def db_wizard(session, tid, hostname, request): """ Transaction for the handling of wizard request :param session: An ORM session :param tid: A tenant ID :param request: A user request """ language = request['node_language'] node = config.ConfigFactory(session, tid) if tid == 1: root_tenant_node = node encryption = True else: root_tenant_node = node encryption = root_tenant_node.get_val('encryption') if node.get_val('wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val('encryption', encryption) node.set_val('name', request['node_name']) node.set_val('default_language', language) node.set_val('wizard_done', True) node.set_val('enable_developers_exception_notification', request['enable_developers_exception_notification']) node.set_val('hostname', hostname) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val('header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) if encryption: crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair() node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key) admin_desc = models.User().dict(language) admin_desc['username'] = request['admin_username'] admin_desc['name'] = request['admin_name'] admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = 'admin' admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password = GCE.hash_password(request['admin_password'], admin_user.salt) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() if encryption: db_gen_user_keys(session, tid, admin_user, request['admin_password']) admin_user.crypto_escrow_prv_key = Base64Encoder.encode( GCE.asymmetric_encrypt(admin_user.crypto_pub_key, crypto_escrow_prv_key)) receiver_user = None if not request['skip_recipient_account_creation']: receiver_desc = models.User().dict(language) receiver_desc['username'] = request['receiver_username'] receiver_desc['name'] = request['receiver_name'] receiver_desc['password'] = request['receiver_password'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = 'receiver' receiver_desc['pgp_key_remove'] = False receiver_desc['send_account_activation_link'] = receiver_desc[ 'password'] == '' receiver_user = db_create_user(session, tid, receiver_desc, language) if receiver_desc['password']: receiver_user.password = GCE.hash_password( receiver_desc['password'], receiver_user.salt) if encryption: db_gen_user_keys(session, tid, receiver_user, receiver_desc['password']) context_desc = models.Context().dict(language) context_desc['name'] = 'Default' context_desc['status'] = 'enabled' context_desc['receivers'] = [receiver_user.id] if receiver_user else [] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val('mode') if mode not in ['default', 'demo']: node.set_val( 'hostname', tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain')) for varname in [ 'reachable_via_web', 'enable_receipt_hint', 'disable_privacy_badge', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'anonymize_outgoing_connections', 'frame_ancestors', 'password_change_period', 'default_questionnaire', 'enable_password_reset' ]: node.set_val(varname, root_tenant_node.get_val(varname)) context.questionnaire_id = root_tenant_node.get_val( 'default_questionnaire') # Set data retention policy to 18 months context.tip_timetolive = 540 # Delete the admin user request['admin_password'] = '' session.delete(admin_user) if receiver_user is not None: # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set the recipient name equal to the node name receiver_user.name = receiver_user.public_name = request[ 'node_name'] # Apply the specific fixes related to whistleblowing.it projects if mode == 'whistleblowing.it': node.set_val('simplified_login', True) node.set_val('tor', False) db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if tid != 1: root_tenant_node = config.ConfigFactory(session, 1) else: root_tenant_node = node if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = u'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val(u'mode') if mode != u'default': node.set_val( u'hostname', tenant.subdomain + '.' + root_tenant_node.get_val(u'rootdomain')) for varname in [ 'reachable_via_web', 'disable_key_code_hint', 'disable_privacy_badge', 'disable_donation_panel', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'enable_user_pgp_key_upload', 'allow_unencrypted', 'anonymize_outgoing_connections', 'allow_iframes_inclusion', 'password_change_period', 'default_questionnaire' ]: node.set_val(varname, root_tenant_node.get_val(varname)) context.questionnaire_id = root_tenant_node.get_val( u'default_questionnaire') # Apply the general settings to apply on all mode != default if mode != u'default': # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 # Apply the specific fixes related to whistleblowing.it projects if mode == u'whistleblowing.it': node.set_val(u'simplified_login', True) node.set_val(u'tor', False) # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True # Set the recipient name equal to the node name receiver_user.name = request['node_name'] # Delete the admin user session.delete(admin_user) db_refresh_memory_variables(session, [tid])