def db_get_questionnaire(session, tid, questionnaire_id, language, serialize_templates=True): questionnaire = models.db_get(session, models.Questionnaire, models.Questionnaire.tid.in_(set([1, tid])), models.Questionnaire.id == questionnaire_id) return serialize_questionnaire(session, tid, questionnaire, language, serialize_templates=serialize_templates)
def db_update_field(session, tid, field_id, field_dict, language): field = models.db_get(session, models.Field, models.Field.tid == tid, models.Field.id == field_id) check_field_association(session, tid, field_dict) fill_localized_keys(field_dict, models.Field.localized_keys, language) db_update_fieldattrs(session, tid, field.id, field_dict['attrs'], language) if field_dict['instance'] != 'reference': db_update_fieldoptions(session, tid, field.id, field_dict['options'], language) # full update field.update(field_dict) else: # partial update field.update({ 'label': field_dict['label'], 'hint': field_dict['hint'], 'description': field_dict['description'], 'template_override_id': field_dict['template_override_id'], 'x': field_dict['x'], 'y': field_dict['y'], 'width': field_dict['width'], 'required': field_dict['required'] }) return field
def db_update_field(session, tid, field_id, field_dict, language): field = models.db_get(session, models.Field, models.Field.tid == tid, models.Field.id == field_id) check_field_association(session, tid, field_dict) db_update_fieldattrs(session, tid, field.id, field_dict['attrs'], language) # make not possible to change field type field_dict['type'] = field.type if field_dict['instance'] != 'reference': fill_localized_keys(field_dict, models.Field.localized_keys, language) db_update_fieldoptions(session, tid, field.id, field_dict['options'], language) # full update field.update(field_dict) else: # partial update field.update({ 'x': field_dict['x'], 'y': field_dict['y'], 'width': field_dict['width'], 'multi_entry': field_dict['multi_entry'] }) return field
def update_identity_information(session, tid, tip_id, identity_field_id, identity_field_answers, language): internaltip = models.db_get(session, models.InternalTip, models.InternalTip.id == tip_id, models.InternalTip.tid == tid) if internaltip.identity_provided: return aqs = session.query(models.ArchivedSchema).filter( models.ArchivedSchema.hash == internaltip.questionnaire_hash).one() questionnaire = db_serialize_archived_questionnaire_schema( session, aqs.schema, language) for step in questionnaire: for field in step['children']: if field['id'] == identity_field_id and field[ 'id'] == 'whistleblower_identity': db_save_questionnaire_answers( session, tid, internaltip.id, {identity_field_id: [identity_field_answers]}) now = datetime_now() internaltip.update_date = now internaltip.wb_last_access = now internaltip.identity_provided = True internaltip.identity_provided_date = now return
def db_update_field(session, tid, field_id, field_dict, language): field = models.db_get(session, models.Field, models.Field.tid == tid, models.Field.id == field_id) check_field_association(session, tid, field_dict) fill_localized_keys(field_dict, models.Field.localized_keys, language) db_update_fieldattrs(session, field.id, field_dict['attrs'], language) db_reset_option_triggers(session, 'field', field.id) for trigger in field_dict.get('triggered_by_options', []): db_create_trigger(session, tid, trigger['option'], 'field', field.id, trigger.get('sufficient', True)) if field_dict['instance'] != 'reference': db_update_fieldoptions(session, field.id, field_dict['options'], language) # full update field.update(field_dict) else: # partial update field.update({ 'label': field_dict['label'], 'hint': field_dict['hint'], 'description': field_dict['description'], 'placeholder': field_dict['placeholder'], 'template_override_id': field_dict['template_override_id'], 'x': field_dict['x'], 'y': field_dict['y'], 'width': field_dict['width'], 'required': field_dict['required'] }) return field
def delete_field(session, tid, field_id): """ Delete the field object corresponding to field_id If the field has children, remove them as well. If the field is immediately attached to a step object, remove it as well. :param session: the session on which perform queries. :param field_id: the id corresponding to the field. """ field = models.db_get(session, models.Field, models.Field.tid == tid, models.Field.id == field_id) if not field.editable: raise errors.ForbiddenOperation if field.instance == 'template' and session.query(models.Field).filter( models.Field.tid == tid, models.Field.template_id == field.id).count(): raise errors.InputValidationError( "Cannot remove the field template as it is used by one or more questionnaires" ) if field.template_id == 'whistleblower_identity' and field.step_id is not None: step_id = session.query( models.Step.id).filter(models.Step.id == field.step_id) session.query(models.Questionnaire).filter( models.Questionnaire.id == step_id.subquery()).update( {'enable_whistleblower_identity': False}, synchronize_session='fetch') session.delete(field)
def db_admin_update_user(session, state, tid, user_id, request, language): """ Updates the specified user. """ fill_localized_keys(request, models.User.localized_keys, language) user = models.db_get(session, models.User, models.User.tid == tid, models.User.id == user_id) if user.username != request['username']: check = session.query(models.User).filter( models.User.tid == tid, models.User.username == text_type( request['username'])).one_or_none() if check is not None: raise errors.InputValidationError('Username already in use') user.update(request) password = request['password'] if password: user.password = security.hash_password(password, user.salt) user.password_change_date = datetime_now() # The various options related in manage PGP keys are used here. parse_pgp_options(state, user, request) if user.role == 'admin': db_refresh_memory_variables(session, [tid]) return user
def db_user_update_user(store, user_id, request): """ Updates the specified user. This version of the function is specific for users that with comparison with admins can change only few things: - preferred language - the password (with old password check) - pgp key raises: globaleaks.errors.ReceiverIdNotFound` if the receiver does not exist. """ user = models.db_get(store, models.User, id=user_id) user.language = request.get('language', State.tenant_cache[1].default_language) new_password = request['password'] old_password = request['old_password'] if new_password and old_password: user.password = change_password(user.password, old_password, new_password, user.salt) if user.password_change_needed: user.password_change_needed = False user.password_change_date = datetime_now() # The various options related in manage PGP keys are used here. parse_pgp_options(user, request) return user
def db_user_update_user(session, state, tid, user_id, request): """ Updates the specified user. This version of the function is specific for users that with comparison with admins can change only few things: - real name - email address - preferred language - the password (with old password check) - pgp key raises: globaleaks.errors.ResourceNotFound` if the receiver does not exist. """ from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node user = models.db_get(session, models.User, models.User.id == user_id) user.language = request.get('language', State.tenant_cache[tid].default_language) user.name = request['name'] new_password = request['password'] old_password = request['old_password'] if new_password: if user.password_change_needed: user.password_change_needed = False else: if not check_password(old_password, user.salt, user.password): raise errors.InvalidOldPassword user.password = hash_password(new_password, user.salt) user.password_change_date = datetime_now() # If the email address changed, send a validation email if request['mail_address'] != user.mail_address: user.change_email_address = request['mail_address'] user.change_email_date = datetime_now() user.change_email_token = generateRandomKey(32) user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'email_validation', 'user': user_desc, 'new_email_address': request['mail_address'], 'validation_token': user.change_email_token, 'node': db_admin_serialize_node(session, 1, user.language), 'notification': db_get_notification(session, tid, user.language) } state.format_and_send_mail(session, tid, user_desc, template_vars) # If the platform allows users to change PGP keys, process it if State.tenant_cache[tid]['enable_user_pgp_key_upload'] is True: parse_pgp_options(state, user, request) return user
def db_update_step(session, tid, step_id, request, language): """ Transaction for updating a step :param session: An ORM session :param tid: The tenant ID :param step_id: the step_id of the step to update :param request: the step definition dict :param language: the language of the step definition dict :return: a serialization of the object """ step = models.db_get( session, models.Step, models.Step.id == step_id, models.Questionnaire.id == models.Step.questionnaire_id, models.Questionnaire.tid == tid) fill_localized_keys(request, models.Step.localized_keys, language) step.update(request) for child in request['children']: db_update_field(session, tid, child['id'], child, language) db_reset_option_triggers(session, 'step', step.id) for trigger in request.get('triggered_by_options', []): db_create_option_trigger(session, trigger['option'], 'step', step.id, trigger.get('sufficient', True)) return serialize_step(session, tid, step, language)
def db_update_step(session, tid, step_id, step_dict, language): """ Update the specified step with the details. :param tid: :param session: the session on which perform queries. :param step_id: the step_id of the step to update :param step_dict: the step definition dict :param language: the language of the step definition dict :return: a serialization of the object """ step = models.db_get( session, models.Step, models.Step.id == step_id, models.Questionnaire.id == models.Step.questionnaire_id, models.Questionnaire.tid == tid) fill_localized_keys(step_dict, models.Step.localized_keys, language) step.update(step_dict) for child in step_dict['children']: db_update_field(session, tid, child['id'], child, language) db_reset_option_triggers(session, 'step', step.id) for trigger in step_dict.get('triggered_by_options', []): db_create_trigger(session, tid, trigger['option'], 'step', step.id, trigger.get('sufficient', True)) return step
def db_access_rtip(session, tid, user_id, rtip_id): return models.db_get(session, (models.ReceiverTip, models.InternalTip), models.ReceiverTip.id == rtip_id, models.ReceiverTip.receiver_id == user_id, models.ReceiverTip.internaltip_id == models.InternalTip.id, models.InternalTip.tid == tid)
def db_update_step(session, tid, step_id, step_dict, language): """ Update the specified step with the details. :param session: the session on which perform queries. :param step_id: the step_id of the step to update :param step_dict: the step definition dict :param language: the language of the step definition dict :return: a serialization of the object """ step = models.db_get(session, models.Step, models.Step.id == step_id, models.Questionnaire.id == models.Step.questionnaire_id, models.Questionnaire.tid == tid) fill_localized_keys(step_dict, models.Step.localized_keys, language) step.update(step_dict) for child in step_dict['children']: db_update_field(session, tid, child['id'], child, language) db_reset_option_triggers(session, 'step', step.id) for trigger in step_dict.get('triggered_by_options', []): db_create_trigger(session, tid, trigger['option'], 'step', step.id, trigger.get('sufficient', True)) return step
def delete_user(store, user_id): user = models.db_get(store, models.User, id=user_id) if not user.deletable: raise errors.UserNotDeletable store.remove(user)
def perform_tips_operation(session, tid, receiver_id, operation, rtips_ids): """ Transaction for performing operation on submissions (postpone/delete) :param session: An ORM session :param tid: A tenant ID :param receiver_id: A recipient ID :param operation: An operation command (postpone/delete) :param rtips_ids: The set of submissions on which performing the specified operation """ receiver = models.db_get(session, models.User, models.User.id == receiver_id) can_postpone_expiration = State.tenant_cache[ tid].can_postpone_expiration or receiver.can_postpone_expiration can_delete_submission = State.tenant_cache[ tid].can_delete_submission or receiver.can_delete_submission itips = session.query(models.InternalTip) \ .filter(models.ReceiverTip.receiver_id == receiver_id, models.ReceiverTip.id.in_(rtips_ids), models.InternalTip.id == models.ReceiverTip.internaltip_id, models.InternalTip.tid == tid) if operation == 'postpone' and can_postpone_expiration: for itip in itips: db_postpone_expiration(session, itip) elif operation == 'delete' and can_delete_submission: db_delete_itips(session, [itip.id for itip in itips]) else: raise errors.ForbiddenOperation
def delete_field(store, field_id): """ Delete the field object corresponding to field_id If the field has children, remove them as well. If the field is immediately attached to a step object, remove it as well. :param store: the store on which perform queries. :param field_id: the id corresponding to the field. """ field = models.db_get(store, models.Field, id=field_id) if not field.editable: raise errors.FieldNotEditable if field.instance == 'template': if store.find(models.Field, models.Field.template_id == field.id).count(): raise errors.InvalidInputFormat( "Cannot remove the field template as it is used by one or more questionnaires" ) if field.template_id == 'whistleblower_identity' and field.step_id is not None: store.find( models.Questionnaire, models.Step.id == field.step_id, models.Questionnaire.id == models.Step.questionnaire_id).set( enable_whistleblower_identity=False) store.remove(field)
def get_context(store, context_id, language): """ Returns: (dict) the context with the specified id. """ context = models.db_get(store, models.Context, id=context_id) return admin_serialize_context(store, context, language)
def db_get_questionnaire(session, tid, questionnaire_id, language, serialize_templates=True): """ Returns: (dict) the questionnaire with the specified id. """ questionnaire = models.db_get(session, models.Questionnaire, models.Questionnaire.tid.in_(set([1, tid])), models.Questionnaire.id == questionnaire_id) return serialize_questionnaire(session, tid, questionnaire, language, serialize_templates=serialize_templates)
def db_get_user(session, tid, user_id): user = models.db_get(session, models.User, models.User.id == user_id, models.UserTenant.user_id == user_id, models.UserTenant.tenant_id == tid) return user
def get_user_settings(session, tid, user_id, language): user = models.db_get(session, models.User, models.User.id == user_id, models.UserTenant.user_id == user_id, models.UserTenant.tenant_id == tid) return user_serialize_user(session, user, language)
def db_user_update_user(session, state, tid, user_id, request): """ Updates the specified user. This version of the function is specific for users that with comparison with admins can change only few things: - real name - email address - preferred language - the password (with old password check) - pgp key raises: globaleaks.errors.ResourceNotFound` if the receiver does not exist. """ from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node from globaleaks.handlers.admin.user import get_user user = models.db_get(session, models.User, models.User.id == user_id, models.User.tid == tid) user.language = request.get('language', State.tenant_cache[tid].default_language) user.name = request['name'] new_password = request['password'] old_password = request['old_password'] if new_password and old_password: user.password = change_password(user.password, old_password, new_password, user.salt) if user.password_change_needed: user.password_change_needed = False user.password_change_date = datetime_now() # If the email address changed, send a validation email if request['mail_address'] != user.mail_address: user.change_email_address = request['mail_address'] user.change_email_date = datetime_now() user.change_email_token = generateRandomKey(32) user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'email_validation', 'user': user_desc, 'new_email_address': request['mail_address'], 'validation_token': user.change_email_token, 'node': db_admin_serialize_node(session, 1, user.language), 'notification': db_get_notification(session, tid, user.language) } state.format_and_send_mail(session, tid, user_desc, template_vars) # We don't directly change user email addresses, if a user # The various options related in manage PGP keys are used here. parse_pgp_options(state, user, request) return user
def db_get_receiver(store, receiver_id): """ Returns: (dict) the receiver """ return models.db_get(store, (models.Receiver, models.User), models.Receiver.id == receiver_id, models.User.id == receiver_id)
def db_user_update_user(session, tid, user_session, request): """ Transaction for updating an existing user :param session: An ORM session :param tid: A tenant ID :param user_session: A session of the user invoking the transaction :param request: A user request data :return: A user model """ from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node user = models.db_get(session, models.User, models.User.id == user_session.user_id) user.language = request.get('language', State.tenant_cache[tid].default_language) user.name = request['name'] user.public_name = request['public_name'] if request[ 'public_name'] else request['name'] if request['password']: if user.password_change_needed: user.password_change_needed = False else: if not GCE.check_password(user.hash_alg, request['old_password'], user.salt, user.password): raise errors.InvalidOldPassword user_session.cc = set_user_password(tid, user, request['password'], user_session.cc) # If the email address changed, send a validation email if request['mail_address'] != user.mail_address: user.change_email_address = request['mail_address'] user.change_email_date = datetime_now() user.change_email_token = generateRandomKey() user_desc = user_serialize_user(session, user, user.language) user_desc['mail_address'] = request['mail_address'] template_vars = { 'type': 'email_validation', 'user': user_desc, 'new_email_address': request['mail_address'], 'validation_token': user.change_email_token, 'node': db_admin_serialize_node(session, tid, user.language), 'notification': db_get_notification(session, tid, user.language) } State.format_and_send_mail(session, tid, user_desc, template_vars) parse_pgp_options(user, request) return user
def db_get_wbtip(session, itip_id, language): itip = models.db_get(session, models.InternalTip, models.InternalTip.id == itip_id) itip.wb_access_counter += 1 itip.wb_last_access = datetime_now() return serialize_wbtip(session, itip, language)
def set_internaltip_variable(session, tid, user_id, rtip_id, key, value): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) receiver = models.db_get(session, models.Receiver, models.Receiver.id == rtip.receiver_id) if not (State.tenant_cache[tid].can_grant_permissions or receiver.can_grant_permissions): raise errors.ForbiddenOperation setattr(itip, key, value)
def update_receiver_settings(store, receiver_id, request, language): db_user_update_user(store, receiver_id, request) receiver, user = models.db_get(store, (models.Receiver, models.User), models.Receiver.id == receiver_id, models.User.id == receiver_id) receiver.tip_notification = request['tip_notification'] return receiver_serialize_receiver(store, receiver, user, language)
def set_internaltip_variable(session, tid, user_id, rtip_id, key, value): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) receiver = models.db_get(session, models.User, models.User.id == rtip.receiver_id) if not (State.tenant_cache[tid].can_grant_permissions or receiver.can_grant_permissions): raise errors.ForbiddenOperation setattr(itip, key, value)
def postpone_expiration_date(session, tid, user_id, rtip_id): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) receiver = models.db_get(session, models.Receiver, models.Receiver.id == rtip.receiver_id) if not (State.tenant_cache[tid].can_postpone_expiration or receiver.can_postpone_expiration): raise errors.ForbiddenOperation db_postpone_expiration_date(session, tid, itip)
def postpone_expiration_date(store, user_id, rtip_id): rtip, itip = db_access_rtip(store, user_id, rtip_id) receiver = models.db_get(store, models.Receiver, id=rtip.receiver_id) if not (State.tenant_cache[1].can_postpone_expiration or receiver.can_postpone_expiration): raise errors.ExtendTipLifeNotEnabled db_postpone_expiration_date(store, itip)
def postpone_expiration_date(session, tid, user_id, rtip_id): rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) receiver = models.db_get(session, models.User, models.User.id == rtip.receiver_id) if not (State.tenant_cache[tid].can_postpone_expiration or receiver.can_postpone_expiration): raise errors.ForbiddenOperation db_postpone_expiration_date(session, tid, itip)
def postpone_expiration_date(store, user_id, rtip_id): rtip, itip = db_access_rtip(store, user_id, rtip_id) receiver = models.db_get(store, models.Receiver, id=rtip.receiver_id) if not (GLSettings.memory_copy.can_postpone_expiration or receiver.can_postpone_expiration): raise errors.ExtendTipLifeNotEnabled db_postpone_expiration_date(store, itip)
def set_internaltip_variable(store, user_id, rtip_id, key, value): rtip, itip = db_access_rtip(store, user_id, rtip_id) receiver = models.db_get(store, models.Receiver, id=rtip.receiver_id) if not (GLSettings.memory_copy.can_grant_permissions or receiver.can_grant_permissions): raise errors.ForbiddenOperation setattr(itip, key, value)
def db_get_wbtip(session, itip_id, language): wbtip, itip = models.db_get(session, (models.WhistleblowerTip, models.InternalTip), models.WhistleblowerTip.id == models.InternalTip.id, models.InternalTip.id == itip_id) itip.wb_access_counter += 1 itip.wb_last_access = datetime_now() return serialize_wbtip(session, wbtip, itip, language), wbtip.crypto_tip_prv_key
def update(session, id, request): tenant = models.db_get(session, models.Tenant, models.Tenant.id == id) tenant.update(request) # A tenant created via signup but not activated may require initialization if not session.query(models.Config).filter(models.Config.tid == id).count(): db_initialize(session, tenant, 'default') db_refresh_memory_variables(session, [id]) return serialize_tenant(session, tenant)
def update_identity_information(session, tid, tip_id, identity_field_id, wbi, language): itip = models.db_get(session, models.InternalTip, models.InternalTip.id == tip_id, models.InternalTip.tid == tid) if itip.crypto_tip_pub_key: wbi = base64.b64encode(GCE.asymmetric_encrypt(itip.crypto_tip_pub_key, json.dumps(wbi).encode())).decode() db_set_internaltip_data(session, itip.id, 'identity_provided', True, False) db_set_internaltip_data(session, itip.id, 'whistleblower_identity', wbi, True) now = datetime_now() itip.update_date = now itip.wb_last_access = now
def delete_field(session, tid, field_id): """ Delete the field object corresponding to field_id """ field = models.db_get(session, models.Field, models.Field.tid == tid, models.Field.id == field_id) if not field.editable: raise errors.ForbiddenOperation if field.instance == 'template' and session.query(models.Field).filter(models.Field.tid == tid, models.Field.template_id == field.id).count(): raise errors.InputValidationError("Cannot remove the field template as it is used by one or more questionnaires") session.delete(field)
def receiver_serialize_wbfile(session, wbfile): rtip = models.db_get(session, models.ReceiverTip, models.ReceiverTip.id == wbfile.receivertip_id) return { 'id': wbfile.id, 'creation_date': datetime_to_ISO8601(wbfile.creation_date), 'name': wbfile.name, 'description': wbfile.description, 'size': wbfile.size, 'content_type': wbfile.content_type, 'downloads': wbfile.downloads, 'author': rtip.receiver_id }
def delete_rtip(session, tid, user_id, rtip_id): """ Delete internalTip is possible only to Receiver with the dedicated property. """ rtip, itip = db_access_rtip(session, tid, user_id, rtip_id) receiver = models.db_get(session, models.User, models.User.id == rtip.receiver_id) if not (State.tenant_cache[tid].can_delete_submission or receiver.can_delete_submission): raise errors.ForbiddenOperation db_delete_itip(session, itip)
def update_context(session, tid, context_id, request, language): """ Updates the specified context. If the key receivers is specified we remove the current receivers of the Context and reset set it to the new specified ones. Args: context_id: request: (dict) the request to use to set the attributes of the Context Returns: (dict) the serialized object updated """ context = models.db_get(session, models.Context, models.Context.tid == tid, models.Context.id == context_id) context = db_update_context(session, tid, context, request, language) return admin_serialize_context(session, context, language)
def perform_tips_operation(session, tid, receiver_id, operation, rtips_ids): receiver = models.db_get(session, models.User, models.User.id == receiver_id) can_postpone_expiration = State.tenant_cache[tid].can_postpone_expiration or receiver.can_postpone_expiration can_delete_submission = State.tenant_cache[tid].can_delete_submission or receiver.can_delete_submission for itip in session.query(models.InternalTip) \ .filter(models.ReceiverTip.receiver_id == receiver_id, models.ReceiverTip.id.in_(rtips_ids), models.InternalTip.id == models.ReceiverTip.internaltip_id, models.InternalTip.tid == tid): if operation == 'postpone' and can_postpone_expiration: db_postpone_expiration_date(session, tid, itip) elif operation == 'delete' and can_delete_submission: db_delete_itip(session, itip) else: raise errors.ForbiddenOperation
def update_questionnaire(session, tid, questionnaire_id, request, language): """ Updates the specified questionnaire. If the key receivers is specified we remove the current receivers of the Questionnaire and reset set it to the new specified ones. Args: questionnaire_id: request: (dict) the request to use to set the attributes of the Questionnaire Returns: (dict) the serialized object updated """ questionnaire = models.db_get(session, models.Questionnaire, models.Questionnaire.tid == tid, models.Questionnaire.id == questionnaire_id) questionnaire = db_update_questionnaire(session, questionnaire, request, language) return serialize_questionnaire(session, tid, questionnaire, language)
def set_reset_token(session, user_id, validation_token): user = models.db_get(session, models.User, models.User.id == user_id) user.change_email_date = datetime_now() user.reset_password_token = validation_token user.reset_password_date = datetime_now()
def get_user(session, user_id): user = models.db_get(session, models.User, models.User.id == user_id) session.expunge(user) return user
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if tid != 1: root_tenant_node = config.ConfigFactory(session, 1) else: root_tenant_node = node if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] =u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] =u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = u'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val(u'mode') if mode != u'default': node.set_val(u'hostname', tenant.subdomain + '.' + node.get_val(u'rootdomain')) node.set_val(u'reachable_via_web', True) node.set_val(u'allow_unencrypted', True) node.set_val(u'anonymize_outgoing_connections', True) node.set_val(u'allow_iframes_inclusion', True) context.questionnaire_id = root_tenant_node.get_val(u'default_questionnaire') # Apply the specific fixes related to whistleblowing.it projects if mode == u'whistleblowing.it': node.set_val(u'disable_key_code_hint', True) node.set_val(u'disable_privacy_badge', True) node.set_val(u'disable_donation_panel', True) node.set_val(u'simplified_login', True) node.set_val(u'can_delete_submission', False) node.set_val(u'enable_user_pgp_key_upload', False) node.set_val(u'tor', False) # Delete the admin user session.delete(admin_user) # Set the recipient name equal to the node name receiver_user.name = request['node_name'] # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True db_refresh_memory_variables(session, [tid])
def get(session, id): return serialize_tenant(session, models.db_get(session, models.Tenant, models.Tenant.id == id))
def db_user_update_user(session, tid, user_session, request): """ Updates the specified user. This version of the function is specific for users that with comparison with admins can change only few things: - real name - email address - preferred language - the password (with old password check) - pgp key raises: globaleaks.errors.ResourceNotFound` if the receiver does not exist. """ from globaleaks.handlers.admin.notification import db_get_notification from globaleaks.handlers.admin.node import db_admin_serialize_node user = models.db_get(session, models.User, models.User.id == user_session.user_id) user.language = request.get('language', State.tenant_cache[tid].default_language) user.name = request['name'] new_password = request['password'] old_password = request['old_password'] if new_password: if user.password_change_needed: user.password_change_needed = False else: if not GCE.check_password(user.hash_alg, old_password, user.salt, user.password): raise errors.InvalidOldPassword user.hash_alg = GCE.HASH user.salt = GCE.generate_salt() user.password = GCE.hash_password(new_password, user.salt) user.password_change_date = datetime_now() if State.tenant_cache[1].encryption: enc_key = GCE.derive_key(request['password'].encode(), user.salt) if not user_session.cc: user_session.cc, user.crypto_pub_key = GCE.generate_keypair() user.crypto_prv_key = GCE.symmetric_encrypt(enc_key, user_session.cc) # If the email address changed, send a validation email if request['mail_address'] != user.mail_address: user.change_email_address = request['mail_address'] user.change_email_date = datetime_now() user.change_email_token = generateRandomKey(32) user_desc = user_serialize_user(session, user, user.language) template_vars = { 'type': 'email_validation', 'user': user_desc, 'new_email_address': request['mail_address'], 'validation_token': user.change_email_token, 'node': db_admin_serialize_node(session, 1, user.language), 'notification': db_get_notification(session, tid, user.language) } State.format_and_send_mail(session, tid, user_desc, template_vars) # If the platform allows users to change PGP keys, process it if State.tenant_cache[tid]['enable_user_pgp_key_upload'] is True: parse_pgp_options(user, request) return user
def set_email_token(session, user_id, validation_token, email): user = models.db_get(session, models.User, models.User.id == user_id) user.change_email_date = datetime_now() user.change_email_token = validation_token user.change_email_address = email