def add_reply(
source: Source, journalist: Journalist, journalist_who_saw: Optional[Journalist]
) -> None:
"""
Adds a single reply to a source.
"""
record_source_interaction(source)
fname = "{}-{}-reply.gpg".format(source.interaction_count, source.journalist_filename)
current_app.crypto_util.encrypt(
next(replies),
[
current_app.crypto_util.get_fingerprint(source.filesystem_id),
config.JOURNALIST_KEY,
],
current_app.storage.path(source.filesystem_id, fname),
)
reply = Reply(journalist, source, fname)
db.session.add(reply)
db.session.flush()
# Journalist who replied has seen the reply
author_seen_reply = SeenReply(reply_id=reply.id, journalist_id=journalist.id)
db.session.add(author_seen_reply)
if journalist_who_saw:
other_seen_reply = SeenReply(reply_id=reply.id, journalist_id=journalist_who_saw.id)
db.session.add(other_seen_reply)
db.session.commit()
def add_reply(source: Source, journalist: Journalist,
journalist_who_saw: Optional[Journalist]) -> None:
"""
Adds a single reply to a source.
"""
record_source_interaction(source)
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
EncryptionManager.get_default().encrypt_journalist_reply(
for_source_with_filesystem_id=source.filesystem_id,
reply_in=next(replies),
encrypted_reply_path_out=Path(Storage.get_default().path(
source.filesystem_id, fname)),
)
reply = Reply(journalist, source, fname, Storage.get_default())
db.session.add(reply)
# Journalist who replied has seen the reply
author_seen_reply = SeenReply(reply=reply, journalist=journalist)
db.session.add(author_seen_reply)
if journalist_who_saw:
other_seen_reply = SeenReply(reply=reply,
journalist=journalist_who_saw)
db.session.add(other_seen_reply)
db.session.commit()
def mark_seen(targets: List[Union[Submission, Reply]],
user: Journalist) -> None:
"""
Marks a list of submissions or replies seen by the given journalist.
"""
for t in targets:
try:
if isinstance(t, Submission):
t.downloaded = True
if t.is_file:
sf = SeenFile(file_id=t.id, journalist_id=user.id)
db.session.add(sf)
elif t.is_message:
sm = SeenMessage(message_id=t.id, journalist_id=user.id)
db.session.add(sm)
db.session.commit()
elif isinstance(t, Reply):
sr = SeenReply(reply_id=t.id, journalist_id=user.id)
db.session.add(sr)
db.session.commit()
except IntegrityError as e:
db.session.rollback()
if 'UNIQUE constraint failed' in str(e):
continue
raise
def reply(storage, journalist, source, num_replies):
"""Generates and submits *num_replies* replies to *source*
from *journalist*. Returns reply objects as a list.
:param Journalist journalist: The journalist to write the
reply from.
:param Source source: The source to send the reply to.
:param int num_replies: Number of random-data replies to make.
:returns: A list of the :class:`Reply`s submitted.
"""
assert num_replies >= 1
replies = []
for _ in range(num_replies):
source.interaction_count += 1
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
EncryptionManager.get_default().encrypt_journalist_reply(
for_source_with_filesystem_id=source.filesystem_id,
reply_in=str(os.urandom(1)),
encrypted_reply_path_out=storage.path(source.filesystem_id, fname),
)
reply = Reply(journalist, source, fname, storage)
replies.append(reply)
db.session.add(reply)
seen_reply = SeenReply(reply=reply, journalist=journalist)
db.session.add(seen_reply)
db.session.commit()
return replies
def reply() -> werkzeug.Response:
"""Attempt to send a Reply from a Journalist to a Source. Empty
messages are rejected, and an informative error message is flashed
on the client. In the case of unexpected errors involving database
transactions (potentially caused by racing request threads that
modify the same the database object) logging is done in such a way
so as not to write potentially sensitive information to disk, and a
generic error message is flashed on the client.
Returns:
flask.Response: The user is redirected to the same Source
collection view, regardless if the Reply is created
successfully.
"""
form = ReplyForm()
if not form.validate_on_submit():
for error in form.message.errors:
flash(error, "error")
return redirect(url_for('col.col', filesystem_id=g.filesystem_id))
g.source.interaction_count += 1
filename = "{0}-{1}-reply.gpg".format(g.source.interaction_count,
g.source.journalist_filename)
current_app.crypto_util.encrypt(
form.message.data,
[
current_app.crypto_util.get_fingerprint(g.filesystem_id),
config.JOURNALIST_KEY
],
output=current_app.storage.path(g.filesystem_id, filename),
)
try:
reply = Reply(g.user, g.source, filename)
db.session.add(reply)
db.session.flush()
seen_reply = SeenReply(reply_id=reply.id, journalist_id=g.user.id)
db.session.add(seen_reply)
db.session.commit()
store.async_add_checksum_for_file(reply)
except Exception as exc:
flash(
gettext("An unexpected error occurred! Please "
"inform your admin."), "error")
# We take a cautious approach to logging here because we're dealing
# with responses to sources. It's possible the exception message
# could contain information we don't want to write to disk.
current_app.logger.error(
"Reply from '{}' (ID {}) failed: {}!".format(
g.user.username, g.user.id, exc.__class__))
else:
flash(
Markup("<b>{}</b> {}".format(
# Translators: Precedes a message confirming the success of an operation.
escape(gettext("Success!")),
escape(gettext("Your reply has been stored.")))),
'success')
finally:
return redirect(url_for('col.col', filesystem_id=g.filesystem_id))
def reply(journalist, source, num_replies):
"""Generates and submits *num_replies* replies to *source*
from *journalist*. Returns reply objects as a list.
:param Journalist journalist: The journalist to write the
reply from.
:param Source source: The source to send the reply to.
:param int num_replies: Number of random-data replies to make.
:returns: A list of the :class:`Reply`s submitted.
"""
assert num_replies >= 1
replies = []
for _ in range(num_replies):
source.interaction_count += 1
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
current_app.crypto_util.encrypt(
str(os.urandom(1)), [
current_app.crypto_util.get_fingerprint(source.filesystem_id),
config.JOURNALIST_KEY
], current_app.storage.path(source.filesystem_id, fname))
reply = Reply(journalist, source, fname)
replies.append(reply)
db.session.add(reply)
db.session.flush()
seen_reply = SeenReply(reply_id=reply.id, journalist_id=journalist.id)
db.session.add(seen_reply)
db.session.commit()
return replies
def create_source_and_submissions(
source_index,
source_count,
num_submissions=2,
num_replies=2,
journalist_who_replied=None # noqa: W605, E501
):
# Store source in database
codename = current_app.crypto_util.genrandomid()
filesystem_id = current_app.crypto_util.hash_codename(codename)
journalist_designation = current_app.crypto_util.display_id()
source = Source(filesystem_id, journalist_designation)
source.pending = False
db.session.add(source)
db.session.commit()
# Generate submissions directory and generate source key
os.mkdir(current_app.storage.path(source.filesystem_id))
current_app.crypto_util.genkeypair(source.filesystem_id, codename)
# Generate some test submissions
for _ in range(num_submissions):
source.interaction_count += 1
submission_text = next(submissions)
fpath = current_app.storage.save_message_submission(
source.filesystem_id, source.interaction_count,
source.journalist_filename, submission_text)
source.last_updated = datetime.datetime.utcnow()
submission = Submission(source, fpath)
db.session.add(submission)
# Generate some test replies
for _ in range(num_replies):
source.interaction_count += 1
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
current_app.crypto_util.encrypt(
next(replies), [
current_app.crypto_util.get_fingerprint(source.filesystem_id),
config.JOURNALIST_KEY
], current_app.storage.path(source.filesystem_id, fname))
if not journalist_who_replied:
journalist = Journalist.query.first()
else:
journalist = journalist_who_replied
reply = Reply(journalist, source, fname)
db.session.add(reply)
db.session.flush()
seen_reply = SeenReply(reply_id=reply.id, journalist_id=journalist.id)
db.session.add(seen_reply)
db.session.commit()
print("Test source {}/{} (codename: '{}', journalist designation '{}') "
"added with {} submissions and {} replies".format(
source_index, source_count, codename, journalist_designation,
num_submissions, num_replies))
def all_source_replies(source_uuid: str) -> Tuple[flask.Response, int]:
if request.method == 'GET':
source = get_or_404(Source, source_uuid, column=Source.uuid)
return jsonify(
{'replies':
[reply.to_json() for reply in source.replies]}), 200
elif request.method == 'POST':
source = get_or_404(Source, source_uuid, column=Source.uuid)
if request.json is None:
abort(400, 'please send requests in valid JSON')
if 'reply' not in request.json:
abort(400, 'reply not found in request body')
user = _authenticate_user_from_auth_header(request)
data = request.json
if not data['reply']:
abort(400, 'reply should not be empty')
source.interaction_count += 1
try:
filename = current_app.storage.save_pre_encrypted_reply(
source.filesystem_id, source.interaction_count,
source.journalist_filename, data['reply'])
except NotEncrypted:
return jsonify(
{'message': 'You must encrypt replies client side'}), 400
# issue #3918
filename = path.basename(filename)
reply = Reply(user, source, filename)
reply_uuid = data.get('uuid', None)
if reply_uuid is not None:
# check that is is parseable
try:
UUID(reply_uuid)
except ValueError:
abort(400, "'uuid' was not a valid UUID")
reply.uuid = reply_uuid
try:
db.session.add(reply)
db.session.flush()
seen_reply = SeenReply(reply_id=reply.id,
journalist_id=user.id)
db.session.add(seen_reply)
db.session.add(source)
db.session.commit()
except IntegrityError as e:
db.session.rollback()
if 'UNIQUE constraint failed: replies.uuid' in str(e):
abort(409, 'That UUID is already in use.')
else:
raise e
return jsonify({
'message': 'Your reply has been stored',
'uuid': reply.uuid,
'filename': reply.filename
}), 201
else:
abort(405)
def all_source_replies(source_uuid: str) -> Tuple[flask.Response, int]:
if request.method == "GET":
source = get_or_404(Source, source_uuid, column=Source.uuid)
return jsonify(
{"replies":
[reply.to_json() for reply in source.replies]}), 200
elif request.method == "POST":
source = get_or_404(Source, source_uuid, column=Source.uuid)
if request.json is None:
abort(400, "please send requests in valid JSON")
if "reply" not in request.json:
abort(400, "reply not found in request body")
user = _authenticate_user_from_auth_header(request)
data = request.json
if not data["reply"]:
abort(400, "reply should not be empty")
source.interaction_count += 1
try:
filename = Storage.get_default().save_pre_encrypted_reply(
source.filesystem_id,
source.interaction_count,
source.journalist_filename,
data["reply"],
)
except NotEncrypted:
return jsonify(
{"message": "You must encrypt replies client side"}), 400
# issue #3918
filename = path.basename(filename)
reply = Reply(user, source, filename, Storage.get_default())
reply_uuid = data.get("uuid", None)
if reply_uuid is not None:
# check that is is parseable
try:
UUID(reply_uuid)
except ValueError:
abort(400, "'uuid' was not a valid UUID")
reply.uuid = reply_uuid
try:
db.session.add(reply)
seen_reply = SeenReply(reply=reply, journalist=user)
db.session.add(seen_reply)
db.session.add(source)
db.session.commit()
except IntegrityError as e:
db.session.rollback()
if "UNIQUE constraint failed: replies.uuid" in str(e):
abort(409, "That UUID is already in use.")
else:
raise e
return (
jsonify({
"message": "Your reply has been stored",
"uuid": reply.uuid,
"filename": reply.filename,
}),
201,
)
else:
abort(405)
def create_source_data(
source_index: int,
source_count: int,
journalist_who_replied: Journalist,
journalist_who_saw: Journalist,
num_files: int = 2,
num_messages: int = 2,
num_replies: int = 2,
) -> None:
# Store source in database
codename = current_app.crypto_util.genrandomid()
filesystem_id = current_app.crypto_util.hash_codename(codename)
journalist_designation = current_app.crypto_util.display_id()
source = Source(filesystem_id, journalist_designation)
source.pending = False
db.session.add(source)
db.session.commit()
# Generate submissions directory and generate source key
os.mkdir(current_app.storage.path(source.filesystem_id))
current_app.crypto_util.genkeypair(source.filesystem_id, codename)
# Mark a third of sources as seen, a third as partially-seen, and a third as unseen
seen_files = 0 if source_index % 3 == 0 else math.floor(num_files /
(source_index % 3))
seen_messages = 0 if source_index % 3 == 0 else math.floor(
num_messages / (source_index % 3))
seen_replies = 0 if source_index % 3 == 0 else math.floor(
num_replies / (source_index % 3))
# Generate some test messages
seen_messages_count = 0
for _ in range(num_messages):
source.interaction_count += 1
submission_text = next(messages)
fpath = current_app.storage.save_message_submission(
source.filesystem_id, source.interaction_count,
source.journalist_filename, submission_text)
source.last_updated = datetime.datetime.utcnow()
submission = Submission(source, fpath)
db.session.add(submission)
if seen_messages_count < seen_messages:
seen_messages_count = seen_messages_count + 1
db.session.flush()
seen_message = SeenMessage(message_id=submission.id,
journalist_id=journalist_who_saw.id)
db.session.add(seen_message)
# Generate some test files
seen_files_count = 0
for _ in range(num_files):
source.interaction_count += 1
fpath = current_app.storage.save_file_submission(
source.filesystem_id, source.interaction_count,
source.journalist_filename, "memo.txt",
io.BytesIO(b"This is an example of a plain text file upload."))
source.last_updated = datetime.datetime.utcnow()
submission = Submission(source, fpath)
db.session.add(submission)
if seen_files_count < seen_files:
seen_files_count = seen_files_count + 1
db.session.flush()
seen_file = SeenFile(file_id=submission.id,
journalist_id=journalist_who_saw.id)
db.session.add(seen_file)
# Generate some test replies
seen_replies_count = 0
for _ in range(num_replies):
source.interaction_count += 1
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
current_app.crypto_util.encrypt(
next(replies), [
current_app.crypto_util.get_fingerprint(source.filesystem_id),
config.JOURNALIST_KEY
], current_app.storage.path(source.filesystem_id, fname))
reply = Reply(journalist_who_replied, source, fname)
db.session.add(reply)
db.session.flush()
# Journalist who replied has seen the reply
seen_reply = SeenReply(reply_id=reply.id,
journalist_id=journalist_who_replied.id)
db.session.add(seen_reply)
if seen_replies_count < seen_replies:
seen_replies_count = seen_replies_count + 1
seen_reply = SeenReply(reply_id=reply.id,
journalist_id=journalist_who_saw.id)
db.session.add(seen_reply)
db.session.commit()
print("Test source {}/{} (codename: '{}', journalist designation '{}') "
"added with {} files, {} messages, and {} replies".format(
source_index + 1, source_count, codename, journalist_designation,
num_files, num_messages, num_replies))
