.debug("Whistleblower login: Invalid receipt")
return None, None, None
log.debug("Whistleblower login: Valid receipt")
wb_tip.last_access = utility.datetime_now()
store.commit() # the transact was read only! on success we apply the commit()
return wb_tip.id, 'enabled', False
def db_create_whistleblower_tip(store, submission_desc):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = WhistleblowerTip()
node = store.find(Node).one()
receipt = unicode(rstr.xeger(GLSetting.receipt_regexp))
wbtip.receipt_hash = security.hash_password(receipt, node.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = submission_desc['id']
store.add(wbtip)
return receipt
def db_create_whistleblower_tip(store, submission_desc):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = WhistleblowerTip()
node = store.find(Node).one()
return_value_receipt = unicode(rstr.xeger(node.receipt_regexp))
wbtip.receipt_hash = security.hash_password(return_value_receipt,
node.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = submission_desc['id']
store.add(wbtip)
return return_value_receipt
def create_whistleblower_tip(store, submission_desc):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
assert submission_desc is not None and submission_desc.has_key("id")
wbtip = WhistleblowerTip()
node = store.find(Node).one()
return_value_receipt = unicode(rstr.xeger(node.receipt_regexp))
wbtip.receipt_hash = security.hash_password(return_value_receipt, node.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = submission_desc["id"]
store.add(wbtip)
return return_value_receipt
def login_wb(store, receipt):
"""
Login wb return the WhistleblowerTip.id
"""
node = store.find(Node).one()
hashed_receipt = security.hash_password(receipt, node.receipt_salt)
wb_tip = store.find(
WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
if not wb_tip:
log.debug("Whistleblower login: Invalid receipt")
return False
log.debug("Whistleblower login: Valid receipt")
wb_tip.last_access = utility.datetime_now()
store.commit(
) # the transact was read only! on success we apply the commit()
return wb_tip.id
def login_whistleblower(store, receipt, client_using_tor):
"""
login_whistleblower returns the WhistleblowerTip.id
"""
hashed_receipt = security.hash_password(receipt, GLSettings.memory_copy.private.receipt_salt)
wbtip = store.find(WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
if not wbtip:
log.debug("Whistleblower login: Invalid receipt")
GLSettings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if not client_using_tor and not GLSettings.memory_copy.accept_tor2web_access['whistleblower']:
log.err("Denied login request over clear Web for role 'whistleblower'")
raise errors.TorNetworkRequired
log.debug("Whistleblower login: Valid receipt")
wbtip.last_access = datetime_now()
return wbtip.id
def init_db(store, result, node_dict, appdata_dict):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(node_dict)
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
store.add(admin)
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def login_whistleblower(store, receipt, using_tor2web):
"""
login_whistleblower returns the WhistleblowerTip.id
"""
hashed_receipt = security.hash_password(receipt, GLSettings.memory_copy.private.receipt_salt)
wbtip = store.find(WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
if not wbtip:
log.debug("Whistleblower login: Invalid receipt")
GLSettings.failed_login_attempts += 1
raise errors.InvalidAuthentication
if using_tor2web and not GLSettings.memory_copy.accept_tor2web_access['whistleblower']:
log.err("Denied login request on Tor2web for role 'whistleblower'")
raise errors.TorNetworkRequired
else:
log.debug("Accepted login request on Tor2web for role 'whistleblower'")
log.debug("Whistleblower login: Valid receipt")
wbtip.last_access = datetime_now()
return wbtip.id
def db_admin_update_user(store, user_id, request, language):
"""
Updates the specified user.
raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist.
"""
user = models.User.get(store, user_id)
if not user:
raise errors.UserIdNotFound
fill_localized_keys(request, models.User.localized_keys, language)
user.update(request)
password = request['password']
if len(password) > 0:
user.password = security.hash_password(password, user.salt)
user.password_change_date = datetime_now()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
return user
def db_create_whistleblower_tip(store, internaltip):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
wbtip = models.WhistleblowerTip()
receipt = unicode(generateRandomReceipt())
wbtip.receipt_hash = hash_password(receipt, GLSettings.memory_copy.receipt_salt)
wbtip.internaltip_id = internaltip.id
store.add(wbtip)
created_rtips = [db_create_receivertip(store, receiver, internaltip) for receiver in internaltip.receivers]
internaltip.new = False
if len(created_rtips):
log.debug("The finalized submissions had created %d models.ReceiverTip(s)" % len(created_rtips))
return receipt, wbtip
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.generateRandomSalt()
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def create_whistleblower_tip(store, submission_desc):
"""
The plaintext receipt is returned only now, and then is
stored hashed in the WBtip table
"""
from Crypto import Random
Random.atfork()
assert submission_desc is not None and submission_desc.has_key('id')
wbtip = WhistleblowerTip()
context = store.find(Context, Context.id == submission_desc['context_gus']).one()
return_value_receipt = unicode( rstr.xeger(context.receipt_regexp) )
node = store.find(Node).one()
wbtip.receipt_hash = security.hash_password(return_value_receipt, node.receipt_salt)
wbtip.access_counter = 0
wbtip.internaltip_id = submission_desc['id']
store.add(wbtip)
return return_value_receipt
def init_db(store, result, node_dict, appdata_dict):
"""
"""
node = models.Node(node_dict)
node.languages_enabled = GLSettings.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSettings.skip_wizard
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'mail_address': u'',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
store.add(admin)
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def init_db(store, result, node_dict, appdata_dict):
"""
"""
node = models.Node(node_dict)
node.languages_enabled = GLSettings.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSettings.skip_wizard
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'mail_address': u'',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
store.add(admin)
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def initialize_node(store, results, only_node, appdata):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(only_node)
log.debug("Inizializing ApplicationData")
new_appdata = ApplicationData()
new_appdata.fields = appdata['fields']
new_appdata.version = appdata['version']
store.add(new_appdata)
for k in appdata['node']:
setattr(node, k, appdata['node'][k])
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
admin.password_change_date = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
for k in appdata['templates']:
# Todo handle pgp_expiration_alert and pgp_expiration_notice already included in client/app/data/txt
# and internationalized with right support on backend db.
if k in appdata['templates']:
setattr(notification, k, appdata['templates'][k])
# Todo handle pgp_expiration_alert and pgp_expiration_notice already included in client/app/data/txt
# and internationalized with right support on backend db.
store.add(notification)
def db_get_wbtip_by_receipt(store, receipt):
hashed_receipt = security.hash_password(
receipt, State.tenant_cache[1].private.receipt_salt)
return store.find(
WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
def create_receiver(store, request, language=GLSetting.memory_copy.default_language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
v = dict(request)
for attr in getattr(Receiver, "localized_strings"):
v[attr] = {}
v[attr][language] = unicode(request[attr])
request = v
mail_address = utility.acquire_mail_address(request)
if not mail_address:
raise errors.NoEmailSpecified
# Pretend that username is unique:
homonymous = store.find(User, User.username == mail_address).count()
if homonymous:
log.err("Creation error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
password = request.get('password')
security.check_password_format(password)
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': mail_address,
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
'failed_login_count': 0,
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = utility.datetime_null()
store.add(receiver_user)
receiver = Receiver(request)
receiver.user = receiver_user
receiver.notification_fields = request.get('notification_fields')
receiver.tags = request.get('tags')
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextGusNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def db_create_receiver(store,
request,
language=GLSetting.memory_copy.default_language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
mo = structures.Rosetta()
mo.acquire_request(language, request, Receiver)
for attr in mo.get_localized_attrs():
request[attr] = mo.get_localized_dict(attr)
mail_address = request['mail_address']
# Pretend that username is unique:
homonymous = store.find(User, User.username == mail_address).count()
if homonymous:
log.err(
"Creation error: already present receiver with the requested username: %s"
% mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
password = request.get('password')
security.check_password_format(password)
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': mail_address,
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = datetime_null()
store.add(receiver_user)
receiver = Receiver(request)
receiver.user = receiver_user
receiver.mail_address = mail_address
receiver.tags = request['tags']
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def db_create_receiver(store, request, language=GLSetting.memory_copy.default_language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
mo = structures.Rosetta()
mo.acquire_request(language, request, Receiver)
for attr in mo.get_localized_attrs():
request[attr] = mo.get_localized_dict(attr)
mail_address = request['mail_address']
# Pretend that username is unique:
homonymous = store.find(User, User.username == mail_address).count()
if homonymous:
log.err("Creation error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
password = request.get('password')
security.check_password_format(password)
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': mail_address,
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = datetime_null()
store.add(receiver_user)
receiver = Receiver(request)
receiver.user = receiver_user
receiver.mail_address = mail_address
receiver.tags = request['tags']
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def init_db(store, result, node_dict, appdata_dict):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(node_dict)
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
admin.password_change_date = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def initialize_node(store, results, only_node, templates, appdata):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(only_node)
log.debug("Inizializing ApplicationData")
new_appdata = ApplicationData()
new_appdata.fields = appdata['fields']
new_appdata.version = appdata['version']
store.add(new_appdata)
if 'node_presentation' in appdata:
node.presentation = appdata['node_presentation']
if 'node_footer' in appdata:
node.footer = appdata['node_footer']
if 'node_subtitle' in appdata:
node.subtitle = appdata['node_subtitle']
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
notification.encrypted_tip_template = {
GLSetting.memory_copy.default_language: templates['encrypted_tip']
}
notification.encrypted_tip_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new Tip (Encrypted)"
}
notification.plaintext_tip_template = {
GLSetting.memory_copy.default_language: templates['plaintext_tip']
}
notification.plaintext_tip_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new ClearText"
}
notification.encrypted_message_template = {
GLSetting.memory_copy.default_language: templates['encrypted_message']
}
notification.encrypted_message_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message (Encrypted)"
}
notification.plaintext_message_template = {
GLSetting.memory_copy.default_language: templates['plaintext_message']
}
notification.plaintext_message_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message"
}
notification.encrypted_file_template = {
GLSetting.memory_copy.default_language: templates['encrypted_file']
}
notification.encrypted_file_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached (Encrypted)"
}
notification.plaintext_file_template = {
GLSetting.memory_copy.default_language: templates['plaintext_file']
}
notification.plaintext_file_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached"
}
notification.encrypted_comment_template = {
GLSetting.memory_copy.default_language: templates['encrypted_comment']
}
notification.encrypted_comment_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment (Encrypted)"
}
notification.plaintext_comment_template = {
GLSetting.memory_copy.default_language: templates['plaintext_comment']
}
notification.plaintext_comment_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment"
}
notification.zip_description = {
GLSetting.memory_copy.default_language: templates['zip_collection']
}
store.add(notification)
def initialize_node(store, results, only_node, templates, appdata):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(only_node)
log.debug("Inizializing ApplicationData")
new_appdata = ApplicationData()
new_appdata.fields = appdata['fields']
new_appdata.version = appdata['version']
store.add(new_appdata)
if 'node_presentation' in appdata:
node.presentation = appdata['node_presentation']
if 'node_footer' in appdata:
node.footer = appdata['node_footer']
if 'node_subtitle' in appdata:
node.subtitle = appdata['node_subtitle']
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
notification.encrypted_tip_template = { GLSetting.memory_copy.default_language:
templates['encrypted_tip'] }
notification.encrypted_tip_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new Tip (Encrypted)" }
notification.plaintext_tip_template= { GLSetting.memory_copy.default_language:
templates['plaintext_tip'] }
notification.plaintext_tip_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new ClearText" }
notification.encrypted_message_template = { GLSetting.memory_copy.default_language: templates['encrypted_message'] }
notification.encrypted_message_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message (Encrypted)" }
notification.plaintext_message_template = { GLSetting.memory_copy.default_language: templates['plaintext_message'] }
notification.plaintext_message_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message" }
notification.encrypted_file_template = { GLSetting.memory_copy.default_language: templates['encrypted_file'] }
notification.encrypted_file_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached (Encrypted)" }
notification.plaintext_file_template = { GLSetting.memory_copy.default_language: templates['plaintext_file'] }
notification.plaintext_file_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached" }
notification.encrypted_comment_template = { GLSetting.memory_copy.default_language: templates['encrypted_comment'] }
notification.encrypted_comment_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment (Encrypted)" }
notification.plaintext_comment_template = { GLSetting.memory_copy.default_language: templates['plaintext_comment'] }
notification.plaintext_comment_mail_title = { GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment" }
notification.zip_description = { GLSetting.memory_copy.default_language:
templates['zip_collection'] }
store.add(notification)
def initialize_node(store, results, only_node, email_templates):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
from Crypto import Random
Random.atfork()
node = models.Node(only_node)
# by default, only english is the surely present language
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger("[A-Za-z0-9]{56}"))
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger("[A-Za-z0-9]{56}"))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
"username": u"admin",
"password": admin_password,
"salt": admin_salt,
"role": u"admin",
"state": u"enabled",
"failed_login_count": 0,
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various 'variables'
# used in the template.
notification.tip_template = {GLSetting.memory_copy.default_language: email_templates["tip"]}
notification.tip_mail_title = {GLSetting.memory_copy.default_language: "From %NodeName% a new Tip"}
notification.file_template = {GLSetting.memory_copy.default_language: email_templates["file"]}
notification.file_mail_title = {
GLSetting.memory_copy.default_language: "From %NodeName% a new file appended to a tip"
}
notification.comment_template = {GLSetting.memory_copy.default_language: email_templates["comment"]}
notification.comment_mail_title = {GLSetting.memory_copy.default_language: "From %NodeName% a new comment"}
notification.activation_template = {GLSetting.memory_copy.default_language: "*Not Yet implemented*"}
notification.activation_mail_title = {GLSetting.memory_copy.default_language: "**Not Yet implemented"}
store.add(notification)
def db_create_receiver(store, request, language=GLSetting.memory_copy.default_language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
fill_localized_keys(request, models.Receiver.localized_strings, language)
mail_address = request['mail_address']
# Pretend that username is unique:
homonymous = store.find(models.User, models.User.username == mail_address).count()
if homonymous:
log.err("Creation error: already present receiver with the requested username: %s" % mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
password = request['password']
if len(password) and password != GLSetting.default_password:
security.check_password_format(password)
else:
password = GLSetting.default_password
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': mail_address,
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': True,
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = datetime_null()
receiver_user.password_change_needed = request['password_change_needed']
receiver_user.password_change_date = datetime_null()
store.add(receiver_user)
receiver = models.Receiver(request)
receiver.user = receiver_user
receiver.mail_address = mail_address
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = models.Context.get(store, context_id)
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def update_receiver(store,
receiver_id,
request,
language=GLSetting.memory_copy.default_language):
"""
Updates the specified receiver with the details.
raises :class:`globaleaks.errors.ReceiverIdNotFound` if the receiver does
not exist.
"""
receiver = store.find(Receiver, Receiver.id == unicode(receiver_id)).one()
if not receiver:
raise errors.ReceiverIdNotFound
mo = structures.Rosetta()
mo.acquire_request(language, request, Receiver)
for attr in mo.get_localized_attrs():
request[attr] = mo.get_localized_dict(attr)
mail_address = request['mail_address']
homonymous = store.find(User, User.username == mail_address).one()
if homonymous and homonymous.id != receiver.user_id:
log.err(
"Update error: already present receiver with the requested username: %s"
% mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
receiver.mail_address = mail_address
receiver.tags = request['tags']
# the email address it's also the username, stored in User
receiver.user.username = mail_address
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
password = request['password']
if len(password):
security.check_password_format(password)
receiver.user.password = security.hash_password(
password, receiver.user.salt)
contexts = request.get('contexts', [])
for context in receiver.contexts:
receiver.contexts.remove(context)
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Update error: unexistent context can't be associated")
raise errors.ContextIdNotFound
receiver.contexts.add(context)
receiver.last_update = datetime_now()
try:
receiver.update(request)
except Exception as dberror:
log.err("Unable to update receiver %s: %s" % (receiver.name, dberror))
raise errors.InvalidInputFormat(dberror)
return admin_serialize_receiver(receiver, language)
from globaleaks.rest.apicache import GLApiCache
from globaleaks.settings import GLSettings, transact, transact_ro
from globaleaks.security import GLSecureTemporaryFile
from globaleaks.third_party import rstr
from globaleaks.utils import token
from globaleaks.utils.structures import fill_localized_keys
from globaleaks.utils.utility import datetime_null, log
from . import TEST_DIR
## constants
VALID_PASSWORD1 = u'justapasswordwithaletterandanumberandbiggerthan8chars'
VALID_PASSWORD2 = u'justap455w0rdwithaletterandanumberandbiggerthan8chars'
VALID_SALT1 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_SALT2 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}'))
VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1)
VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2)
INVALID_PASSWORD = u'antani'
FIXTURES_PATH = os.path.join(TEST_DIR, 'fixtures')
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key1.txt')) as pgp_file:
VALID_PGP_KEY1 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key2.txt')) as pgp_file:
VALID_PGP_KEY2 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/expired_pgp_key.txt')) as pgp_file:
EXPIRED_PGP_KEY = unicode(pgp_file.read())
transact.tp = FakeThreadPool()
def db_get_wbtip_by_receipt(store, receipt):
hashed_receipt = security.hash_password(receipt, GLSettings.memory_copy.private.receipt_salt)
return store.find(WhistleblowerTip,
WhistleblowerTip.receipt_hash == unicode(hashed_receipt)).one()
