def put(self, token_id): """ Parameter: token_id Request: SubmissionDesc Response: SubmissionDesc PUT finalize the submission """ @transact def put_transact(store, token, request): status = db_create_submission(store, token, request, self.request.language) receipt = db_create_whistleblower_tip(store, status) status.update({'receipt': receipt}) return status request = self.validate_message(self.request.body, requests.SubmissionDesc) # the .get method raise an exception if the token is invalid token = TokenList.get(token_id) if not token.context_associated == request['context_id']: raise errors.InvalidInputFormat("Token context unaligned with REST url") token.validate(request) status = yield put_transact(token, request) TokenList.delete(token_id) self.set_status(202) # Updated, also if submission if effectively created (201) self.finish(status)
def put(self, token_id): """ Finalize the submission """ request = self.validate_message(self.request.content.read(), requests.SubmissionDesc) # The get and use method will raise if the token is invalid token = TokenList.get(token_id) token.use() submission = create_submission(self.request.tid, request, token.uploaded_files, self.request.client_using_tor) # Delete the token only when a valid submission has been stored in the DB TokenList.delete(token_id) return submission
def put(self, token_id): """ Parameter: token_id Request: SubmissionDesc Response: SubmissionDesc PUT finalize the submission """ request = self.validate_message(self.request.body, requests.SubmissionDesc) # The get and use method will raise if the token is invalid token = TokenList.get(token_id) token.use() submission = yield create_submission(request, token.uploaded_files, self.check_tor2web(), self.request.language) # Delete the token only when a valid submission has been stored in the DB TokenList.delete(token_id) self.set_status(202) # Updated, also if submission if effectively created (201) self.write(submission)
def db_create_submission(store, token_id, request, t2w, language): # the .get method raise an exception if the token is invalid token = TokenList.get(token_id) if not token.context_associated == request['context_id']: raise errors.InvalidInputFormat( "Token context does not match the one specified in submission payload" ) token.validate(request) TokenList.delete(token_id) answers = request['answers'] context = store.find(Context, Context.id == token.context_associated).one() if not context: # this can happen only if the context is removed # between submission POST and PUT.. :) that's why is better just # ignore this check, take che cached and wait the reference below fault log.err("Context requested: [%s] not found!" % token.context_associated) raise errors.ContextIdNotFound submission = InternalTip() submission.expiration_date = utc_future_date( seconds=context.tip_timetolive) submission.context_id = context.id submission.creation_date = datetime_now() # Tor2Web is spot in the handler and passed here, is done to keep track of the # security level adopted by the whistleblower submission.tor2web = t2w try: questionnaire = db_get_context_steps( store, context.id, GLSettings.memory_copy.default_language) questionnaire_hash = sha256(json.dumps(questionnaire)) submission.questionnaire_hash = questionnaire_hash submission.preview = extract_answers_preview(questionnaire, answers) store.add(submission) db_archive_questionnaire_schema(store, submission) db_save_questionnaire_answers(store, submission, answers) except Exception as excep: log.err("Submission create: fields validation fail: %s" % excep) raise excep try: import_receivers(store, submission, request['receivers']) except Exception as excep: log.err("Submission create: receivers import fail: %s" % excep) raise excep try: for filedesc in token.uploaded_files: associated_f = InternalFile() associated_f.name = filedesc['filename'] associated_f.description = "" associated_f.content_type = filedesc['content_type'] associated_f.size = filedesc['body_len'] associated_f.internaltip_id = submission.id associated_f.file_path = filedesc['encrypted_path'] store.add(associated_f) log.debug("=> file associated %s|%s (%d bytes)" % (associated_f.name, associated_f.content_type, associated_f.size)) except Exception as excep: log.err("Unable to create a DB entry for file! %s" % excep) raise excep receipt = db_create_whistleblower_tip(store, submission) submission_dict = wb_serialize_internaltip(store, submission) submission_dict.update({'receipt': receipt}) return submission_dict
def db_create_submission(store, token_id, request, t2w, language): # the .get method raise an exception if the token is invalid token = TokenList.get(token_id) if not token.context_associated == request['context_id']: raise errors.InvalidInputFormat("Token context does not match the one specified in submission payload") token.validate(request) TokenList.delete(token_id) answers = request['answers'] context = store.find(Context, Context.id == token.context_associated).one() if not context: # this can happen only if the context is removed # between submission POST and PUT.. :) that's why is better just # ignore this check, take che cached and wait the reference below fault log.err("Context requested: [%s] not found!" % token.context_associated) raise errors.ContextIdNotFound submission = InternalTip() submission.expiration_date = utc_future_date(seconds=context.tip_timetolive) submission.context_id = context.id submission.creation_date = datetime_now() # Tor2Web is spot in the handler and passed here, is done to keep track of the # security level adopted by the whistleblower submission.tor2web = t2w try: questionnaire = db_get_context_steps(store, context.id, GLSettings.memory_copy.default_language) questionnaire_hash = sha256(json.dumps(questionnaire)) submission.questionnaire_hash = questionnaire_hash submission.preview = extract_answers_preview(questionnaire, answers) store.add(submission) db_archive_questionnaire_schema(store, submission) db_save_questionnaire_answers(store, submission, answers) except Exception as excep: log.err("Submission create: fields validation fail: %s" % excep) raise excep try: import_receivers(store, submission, request['receivers']) except Exception as excep: log.err("Submission create: receivers import fail: %s" % excep) raise excep try: for filedesc in token.uploaded_files: associated_f = InternalFile() associated_f.name = filedesc['filename'] associated_f.description = "" associated_f.content_type = filedesc['content_type'] associated_f.size = filedesc['body_len'] associated_f.internaltip_id = submission.id associated_f.file_path = filedesc['encrypted_path'] store.add(associated_f) log.debug("=> file associated %s|%s (%d bytes)" % ( associated_f.name, associated_f.content_type, associated_f.size)) except Exception as excep: log.err("Unable to create a DB entry for file! %s" % excep) raise excep receipt = db_create_whistleblower_tip(store, submission) submission_dict = wb_serialize_internaltip(store, submission) submission_dict.update({'receipt': receipt}) return submission_dict