Updated tor2web check to return an error page with a 403 status on success

Author: zenmonkeykstop

securedrop/source_app/__init__.py

@@ -4,7 +4,7 @@
 import os
 import time
 import werkzeug
-from flask import (Flask, render_template, escape, flash, Markup, request, g, session,
+from flask import (Flask, flash, render_template, request, g, session,
                    url_for)
 from flask_babel import gettext
 from flask_assets import Environment
@@ -23,7 +23,7 @@
 from sdconfig import SDConfig
 from source_app import main, info, api
 from source_app.decorators import ignore_static
-from source_app.utils import clear_session_and_redirect_to_logged_out_page
+from source_app.utils import clear_session_and_redirect_to_logged_out_page, get_sourcev3_url
 
 
 def get_logo_url(app: Flask) -> str:
@@ -90,28 +90,8 @@ def handle_csrf_error(e: CSRFError) -> werkzeug.Response:
     for module in [main, info, api]:
         app.register_blueprint(module.make_blueprint(config))  # type: ignore
 
-    @app.before_request
-    @ignore_static
-    def check_tor2web() -> None:
-        # ignore_static here so we only flash a single message warning
-        # about Tor2Web, corresponding to the initial page load.
-        if 'X-tor2web' in request.headers:
-            flash(
-                Markup(
-                    '<strong>{}</strong>&nbsp;{}&nbsp;<a href="{}">{}</a>'.format(
-                        escape(gettext("WARNING:")),
-                        escape(
-                            gettext(
-                                'You appear to be using Tor2Web, which does not provide anonymity.'
-                            )
-                        ),
-                        url_for('info.tor2web_warning'),
-                        escape(gettext('Why is this dangerous?')),
-                    )
-                ),
-                "banner-warning"
-            )
-
+    # before_request hooks are executed in order of declaration, so set up g object
+    # before the potential tor2web 403 response.
     @app.before_request
     @ignore_static
     def setup_g() -> Optional[werkzeug.Response]:
@@ -128,6 +108,14 @@ def setup_g() -> Optional[werkzeug.Response]:
 
         return None
 
+    @app.before_request
+    @ignore_static
+    def check_tor2web() -> Optional[Tuple[str, int]]:
+        if 'X-tor2web' in request.headers:
+            flash(gettext("Tor2Web proxies do not protect your anonymity!"), "error")
+            return render_template('tor2web-warning.html', source_url=get_sourcev3_url()), 403
+        return None
+
     @app.errorhandler(404)
     def page_not_found(error: werkzeug.exceptions.HTTPException) -> Tuple[str, int]:
         return render_template('notfound.html'), 404

securedrop/source_app/info.py

@@ -1,20 +1,23 @@
 # -*- coding: utf-8 -*-
 import flask
-from flask import Blueprint, render_template, send_file, redirect, url_for
+from flask import Blueprint, render_template, send_file, redirect, url_for, flash
+from flask_babel import gettext
 import werkzeug
 
 from io import BytesIO  # noqa
 
 from encryption import EncryptionManager
 from sdconfig import SDConfig
+from source_app.utils import get_sourcev3_url
 
 
 def make_blueprint(config: SDConfig) -> Blueprint:
     view = Blueprint('info', __name__)
 
     @view.route('/tor2web-warning')
     def tor2web_warning() -> str:
-        return render_template("tor2web-warning.html")
+        flash(gettext("Tor2Web proxies do not protect your anonymity!"), "error")
+        return render_template("tor2web-warning.html", source_url=get_sourcev3_url())
 
     @view.route('/use-tor')
     def recommend_tor_browser() -> str:

securedrop/source_templates/tor2web-warning.html

@@ -1,9 +1,16 @@
 {% extends "base.html" %}
 {% block body %}
-<h1>{{ gettext('Why is there a warning about Tor2Web?') }}</h1>
-<p>{{ gettext('Using Tor2Web to connect to SecureDrop will not protect your anonymity.') }}</p>
-<p>{{ gettext('It could be possible for anyone monitoring your Internet traffic (your government, your Internet provider), to identify you.') }}
+<h1>{{ gettext('Tor2Web Detected') }}</h1>
+<div class="center">
+  {% include 'flashed.html' %}
+</div>
+<p>{{ gettext(' If you use a Tor2Web proxy to connect to SecureDrop, anyone monitoring your Internet traffic &mdash; such as your government, your Internet provider, or the proxy operator &mdash; may be able to identify you.') }}
 </p>
-<p>{{ gettext('We <strong>strongly advise</strong> you to use the <a href="www.torproject.org/projects/torbrowser.html">Tor Browser</a> instead.') }}
+<p>{{ gettext('Use the <a href="www.torproject.org/projects/torbrowser.html">Tor Browser</a>, and access this service directly instead. The correct onion service address is:') }}
+<pre>{{ source_url }}</pre>
 </p>
-{% endblock %}
+<p> {{ gettext ('If you are using Tor Browser and have been brought to this page, generate a new identity before connecting to this service directly.') }} {{ gettext('Click the <img src={icon} alt="" width="16" height="16">&nbsp;<b>New Identity</b> button in your Tor Browser\'s toolbar. This will clear your Tor Browser activity data on this device.').format(icon=url_for('static', filename='i/torbroom-black.png'))  }}
+</p>
+<p>{{ gettext('If there is a reasonable risk of your Internet traffic being monitored, you should also consider connecting from a different location or network.') }}
+</p>
+{% endblock %}

securedrop/tests/test_source.py

@@ -537,38 +537,20 @@ def test_submit_sanitizes_filename(source_app):
                                         mtime=0)
 
 
-@flaky(rerun_filter=utils.flaky_filter_xfail)
-@pytest.mark.parametrize("locale", get_test_locales())
-def test_tor2web_warning_headers(config, source_app, locale):
+@pytest.mark.parametrize("test_url", ['main.index', 'main.create', 'main.submit'])
+def test_tor2web_warning_as_403(config, source_app, test_url):
     with source_app.test_client() as app:
-        with InstrumentedApp(app) as ins:
-            resp = app.get(url_for('main.index', l=locale), headers=[('X-tor2web', 'encrypted')])
-            assert resp.status_code == 200
-
-            assert page_language(resp.data) == language_tag(locale)
-            msgids = [
-                "WARNING:",
-                "You appear to be using Tor2Web, which does not provide anonymity.",
-                "Why is this dangerous?",
-            ]
-            with xfail_untranslated_messages(config, locale, msgids):
-                ins.assert_message_flashed(
-                    '<strong>{}</strong>&nbsp;{}&nbsp;<a href="{}">{}</a>'.format(
-                        escape(gettext(msgids[0])),
-                        escape(gettext(msgids[1])),
-                        url_for('info.tor2web_warning'),
-                        escape(gettext(msgids[2])),
-                    ),
-                    'banner-warning'
-                )
-
+        resp = app.get(url_for(test_url), headers=[('X-tor2web', 'encrypted')])
+        text = resp.data.decode('utf-8')
+        assert "Tor2Web Detected" in text
 
 def test_tor2web_warning(source_app):
     with source_app.test_client() as app:
         resp = app.get(url_for('info.tor2web_warning'))
         assert resp.status_code == 200
         text = resp.data.decode('utf-8')
-        assert "Why is there a warning about Tor2Web?" in text
+        assert "Tor2Web Detected" in text
+
 
 
 def test_why_use_tor_browser(source_app):