def db_create_whistleblower_tip(store, internaltip): """ The plaintext receipt is returned only now, and then is stored hashed in the WBtip table """ wbtip = models.WhistleblowerTip() receipt = unicode(rstr.xeger(GLSettings.receipt_regexp)) wbtip.receipt_hash = hash_password(receipt, GLSettings.memory_copy.receipt_salt) wbtip.access_counter = 0 wbtip.internaltip_id = internaltip.id store.add(wbtip) created_rtips = [ db_create_receivertip(store, receiver, internaltip) for receiver in internaltip.receivers ] internaltip.new = False if len(created_rtips): log.debug( "The finalized submissions had created %d models.ReceiverTip(s)" % len(created_rtips)) return receipt, wbtip
def __init__(self, user_id, user_role, user_status): self.user_id = user_id self.user_role = user_role self.user_status = user_status tempobj.TempObj.__init__(self, GLSettings.sessions, rstr.xeger(r'[A-Za-z0-9]{42}'), GLSettings.defaults.authentication_lifetime, reactor_override)
def __init__(self, token_kind, uses=MAX_USES): """ token_kind assumes currently only value 'submission. we plan to add other kinds like 'file'. """ if reactor_override: reactor = reactor_override else: reactor = None self.kind = token_kind # both 'validity' variables need to be expressed in seconds self.start_validity_secs = GLSettings.memory_copy.submission_minimum_delay self.end_validity_secs = GLSettings.memory_copy.submission_maximum_ttl # Remind: this is just for developers, because if a clean house # is a sign of a waste life, a Token object without shortcut # is a sign of a psycho life. (vecnish!) if GLSettings.devel_mode: self.start_validity_secs = 0 self.remaining_uses = uses # creation_date of token assignment self.creation_date = datetime.utcnow() # to keep track of the file uploaded associated self.uploaded_files = [] self.id = rstr.xeger(r'[A-Za-z0-9]{42}') # initialization of token configuration self.human_captcha = False self.graph_captcha = False self.proof_of_work = False self.generate_token_challenge() TempObj.__init__( self, TokenList.token_dict, # token ID: self.id, # seconds of validity: self.start_validity_secs + self.end_validity_secs, reactor)
def __init__(self, token_kind, uses = MAX_USES): """ token_kind assumes currently only value 'submission. we plan to add other kinds like 'file'. """ if reactor_override: reactor = reactor_override else: reactor = None self.kind = token_kind # both 'validity' variables need to be expressed in seconds self.start_validity_secs = GLSettings.memory_copy.submission_minimum_delay self.end_validity_secs = GLSettings.memory_copy.submission_maximum_ttl # Remind: this is just for developers, because if a clean house # is a sign of a waste life, a Token object without shortcut # is a sign of a psycho life. (vecnish!) if GLSettings.devel_mode: self.start_validity_secs = 0 self.remaining_uses = uses # creation_date of token assignment self.creation_date = datetime.utcnow() # to keep track of the file uploaded associated self.uploaded_files = [] self.id = rstr.xeger(r'[A-Za-z0-9]{42}') # initialization of token configuration self.human_captcha = False self.graph_captcha = False self.proof_of_work = False self.generate_token_challenge() TempObj.__init__(self, TokenList.token_dict, # token ID: self.id, # seconds of validity: self.start_validity_secs + self.end_validity_secs, reactor)
def migrate_InternalFile(self): old_objs = self.store_old.find(self.model_from['InternalFile']) for old_obj in old_objs: new_obj = self.model_to['InternalFile']() for _, v in new_obj._storm_columns.iteritems(): if v.name == 'processing_attempts': new_obj.processing_attempts = 0 continue if v.name == 'file_path': new_obj.file_path = os.path.join( GLSettings.submission_path, "%s.aes" % rstr.xeger(r'[A-Za-z0-9]{16}')) continue setattr(new_obj, v.name, getattr(old_obj, v.name)) self.store_new.add(new_obj)
def init_db(store): db_create_tables(store) appdata_dict = db_init_appdata(store) log.debug("Performing database initialization...") node = models.Node() node.wizard_done = GLSettings.skip_wizard node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) for k in appdata_dict['node']: setattr(node, k, appdata_dict['node'][k]) notification = models.Notification() for k in appdata_dict['templates']: setattr(notification, k, appdata_dict['templates'][k]) store.add(node) store.add(notification) load_default_fields(store) admin_dict = { 'username': u'admin', 'password': u'globaleaks', 'deeletable': False, 'role': u'admin', 'state': u'enabled', 'deletable': False, 'name': u'Admin', 'description': u'', 'mail_address': u'', 'language': node.default_language, 'timezone': node.default_timezone, 'password_change_needed': False, 'pgp_key_status': 'disabled', 'pgp_key_info': '', 'pgp_key_fingerprint': '', 'pgp_key_public': '', 'pgp_key_expiration': datetime_null() } admin = db_create_admin(store, admin_dict, node.default_language) admin.password_change_needed = False
def db_create_user(store, request, language): fill_localized_keys(request, models.User.localized_keys, language) password = request['password'] if len(password) and password != GLSettings.default_password: security.check_password_format(password) else: password = GLSettings.default_password password_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}')) password_hash = security.hash_password(password, password_salt) user = models.User({ 'username': request['username'], 'password': password_hash, 'salt': password_salt, 'role': request['role'], 'state': u'enabled', 'deletable': request['deletable'], 'name': request['name'], 'description': request['description'], 'language': u'en', 'timezone': 0, 'password_change_needed': True, 'mail_address': request['mail_address'] }) if request['username'] == '': user.username = user.id # The various options related in manage PGP keys are used here. parse_pgp_options(user, request) create_user_picture(user.id) store.add(user) return user
def db_create_whistleblower_tip(store, internaltip): """ The plaintext receipt is returned only now, and then is stored hashed in the WBtip table """ wbtip = models.WhistleblowerTip() receipt = unicode(rstr.xeger(GLSettings.receipt_regexp)) wbtip.receipt_hash = hash_password(receipt, GLSettings.memory_copy.receipt_salt) wbtip.access_counter = 0 wbtip.internaltip_id = internaltip.id store.add(wbtip) created_rtips = [db_create_receivertip(store, receiver, internaltip) for receiver in internaltip.receivers] internaltip.new = False if len(created_rtips): log.debug("The finalized submissions had created %d models.ReceiverTip(s)" % len(created_rtips)) return receipt, wbtip
def generate_token_challenge(self, challenges_dict=None): # initialization self.human_captcha = False self.graph_captcha = False self.proof_of_work = False if challenges_dict is None: challenges_dict = { 'human_captcha': False, 'graph_captcha': False, 'proof_of_work': False } if Alarm.stress_levels['activity'] >= 1: challenges_dict[ 'human_captcha'] = True and GLSettings.memory_copy.enable_captcha # a proof of work is always required (if enabled at node level) challenges_dict[ 'proof_of_work'] = GLSettings.memory_copy.enable_proof_of_work if challenges_dict['human_captcha']: random_a = randint(0, 99) random_b = randint(0, 99) self.human_captcha = { 'question': u"%d + %d" % (random_a, random_b), 'answer': u"%d" % (random_a + random_b) } if challenges_dict['graph_captcha']: # still not implemented pass if challenges_dict['proof_of_work']: self.proof_of_work = {'question': rstr.xeger(r'[A-Za-z0-9]{20}')}
def generate_token_challenge(self, challenges_dict = None): # initialization self.human_captcha = False self.graph_captcha = False self.proof_of_work = False if challenges_dict is None: challenges_dict = { 'human_captcha': False, 'graph_captcha': False, 'proof_of_work': False } if Alarm.stress_levels['activity'] >= 1: challenges_dict['human_captcha'] = True and GLSettings.memory_copy.enable_captcha # a proof of work is always required (if enabled at node level) challenges_dict['proof_of_work'] = GLSettings.memory_copy.enable_proof_of_work if challenges_dict['human_captcha']: random_a = randint(0, 99) random_b = randint(0, 99) self.human_captcha = { 'question': u"%d + %d" % (random_a, random_b), 'answer': u"%d" % (random_a + random_b) } if challenges_dict['graph_captcha']: # still not implemented pass if challenges_dict['proof_of_work']: self.proof_of_work = { 'question': rstr.xeger(r'[A-Za-z0-9]{20}') }
def migrate_InternalFile(self): old_objs = self.store_old.find(self.model_from['InternalFile']) for old_obj in old_objs: new_obj = self.model_to['InternalFile']() for _, v in new_obj._storm_columns.iteritems(): if v.name == 'processing_attempts': new_obj.processing_attempts = 0 continue if v.name == 'file_path': new_obj.file_path = os.path.join(GLSettings.submission_path, "%s.aes" % rstr.xeger(r'[A-Za-z0-9]{16}')) continue setattr(new_obj, v.name, getattr(old_obj, v.name)) self.store_new.add(new_obj)
from globaleaks.handlers.submission import create_submission, serialize_usertip, \ serialize_internalfile, serialize_receiverfile from globaleaks.jobs import statistics_sched, mailflush_sched from globaleaks.rest.apicache import GLApiCache from globaleaks.settings import GLSettings from globaleaks.security import GLSecureTemporaryFile, rstr from globaleaks.utils import token, mailutils from globaleaks.utils.structures import fill_localized_keys from globaleaks.utils.utility import sum_dicts, datetime_null, datetime_now, log from . import TEST_DIR ## constants VALID_PASSWORD1 = u'justapasswordwithaletterandanumberandbiggerthan8chars' VALID_PASSWORD2 = u'justap455w0rdwithaletterandanumberandbiggerthan8chars' VALID_SALT1 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}')) VALID_SALT2 = security.get_salt(rstr.xeger(r'[A-Za-z0-9]{56}')) VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1) VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2) INVALID_PASSWORD = u'antani' FIXTURES_PATH = os.path.join(TEST_DIR, 'fixtures') with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key1.txt')) as pgp_file: VALID_PGP_KEY1 = unicode(pgp_file.read()) with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key2.txt')) as pgp_file: VALID_PGP_KEY2 = unicode(pgp_file.read()) with open(os.path.join(TEST_DIR, 'keys/expired_pgp_key.txt')) as pgp_file: EXPIRED_PGP_KEY = unicode(pgp_file.read())