def receiver_add(self, store): r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en') receiver_user = models.User(self.dummyReceiverUser_1) receiver_user.last_login = self.dummyReceiverUser_1['last_login'] receiver_user.password_change_date = self.dummyReceiverUser_1[ 'password_change_date'] receiver_user.mail_address = self.dummyReceiverUser_1['mail_address'] receiver_user.username = str( self.receiver_inc) + self.dummyReceiver_1['mail_address'] receiver_user.password = self.dummyReceiverUser_1['password'] store.add(receiver_user) receiver = models.Receiver(r) receiver.user = receiver_user receiver.pgp_key_status = u'disabled' receiver.mail_address = self.dummyReceiver_1['mail_address'] store.add(receiver) self.receiver_inc += 1 return receiver.id
def db_create_user(session, tid, request, language): """ Transaction for creating a new user :param session: An ORM session :param tid: A tenant ID :param request: The request data :param language: The language of the request :return: The serialized descriptor of the created object """ request['tid'] = tid fill_localized_keys(request, models.User.localized_keys, language) if not request['public_name']: request['public_name'] = request['name'] user = models.User(request) if not request['username']: user.username = user.id = uuid4() user.salt = GCE.generate_salt() user.language = request['language'] # The various options related in manage PGP keys are used here. parse_pgp_options(user, request) session.add(user) session.flush() if request.get('send_account_activation_link', False): db_generate_password_reset_token(session, user) return user
def create_receiver_with_contexts(self, store): c = self.localization_set(self.dummyContext, models.Context, 'en') r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en') u = self.localization_set(self.dummyReceiverUser_1, models.User, 'en') receiver_user = models.User(u) # Avoid receivers with the same username! receiver_user.username = u'xxx' receiver_user.password = self.dummyReceiverUser_1['password'] receiver_user.salt = self.dummyReceiverUser_1['salt'] store.add(receiver_user) receiver = models.Receiver(r) receiver.user = receiver_user receiver.user.pgp_key_expiration = "1970-01-01 00:00:00.000000" receiver.user.pgp_key_fingerprint = "" receiver.user.pgp_key_public = "" receiver.mail_address = u'*****@*****.**' context1 = models.Context(c) context1.questionnaire_id = db_get_default_questionnaire_id(store) context1.tip_timetolive = 1000 context1.description = context1.name = \ context1.submission_disclaimer = \ context1.submission_introduction = {'en': 'Valar Morghulis'} context2 = models.Context(c) context2.questionnaire_id = db_get_default_questionnaire_id(store) context2.tip_timetolive = 1000 context2.description = context2.name = \ context2.submission_disclaimer = \ context2.submission_introduction = {'en': 'Valar Dohaeris'} receiver.contexts.add(context1) receiver.contexts.add(context2) store.add(receiver) return receiver.id
def init_db(store, result, node_dict, appdata_dict): """ """ node = models.Node(node_dict) node.languages_enabled = GLSettings.defaults.languages_enabled node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) node.wizard_done = GLSettings.skip_wizard for k in appdata_dict['node']: setattr(node, k, appdata_dict['node'][k]) store.add(node) admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) admin_password = hash_password(u"globaleaks", admin_salt) admin_dict = { 'username': u'admin', 'password': admin_password, 'salt': admin_salt, 'role': u'admin', 'state': u'enabled', 'mail_address': u'', 'language': u"en", 'timezone': 0, 'password_change_needed': False, } admin = models.User(admin_dict) store.add(admin) notification = models.Notification() for k in appdata_dict['templates']: setattr(notification, k, appdata_dict['templates'][k]) store.add(notification)
def receiver_add(self, store): u = self.localization_set(self.dummyReceiverUser_1, models.User, 'en') receiver_user = models.User(u) receiver_user.mail_address = self.dummyReceiverUser_1['mail_address'] receiver_user.username = str( self.receiver_inc) + self.dummyReceiver_1['mail_address'] receiver_user.password = self.dummyReceiverUser_1['password'] receiver_user.salt = self.dummyReceiverUser_1['salt'] store.add(receiver_user) r = self.localization_set(self.dummyReceiver_1, models.Receiver, 'en') receiver = models.Receiver(r) receiver.user = receiver_user receiver.user.pgp_key_expiration = "1970-01-01 00:00:00.000000" receiver.user.pgp_key_fingerprint = "" receiver.user.pgp_key_public = "" receiver.mail_address = self.dummyReceiver_1['mail_address'] store.add(receiver) self.receiver_inc += 1 return receiver.id
def db_wizard(session, state, tid, request, client_using_tor, language): node = config.ConfigFactory(session, tid, 'node') if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node.set_val(u'disable_encryption_warnings', not client_using_tor) node_l10n = config.NodeL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False _, receiver = db_create_receiver_user(session, state, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['name'] = u'Default' context_desc['receivers'] = [receiver.id] db_create_context(session, state, tid, context_desc, language) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_desc['password_change_needed'] = False db_create_user(session, state, tid, admin_desc, language) db_refresh_memory_variables(session, [tid])
def db_create_receiver(store, request, language=GLSetting.memory_copy.default_language): """ Creates a new receiver. Returns: (dict) the configured receiver """ mo = structures.Rosetta() mo.acquire_request(language, request, Receiver) for attr in mo.get_localized_attrs(): request[attr] = mo.get_localized_dict(attr) mail_address = request['mail_address'] # Pretend that username is unique: homonymous = store.find(User, User.username == mail_address).count() if homonymous: log.err( "Creation error: already present receiver with the requested username: %s" % mail_address) raise errors.ExpectedUniqueField('mail_address', mail_address) password = request.get('password') security.check_password_format(password) receiver_salt = security.get_salt(rstr.xeger('[A-Za-z0-9]{56}')) receiver_password = security.hash_password(password, receiver_salt) receiver_user_dict = { 'username': mail_address, 'password': receiver_password, 'salt': receiver_salt, 'role': u'receiver', 'state': u'enabled', } receiver_user = models.User(receiver_user_dict) receiver_user.last_login = datetime_null() store.add(receiver_user) receiver = Receiver(request) receiver.user = receiver_user receiver.mail_address = mail_address receiver.tags = request['tags'] # The various options related in manage GPG keys are used here. gpg_options_parse(receiver, request) log.debug("Creating receiver %s" % receiver.user.username) store.add(receiver) create_random_receiver_portrait(receiver.id) contexts = request.get('contexts', []) for context_id in contexts: context = store.find(Context, Context.id == context_id).one() if not context: log.err("Creation error: invalid Context can't be associated") raise errors.ContextIdNotFound context.receivers.add(receiver) return admin_serialize_receiver(receiver, language)
def init_db(store, result, node_dict, appdata_dict): """ TODO refactor with languages the email_template, develop a dedicated function outside the node, and inquire f*****g YHWH about the callbacks existence/usage """ node = models.Node(node_dict) for k in appdata_dict['node']: setattr(node, k, appdata_dict['node'][k]) node.languages_enabled = GLSetting.defaults.languages_enabled node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) node.wizard_done = GLSetting.skip_wizard node.creation_date = datetime_now() store.add(node) admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) admin_password = hash_password(u"globaleaks", admin_salt) admin_dict = { 'username': u'admin', 'password': admin_password, 'salt': admin_salt, 'role': u'admin', 'state': u'enabled', 'language': u"en", 'timezone': 0, 'password_change_needed': False, } admin = models.User(admin_dict) admin.last_login = datetime_null() admin.password_change_date = datetime_null() store.add(admin) notification = models.Notification() # our defaults for free, because we're like Gandhi of the mail accounts. notification.server = "mail.headstrong.de" notification.port = 587 # port 587/SMTP-TLS or 465/SMTPS notification.username = "******" notification.password = "******" notification.security = "TLS" notification.source_name = "Default GlobaLeaks sender" notification.source_email = notification.username # Those fields are sets as default in order to show to the Admin the various # 'variables' used in the template. for k in appdata_dict['templates']: setattr(notification, k, appdata_dict['templates'][k]) store.add(notification)
def db_wizard(session, tid, hostname, request): """ Transaction for the handling of wizard request :param session: An ORM session :param tid: A tenant ID :param request: A user request """ language = request['node_language'] node = config.ConfigFactory(session, tid) if tid == 1: root_tenant_node = node encryption = True else: root_tenant_node = node encryption = root_tenant_node.get_val('encryption') if node.get_val('wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val('encryption', encryption) node.set_val('name', request['node_name']) node.set_val('default_language', language) node.set_val('wizard_done', True) node.set_val('enable_developers_exception_notification', request['enable_developers_exception_notification']) node.set_val('hostname', hostname) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val('header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) if encryption: crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair() node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key) admin_desc = models.User().dict(language) admin_desc['username'] = request['admin_username'] admin_desc['name'] = request['admin_name'] admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = 'admin' admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password = GCE.hash_password(request['admin_password'], admin_user.salt) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() if encryption: db_gen_user_keys(session, tid, admin_user, request['admin_password']) admin_user.crypto_escrow_prv_key = Base64Encoder.encode( GCE.asymmetric_encrypt(admin_user.crypto_pub_key, crypto_escrow_prv_key)) receiver_user = None if not request['skip_recipient_account_creation']: receiver_desc = models.User().dict(language) receiver_desc['username'] = request['receiver_username'] receiver_desc['name'] = request['receiver_name'] receiver_desc['password'] = request['receiver_password'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = 'receiver' receiver_desc['pgp_key_remove'] = False receiver_desc['send_account_activation_link'] = receiver_desc[ 'password'] == '' receiver_user = db_create_user(session, tid, receiver_desc, language) if receiver_desc['password']: receiver_user.password = GCE.hash_password( receiver_desc['password'], receiver_user.salt) if encryption: db_gen_user_keys(session, tid, receiver_user, receiver_desc['password']) context_desc = models.Context().dict(language) context_desc['name'] = 'Default' context_desc['status'] = 'enabled' context_desc['receivers'] = [receiver_user.id] if receiver_user else [] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val('mode') if mode not in ['default', 'demo']: node.set_val( 'hostname', tenant.subdomain + '.' + root_tenant_node.get_val('rootdomain')) for varname in [ 'reachable_via_web', 'enable_receipt_hint', 'disable_privacy_badge', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'anonymize_outgoing_connections', 'frame_ancestors', 'password_change_period', 'default_questionnaire', 'enable_password_reset' ]: node.set_val(varname, root_tenant_node.get_val(varname)) context.questionnaire_id = root_tenant_node.get_val( 'default_questionnaire') # Set data retention policy to 18 months context.tip_timetolive = 540 # Delete the admin user request['admin_password'] = '' session.delete(admin_user) if receiver_user is not None: # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set the recipient name equal to the node name receiver_user.name = receiver_user.public_name = request[ 'node_name'] # Apply the specific fixes related to whistleblowing.it projects if mode == 'whistleblowing.it': node.set_val('simplified_login', True) node.set_val('tor', False) db_refresh_memory_variables(session, [tid])
def db_wizard(session, tid, request, client_using_tor, language): language = request['node_language'] node = config.ConfigFactory(session, tid) if tid != 1: root_tenant_node = config.ConfigFactory(session, 1) else: root_tenant_node = node if node.get_val(u'wizard_done'): log.err("DANGER: Wizard already initialized!", tid=tid) raise errors.ForbiddenOperation db_update_enabled_languages(session, tid, [language], language) node.set_val(u'name', request['node_name']) node.set_val(u'default_language', language) node.set_val(u'wizard_done', True) node.set_val(u'enable_developers_exception_notification', request['enable_developers_exception_notification']) # Guess Tor configuration from thee media used on first configuration and # if the user is using Tor preserve node anonymity and perform outgoing connections via Tor node.set_val(u'reachable_via_web', not client_using_tor) node.set_val(u'allow_unencrypted', not client_using_tor) node.set_val(u'anonymize_outgoing_connections', client_using_tor) node_l10n = config.ConfigL10NFactory(session, tid) node_l10n.set_val(u'header_title_homepage', language, request['node_name']) profiles.load_profile(session, tid, request['profile']) admin_desc = models.User().dict(language) admin_desc['name'] = request['admin_name'] admin_desc['username'] = u'admin' admin_desc['password'] = request['admin_password'] admin_desc['name'] = request['admin_name'] admin_desc['mail_address'] = request['admin_mail_address'] admin_desc['language'] = language admin_desc['role'] = u'admin' admin_desc['deletable'] = False admin_desc['pgp_key_remove'] = False admin_user = db_create_user(session, tid, admin_desc, language) admin_user.password_change_needed = False admin_user.password_change_date = datetime_now() receiver_desc = models.User().dict(language) receiver_desc['name'] = request['receiver_name'] receiver_desc['username'] = u'recipient' receiver_desc['password'] = request['receiver_password'] receiver_desc['name'] = request['receiver_name'] receiver_desc['mail_address'] = request['receiver_mail_address'] receiver_desc['language'] = language receiver_desc['role'] = u'receiver' receiver_desc['deletable'] = True receiver_desc['pgp_key_remove'] = False receiver_user = db_create_user(session, tid, receiver_desc, language) context_desc = models.Context().dict(language) context_desc['status'] = 1 context_desc['name'] = u'Default' context_desc['receivers'] = [receiver_user.id] context = db_create_context(session, tid, context_desc, language) # Root tenants initialization terminates here if tid == 1: db_refresh_memory_variables(session, [tid]) return # Secondary tenants initialization starts here tenant = models.db_get(session, models.Tenant, models.Tenant.id == tid) tenant.label = request['node_name'] mode = node.get_val(u'mode') if mode != u'default': node.set_val( u'hostname', tenant.subdomain + '.' + root_tenant_node.get_val(u'rootdomain')) for varname in [ 'reachable_via_web', 'disable_key_code_hint', 'disable_privacy_badge', 'disable_donation_panel', 'simplified_login', 'can_delete_submission', 'can_postpone_expiration', 'enable_user_pgp_key_upload', 'allow_unencrypted', 'anonymize_outgoing_connections', 'allow_iframes_inclusion', 'password_change_period', 'default_questionnaire' ]: node.set_val(varname, root_tenant_node.get_val(varname)) context.questionnaire_id = root_tenant_node.get_val( u'default_questionnaire') # Apply the general settings to apply on all mode != default if mode != u'default': # Enable the recipient user to configure platform general settings receiver_user.can_edit_general_settings = True # Set data retention policy to 18 months context.tip_timetolive = 540 # Apply the specific fixes related to whistleblowing.it projects if mode == u'whistleblowing.it': node.set_val(u'simplified_login', True) node.set_val(u'tor', False) # Enable recipients to load files to the whistleblower context.enable_rc_to_wb_files = True # Set the recipient name equal to the node name receiver_user.name = request['node_name'] # Delete the admin user session.delete(admin_user) db_refresh_memory_variables(session, [tid])
def db_create_user(session, tid, request, language): """ Transaction for creating a new user :param session: An ORM session :param tid: A tenant ID :param request: The request data :param language: The language of the request :return: The serialized descriptor of the created object """ request['tid'] = tid fill_localized_keys(request, models.User.localized_keys, language) if request['username']: user = session.query(models.User).filter( models.User.username == request['username'], models.User.tid == tid).one_or_none() if user is not None: raise errors.InputValidationError('Username already in use') user = models.User({ 'tid': tid, 'username': request['username'], 'role': request['role'], 'state': 'enabled', 'name': request['name'], 'description': request['description'], 'public_name': request['public_name'] if request['public_name'] else request['name'], 'language': language, 'password_change_needed': request['password_change_needed'], 'mail_address': request['mail_address'], 'can_edit_general_settings': request['can_edit_general_settings'] }) if not request['username']: user.username = user.id = uuid4() user.salt = GCE.generate_salt() # The various options related in manage PGP keys are used here. parse_pgp_options(user, request) session.add(user) session.flush() if request.get('send_account_activation_link', False): db_generate_password_reset_token(session, user) return user
def initialize_node(store, results, only_node, templates, appdata): """ TODO refactor with languages the email_template, develop a dedicated function outside the node, and inquire f*****g YHWH about the callbacks existence/usage """ node = models.Node(only_node) log.debug("Inizializing ApplicationData") new_appdata = ApplicationData() new_appdata.fields = appdata['fields'] new_appdata.version = appdata['version'] store.add(new_appdata) if 'node_presentation' in appdata: node.presentation = appdata['node_presentation'] if 'node_footer' in appdata: node.footer = appdata['node_footer'] if 'node_subtitle' in appdata: node.subtitle = appdata['node_subtitle'] node.languages_enabled = GLSetting.defaults.languages_enabled node.receipt_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) node.wizard_done = GLSetting.skip_wizard node.creation_date = datetime_now() store.add(node) admin_salt = get_salt(rstr.xeger('[A-Za-z0-9]{56}')) admin_password = hash_password(u"globaleaks", admin_salt) admin_dict = { 'username': u'admin', 'password': admin_password, 'salt': admin_salt, 'role': u'admin', 'state': u'enabled', } admin = models.User(admin_dict) admin.last_login = datetime_null() store.add(admin) notification = models.Notification() # our defaults for free, because we're like Gandhi of the mail accounts. notification.server = "mail.headstrong.de" notification.port = 587 # port 587/SMTP-TLS or 465/SMTPS notification.username = "******" notification.password = "******" notification.security = "TLS" notification.source_name = "Default GlobaLeaks sender" notification.source_email = notification.username # Those fields are sets as default in order to show to the Admin the various # 'variables' used in the template. notification.encrypted_tip_template = { GLSetting.memory_copy.default_language: templates['encrypted_tip'] } notification.encrypted_tip_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: new Tip (Encrypted)" } notification.plaintext_tip_template = { GLSetting.memory_copy.default_language: templates['plaintext_tip'] } notification.plaintext_tip_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: new ClearText" } notification.encrypted_message_template = { GLSetting.memory_copy.default_language: templates['encrypted_message'] } notification.encrypted_message_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message (Encrypted)" } notification.plaintext_message_template = { GLSetting.memory_copy.default_language: templates['plaintext_message'] } notification.plaintext_message_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: New message" } notification.encrypted_file_template = { GLSetting.memory_copy.default_language: templates['encrypted_file'] } notification.encrypted_file_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached (Encrypted)" } notification.plaintext_file_template = { GLSetting.memory_copy.default_language: templates['plaintext_file'] } notification.plaintext_file_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: File attached" } notification.encrypted_comment_template = { GLSetting.memory_copy.default_language: templates['encrypted_comment'] } notification.encrypted_comment_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment (Encrypted)" } notification.plaintext_comment_template = { GLSetting.memory_copy.default_language: templates['plaintext_comment'] } notification.plaintext_comment_mail_title = { GLSetting.memory_copy.default_language: "[Tip %TipNum%] for %ReceiverName% in %ContextName%: New comment" } notification.zip_description = { GLSetting.memory_copy.default_language: templates['zip_collection'] } store.add(notification)