def lookup(logged_in_source: SourceUser) -> str:
replies = []
logged_in_source_in_db = logged_in_source.get_db_record()
source_inbox = Reply.query.filter_by(
source_id=logged_in_source_in_db.id, deleted_by_source=False
).all()
first_submission = logged_in_source_in_db.interaction_count == 0
if first_submission:
min_message_length = InstanceConfig.get_default().initial_message_min_len
else:
min_message_length = 0
for reply in source_inbox:
reply_path = Storage.get_default().path(
logged_in_source.filesystem_id,
reply.filename,
)
try:
with io.open(reply_path, "rb") as f:
contents = f.read()
decrypted_reply = EncryptionManager.get_default().decrypt_journalist_reply(
for_source_user=logged_in_source, ciphertext_in=contents
)
reply.decrypted = decrypted_reply
except UnicodeDecodeError:
current_app.logger.error("Could not decode reply %s" % reply.filename)
except FileNotFoundError:
current_app.logger.error("Reply file missing: %s" % reply.filename)
else:
reply.date = datetime.utcfromtimestamp(os.stat(reply_path).st_mtime)
replies.append(reply)
# Sort the replies by date
replies.sort(key=operator.attrgetter("date"), reverse=True)
# If not done yet, generate a keypair to encrypt replies from the journalist
encryption_mgr = EncryptionManager.get_default()
try:
encryption_mgr.get_source_public_key(logged_in_source.filesystem_id)
except GpgKeyNotFoundError:
encryption_mgr.generate_source_key_pair(logged_in_source)
return render_template(
"lookup.html",
is_user_logged_in=True,
allow_document_uploads=InstanceConfig.get_default().allow_document_uploads,
replies=replies,
min_len=min_message_length,
new_user_codename=session.get("new_user_codename", None),
form=SubmissionForm(),
)
def lookup() -> str:
replies = []
source_inbox = Reply.query.filter(Reply.source_id == g.source.id) \
.filter(Reply.deleted_by_source == False).all() # noqa
for reply in source_inbox:
reply_path = current_app.storage.path(
g.filesystem_id,
reply.filename,
)
try:
with io.open(reply_path, "rb") as f:
contents = f.read()
reply_obj = current_app.crypto_util.decrypt(
g.codename, contents)
reply.decrypted = reply_obj
except UnicodeDecodeError:
current_app.logger.error("Could not decode reply %s" %
reply.filename)
except FileNotFoundError:
current_app.logger.error("Reply file missing: %s" %
reply.filename)
else:
reply.date = datetime.utcfromtimestamp(
os.stat(reply_path).st_mtime)
replies.append(reply)
# Sort the replies by date
replies.sort(key=operator.attrgetter('date'), reverse=True)
# Generate a keypair to encrypt replies from the journalist
# Only do this if the journalist has flagged the source as one
# that they would like to reply to. (Issue #140.)
if not current_app.crypto_util.get_fingerprint(g.filesystem_id) and \
g.source.flagged:
db_uri = current_app.config['SQLALCHEMY_DATABASE_URI']
async_genkey(current_app.crypto_util, db_uri, g.filesystem_id,
g.codename)
return render_template(
'lookup.html',
allow_document_uploads=current_app.instance_config.
allow_document_uploads,
codename=g.codename,
replies=replies,
flagged=g.source.flagged,
new_user=session.get('new_user', None),
haskey=current_app.crypto_util.get_fingerprint(g.filesystem_id),
form=SubmissionForm(),
)
def submit() -> werkzeug.Response:
allow_document_uploads = current_app.instance_config.allow_document_uploads
form = SubmissionForm()
if not form.validate():
for field, errors in form.errors.items():
for error in errors:
flash(error, "error")
return redirect(url_for('main.lookup'))
msg = request.form['msg']
fh = None
if allow_document_uploads and 'fh' in request.files:
fh = request.files['fh']
# Don't submit anything if it was an "empty" submission. #878
if not (msg or fh):
if allow_document_uploads:
flash(
gettext(
"You must enter a message or choose a file to submit."
), "error")
else:
flash(gettext("You must enter a message."), "error")
return redirect(url_for('main.lookup'))
fnames = []
journalist_filename = g.source.journalist_filename
first_submission = g.source.interaction_count == 0
if msg:
g.source.interaction_count += 1
fnames.append(
current_app.storage.save_message_submission(
g.filesystem_id, g.source.interaction_count,
journalist_filename, msg))
if fh:
g.source.interaction_count += 1
fnames.append(
current_app.storage.save_file_submission(
g.filesystem_id, g.source.interaction_count,
journalist_filename, fh.filename, fh.stream))
if first_submission:
flash_message = render_template(
'first_submission_flashed_message.html')
flash(Markup(flash_message), "success")
else:
if msg and not fh:
html_contents = gettext('Thanks! We received your message.')
elif fh and not msg:
html_contents = gettext('Thanks! We received your document.')
else:
html_contents = gettext('Thanks! We received your message and '
'document.')
flash_message = render_template(
'next_submission_flashed_message.html',
html_contents=html_contents)
flash(Markup(flash_message), "success")
new_submissions = []
for fname in fnames:
submission = Submission(g.source, fname)
db.session.add(submission)
new_submissions.append(submission)
if g.source.pending:
g.source.pending = False
# Generate a keypair now, if there's enough entropy (issue #303)
# (gpg reads 300 bytes from /dev/random)
entropy_avail = get_entropy_estimate()
if entropy_avail >= 2400:
db_uri = current_app.config['SQLALCHEMY_DATABASE_URI']
async_genkey(current_app.crypto_util, db_uri, g.filesystem_id,
g.codename)
current_app.logger.info(
"generating key, entropy: {}".format(entropy_avail))
else:
current_app.logger.warning(
"skipping key generation. entropy: {}".format(
entropy_avail))
g.source.last_updated = datetime.utcnow()
db.session.commit()
for sub in new_submissions:
store.async_add_checksum_for_file(sub)
normalize_timestamps(g.filesystem_id)
return redirect(url_for('main.lookup'))
def submit(logged_in_source: SourceUser) -> werkzeug.Response:
allow_document_uploads = InstanceConfig.get_default().allow_document_uploads
form = SubmissionForm()
if not form.validate():
for field, errors in form.errors.items():
for error in errors:
flash_msg("error", None, error)
return redirect(url_for("main.lookup"))
msg = request.form["msg"]
fh = None
if allow_document_uploads and "fh" in request.files:
fh = request.files["fh"]
# Don't submit anything if it was an "empty" submission. #878
if not (msg or fh):
if allow_document_uploads:
html_contents = gettext("You must enter a message or choose a file to submit.")
else:
html_contents = gettext("You must enter a message.")
flash_msg("error", None, html_contents)
return redirect(url_for("main.lookup"))
fnames = []
logged_in_source_in_db = logged_in_source.get_db_record()
first_submission = logged_in_source_in_db.interaction_count == 0
if first_submission:
min_len = InstanceConfig.get_default().initial_message_min_len
if (min_len > 0) and (msg and not fh) and (len(msg) < min_len):
flash_msg(
"error",
None,
gettext("Your first message must be at least {} characters long.").format(
min_len
),
)
return redirect(url_for("main.lookup"))
# if the new_user_codename key is not present in the session, this is
# not a first session
new_codename = session.get("new_user_codename", None)
codenames_rejected = InstanceConfig.get_default().reject_message_with_codename
if new_codename is not None:
if codenames_rejected and codename_detected(msg, new_codename):
flash_msg(
"error",
None,
gettext("Please do not submit your codename!"),
gettext(
"Keep your codename secret, and use it to log in later to "
"check for replies."
),
)
return redirect(url_for("main.lookup"))
if not os.path.exists(Storage.get_default().path(logged_in_source.filesystem_id)):
current_app.logger.debug(
"Store directory not found for source '{}', creating one.".format(
logged_in_source_in_db.journalist_designation
)
)
os.mkdir(Storage.get_default().path(logged_in_source.filesystem_id))
if msg:
logged_in_source_in_db.interaction_count += 1
fnames.append(
Storage.get_default().save_message_submission(
logged_in_source_in_db.filesystem_id,
logged_in_source_in_db.interaction_count,
logged_in_source_in_db.journalist_filename,
msg,
)
)
if fh:
logged_in_source_in_db.interaction_count += 1
fnames.append(
Storage.get_default().save_file_submission(
logged_in_source_in_db.filesystem_id,
logged_in_source_in_db.interaction_count,
logged_in_source_in_db.journalist_filename,
fh.filename,
fh.stream,
)
)
if first_submission or msg or fh:
if first_submission:
html_contents = gettext(
"Thank you for sending this information to us. Please "
"check back later for replies."
)
elif msg and not fh:
html_contents = gettext("Thanks! We received your message.")
elif fh and not msg:
html_contents = gettext("Thanks! We received your document.")
else:
html_contents = gettext("Thanks! We received your message and document.")
flash_msg("success", gettext("Success!"), html_contents)
new_submissions = []
for fname in fnames:
submission = Submission(logged_in_source_in_db, fname, Storage.get_default())
db.session.add(submission)
new_submissions.append(submission)
logged_in_source_in_db.pending = False
logged_in_source_in_db.last_updated = datetime.now(timezone.utc)
db.session.commit()
for sub in new_submissions:
store.async_add_checksum_for_file(sub, Storage.get_default())
normalize_timestamps(logged_in_source)
return redirect(url_for("main.lookup"))