From 0713b7692f4b8c69ccae117c69cc4b1fb2e8843b Mon Sep 17 00:00:00 2001 From: Loic Dachary Date: Wed, 31 Jan 2018 18:32:59 +0100 Subject: [PATCH] securedrop-admin: when a journalist key is present, the email is required --- admin/securedrop_admin/__init__.py | 22 +++++++++++++++++ admin/tests/test_securedrop-admin.py | 35 ++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py index e68f9fbb23..5a88cb9573 100755 --- a/admin/securedrop_admin/__init__.py +++ b/admin/securedrop_admin/__init__.py @@ -43,6 +43,10 @@ class FingerprintException(Exception): pass +class JournalistAlertEmailException(Exception): + pass + + class SiteConfig(object): class ValidateNotEmpty(Validator): @@ -341,6 +345,7 @@ def update_config(self): self.config.update(self.user_prompt_config()) self.save() self.validate_gpg_keys() + self.validate_journalist_alert_email() return True def user_prompt_config(self): @@ -412,6 +417,23 @@ def validate_gpg_keys(self): "the public key {}".format(public_key)) return True + def validate_journalist_alert_email(self): + if (self.config['journalist_alert_gpg_public_key'] == '' and + self.config['journalist_gpg_fpr'] == ''): + return True + + class Document(object): + def __init__(self, text): + self.text = text + + try: + SiteConfig.ValidateEmail().validate(Document( + self.config['journalist_alert_email'])) + except ValidationError as e: + raise JournalistAlertEmailException( + "journalist alerts email: " + e.message) + return True + def exists(self): return os.path.exists(self.args.site_config) diff --git a/admin/tests/test_securedrop-admin.py b/admin/tests/test_securedrop-admin.py index 037731b630..9b713c225e 100644 --- a/admin/tests/test_securedrop-admin.py +++ b/admin/tests/test_securedrop-admin.py @@ -411,6 +411,41 @@ def test_validate_gpg_key(self, caplog): site_config.validate_gpg_keys() assert 'FAIL does not match' in e.value.message + def test_journalist_alert_email(self): + args = argparse.Namespace(site_config='INVALID', + ansible_path='tests/files', + app_path=dirname(__file__)) + site_config = securedrop_admin.SiteConfig(args) + site_config.config = { + 'journalist_alert_gpg_public_key': + '', + + 'journalist_gpg_fpr': + '', + } + assert site_config.validate_journalist_alert_email() + site_config.config = { + 'journalist_alert_gpg_public_key': + 'test_journalist_key.pub', + + 'journalist_gpg_fpr': + '65A1B5FF195B56353CC63DFFCC40EF1228271441', + } + site_config.config['journalist_alert_email'] = '' + with pytest.raises( + securedrop_admin.JournalistAlertEmailException) as e: + site_config.validate_journalist_alert_email() + assert 'not be empty' in e.value.message + + site_config.config['journalist_alert_email'] = 'bademail' + with pytest.raises( + securedrop_admin.JournalistAlertEmailException) as e: + site_config.validate_journalist_alert_email() + assert 'Must contain a @' in e.value.message + + site_config.config['journalist_alert_email'] = 'good@email.com' + assert site_config.validate_journalist_alert_email() + @mock.patch('securedrop_admin.SiteConfig.validated_input', side_effect=lambda p, d, v, t: d) @mock.patch('securedrop_admin.SiteConfig.save')