def receiver_add(self, store):
r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en')
receiver_user = models.User(self.dummyReceiverUser_1)
receiver_user.last_login = self.dummyReceiverUser_1['last_login']
receiver_user.password_change_date = self.dummyReceiverUser_1[
'password_change_date']
receiver_user.mail_address = self.dummyReceiverUser_1['mail_address']
receiver_user.username = str(
self.receiver_inc) + self.dummyReceiver_1['mail_address']
receiver_user.password = self.dummyReceiverUser_1['password']
store.add(receiver_user)
receiver = models.Receiver(r)
receiver.user = receiver_user
receiver.pgp_key_status = u'disabled'
receiver.mail_address = self.dummyReceiver_1['mail_address']
store.add(receiver)
self.receiver_inc += 1
return receiver.id
def db_create_user(session, tid, request, language):
"""
Transaction for creating a new user
:param session: An ORM session
:param tid: A tenant ID
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the created object
"""
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if not request['public_name']:
request['public_name'] = request['name']
user = models.User(request)
if not request['username']:
user.username = user.id = uuid4()
user.salt = GCE.generate_salt()
user.language = request['language']
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
session.add(user)
session.flush()
if request.get('send_account_activation_link', False):
db_generate_password_reset_token(session, user)
return user
def create_receiver_with_contexts(self, store):
c = self.localization_set(self.dummyContext, models.Context, 'en')
r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en')
u = self.localization_set(self.dummyReceiverUser_1, models.User, 'en')
receiver_user = models.User(u)
# Avoid receivers with the same username!
receiver_user.username = u'xxx'
receiver_user.password = self.dummyReceiverUser_1['password']
receiver_user.salt = self.dummyReceiverUser_1['salt']
store.add(receiver_user)
receiver = models.Receiver(r)
receiver.user = receiver_user
receiver.user.pgp_key_expiration = "1970-01-01 00:00:00.000000"
receiver.user.pgp_key_fingerprint = ""
receiver.user.pgp_key_public = ""
receiver.mail_address = u'*****@*****.**'
context1 = models.Context(c)
context1.questionnaire_id = db_get_default_questionnaire_id(store)
context1.tip_timetolive = 1000
context1.description = context1.name = \
context1.submission_disclaimer = \
context1.submission_introduction = {'en': 'Valar Morghulis'}
context2 = models.Context(c)
context2.questionnaire_id = db_get_default_questionnaire_id(store)
context2.tip_timetolive = 1000
context2.description = context2.name = \
context2.submission_disclaimer = \
context2.submission_introduction = {'en': 'Valar Dohaeris'}
receiver.contexts.add(context1)
receiver.contexts.add(context2)
store.add(receiver)
return receiver.id
def init_db(store, result, node_dict, appdata_dict):
"""
"""
node = models.Node(node_dict)
node.languages_enabled = GLSettings.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSettings.skip_wizard
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'mail_address': u'',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
store.add(admin)
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def receiver_add(self, store):
u = self.localization_set(self.dummyReceiverUser_1, models.User, 'en')
receiver_user = models.User(u)
receiver_user.mail_address = self.dummyReceiverUser_1['mail_address']
receiver_user.username = str(
self.receiver_inc) + self.dummyReceiver_1['mail_address']
receiver_user.password = self.dummyReceiverUser_1['password']
receiver_user.salt = self.dummyReceiverUser_1['salt']
store.add(receiver_user)
r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en')
receiver = models.Receiver(r)
receiver.user = receiver_user
receiver.user.pgp_key_expiration = "1970-01-01 00:00:00.000000"
receiver.user.pgp_key_fingerprint = ""
receiver.user.pgp_key_public = ""
receiver.mail_address = self.dummyReceiver_1['mail_address']
store.add(receiver)
self.receiver_inc += 1
return receiver.id
def db_wizard(session, state, tid, request, client_using_tor, language):
node = config.ConfigFactory(session, tid, 'node')
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification',
request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node.set_val(u'disable_encryption_warnings', not client_using_tor)
node_l10n = config.NodeL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
_, receiver = db_create_receiver_user(session, state, tid, receiver_desc,
language)
context_desc = models.Context().dict(language)
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver.id]
db_create_context(session, state, tid, context_desc, language)
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_desc['password_change_needed'] = False
db_create_user(session, state, tid, admin_desc, language)
db_refresh_memory_variables(session, [tid])
def db_create_receiver(store,
request,
language=GLSetting.memory_copy.default_language):
"""
Creates a new receiver.
Returns:
(dict) the configured receiver
"""
mo = structures.Rosetta()
mo.acquire_request(language, request, Receiver)
for attr in mo.get_localized_attrs():
request[attr] = mo.get_localized_dict(attr)
mail_address = request['mail_address']
# Pretend that username is unique:
homonymous = store.find(User, User.username == mail_address).count()
if homonymous:
log.err(
"Creation error: already present receiver with the requested username: %s"
% mail_address)
raise errors.ExpectedUniqueField('mail_address', mail_address)
password = request.get('password')
security.check_password_format(password)
receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
receiver_password = security.hash_password(password, receiver_salt)
receiver_user_dict = {
'username': mail_address,
'password': receiver_password,
'salt': receiver_salt,
'role': u'receiver',
'state': u'enabled',
}
receiver_user = models.User(receiver_user_dict)
receiver_user.last_login = datetime_null()
store.add(receiver_user)
receiver = Receiver(request)
receiver.user = receiver_user
receiver.mail_address = mail_address
receiver.tags = request['tags']
# The various options related in manage GPG keys are used here.
gpg_options_parse(receiver, request)
log.debug("Creating receiver %s" % receiver.user.username)
store.add(receiver)
create_random_receiver_portrait(receiver.id)
contexts = request.get('contexts', [])
for context_id in contexts:
context = store.find(Context, Context.id == context_id).one()
if not context:
log.err("Creation error: invalid Context can't be associated")
raise errors.ContextIdNotFound
context.receivers.add(receiver)
return admin_serialize_receiver(receiver, language)
def init_db(store, result, node_dict, appdata_dict):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(node_dict)
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
'language': u"en",
'timezone': 0,
'password_change_needed': False,
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
admin.password_change_date = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(notification)
def db_wizard(session, tid, hostname, request):
"""
Transaction for the handling of wizard request
:param session: An ORM session
:param tid: A tenant ID
:param request: A user request
"""
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid == 1:
root_tenant_node = node
encryption = True
else:
root_tenant_node = node
encryption = root_tenant_node.get_val('encryption')
if node.get_val('wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val('encryption', encryption)
node.set_val('name', request['node_name'])
node.set_val('default_language', language)
node.set_val('wizard_done', True)
node.set_val('enable_developers_exception_notification',
request['enable_developers_exception_notification'])
node.set_val('hostname', hostname)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val('header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
if encryption:
crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair()
node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key)
admin_desc = models.User().dict(language)
admin_desc['username'] = request['admin_username']
admin_desc['name'] = request['admin_name']
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = 'admin'
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password = GCE.hash_password(request['admin_password'],
admin_user.salt)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
if encryption:
db_gen_user_keys(session, tid, admin_user, request['admin_password'])
admin_user.crypto_escrow_prv_key = Base64Encoder.encode(
GCE.asymmetric_encrypt(admin_user.crypto_pub_key,
crypto_escrow_prv_key))
receiver_user = None
if not request['skip_recipient_account_creation']:
receiver_desc = models.User().dict(language)
receiver_desc['username'] = request['receiver_username']
receiver_desc['name'] = request['receiver_name']
receiver_desc['password'] = request['receiver_password']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = 'receiver'
receiver_desc['pgp_key_remove'] = False
receiver_desc['send_account_activation_link'] = receiver_desc[
'password'] == ''
receiver_user = db_create_user(session, tid, receiver_desc, language)
if receiver_desc['password']:
receiver_user.password = GCE.hash_password(
receiver_desc['password'], receiver_user.salt)
if encryption:
db_gen_user_keys(session, tid, receiver_user,
receiver_desc['password'])
context_desc = models.Context().dict(language)
context_desc['name'] = 'Default'
context_desc['status'] = 'enabled'
context_desc['receivers'] = [receiver_user.id] if receiver_user else []
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val('mode')
if mode not in ['default', 'demo']:
node.set_val(
'hostname',
tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain'))
for varname in [
'reachable_via_web', 'enable_receipt_hint',
'disable_privacy_badge', 'simplified_login',
'can_delete_submission', 'can_postpone_expiration',
'anonymize_outgoing_connections', 'frame_ancestors',
'password_change_period', 'default_questionnaire',
'enable_password_reset'
]:
node.set_val(varname, root_tenant_node.get_val(varname))
context.questionnaire_id = root_tenant_node.get_val(
'default_questionnaire')
# Set data retention policy to 18 months
context.tip_timetolive = 540
# Delete the admin user
request['admin_password'] = ''
session.delete(admin_user)
if receiver_user is not None:
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set the recipient name equal to the node name
receiver_user.name = receiver_user.public_name = request[
'node_name']
# Apply the specific fixes related to whistleblowing.it projects
if mode == 'whistleblowing.it':
node.set_val('simplified_login', True)
node.set_val('tor', False)
db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language):
language = request['node_language']
node = config.ConfigFactory(session, tid)
if tid != 1:
root_tenant_node = config.ConfigFactory(session, 1)
else:
root_tenant_node = node
if node.get_val(u'wizard_done'):
log.err("DANGER: Wizard already initialized!", tid=tid)
raise errors.ForbiddenOperation
db_update_enabled_languages(session, tid, [language], language)
node.set_val(u'name', request['node_name'])
node.set_val(u'default_language', language)
node.set_val(u'wizard_done', True)
node.set_val(u'enable_developers_exception_notification',
request['enable_developers_exception_notification'])
# Guess Tor configuration from thee media used on first configuration and
# if the user is using Tor preserve node anonymity and perform outgoing connections via Tor
node.set_val(u'reachable_via_web', not client_using_tor)
node.set_val(u'allow_unencrypted', not client_using_tor)
node.set_val(u'anonymize_outgoing_connections', client_using_tor)
node_l10n = config.ConfigL10NFactory(session, tid)
node_l10n.set_val(u'header_title_homepage', language, request['node_name'])
profiles.load_profile(session, tid, request['profile'])
admin_desc = models.User().dict(language)
admin_desc['name'] = request['admin_name']
admin_desc['username'] = u'admin'
admin_desc['password'] = request['admin_password']
admin_desc['name'] = request['admin_name']
admin_desc['mail_address'] = request['admin_mail_address']
admin_desc['language'] = language
admin_desc['role'] = u'admin'
admin_desc['deletable'] = False
admin_desc['pgp_key_remove'] = False
admin_user = db_create_user(session, tid, admin_desc, language)
admin_user.password_change_needed = False
admin_user.password_change_date = datetime_now()
receiver_desc = models.User().dict(language)
receiver_desc['name'] = request['receiver_name']
receiver_desc['username'] = u'recipient'
receiver_desc['password'] = request['receiver_password']
receiver_desc['name'] = request['receiver_name']
receiver_desc['mail_address'] = request['receiver_mail_address']
receiver_desc['language'] = language
receiver_desc['role'] = u'receiver'
receiver_desc['deletable'] = True
receiver_desc['pgp_key_remove'] = False
receiver_user = db_create_user(session, tid, receiver_desc, language)
context_desc = models.Context().dict(language)
context_desc['status'] = 1
context_desc['name'] = u'Default'
context_desc['receivers'] = [receiver_user.id]
context = db_create_context(session, tid, context_desc, language)
# Root tenants initialization terminates here
if tid == 1:
db_refresh_memory_variables(session, [tid])
return
# Secondary tenants initialization starts here
tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid)
tenant.label = request['node_name']
mode = node.get_val(u'mode')
if mode != u'default':
node.set_val(
u'hostname',
tenant.subdomain + '.' + root_tenant_node.get_val(u'rootdomain'))
for varname in [
'reachable_via_web', 'disable_key_code_hint',
'disable_privacy_badge', 'disable_donation_panel',
'simplified_login', 'can_delete_submission',
'can_postpone_expiration', 'enable_user_pgp_key_upload',
'allow_unencrypted', 'anonymize_outgoing_connections',
'allow_iframes_inclusion', 'password_change_period',
'default_questionnaire'
]:
node.set_val(varname, root_tenant_node.get_val(varname))
context.questionnaire_id = root_tenant_node.get_val(
u'default_questionnaire')
# Apply the general settings to apply on all mode != default
if mode != u'default':
# Enable the recipient user to configure platform general settings
receiver_user.can_edit_general_settings = True
# Set data retention policy to 18 months
context.tip_timetolive = 540
# Apply the specific fixes related to whistleblowing.it projects
if mode == u'whistleblowing.it':
node.set_val(u'simplified_login', True)
node.set_val(u'tor', False)
# Enable recipients to load files to the whistleblower
context.enable_rc_to_wb_files = True
# Set the recipient name equal to the node name
receiver_user.name = request['node_name']
# Delete the admin user
session.delete(admin_user)
db_refresh_memory_variables(session, [tid])
def db_create_user(session, tid, request, language):
"""
Transaction for creating a new user
:param session: An ORM session
:param tid: A tenant ID
:param request: The request data
:param language: The language of the request
:return: The serialized descriptor of the created object
"""
request['tid'] = tid
fill_localized_keys(request, models.User.localized_keys, language)
if request['username']:
user = session.query(models.User).filter(
models.User.username == request['username'],
models.User.tid == tid).one_or_none()
if user is not None:
raise errors.InputValidationError('Username already in use')
user = models.User({
'tid':
tid,
'username':
request['username'],
'role':
request['role'],
'state':
'enabled',
'name':
request['name'],
'description':
request['description'],
'public_name':
request['public_name'] if request['public_name'] else request['name'],
'language':
language,
'password_change_needed':
request['password_change_needed'],
'mail_address':
request['mail_address'],
'can_edit_general_settings':
request['can_edit_general_settings']
})
if not request['username']:
user.username = user.id = uuid4()
user.salt = GCE.generate_salt()
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
session.add(user)
session.flush()
if request.get('send_account_activation_link', False):
db_generate_password_reset_token(session, user)
return user
def initialize_node(store, results, only_node, templates, appdata):
"""
TODO refactor with languages the email_template, develop a dedicated
function outside the node, and inquire f*****g YHWH about the
callbacks existence/usage
"""
node = models.Node(only_node)
log.debug("Inizializing ApplicationData")
new_appdata = ApplicationData()
new_appdata.fields = appdata['fields']
new_appdata.version = appdata['version']
store.add(new_appdata)
if 'node_presentation' in appdata:
node.presentation = appdata['node_presentation']
if 'node_footer' in appdata:
node.footer = appdata['node_footer']
if 'node_subtitle' in appdata:
node.subtitle = appdata['node_subtitle']
node.languages_enabled = GLSetting.defaults.languages_enabled
node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
node.wizard_done = GLSetting.skip_wizard
node.creation_date = datetime_now()
store.add(node)
admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}'))
admin_password = hash_password(u"globaleaks", admin_salt)
admin_dict = {
'username': u'admin',
'password': admin_password,
'salt': admin_salt,
'role': u'admin',
'state': u'enabled',
}
admin = models.User(admin_dict)
admin.last_login = datetime_null()
store.add(admin)
notification = models.Notification()
# our defaults for free, because we're like Gandhi of the mail accounts.
notification.server = "mail.headstrong.de"
notification.port = 587
# port 587/SMTP-TLS or 465/SMTPS
notification.username = "******"
notification.password = "******"
notification.security = "TLS"
notification.source_name = "Default GlobaLeaks sender"
notification.source_email = notification.username
# Those fields are sets as default in order to show to the Admin the various
# 'variables' used in the template.
notification.encrypted_tip_template = {
GLSetting.memory_copy.default_language: templates['encrypted_tip']
}
notification.encrypted_tip_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new Tip (Encrypted)"
}
notification.plaintext_tip_template = {
GLSetting.memory_copy.default_language: templates['plaintext_tip']
}
notification.plaintext_tip_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: new ClearText"
}
notification.encrypted_message_template = {
GLSetting.memory_copy.default_language: templates['encrypted_message']
}
notification.encrypted_message_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message (Encrypted)"
}
notification.plaintext_message_template = {
GLSetting.memory_copy.default_language: templates['plaintext_message']
}
notification.plaintext_message_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message"
}
notification.encrypted_file_template = {
GLSetting.memory_copy.default_language: templates['encrypted_file']
}
notification.encrypted_file_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached (Encrypted)"
}
notification.plaintext_file_template = {
GLSetting.memory_copy.default_language: templates['plaintext_file']
}
notification.plaintext_file_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached"
}
notification.encrypted_comment_template = {
GLSetting.memory_copy.default_language: templates['encrypted_comment']
}
notification.encrypted_comment_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment (Encrypted)"
}
notification.plaintext_comment_template = {
GLSetting.memory_copy.default_language: templates['plaintext_comment']
}
notification.plaintext_comment_mail_title = {
GLSetting.memory_copy.default_language:
"[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment"
}
notification.zip_description = {
GLSetting.memory_copy.default_language: templates['zip_collection']
}
store.add(notification)
