Make it possible for an administrator so send activation links to users upon their creation (#4425)

Author: evilaliv3

backend/globaleaks/handlers/admin/operation.py

@@ -214,13 +214,14 @@ def set_user_password(session, tid, user_session, user_id, password):
   return db_set_user_password(session, tid, user_session, user_id, password)
 
 
-def set_tmp_key(user_session, user, token):
-    crypto_escrow_prv_key = GCE.asymmetric_decrypt(user_session.cc, Base64Encoder.decode(user_session.ek))
+def set_tmp_key(user_session, user, token, user_cc=''):
+    if not user_cc:
+        crypto_escrow_prv_key = GCE.asymmetric_decrypt(user_session.cc, Base64Encoder.decode(user_session.ek))
 
-    if user_session.user_tid == 1:
-        user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key))
-    else:
-        user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key))
+        if user_session.user_tid == 1:
+            user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key))
+        else:
+            user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key))
 
     key = Base64Encoder.decode(GCE.derive_key(token, user.salt).encode())
     key = Base64Encoder.encode(GCE.symmetric_encrypt(key, user_cc))
@@ -233,16 +234,20 @@ def set_tmp_key(user_session, user, token):
         pass
 
 
-@transact
-def generate_password_reset_token(session, tid, user_session, user_id):
+def db_admin_generate_password_reset_token(session, tid, user_session, user_id, user_cc=''):
     user = session.query(User).filter(User.tid == tid, User.id == user_id).one_or_none()
     if user is None:
         return
 
     token = db_generate_password_reset_token(session, user)
 
-    if user_session.ek and user.crypto_pub_key:
-        set_tmp_key(user_session, user, token)
+    if user.crypto_pub_key and (user_cc or user_session.ek):
+        set_tmp_key(user_session, user, token, user_cc)
+
+
+@transact
+def send_password_reset_token(session, tid, user_session, user_id, user_cc=''):
+    db_admin_generate_password_reset_token(session, tid, user_session, user_id, user_cc)
 
     db_log(session, tid=tid, type='send_password_reset_email', user_id=user_session.user_id, object_id=user_id)
 
@@ -285,9 +290,9 @@ def send_password_reset_email(self, req_args, *args, **kwargs):
         if self.session.user_id == req_args['value']:
             raise errors.ForbiddenOperation
 
-        return generate_password_reset_token(self.request.tid,
-                                             self.session,
-                                             req_args['value'])
+        return send_password_reset_token(self.request.tid,
+                                         self.session,
+                                         req_args['value'])
 
     @inlineCallbacks
     def reset_onion_private_key(self, req_args, *args, **kargs):

backend/globaleaks/handlers/admin/tenant.py

@@ -1,13 +1,20 @@
 # -*- coding: UTF-8
+from nacl.encoding import Base64Encoder
+
 from globaleaks import models
 from globaleaks.db.appdata import load_appdata, db_load_defaults
+from globaleaks.handlers.admin.context import db_create_context
+from globaleaks.handlers.admin.node import db_update_enabled_languages
+from globaleaks.handlers.admin.user import db_create_user
 from globaleaks.handlers.base import BaseHandler
-from globaleaks.handlers.wizard import db_wizard
-from globaleaks.models import config, serializers
+from globaleaks.models import config, profiles, serializers
 from globaleaks.models.config import db_get_configs, \
     db_get_config_variable, db_set_config_variable
 from globaleaks.orm import db_del, db_get, transact, tw
 from globaleaks.rest import errors, requests
+from globaleaks.utils.crypto import GCE
+from globaleaks.utils.log import log
+from globaleaks.utils.sock import isIPAddress
 from globaleaks.utils.tls import gen_selfsigned_certificate
 
 
@@ -109,6 +116,133 @@ def get(session, tid):
     return serializers.serialize_tenant(session, db_get(session, models.Tenant, models.Tenant.id == tid))
 
 
+def db_wizard(session, tid, hostname, request):
+    """
+    Transaction for the handling of wizard request
+
+    :param session: An ORM session
+    :param tid: A tenant ID
+    :param hostname: The hostname to be configured
+    :param request: A user request
+    """
+    admin_password = receiver_password = ''
+
+    language = request['node_language']
+
+    root_tenant_node = config.ConfigFactory(session, 1)
+
+    if tid == 1:
+        node = root_tenant_node
+        encryption = True
+        escrow = request['admin_escrow']
+    else:
+        node = config.ConfigFactory(session, tid)
+        encryption = root_tenant_node.get_val('encryption')
+        escrow = root_tenant_node.get_val('crypto_escrow_pub_key') != ''
+
+    if node.get_val('wizard_done'):
+        log.err("DANGER: Wizard already initialized!", tid=tid)
+        raise errors.ForbiddenOperation
+
+    db_update_enabled_languages(session, tid, [language], language)
+
+    node.set_val('encryption', encryption)
+
+    node.set_val('name', request['node_name'])
+    node.set_val('default_language', language)
+    node.set_val('wizard_done', True)
+    node.set_val('enable_developers_exception_notification', request['enable_developers_exception_notification'])
+
+    if tid == 1 and not isIPAddress(hostname):
+       node.set_val('hostname', hostname)
+
+    profiles.load_profile(session, tid, request['profile'])
+
+    if encryption and escrow:
+        crypto_escrow_prv_key, crypto_escrow_pub_key = GCE.generate_keypair()
+
+        node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key)
+
+        if  tid != 1 and root_tenant_node.get_val('crypto_escrow_pub_key'):
+            node.set_val('crypto_escrow_prv_key', Base64Encoder.encode(GCE.asymmetric_encrypt(root_tenant_node.get_val('crypto_escrow_pub_key'), crypto_escrow_prv_key)))
+
+    if not request['skip_admin_account_creation']:
+        admin_desc = models.User().dict(language)
+        admin_desc['username'] = request['admin_username']
+        admin_desc['name'] = request['admin_name']
+        admin_desc['password'] = request['admin_password']
+        admin_desc['mail_address'] = request['admin_mail_address']
+        admin_desc['language'] = language
+        admin_desc['role'] = 'admin'
+        admin_desc['pgp_key_remove'] = False
+        admin_user = db_create_user(session, tid, None, admin_desc, language)
+        admin_user.password_change_needed = (tid != 1)
+
+        if encryption and escrow:
+            node.set_val('crypto_escrow_pub_key', crypto_escrow_pub_key)
+            admin_user.crypto_escrow_prv_key = Base64Encoder.encode(GCE.asymmetric_encrypt(admin_user.crypto_pub_key, crypto_escrow_prv_key))
+
+    if not request['skip_recipient_account_creation']:
+        receiver_desc = models.User().dict(language)
+        receiver_desc['username'] = request['receiver_username']
+        receiver_desc['password'] = request['receiver_password']
+        receiver_desc['name'] = request['receiver_name']
+        receiver_desc['mail_address'] = request['receiver_mail_address']
+        receiver_desc['language'] = language
+        receiver_desc['role'] = 'receiver'
+        receiver_desc['pgp_key_remove'] = False
+        receiver_user = db_create_user(session, tid, None, receiver_desc, language)
+        receiver_user.password_change_needed = (tid != 1)
+
+    context_desc = models.Context().dict(language)
+    context_desc['name'] = 'Default'
+    context_desc['status'] = 'enabled'
+
+    if not request['skip_recipient_account_creation']:
+        context_desc['receivers'] = [receiver_user.id]
+
+    context = db_create_context(session, tid, None, context_desc, language)
+
+    # Root tenants initialization terminates here
+
+    if tid == 1:
+        return
+
+    # Secondary tenants initialization starts here
+    subdomain = node.get_val('subdomain')
+    rootdomain = root_tenant_node.get_val('rootdomain')
+    if subdomain and rootdomain:
+        node.set_val('hostname', subdomain + "." + rootdomain)
+
+    mode = node.get_val('mode')
+
+    if mode != 'default':
+        node.set_val('tor', False)
+
+    if mode in ['wbpa']:
+        node.set_val('simplified_login', True)
+
+        for varname in ['anonymize_outgoing_connections',
+                        'password_change_period',
+                        'default_questionnaire']:
+            node.set_val(varname, root_tenant_node.get_val(varname))
+
+        context.questionnaire_id = root_tenant_node.get_val('default_questionnaire')
+
+        # Set data retention policy to 12 months
+        context.tip_timetolive = 365
+
+        if not request['skip_recipient_account_creation']:
+            receiver_user.can_edit_general_settings = True
+
+            # Set the recipient name equal to the node name
+            receiver_user.name = receiver_user.public_name = request['node_name']
+
+@transact
+def wizard(session, tid, hostname, request):
+    return db_wizard(session, tid, hostname, request)
+
+
 @transact
 def update(session, tid, request):
     root_tenant_config = config.ConfigFactory(session, 1)

backend/globaleaks/handlers/admin/user.py

@@ -2,9 +2,11 @@
 from twisted.internet.defer import inlineCallbacks
 
 from globaleaks import models
+from globaleaks.handlers.admin.operation import set_tmp_key
 from globaleaks.handlers.base import BaseHandler
 from globaleaks.handlers.user import parse_pgp_options, \
                                      user_serialize_user
+from globaleaks.handlers.user.reset_password import db_generate_password_reset_token
 from globaleaks.models import fill_localized_keys
 from globaleaks.orm import db_del, db_get, db_log, transact, tw
 from globaleaks.rest import errors, requests
@@ -25,6 +27,10 @@ def db_create_user(session, tid, user_session, request, language):
     :param language: The language of the request
     :return: The serialized descriptor of the created object
     """
+    config = models.config.ConfigFactory(session, tid)
+
+    encryption = config.get_val('encryption')
+
     request['tid'] = tid
 
     fill_localized_keys(request, models.User.localized_keys, language)
@@ -41,7 +47,7 @@ def db_create_user(session, tid, user_session, request, language):
     if existing_user:
         raise errors.DuplicateUserError
 
-    salt = models.config.ConfigFactory(session, tid).get_val('receipt_salt')
+    salt = config.get_val('receipt_salt')
     user.salt = GCE.generate_salt(salt + ":" + user.username)
 
     user.language = request['language']
@@ -68,16 +74,25 @@ def db_create_user(session, tid, user_session, request, language):
     if user_session:
         db_log(session, tid=tid, type='create_user', user_id=user_session.user_id, object_id=user.id)
 
+    if request.get('send_activation_link', False):
+        token = db_generate_password_reset_token(session, user)
+    else:
+        token = None
+
     crypto_escrow_pub_key_tenant_1 = models.config.ConfigFactory(session, 1).get_val('crypto_escrow_pub_key')
-    crypto_escrow_pub_key_tenant_n = models.config.ConfigFactory(session, tid).get_val('crypto_escrow_pub_key')
+    crypto_escrow_pub_key_tenant_n = config.get_val('crypto_escrow_pub_key')
+
+    if encryption and crypto_escrow_pub_key_tenant_1 or crypto_escrow_pub_key_tenant_n:
+        cc, user.crypto_pub_key = GCE.generate_keypair()
+        user.crypto_prv_key = Base64Encoder.encode(GCE.symmetric_encrypt(key, cc))
+        user.crypto_bkp_key, user.crypto_rec_key = GCE.generate_recovery_key(cc)
+
+        if user_session and token:
+            set_tmp_key(user_session, user, token, cc)
 
     if not crypto_escrow_pub_key_tenant_1 and not crypto_escrow_pub_key_tenant_n:
         return user
 
-    cc, user.crypto_pub_key = GCE.generate_keypair()
-    user.crypto_prv_key = Base64Encoder.encode(GCE.symmetric_encrypt(key, cc))
-    user.crypto_bkp_key, user.crypto_rec_key = GCE.generate_recovery_key(cc)
-
     if crypto_escrow_pub_key_tenant_1:
         user.crypto_escrow_bkp1_key = Base64Encoder.encode(GCE.asymmetric_encrypt(crypto_escrow_pub_key_tenant_1, cc))
 

backend/globaleaks/handlers/signup.py

@@ -5,10 +5,9 @@
 from globaleaks.db import sync_refresh_tenant_cache
 from globaleaks.handlers.admin.node import db_admin_serialize_node
 from globaleaks.handlers.admin.notification import db_get_notification
-from globaleaks.handlers.admin.tenant import db_create as db_create_tenant
+from globaleaks.handlers.admin.tenant import db_create as db_create_tenant, db_wizard
 from globaleaks.handlers.admin.user import db_get_users
 from globaleaks.handlers.base import BaseHandler
-from globaleaks.handlers.wizard import db_wizard
 from globaleaks.models import serializers
 from globaleaks.models.config import ConfigFactory
 from globaleaks.orm import db_del, transact

backend/globaleaks/handlers/user/__init__.py

@@ -84,7 +84,8 @@ def user_serialize_user(session, user, language):
         'can_edit_general_settings': user.can_edit_general_settings,
         'clicked_recovery_key': user.clicked_recovery_key,
         'accepted_privacy_policy': user.accepted_privacy_policy,
-        'contexts': contexts
+        'contexts': contexts,
+        'send_activation_link': False
 
     }