def submit():
msg = request.form['msg']
fh = request.files['fh']
# Don't submit anything if it was an "empty" submission. #878
if not (msg or fh):
flash(
gettext(
"You must enter a message or choose a file to submit."),
"error")
return redirect(url_for('main.lookup'))
fnames = []
journalist_filename = g.source.journalist_filename
first_submission = g.source.interaction_count == 0
if msg:
g.source.interaction_count += 1
fnames.append(
store.save_message_submission(g.filesystem_id,
g.source.interaction_count,
journalist_filename, msg))
if fh:
g.source.interaction_count += 1
fnames.append(
store.save_file_submission(g.filesystem_id,
g.source.interaction_count,
journalist_filename, fh.filename,
fh.stream))
if first_submission:
msg = render_template('first_submission_flashed_message.html')
flash(Markup(msg), "success")
else:
if msg and not fh:
html_contents = gettext('Thanks! We received your message.')
elif not msg and fh:
html_contents = gettext('Thanks! We received your document.')
else:
html_contents = gettext('Thanks! We received your message and '
'document.')
msg = render_template('next_submission_flashed_message.html',
html_contents=html_contents)
flash(Markup(msg), "success")
for fname in fnames:
submission = Submission(g.source, fname)
db_session.add(submission)
if g.source.pending:
g.source.pending = False
# Generate a keypair now, if there's enough entropy (issue #303)
# (gpg reads 300 bytes from /dev/random)
entropy_avail = get_entropy_estimate()
if entropy_avail >= 2400:
async_genkey(g.filesystem_id, g.codename)
current_app.logger.info(
"generating key, entropy: {}".format(entropy_avail))
else:
current_app.logger.warn(
"skipping key generation. entropy: {}".format(
entropy_avail))
g.source.last_updated = datetime.utcnow()
db_session.commit()
normalize_timestamps(g.filesystem_id)
return redirect(url_for('main.lookup'))
def submit() -> werkzeug.Response:
allow_document_uploads = current_app.instance_config.allow_document_uploads
form = SubmissionForm()
if not form.validate():
for field, errors in form.errors.items():
for error in errors:
flash(error, "error")
return redirect(url_for('main.lookup'))
msg = request.form['msg']
fh = None
if allow_document_uploads and 'fh' in request.files:
fh = request.files['fh']
# Don't submit anything if it was an "empty" submission. #878
if not (msg or fh):
if allow_document_uploads:
flash(
gettext(
"You must enter a message or choose a file to submit."
), "error")
else:
flash(gettext("You must enter a message."), "error")
return redirect(url_for('main.lookup'))
fnames = []
journalist_filename = g.source.journalist_filename
first_submission = g.source.interaction_count == 0
if msg:
g.source.interaction_count += 1
fnames.append(
current_app.storage.save_message_submission(
g.filesystem_id, g.source.interaction_count,
journalist_filename, msg))
if fh:
g.source.interaction_count += 1
fnames.append(
current_app.storage.save_file_submission(
g.filesystem_id, g.source.interaction_count,
journalist_filename, fh.filename, fh.stream))
if first_submission:
flash_message = render_template(
'first_submission_flashed_message.html')
flash(Markup(flash_message), "success")
else:
if msg and not fh:
html_contents = gettext('Thanks! We received your message.')
elif fh and not msg:
html_contents = gettext('Thanks! We received your document.')
else:
html_contents = gettext('Thanks! We received your message and '
'document.')
flash_message = render_template(
'next_submission_flashed_message.html',
html_contents=html_contents)
flash(Markup(flash_message), "success")
new_submissions = []
for fname in fnames:
submission = Submission(g.source, fname)
db.session.add(submission)
new_submissions.append(submission)
if g.source.pending:
g.source.pending = False
# Generate a keypair now, if there's enough entropy (issue #303)
# (gpg reads 300 bytes from /dev/random)
entropy_avail = get_entropy_estimate()
if entropy_avail >= 2400:
db_uri = current_app.config['SQLALCHEMY_DATABASE_URI']
async_genkey(current_app.crypto_util, db_uri, g.filesystem_id,
g.codename)
current_app.logger.info(
"generating key, entropy: {}".format(entropy_avail))
else:
current_app.logger.warning(
"skipping key generation. entropy: {}".format(
entropy_avail))
g.source.last_updated = datetime.utcnow()
db.session.commit()
for sub in new_submissions:
store.async_add_checksum_for_file(sub)
normalize_timestamps(g.filesystem_id)
return redirect(url_for('main.lookup'))
def submit(logged_in_source: SourceUser) -> werkzeug.Response:
allow_document_uploads = InstanceConfig.get_default().allow_document_uploads
form = SubmissionForm()
if not form.validate():
for field, errors in form.errors.items():
for error in errors:
flash_msg("error", None, error)
return redirect(url_for("main.lookup"))
msg = request.form["msg"]
fh = None
if allow_document_uploads and "fh" in request.files:
fh = request.files["fh"]
# Don't submit anything if it was an "empty" submission. #878
if not (msg or fh):
if allow_document_uploads:
html_contents = gettext("You must enter a message or choose a file to submit.")
else:
html_contents = gettext("You must enter a message.")
flash_msg("error", None, html_contents)
return redirect(url_for("main.lookup"))
fnames = []
logged_in_source_in_db = logged_in_source.get_db_record()
first_submission = logged_in_source_in_db.interaction_count == 0
if first_submission:
min_len = InstanceConfig.get_default().initial_message_min_len
if (min_len > 0) and (msg and not fh) and (len(msg) < min_len):
flash_msg(
"error",
None,
gettext("Your first message must be at least {} characters long.").format(
min_len
),
)
return redirect(url_for("main.lookup"))
# if the new_user_codename key is not present in the session, this is
# not a first session
new_codename = session.get("new_user_codename", None)
codenames_rejected = InstanceConfig.get_default().reject_message_with_codename
if new_codename is not None:
if codenames_rejected and codename_detected(msg, new_codename):
flash_msg(
"error",
None,
gettext("Please do not submit your codename!"),
gettext(
"Keep your codename secret, and use it to log in later to "
"check for replies."
),
)
return redirect(url_for("main.lookup"))
if not os.path.exists(Storage.get_default().path(logged_in_source.filesystem_id)):
current_app.logger.debug(
"Store directory not found for source '{}', creating one.".format(
logged_in_source_in_db.journalist_designation
)
)
os.mkdir(Storage.get_default().path(logged_in_source.filesystem_id))
if msg:
logged_in_source_in_db.interaction_count += 1
fnames.append(
Storage.get_default().save_message_submission(
logged_in_source_in_db.filesystem_id,
logged_in_source_in_db.interaction_count,
logged_in_source_in_db.journalist_filename,
msg,
)
)
if fh:
logged_in_source_in_db.interaction_count += 1
fnames.append(
Storage.get_default().save_file_submission(
logged_in_source_in_db.filesystem_id,
logged_in_source_in_db.interaction_count,
logged_in_source_in_db.journalist_filename,
fh.filename,
fh.stream,
)
)
if first_submission or msg or fh:
if first_submission:
html_contents = gettext(
"Thank you for sending this information to us. Please "
"check back later for replies."
)
elif msg and not fh:
html_contents = gettext("Thanks! We received your message.")
elif fh and not msg:
html_contents = gettext("Thanks! We received your document.")
else:
html_contents = gettext("Thanks! We received your message and document.")
flash_msg("success", gettext("Success!"), html_contents)
new_submissions = []
for fname in fnames:
submission = Submission(logged_in_source_in_db, fname, Storage.get_default())
db.session.add(submission)
new_submissions.append(submission)
logged_in_source_in_db.pending = False
logged_in_source_in_db.last_updated = datetime.now(timezone.utc)
db.session.commit()
for sub in new_submissions:
store.async_add_checksum_for_file(sub, Storage.get_default())
normalize_timestamps(logged_in_source)
return redirect(url_for("main.lookup"))