def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] != '' else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
password = request['password']
if len(password) == 0:
password = GLSettings.memory_copy.default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
user = models.User({
'username': request['username'],
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'public_name': request['public_name'] if request['public_name'] else request['name'],
'language': language,
'password_change_needed': request['password_change_needed'],
'mail_address': request['mail_address']
})
if not request['username']:
user.username = user.id
password = request['password'] if request['password'] else State.tenant_cache[1].default_password
user.salt = security.generateRandomSalt()
user.password = security.hash_password(password, user.salt)
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
store.add(user)
return user
def test_pass_hash(self):
dummy_password = "******"
dummy_salt = generateRandomSalt()
sure_bin = scrypt.hash(dummy_password, dummy_salt)
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt)
self.assertEqual(sure, not_sure)
def test_pass_hash(self):
dummy_password = "******"
dummy_salt = generateRandomSalt()
sure_bin = scrypt.hash(dummy_password, dummy_salt)
sure = binascii.b2a_hex(sure_bin)
not_sure = hash_password(dummy_password, dummy_salt)
self.assertEqual(sure, not_sure)
def test_valid_password(self):
dummy_password = dummy_salt_input = \
"http://blog.transparency.org/wp-content/uploads/2010/05/A2_Whistelblower_poster.jpg"
dummy_salt = generateRandomSalt()
hashed_once = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
hashed_twice = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
self.assertTrue(hashed_once, hashed_twice)
self.assertTrue(check_password(dummy_password, dummy_salt, hashed_once))
def test_valid_password(self):
dummy_password = dummy_salt_input = \
"http://blog.transparency.org/wp-content/uploads/2010/05/A2_Whistelblower_poster.jpg"
dummy_salt = generateRandomSalt()
hashed_once = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
hashed_twice = binascii.b2a_hex(scrypt.hash(dummy_password, dummy_salt))
self.assertTrue(hashed_once, hashed_twice)
self.assertTrue(check_password(dummy_password, dummy_salt, hashed_once))
def test_change_password_fail_with_invalid_old_password(self):
dummy_salt_input = "xxxxxxxx"
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
self.assertRaises(errors.InvalidOldPassword, change_password, hashed1,
"invalid_old_pass", second_pass, dummy_salt_input)
def test_change_password_fail_with_invalid_old_password(self):
dummy_salt_input = "xxxxxxxx"
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
self.assertRaises(errors.InvalidOldPassword, change_password, hashed1, "invalid_old_pass", second_pass,
dummy_salt_input)
def init_db(store):
db_create_tables(store)
appdata_dict = db_update_appdata(store)
log.debug("Performing database initialization...")
node = models.Node()
node.wizard_done = GLSettings.skip_wizard
node.receipt_salt = generateRandomSalt()
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
logo = ''
with open(os.path.join(GLSettings.client_path, 'logo.png'), 'r') as logo_file:
logo = logo_file.read()
node.logo = models.File()
node.logo.data = base64.b64encode(logo)
store.add(node)
store.add(notification)
admin_dict = {
'username': u'admin',
'password': u'globaleaks',
'deeletable': False,
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'description': u'',
'mail_address': u'',
'language': node.default_language,
'timezone': node.default_timezone,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_status': 'disabled',
'pgp_key_info': '',
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
admin = db_create_admin_user(store, admin_dict, node.default_language)
admin.password_change_needed = False
def test_change_password(self):
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
hashed2 = change_password(hashed1, first_pass, second_pass, dummy_salt)
# verify that second stored pass is the same
self.assertEqual(
hashed2, binascii.b2a_hex(scrypt.hash(str(second_pass),
dummy_salt)))
def test_change_password(self):
first_pass = helpers.VALID_PASSWORD1
second_pass = helpers.VALID_PASSWORD2
dummy_salt = generateRandomSalt()
# as first we hash a "first_password" like has to be:
hashed1 = binascii.b2a_hex(scrypt.hash(str(first_pass), dummy_salt))
# now emulate the change unsing the globaleaks.security module
hashed2 = change_password(hashed1, first_pass, second_pass, dummy_salt)
# verify that second stored pass is the same
self.assertEqual(
hashed2,
binascii.b2a_hex(scrypt.hash(str(second_pass), dummy_salt))
)
def init_db(store):
if GLSettings.db_type == 'sqlite':
db_create_tables(store)
appdata_dict = db_init_appdata(store)
log.debug("Performing database initialization...")
node = models.Node()
node.wizard_done = GLSettings.skip_wizard
node.receipt_salt = generateRandomSalt()
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(node)
store.add(notification)
load_default_questionnaires(store)
load_default_fields(store)
admin_dict = {
'username': u'admin',
'password': u'globaleaks',
'deeletable': False,
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'description': u'',
'mail_address': u'',
'language': node.default_language,
'timezone': node.default_timezone,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_status': 'disabled',
'pgp_key_info': '',
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
admin = db_create_admin(store, admin_dict, node.default_language)
admin.password_change_needed = False
def init_db(store):
if GLSettings.db_type == 'sqlite':
db_create_tables(store)
appdata_dict = db_init_appdata(store)
log.debug("Performing database initialization...")
node = models.Node()
node.wizard_done = GLSettings.skip_wizard
node.receipt_salt = generateRandomSalt()
for k in appdata_dict['node']:
setattr(node, k, appdata_dict['node'][k])
notification = models.Notification()
for k in appdata_dict['templates']:
setattr(notification, k, appdata_dict['templates'][k])
store.add(node)
store.add(notification)
load_default_questionnaires(store)
load_default_fields(store)
admin_dict = {
'username': u'admin',
'password': u'globaleaks',
'deeletable': False,
'role': u'admin',
'state': u'enabled',
'deletable': False,
'name': u'Admin',
'description': u'',
'mail_address': u'',
'language': node.default_language,
'timezone': node.default_timezone,
'password_change_needed': False,
'pgp_key_remove': False,
'pgp_key_status': 'disabled',
'pgp_key_info': '',
'pgp_key_fingerprint': '',
'pgp_key_public': '',
'pgp_key_expiration': datetime_null()
}
admin = db_create_admin(store, admin_dict, node.default_language)
admin.password_change_needed = False
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.generateRandomSalt()
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
def db_create_user(store, request, language):
fill_localized_keys(request, models.User.localized_keys, language)
password = request['password']
if len(password) and password != GLSettings.default_password:
security.check_password_format(password)
else:
password = GLSettings.default_password
password_salt = security.generateRandomSalt()
password_hash = security.hash_password(password, password_salt)
user = models.User({
'username': request['username'],
'password': password_hash,
'salt': password_salt,
'role': request['role'],
'state': u'enabled',
'deletable': request['deletable'],
'name': request['name'],
'description': request['description'],
'language': u'en',
'timezone': 0,
'password_change_needed': True,
'mail_address': request['mail_address']
})
if request['username'] == '':
user.username = user.id
# The various options related in manage PGP keys are used here.
parse_pgp_options(user, request)
create_user_picture(user.id)
store.add(user)
return user
from datetime import timedelta
from twisted.web.test.requesthelper import DummyRequest
from twisted.internet import threads, defer, task
from twisted.internet.address import IPv4Address
from twisted.internet.defer import inlineCallbacks, Deferred, returnValue
from twisted.trial import unittest
from twisted.internet.protocol import ProcessProtocol
from storm.twisted.testing import FakeThreadPool
## constants
VALID_PASSWORD1 = u'ACollectionOfDiplomaticHistorySince_1966_ToThe_Pr esentDay#'
VALID_PASSWORD2 = VALID_PASSWORD1
VALID_SALT1 = security.generateRandomSalt()
VALID_SALT2 = security.generateRandomSalt()
VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1)
VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2)
VALID_BASE64_IMG = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVQYV2NgYAAAAAMAAWgmWQ0AAAAASUVORK5CYII='
INVALID_PASSWORD = u'antani'
PGPKEYS = {}
DATA_DIR = os.path.join(TEST_DIR, 'data')
kp = os.path.join(DATA_DIR, 'gpg')
for filename in os.listdir(kp):
with open(os.path.join(kp, filename)) as pgp_file:
PGPKEYS[filename] = unicode(pgp_file.read())
def deferred_sleep_mock(seconds):
from globaleaks.handlers.admin.user import create_admin, create_custodian
from globaleaks.handlers.submission import create_submission, serialize_usertip, \
serialize_internalfile, serialize_receiverfile
from globaleaks.rest.apicache import GLApiCache
from globaleaks.settings import GLSettings
from globaleaks.security import GLSecureTemporaryFile, generateRandomKey, generateRandomSalt
from globaleaks.utils import tempdict, token, mailutils
from globaleaks.utils.structures import fill_localized_keys
from globaleaks.utils.utility import sum_dicts, datetime_null, datetime_now, log
from . import TEST_DIR
## constants
VALID_PASSWORD1 = u'justapasswordwithaletterandanumberandbiggerthan8chars'
VALID_PASSWORD2 = u'justap455w0rdwithaletterandanumberandbiggerthan8chars'
VALID_SALT1 = security.generateRandomSalt()
VALID_SALT2 = security.generateRandomSalt()
VALID_HASH1 = security.hash_password(VALID_PASSWORD1, VALID_SALT1)
VALID_HASH2 = security.hash_password(VALID_PASSWORD2, VALID_SALT2)
INVALID_PASSWORD = u'antani'
FIXTURES_PATH = os.path.join(TEST_DIR, 'fixtures')
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key1.txt')) as pgp_file:
VALID_PGP_KEY1 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/valid_pgp_key2.txt')) as pgp_file:
VALID_PGP_KEY2 = unicode(pgp_file.read())
with open(os.path.join(TEST_DIR, 'keys/expired_pgp_key.txt')) as pgp_file:
EXPIRED_PGP_KEY = unicode(pgp_file.read())
