Implement create_source_user() to consolidate source creation

Fix test

Fix tests

Author: nabla-c0d3

securedrop/crypto_util.py

@@ -27,6 +27,8 @@
 
 # monkey patch to work with Focal gnupg.
 # https://github.com/isislovecruft/python-gnupg/issues/250
+from source_user import SourceUser
+
 gnupg._parsers.Verify.TRUST_LEVELS["DECRYPTION_COMPLIANCE_MODE"] = 23
 
 # to fix GPG error #78 on production
@@ -151,6 +153,7 @@ def display_id(self) -> str:
 
         raise ValueError("Could not generate unique journalist designation for new source")
 
+    # TODO(AD): This will be removed in my next PR and replaced by SourceUser
     def hash_codename(self, codename: DicewarePassphrase, salt: Optional[str] = None) -> str:
         """Salts and hashes a codename using scrypt.
 
@@ -162,33 +165,14 @@ def hash_codename(self, codename: DicewarePassphrase, salt: Optional[str] = None
             salt = self.scrypt_id_pepper
         return b32encode(scrypt.hash(codename, salt, **self.scrypt_params)).decode('utf-8')
 
-    def genkeypair(self, name: str, secret: DicewarePassphrase) -> gnupg._parsers.GenKey:
-        """Generate a GPG key through batch file key generation. A source's
-        codename is salted with SCRYPT_GPG_PEPPER and hashed with scrypt to
-        provide the passphrase used to encrypt their private key. Their name
-        should be their filesystem id.
-
-        >>> if not gpg.list_keys(hash_codename('randomid')):
-        ...     genkeypair(hash_codename('randomid'), 'randomid').type
-        ... else:
-        ...     u'P'
-        u'P'
-
-        :param name: The source's filesystem id (their codename, salted
-                         with SCRYPT_ID_PEPPER, and hashed with scrypt).
-        :param secret: The source's codename.
-        :returns: a :class:`GenKey <gnupg._parser.GenKey>` object, on which
-                  the ``__str__()`` method may be called to return the
-                  generated key's fingeprint.
-
+    def genkeypair(self, source_user: SourceUser) -> gnupg._parsers.GenKey:
+        """Generate a GPG key through batch file key generation.
         """
-        _validate_name_for_diceware(name)
-        hashed_secret = self.hash_codename(secret, salt=self.scrypt_gpg_pepper)
         genkey_obj = self.gpg.gen_key(self.gpg.gen_key_input(
             key_type=self.GPG_KEY_TYPE,
             key_length=self.__gpg_key_length,
-            passphrase=hashed_secret,
-            name_email=name,
+            passphrase=source_user.gpg_secret,
+            name_email=source_user.filesystem_id,
             name_real="Source Key",
             creation_date=self.DEFAULT_KEY_CREATION_DATE.isoformat(),
             expire_date=self.DEFAULT_KEY_EXPIRATION_DATE
@@ -309,9 +293,3 @@ def decrypt(self, secret: DicewarePassphrase, ciphertext: bytes) -> str:
         data = self.gpg.decrypt(ciphertext, passphrase=hashed_codename).data
 
         return data.decode('utf-8')
-
-
-def _validate_name_for_diceware(name: str) -> None:
-    for char in name:
-        if char not in DICEWARE_SAFE_CHARS:
-            raise CryptoException("invalid input: {0}".format(name))

securedrop/loaddata.py

@@ -33,6 +33,7 @@
 )
 from passphrases import PassphraseGenerator
 from sdconfig import config
+from source_user import create_source_user
 from specialstrings import strings
 
 messages = cycle(strings)
@@ -254,18 +255,18 @@ def add_source() -> Tuple[Source, str]:
     Adds a single source.
     """
     codename = PassphraseGenerator.get_default().generate_passphrase()
-    filesystem_id = current_app.crypto_util.hash_codename(codename)
-    journalist_designation = current_app.crypto_util.display_id()
-    source = Source(filesystem_id, journalist_designation)
+    source_user = create_source_user(
+        db_session=db.session,
+        source_passphrase=codename,
+        source_app_crypto_util=current_app.crypto_util,
+        source_app_storage=current_app.storage,
+    )
+    source = source_user.get_db_record()
     source.pending = False
-    db.session.add(source)
     db.session.commit()
 
-    # Create source directory in store
-    os.mkdir(current_app.storage.path(source.filesystem_id))
-
     # Generate source key
-    current_app.crypto_util.genkeypair(source.filesystem_id, codename)
+    current_app.crypto_util.genkeypair(source)
 
     return source, codename
 

securedrop/models.py

@@ -3,14 +3,15 @@
 import datetime
 import base64
 import os
-import scrypt
 import pyotp
 import qrcode
 # Using svg because it doesn't require additional dependencies
 import qrcode.image.svg
 import uuid
 from io import BytesIO
 
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.kdf import scrypt
 from flask import current_app, url_for
 from flask_babel import gettext, ngettext
 from itsdangerous import TimedJSONWebSignatureSerializer, BadData
@@ -452,10 +453,17 @@ def __repr__(self) -> str:
             self.username,
             " [admin]" if self.is_admin else "")
 
-    _LEGACY_SCRYPT_PARAMS = dict(N=2**14, r=8, p=1)
-
     def _scrypt_hash(self, password: str, salt: bytes) -> bytes:
-        return scrypt.hash(str(password), salt, **self._LEGACY_SCRYPT_PARAMS)
+        backend = default_backend()
+        scrypt_instance = scrypt.Scrypt(
+            length=64,
+            salt=salt,
+            n=2**14,
+            r=8,
+            p=1,
+            backend=backend,
+        )
+        return scrypt_instance.derive(password.encode("utf-8"))
 
     MAX_PASSWORD_LEN = 128
     MIN_PASSWORD_LEN = 14

securedrop/passphrases.py

@@ -13,7 +13,7 @@
 DicewarePassphrase = NewType("DicewarePassphrase", str)
 
 
-_current_generator = None  # type: Optional["PassphraseGenerator"]
+_default_generator = None  # type: Optional["PassphraseGenerator"]
 
 
 class InvalidWordListError(Exception):
@@ -52,7 +52,9 @@ def __init__(
                 raise InvalidWordListError(
                     "The word list for language '{}' only contains {} long-enough words;"
                     " minimum required is {} words.".format(
-                        language, word_list_size, self._WORD_LIST_MINIMUM_SIZE,
+                        language,
+                        word_list_size,
+                        self._WORD_LIST_MINIMUM_SIZE,
                     )
                 )
 
@@ -98,11 +100,11 @@ def __init__(
 
     @classmethod
     def get_default(cls) -> "PassphraseGenerator":
-        global _current_generator
-        if _current_generator is None:
+        global _default_generator
+        if _default_generator is None:
             language_to_words = _parse_available_words_list(Path(config.SECUREDROP_ROOT))
-            _current_generator = cls(language_to_words)
-        return _current_generator
+            _default_generator = cls(language_to_words)
+        return _default_generator
 
     @property
     def available_languages(self) -> Set[str]:

securedrop/source_app/main.py

@@ -10,17 +10,22 @@
 from flask import (Blueprint, render_template, flash, redirect, url_for, g,
                    session, current_app, request, Markup, abort)
 from flask_babel import gettext
-from sqlalchemy.exc import IntegrityError
 
 import store
 
 from db import db
-from models import Source, Submission, Reply, get_one_or_else
+from models import Submission, Reply, get_one_or_else
+from passphrases import PassphraseGenerator
 from sdconfig import SDConfig
 from source_app.decorators import login_required
-from source_app.utils import (logged_in, generate_unique_codename,
-                              normalize_timestamps, valid_codename)
+from source_app.utils import (logged_in, normalize_timestamps,
+                              valid_codename)
 from source_app.forms import LoginForm, SubmissionForm
+from source_user import create_source_user, SourcePassphraseCollisionError, \
+    SourceDesignationCollisionError
+
+from securedrop.models import Source
+from securedrop.source_user import SourceUser
 
 
 def make_blueprint(config: SDConfig) -> Blueprint:
@@ -40,7 +45,9 @@ def generate() -> Union[str, werkzeug.Response]:
                   "notification")
             return redirect(url_for('.lookup'))
 
-        codename = generate_unique_codename(config)
+        codename = PassphraseGenerator.get_default().generate_passphrase(
+            preferred_language=g.localeinfo.language
+        )
 
         # Generate a unique id for each browser tab and associate the codename with this id.
         # This will allow retrieval of the codename displayed in the tab from which the source has
@@ -55,53 +62,45 @@ def generate() -> Union[str, werkzeug.Response]:
 
     @view.route('/create', methods=['POST'])
     def create() -> werkzeug.Response:
-        if session.get('logged_in', False):
+        if logged_in():
             flash(gettext("You are already logged in. Please verify your codename above as it " +
                           "may differ from the one displayed on the previous page."),
                   'notification')
         else:
             tab_id = request.form['tab_id']
             codename = session['codenames'][tab_id]
-            session['codename'] = codename
-
             del session['codenames']
 
-            filesystem_id = current_app.crypto_util.hash_codename(codename)
             try:
-                source = Source(filesystem_id, current_app.crypto_util.display_id())
-            except ValueError as e:
-                current_app.logger.error(e)
-                flash(
-                    gettext("There was a temporary problem creating your account. "
-                            "Please try again."
-                            ),
-                    'error'
+                current_app.logger.info("Creating new source user...")
+                create_source_user(
+                    db_session=db.session,
+                    source_passphrase=codename,
+                    source_app_crypto_util=current_app.crypto_util,
+                    source_app_storage=current_app.storage,
                 )
-                return redirect(url_for('.index'))
-
-            db.session.add(source)
-            try:
-                db.session.commit()
-            except IntegrityError as e:
-                db.session.rollback()
-                current_app.logger.error(
-                    "Attempt to create a source with duplicate codename: %s" %
-                    (e,))
-
-                # Issue 2386: don't log in on duplicates
-                del session['codename']
+            except (SourcePassphraseCollisionError, SourceDesignationCollisionError) as e:
+                current_app.logger.error("Could not create a source: {}".format(e))
 
                 # Issue 4361: Delete 'logged_in' if it's in the session
                 try:
                     del session['logged_in']
                 except KeyError:
                     pass
 
-                abort(500)
-            else:
-                os.mkdir(current_app.storage.path(filesystem_id))
+                flash(
+                    gettext(
+                        "There was a temporary problem creating your account. Please try again."
+                    ),
+                    "error"
+                )
+                return redirect(url_for('.index'))
 
+            # All done - source user was successfully created
+            current_app.logger.info("New source user created")
             session['logged_in'] = True
+            session['codename'] = codename
+
         return redirect(url_for('.lookup'))
 
     @view.route('/lookup', methods=('GET',))
@@ -137,7 +136,17 @@ def lookup() -> str:
 
         # Generate a keypair to encrypt replies from the journalist
         if not current_app.crypto_util.get_fingerprint(g.filesystem_id):
-            current_app.crypto_util.genkeypair(g.filesystem_id, g.codename)
+            # TODO(AD): Will be simplified in my next PR by using logged_in_user instead of
+            #  fetching it from the DB here
+            source = session.query(Source).filter(Source.filesystem_id == g.filesystem_id).one()
+            source_user = SourceUser(
+                db_record=source,
+                filesystem_id=g.filesystem_id,
+                gpg_secret=current_app.crypto_util.hash_codename(
+                    g.codename, salt=current_app.crypto_util.scrypt_gpg_pepper
+                )
+            )
+            current_app.crypto_util.genkeypair(source_user)
 
         return render_template(
             'lookup.html',

securedrop/source_app/utils.py

@@ -8,11 +8,11 @@
 
 from crypto_util import CryptoException
 from models import Source
-from passphrases import PassphraseGenerator, DicewarePassphrase
-from sdconfig import SDConfig
+from passphrases import DicewarePassphrase
+from source_user import SourceUser
 
 if typing.TYPE_CHECKING:
-    from typing import Optional  # noqa: F401
+    from typing import Optional
 
 
 def was_in_generate_flow() -> bool:
@@ -36,21 +36,6 @@ def valid_codename(codename: str) -> bool:
     return source is not None
 
 
-def generate_unique_codename(config: SDConfig) -> DicewarePassphrase:
-    """Generate random codenames until we get an unused one"""
-    while True:
-        passphrase = PassphraseGenerator.get_default().generate_passphrase(
-            preferred_language=g.localeinfo.language
-        )
-        # scrypt (slow)
-        filesystem_id = current_app.crypto_util.hash_codename(passphrase)
-
-        matching_sources = Source.query.filter(
-            Source.filesystem_id == filesystem_id).all()
-        if len(matching_sources) == 0:
-            return passphrase
-
-
 def normalize_timestamps(filesystem_id: str) -> None:
     """
     Update the timestamps on all of the source's submissions. This