def reply(storage, journalist, source, num_replies):
"""Generates and submits *num_replies* replies to *source*
from *journalist*. Returns reply objects as a list.
:param Journalist journalist: The journalist to write the
reply from.
:param Source source: The source to send the reply to.
:param int num_replies: Number of random-data replies to make.
:returns: A list of the :class:`Reply`s submitted.
"""
assert num_replies >= 1
replies = []
for _ in range(num_replies):
source.interaction_count += 1
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
EncryptionManager.get_default().encrypt_journalist_reply(
for_source_with_filesystem_id=source.filesystem_id,
reply_in=str(os.urandom(1)),
encrypted_reply_path_out=storage.path(source.filesystem_id, fname),
)
reply = Reply(journalist, source, fname, storage)
replies.append(reply)
db.session.add(reply)
seen_reply = SeenReply(reply=reply, journalist=journalist)
db.session.add(seen_reply)
db.session.commit()
return replies
def add_reply(source: Source, journalist: Journalist,
journalist_who_saw: Optional[Journalist]) -> None:
"""
Adds a single reply to a source.
"""
record_source_interaction(source)
fname = "{}-{}-reply.gpg".format(source.interaction_count,
source.journalist_filename)
EncryptionManager.get_default().encrypt_journalist_reply(
for_source_with_filesystem_id=source.filesystem_id,
reply_in=next(replies),
encrypted_reply_path_out=Path(Storage.get_default().path(
source.filesystem_id, fname)),
)
reply = Reply(journalist, source, fname, Storage.get_default())
db.session.add(reply)
# Journalist who replied has seen the reply
author_seen_reply = SeenReply(reply=reply, journalist=journalist)
db.session.add(author_seen_reply)
if journalist_who_saw:
other_seen_reply = SeenReply(reply=reply,
journalist=journalist_who_saw)
db.session.add(other_seen_reply)
db.session.commit()
def _create_source_and_submission(config_in_use: SecureDropConfig) -> Path:
"""Directly create a source and a submission within the app.
Some tests for the journalist app require a submission to already be present, and this
function is used to create the source user and submission when the journalist app starts.
This implementation is much faster than using Selenium to navigate the source app in order
to create a submission: it takes 0.2s to run, while the Selenium implementation takes 7s.
"""
# This function will be called in a separate Process that runs the app
# Hence the late imports
from encryption import EncryptionManager
from models import Submission
from passphrases import PassphraseGenerator
from source_user import create_source_user
from store import Storage, add_checksum_for_file
from tests.functional.db_session import get_database_session
# Create a source
passphrase = PassphraseGenerator.get_default().generate_passphrase()
with get_database_session(
database_uri=config_in_use.DATABASE_URI) as db_session:
source_user = create_source_user(
db_session=db_session,
source_passphrase=passphrase,
source_app_storage=Storage.get_default(),
)
source_db_record = source_user.get_db_record()
EncryptionManager.get_default().generate_source_key_pair(source_user)
# Create a file submission from this source
source_db_record.interaction_count += 1
app_storage = Storage.get_default()
encrypted_file_name = app_storage.save_file_submission(
filesystem_id=source_user.filesystem_id,
count=source_db_record.interaction_count,
journalist_filename=source_db_record.journalist_filename,
filename="filename.txt",
stream=BytesIO(b"File with S3cr3t content"),
)
submission = Submission(source_db_record, encrypted_file_name,
app_storage)
db_session.add(submission)
source_db_record.pending = False
source_db_record.last_updated = datetime.now(timezone.utc)
db_session.commit()
submission_file_path = app_storage.path(source_user.filesystem_id,
submission.filename)
add_checksum_for_file(
session=db_session,
db_obj=submission,
file_path=submission_file_path,
)
return Path(submission_file_path)
def save_message_submission(
self, filesystem_id: str, count: int, journalist_filename: str, message: str
) -> str:
filename = "{0}-{1}-msg.gpg".format(count, journalist_filename)
msg_loc = self.path(filesystem_id, filename)
EncryptionManager.get_default().encrypt_source_message(
message_in=message,
encrypted_message_path_out=Path(msg_loc),
)
return filename
def lookup(logged_in_source: SourceUser) -> str:
replies = []
logged_in_source_in_db = logged_in_source.get_db_record()
source_inbox = Reply.query.filter_by(
source_id=logged_in_source_in_db.id, deleted_by_source=False
).all()
first_submission = logged_in_source_in_db.interaction_count == 0
if first_submission:
min_message_length = InstanceConfig.get_default().initial_message_min_len
else:
min_message_length = 0
for reply in source_inbox:
reply_path = Storage.get_default().path(
logged_in_source.filesystem_id,
reply.filename,
)
try:
with io.open(reply_path, "rb") as f:
contents = f.read()
decrypted_reply = EncryptionManager.get_default().decrypt_journalist_reply(
for_source_user=logged_in_source, ciphertext_in=contents
)
reply.decrypted = decrypted_reply
except UnicodeDecodeError:
current_app.logger.error("Could not decode reply %s" % reply.filename)
except FileNotFoundError:
current_app.logger.error("Reply file missing: %s" % reply.filename)
else:
reply.date = datetime.utcfromtimestamp(os.stat(reply_path).st_mtime)
replies.append(reply)
# Sort the replies by date
replies.sort(key=operator.attrgetter("date"), reverse=True)
# If not done yet, generate a keypair to encrypt replies from the journalist
encryption_mgr = EncryptionManager.get_default()
try:
encryption_mgr.get_source_public_key(logged_in_source.filesystem_id)
except GpgKeyNotFoundError:
encryption_mgr.generate_source_key_pair(logged_in_source)
return render_template(
"lookup.html",
is_user_logged_in=True,
allow_document_uploads=InstanceConfig.get_default().allow_document_uploads,
replies=replies,
min_len=min_message_length,
new_user_codename=session.get("new_user_codename", None),
form=SubmissionForm(),
)
def col(filesystem_id: str) -> str:
form = ReplyForm()
source = get_source(filesystem_id)
try:
EncryptionManager.get_default().get_source_public_key(
filesystem_id)
source.has_key = True
except GpgKeyNotFoundError:
source.has_key = False
return render_template("col.html",
filesystem_id=filesystem_id,
source=source,
form=form)
def delete_collection(filesystem_id: str) -> None:
"""deletes source account including files and reply key"""
# Delete the source's collection of submissions
path = Storage.get_default().path(filesystem_id)
if os.path.exists(path):
Storage.get_default().move_to_shredder(path)
# Delete the source's reply keypair
EncryptionManager.get_default().delete_source_key_pair(filesystem_id)
# Delete their entry in the db
source = get_source(filesystem_id, include_deleted=True)
db.session.delete(source)
db.session.commit()
def _journalist_downloads_message(self):
self._journalist_selects_the_first_source()
self.wait_for(lambda: self.driver.find_element_by_css_selector(
"table#submissions"))
submissions = self.driver.find_elements_by_css_selector(
"#submissions a")
assert 1 == len(submissions)
file_url = submissions[0].get_attribute("href")
# Downloading files with Selenium is tricky because it cannot automate
# the browser's file download dialog. We can directly request the file
# using requests, but we need to pass the cookies for logged in user
# for Flask to allow this.
def cookie_string_from_selenium_cookies(cookies):
result = {}
for cookie in cookies:
result[cookie["name"]] = cookie["value"]
return result
cks = cookie_string_from_selenium_cookies(self.driver.get_cookies())
raw_content = self.return_downloaded_content(file_url, cks)
encryption_mgr = EncryptionManager.get_default()
with import_journalist_private_key(encryption_mgr):
decrypted_submission = encryption_mgr._gpg.decrypt(raw_content)
submission = self._get_submission_content(file_url,
decrypted_submission)
if type(submission) == bytes:
submission = submission.decode("utf-8")
assert self.secret_message == submission
def test_delete_source_key_pair_pinentry_status_is_handled(
self, source_app, test_source, mocker, capsys):
"""
Regression test for https://github.com/freedomofpress/securedrop/issues/4294
"""
# Given a source user with a key pair in the default encryption manager
source_user = test_source["source_user"]
encryption_mgr = EncryptionManager.get_default()
# And a gpg binary that will trigger the issue described in #4294
mocker.patch(
"pretty_bad_protocol._util._separate_keyword",
return_value=("PINENTRY_LAUNCHED", "does not matter"),
)
# When using the encryption manager to delete this source user's key pair
# It succeeds
encryption_mgr.delete_source_key_pair(source_user.filesystem_id)
# And the user's key information can no longer be retrieved
with pytest.raises(GpgKeyNotFoundError):
encryption_mgr.get_source_key_fingerprint(
source_user.filesystem_id)
# And the bug fix was properly triggered
captured = capsys.readouterr()
assert "ValueError: Unknown status message: 'PINENTRY_LAUNCHED'" not in captured.err
def _can_decrypt_with_source_secret_key(msg: bytes,
source_gpg_secret: str) -> None:
encryption_mgr = EncryptionManager.get_default()
decryption_result = encryption_mgr._gpg.decrypt(
msg, passphrase=source_gpg_secret)
assert decryption_result.ok, "Could not decrypt msg with key, gpg says: {}".format(
decryption_result.stderr)
def init_source(storage):
"""Initialize a source: create their database record, the
filesystem directory that stores their submissions & replies,
and their GPG key encrypted with their codename. Return a source
object and their codename string.
:returns: A 2-tuple. The first entry, the :class:`Source`
initialized. The second, their codename string.
"""
passphrase = PassphraseGenerator.get_default().generate_passphrase()
source_user = create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=storage,
)
EncryptionManager.get_default().generate_source_key_pair(source_user)
return source_user.get_db_record(), passphrase
def test_reply_normal(journalist_app, source_app, test_journo, config):
"""Test for regression on #1360 (failure to encode bytes before calling
gpg functions).
"""
encryption_mgr = EncryptionManager.get_default()
with mock.patch.object(encryption_mgr._gpg, "_encoding", "ansi_x3.4_1968"):
_helper_test_reply(journalist_app, source_app, config, test_journo,
"This is a test reply.", True)
def test_encrypt_and_decrypt_journalist_reply(self, source_app,
test_source, tmp_path,
app_storage):
# Given a source user with a key pair in the default encryption manager
source_user1 = test_source["source_user"]
encryption_mgr = EncryptionManager.get_default()
# And another source with a key pair in the default encryption manager
with source_app.app_context():
source_user2 = create_source_user(
db_session=db.session,
source_passphrase=PassphraseGenerator.get_default().
generate_passphrase(),
source_app_storage=app_storage,
)
encryption_mgr.generate_source_key_pair(source_user2)
# When the journalist tries to encrypt a reply to source1
# It succeeds
journalist_reply = "s3cr3t message"
encrypted_reply_path = tmp_path / "reply.gpg"
encryption_mgr.encrypt_journalist_reply(
for_source_with_filesystem_id=source_user1.filesystem_id,
reply_in=journalist_reply,
encrypted_reply_path_out=encrypted_reply_path,
)
# And the output file contains the encrypted data
encrypted_reply = encrypted_reply_path.read_bytes()
assert encrypted_reply
# And source1 is able to decrypt the reply
decrypted_reply = encryption_mgr.decrypt_journalist_reply(
for_source_user=source_user1, ciphertext_in=encrypted_reply)
assert decrypted_reply
assert decrypted_reply == journalist_reply
# And source2 is NOT able to decrypt the reply
with pytest.raises(GpgDecryptError):
encryption_mgr.decrypt_journalist_reply(
for_source_user=source_user2, ciphertext_in=encrypted_reply)
# Amd the reply can't be decrypted without providing the source1's gpg secret
result = encryption_mgr._gpg.decrypt(
# For GPG 2.1+, a non-null passphrase _must_ be passed to decrypt()
encrypted_reply,
passphrase="test 123",
)
assert not result.ok
# And the journalist is able to decrypt their reply
with import_journalist_private_key(encryption_mgr):
decrypted_reply_for_journalist = encryption_mgr._gpg.decrypt(
# For GPG 2.1+, a non-null passphrase _must_ be passed to decrypt()
encrypted_reply,
passphrase="test 123",
).data
assert decrypted_reply_for_journalist.decode() == journalist_reply
def save_file_submission(
self,
filesystem_id: str,
count: int,
journalist_filename: str,
filename: typing.Optional[str],
stream: "IO[bytes]",
) -> str:
if filename is not None:
sanitized_filename = secure_filename(filename)
else:
sanitized_filename = secure_filename("unknown.file")
# We store file submissions in a .gz file for two reasons:
#
# 1. Downloading large files over Tor is very slow. If we can
# compress the file, we can speed up future downloads.
#
# 2. We want to record the original filename because it might be
# useful, either for context about the content of the submission
# or for figuring out which application should be used to open
# it. However, we'd like to encrypt that info and have the
# decrypted file automatically have the name of the original
# file. Given various usability constraints in GPG and Tails, this
# is the most user-friendly way we have found to do this.
encrypted_file_name = "{0}-{1}-doc.gz.gpg".format(count, journalist_filename)
encrypted_file_path = self.path(filesystem_id, encrypted_file_name)
with SecureTemporaryFile("/tmp") as stf: # nosec
with gzip.GzipFile(filename=sanitized_filename, mode="wb", fileobj=stf, mtime=0) as gzf:
# Buffer the stream into the gzip file to avoid excessive
# memory consumption
while True:
buf = stream.read(1024 * 8)
if not buf:
break
gzf.write(buf)
EncryptionManager.get_default().encrypt_source_file(
file_in=stf,
encrypted_file_path_out=Path(encrypted_file_path),
)
return encrypted_file_name
def add_source() -> Tuple[Source, str]:
"""
Adds a single source.
"""
codename = PassphraseGenerator.get_default().generate_passphrase()
source_user = create_source_user(
db_session=db.session,
source_passphrase=codename,
source_app_storage=Storage.get_default(),
)
source = source_user.get_db_record()
source.pending = False
db.session.commit()
# Generate source key
EncryptionManager.get_default().generate_source_key_pair(source_user)
return source, codename
def _can_decrypt_with_journalist_secret_key(msg: bytes) -> None:
encryption_mgr = EncryptionManager.get_default()
with import_journalist_private_key(encryption_mgr):
# For GPG 2.1+, a non null passphrase _must_ be passed to decrypt()
decryption_result = encryption_mgr._gpg.decrypt(
msg, passphrase="dummy passphrase")
assert decryption_result.ok, "Could not decrypt msg with key, gpg says: {}".format(
decryption_result.stderr)
def prime_keycache() -> None:
"""Pre-load the source public keys into Redis."""
with app.app_context():
encryption_mgr = EncryptionManager.get_default()
for source in Source.query.filter_by(pending=False, deleted_at=None).all():
try:
encryption_mgr.get_source_public_key(source.filesystem_id)
except GpgKeyNotFoundError:
pass
def download_public_key() -> flask.Response:
journalist_pubkey = EncryptionManager.get_default(
).get_journalist_public_key()
data = BytesIO(journalist_pubkey.encode("utf-8"))
return send_file(
data,
mimetype="application/pgp-keys",
attachment_filename=config.JOURNALIST_KEY + ".asc",
as_attachment=True,
)
def test_source(journalist_app: Flask, app_storage: Storage) -> Dict[str, Any]:
with journalist_app.app_context():
passphrase = PassphraseGenerator.get_default().generate_passphrase()
source_user = create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=app_storage,
)
EncryptionManager.get_default().generate_source_key_pair(source_user)
source = source_user.get_db_record()
return {
"source_user": source_user,
# TODO(AD): Eventually the next keys could be removed as they are in source_user
"source": source,
"codename": passphrase,
"filesystem_id": source_user.filesystem_id,
"uuid": source.uuid,
"id": source.id,
}
def test_unicode_reply_with_ansi_env(journalist_app, source_app, test_journo,
config):
# This makes python-gnupg handle encoding equivalent to if we were
# running SD in an environment where os.getenv("LANG") == "C".
# Unfortunately, with the way our test suite is set up simply setting
# that env var here will not have the desired effect. Instead we
# monkey-patch the GPG object that is called crypto_util to imitate the
# _encoding attribute it would have had it been initialized in a "C"
# environment. See
# https://github.com/freedomofpress/securedrop/issues/1360 for context.
encryption_mgr = EncryptionManager.get_default()
with mock.patch.object(encryption_mgr._gpg, "_encoding", "ansi_x3.4_1968"):
_helper_test_reply(journalist_app, source_app, config, test_journo,
"ᚠᛇᚻ᛫ᛒᛦᚦ᛫ᚠᚱᚩᚠᚢᚱ᛫ᚠᛁᚱᚪ᛫ᚷᛖᚻᚹᛦᛚᚳᚢᛗ", True)
def test_authorized_user_can_add_reply(
journalist_app, journalist_api_token, test_source, test_journo, app_storage
):
with journalist_app.test_client() as app:
source_id = test_source["source"].id
uuid = test_source["source"].uuid
# First we must encrypt the reply, or it will get rejected
# by the server.
encryption_mgr = EncryptionManager.get_default()
source_key = encryption_mgr.get_source_key_fingerprint(test_source["source"].filesystem_id)
reply_content = encryption_mgr._gpg.encrypt("This is a plaintext reply", source_key).data
response = app.post(
url_for("api.all_source_replies", source_uuid=uuid),
data=json.dumps({"reply": reply_content.decode("utf-8")}),
headers=get_api_headers(journalist_api_token),
)
assert response.status_code == 201
# ensure the uuid is present and valid
reply_uuid = UUID(response.json["uuid"])
# check that the uuid has a matching db object
reply = Reply.query.filter_by(uuid=str(reply_uuid)).one_or_none()
assert reply is not None
# check that the filename is present and correct (#4047)
assert response.json["filename"] == reply.filename
with journalist_app.app_context(): # Now verify everything was saved.
assert reply.journalist_id == test_journo["id"]
assert reply.source_id == source_id
# regression test for #3918
assert "/" not in reply.filename
source = Source.query.get(source_id)
expected_filename = "{}-{}-reply.gpg".format(
source.interaction_count, source.journalist_filename
)
expected_filepath = app_storage.path(source.filesystem_id, expected_filename)
with open(expected_filepath, "rb") as fh:
saved_content = fh.read()
assert reply_content == saved_content
def test_delete_source_key_pair(self, source_app, test_source):
# Given a source user with a key pair in the default encryption manager
source_user = test_source["source_user"]
encryption_mgr = EncryptionManager.get_default()
# When using the encryption manager to delete this source user's key pair
# It succeeds
encryption_mgr.delete_source_key_pair(source_user.filesystem_id)
# And the user's key information can no longer be retrieved
with pytest.raises(GpgKeyNotFoundError):
encryption_mgr.get_source_public_key(source_user.filesystem_id)
with pytest.raises(GpgKeyNotFoundError):
encryption_mgr.get_source_key_fingerprint(
source_user.filesystem_id)
with pytest.raises(GpgKeyNotFoundError):
encryption_mgr._get_source_key_details(source_user.filesystem_id)
def test_get_source_public_key(self, test_source):
# Given a source user with a key pair in the default encryption manager
source_user = test_source["source_user"]
encryption_mgr = EncryptionManager.get_default()
# When using the encryption manager to fetch the source user's public key
# It succeeds
source_pub_key = encryption_mgr.get_source_public_key(
source_user.filesystem_id)
assert source_pub_key
assert source_pub_key.startswith("-----BEGIN PGP PUBLIC KEY BLOCK----")
# And the key's fingerprint was saved to Redis
source_key_fingerprint = encryption_mgr._redis.hget(
encryption_mgr.REDIS_FINGERPRINT_HASH, source_user.filesystem_id)
assert source_key_fingerprint
# And the public key was saved to Redis
assert encryption_mgr._redis.hget(encryption_mgr.REDIS_KEY_HASH,
source_key_fingerprint)
def test_submit_message(journalist_app, source_app, test_journo, app_storage):
"""When a source creates an account, test that a new entry appears
in the journalist interface"""
test_msg = "This is a test message."
with source_app.test_client() as app:
app.post("/generate", data=GENERATE_DATA)
tab_id = next(iter(session["codenames"].keys()))
app.post("/create", data={"tab_id": tab_id}, follow_redirects=True)
source_user = SessionManager.get_logged_in_user(db_session=db.session)
filesystem_id = source_user.filesystem_id
# redirected to submission form
resp = app.post(
"/submit",
data=dict(
msg=test_msg,
fh=(BytesIO(b""), ""),
),
follow_redirects=True,
)
assert resp.status_code == 200
app.get("/logout")
# Request the Journalist Interface index
with journalist_app.test_client() as app:
_login_user(app, test_journo)
resp = app.get("/")
assert resp.status_code == 200
text = resp.data.decode("utf-8")
assert "Sources" in text
soup = BeautifulSoup(text, "html.parser")
# The source should have a "download unread" link that
# says "1 unread"
col = soup.select("table#collections tr.source")[0]
unread_span = col.select("td.unread a")[0]
assert "1 unread" in unread_span.get_text()
col_url = soup.select("table#collections th.designation a")[0]["href"]
resp = app.get(col_url)
assert resp.status_code == 200
text = resp.data.decode("utf-8")
soup = BeautifulSoup(text, "html.parser")
submission_url = soup.select(
"table#submissions th.filename a")[0]["href"]
assert "-msg" in submission_url
size = soup.select("table#submissions td.info")[0]
assert re.compile(r"\d+ bytes").match(size["title"])
resp = app.get(submission_url)
assert resp.status_code == 200
encryption_mgr = EncryptionManager.get_default()
with import_journalist_private_key(encryption_mgr):
decryption_result = encryption_mgr._gpg.decrypt(resp.data)
assert decryption_result.ok
assert decryption_result.data.decode("utf-8") == test_msg
# delete submission
resp = app.get(col_url)
assert resp.status_code == 200
text = resp.data.decode("utf-8")
soup = BeautifulSoup(text, "html.parser")
doc_name = soup.select(
'table#submissions > tr.submission > td.status input[name="doc_names_selected"]'
)[0]["value"]
resp = app.post(
"/bulk",
data=dict(
action="delete",
filesystem_id=filesystem_id,
doc_names_selected=doc_name,
),
follow_redirects=True,
)
assert resp.status_code == 200
text = resp.data.decode("utf-8")
soup = BeautifulSoup(text, "html.parser")
assert "The item has been deleted." in text
# confirm that submission deleted and absent in list of submissions
resp = app.get(col_url)
assert resp.status_code == 200
text = resp.data.decode("utf-8")
assert "No submissions to display." in text
# the file should be deleted from the filesystem
# since file deletion is handled by a polling worker, this test
# needs to wait for the worker to get the job and execute it
def assertion():
assert not (os.path.exists(
app_storage.path(filesystem_id, doc_name)))
utils.asynchronous.wait_for_assertion(assertion)
def _source_delete_key(self):
filesystem_id = _SourceScryptManager.get_default(
).derive_source_filesystem_id(self.source_name)
EncryptionManager.get_default().delete_source_key_pair(filesystem_id)
def _helper_test_reply(journalist_app,
source_app,
config,
test_journo,
test_reply,
expected_success=True):
test_msg = "This is a test message."
with source_app.test_client() as app:
app.post("/generate", data=GENERATE_DATA)
tab_id, codename = next(iter(session["codenames"].items()))
app.post("/create", data={"tab_id": tab_id}, follow_redirects=True)
# redirected to submission form
resp = app.post(
"/submit",
data=dict(
msg=test_msg,
fh=(BytesIO(b""), ""),
),
follow_redirects=True,
)
assert resp.status_code == 200
source_user = SessionManager.get_logged_in_user(db_session=db.session)
filesystem_id = source_user.filesystem_id
app.get("/logout")
with journalist_app.test_client() as app:
_login_user(app, test_journo)
resp = app.get("/")
assert resp.status_code == 200
text = resp.data.decode("utf-8")
assert "Sources" in text
soup = BeautifulSoup(resp.data, "html.parser")
col_url = soup.select(
"table#collections tr.source > th.designation a")[0]["href"]
resp = app.get(col_url)
assert resp.status_code == 200
assert EncryptionManager.get_default().get_source_key_fingerprint(
filesystem_id)
# Create 2 replies to test deleting on journalist and source interface
with journalist_app.test_client() as app:
_login_user(app, test_journo)
for i in range(2):
resp = app.post(
"/reply",
data=dict(filesystem_id=filesystem_id, message=test_reply),
follow_redirects=True,
)
assert resp.status_code == 200
if not expected_success:
pass
else:
text = resp.data.decode("utf-8")
assert "The source will receive your reply" in text
resp = app.get(col_url)
text = resp.data.decode("utf-8")
assert "reply-" in text
soup = BeautifulSoup(text, "html.parser")
# Download the reply and verify that it can be decrypted with the
# journalist's key as well as the source's reply key
filesystem_id = soup.select('input[name="filesystem_id"]')[0]["value"]
checkbox_values = [
soup.select('input[name="doc_names_selected"]')[1]["value"]
]
resp = app.post(
"/bulk",
data=dict(filesystem_id=filesystem_id,
action="download",
doc_names_selected=checkbox_values),
follow_redirects=True,
)
assert resp.status_code == 200
zf = zipfile.ZipFile(BytesIO(resp.data), "r")
data = zf.read(zf.namelist()[0])
_can_decrypt_with_journalist_secret_key(data)
_can_decrypt_with_source_secret_key(data, source_user.gpg_secret)
# Test deleting reply on the journalist interface
last_reply_number = len(
soup.select('input[name="doc_names_selected"]')) - 1
_helper_filenames_delete(app, soup, last_reply_number)
with source_app.test_client() as app:
resp = app.post("/login",
data=dict(codename=codename),
follow_redirects=True)
assert resp.status_code == 200
resp = app.get("/lookup")
assert resp.status_code == 200
text = resp.data.decode("utf-8")
if not expected_success:
# there should be no reply
assert "You have received a reply." not in text
else:
assert "You have received a reply. To protect your identity" in text
assert test_reply in text, text
soup = BeautifulSoup(text, "html.parser")
msgid = soup.select(
'form > input[name="reply_filename"]')[0]["value"]
resp = app.post(
"/delete",
data=dict(filesystem_id=filesystem_id, reply_filename=msgid),
follow_redirects=True,
)
assert resp.status_code == 200
text = resp.data.decode("utf-8")
assert "Reply deleted" in text
app.get("/logout")
def reply() -> werkzeug.Response:
"""Attempt to send a Reply from a Journalist to a Source. Empty
messages are rejected, and an informative error message is flashed
on the client. In the case of unexpected errors involving database
transactions (potentially caused by racing request threads that
modify the same the database object) logging is done in such a way
so as not to write potentially sensitive information to disk, and a
generic error message is flashed on the client.
Returns:
flask.Response: The user is redirected to the same Source
collection view, regardless if the Reply is created
successfully.
"""
form = ReplyForm()
if not form.validate_on_submit():
for error in form.message.errors:
flash(error, "error")
return redirect(url_for("col.col", filesystem_id=g.filesystem_id))
g.source.interaction_count += 1
filename = "{0}-{1}-reply.gpg".format(g.source.interaction_count,
g.source.journalist_filename)
EncryptionManager.get_default().encrypt_journalist_reply(
for_source_with_filesystem_id=g.filesystem_id,
reply_in=form.message.data,
encrypted_reply_path_out=Path(Storage.get_default().path(
g.filesystem_id, filename)),
)
try:
reply = Reply(g.user, g.source, filename, Storage.get_default())
db.session.add(reply)
seen_reply = SeenReply(reply=reply, journalist=g.user)
db.session.add(seen_reply)
db.session.commit()
store.async_add_checksum_for_file(reply, Storage.get_default())
except Exception as exc:
flash(
gettext("An unexpected error occurred! Please "
"inform your admin."), "error")
# We take a cautious approach to logging here because we're dealing
# with responses to sources. It's possible the exception message
# could contain information we don't want to write to disk.
current_app.logger.error(
"Reply from '{}' (ID {}) failed: {}!".format(
g.user.username, g.user.id, exc.__class__))
else:
flash(
Markup("<b>{}</b> {}".format(
# Translators: Precedes a message confirming the success of an operation.
escape(gettext("Success!")),
escape(
gettext("The source will receive your reply "
"next time they log in.")),
)),
"success",
)
finally:
return redirect(url_for("col.col", filesystem_id=g.filesystem_id))
def public_key(self) -> "Optional[str]":
try:
return EncryptionManager.get_default().get_source_public_key(
self.filesystem_id)
except GpgKeyNotFoundError:
return None
def key_available(filesystem_id):
assert EncryptionManager.get_default().get_source_key_fingerprint(
filesystem_id)
def test_get_default(self, config):
encryption_mgr = EncryptionManager.get_default()
assert encryption_mgr
assert encryption_mgr.get_journalist_public_key()
