From 3a88c0386b1971633806e7faf1c8b4c2de620ec5 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 28 Jan 2017 21:36:23 +0100
Subject: [PATCH 01/15] left align h1, change color to #004080

fixes item 1 from issue 1536
---
 securedrop/sass/_base.sass | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 04480c0a96..2e5e3d94cc 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -20,10 +20,14 @@
 
   h1, h2, h3
     font-weight: bold
+
+  h2, h3
     text-align: center
 
   h1
+    text-align: left
     font-size: 30px
+    color: #004080
 
   h2
     font-size: 25px

From 9bdd857ef0e9956d5b41ccf8688ca79cb701aac9 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 28 Jan 2017 22:59:59 +0100
Subject: [PATCH 02/15] capitalized buttons, added spacing

fixes item 4 in issue 1536
---
 .../account_edit_hotp_secret.html                |  2 +-
 .../account_new_two_factor.html                  |  2 +-
 securedrop/journalist_templates/admin.html       |  2 +-
 .../journalist_templates/admin_add_user.html     |  2 +-
 .../admin_edit_hotp_secret.html                  |  2 +-
 .../journalist_templates/admin_edit_user.html    | 10 +++++++---
 .../admin_new_user_two_factor.html               |  2 +-
 securedrop/journalist_templates/col.html         | 12 ++++++------
 securedrop/journalist_templates/delete.html      |  2 +-
 .../journalist_templates/edit_account.html       | 10 +++++++---
 securedrop/journalist_templates/login.html       |  2 +-
 securedrop/sass/_base.sass                       |  4 ++++
 securedrop/source_templates/base.html            |  2 +-
 securedrop/source_templates/generate.html        |  4 ++--
 securedrop/source_templates/index.html           |  4 ++--
 securedrop/source_templates/login.html           |  4 ++--
 securedrop/source_templates/lookup.html          | 16 +++++++++-------
 .../functional/journalist_navigation_steps.py    |  4 ++--
 securedrop/tests/test_unit_journalist.py         |  2 +-
 19 files changed, 51 insertions(+), 37 deletions(-)

diff --git a/securedrop/journalist_templates/account_edit_hotp_secret.html b/securedrop/journalist_templates/account_edit_hotp_secret.html
index 95434315c4..51daa8a1d2 100644
--- a/securedrop/journalist_templates/account_edit_hotp_secret.html
+++ b/securedrop/journalist_templates/account_edit_hotp_secret.html
@@ -6,6 +6,6 @@
     <label for="otp_secret">Change Secret</label>
     <input name="otp_secret" type="text" placeholder="HOTP Secret"><br />
   </p>
-  <button type="submit">Continue</button>
+  <button class="sd-button" type="submit">CONTINUE</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/account_new_two_factor.html b/securedrop/journalist_templates/account_new_two_factor.html
index b9813ca845..0e8ff0b82c 100644
--- a/securedrop/journalist_templates/account_new_two_factor.html
+++ b/securedrop/journalist_templates/account_new_two_factor.html
@@ -21,6 +21,6 @@ <h1>Enable Yubikey (OATH-HOTP)</h1>
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <label for="token">Verification code</label>
   <input name="token" id="token" type="text" placeholder="123456" />
-  <button type="submit">Submit</button>
+  <button type="submit" class="sd-button">SUBMIT</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/admin.html b/securedrop/journalist_templates/admin.html
index 00414c8e58..3532d21b04 100644
--- a/securedrop/journalist_templates/admin.html
+++ b/securedrop/journalist_templates/admin.html
@@ -3,7 +3,7 @@
 <h2>Admin Interface</h2>
 
 <form action="{{ url_for('admin_add_user') }}">
-  <button type="submit" class="btn" id="add-user"><i class="fa fa-plus"></i> Add user</button>
+  <button class="sd-button" type="submit" class="btn" id="add-user"><i class="fa fa-plus"></i> ADD USER</button>
 </form>
 
 <hr class="no-line" />
diff --git a/securedrop/journalist_templates/admin_add_user.html b/securedrop/journalist_templates/admin_add_user.html
index 73fd15b3b3..90905c3023 100644
--- a/securedrop/journalist_templates/admin_add_user.html
+++ b/securedrop/journalist_templates/admin_add_user.html
@@ -18,6 +18,6 @@
     <label for="is_hotp">I'm using a Yubikey </label>
     <input name="otp_secret" type="text" placeholder="HOTP Secret" size="60"><br />
   </p>
-  <button type="submit">Add user</button>
+  <button type="submit" class="sd-button">ADD USER</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/admin_edit_hotp_secret.html b/securedrop/journalist_templates/admin_edit_hotp_secret.html
index 8839d0f312..4a25771673 100644
--- a/securedrop/journalist_templates/admin_edit_hotp_secret.html
+++ b/securedrop/journalist_templates/admin_edit_hotp_secret.html
@@ -7,6 +7,6 @@
     <label for="otp_secret">Change Secret</label>
     <input name="otp_secret" type="text" placeholder="HOTP Secret"><br />
   </p>
-  <button type="submit">Continue</button>
+  <button class="sd-button" type="submit">CONTINUE</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/admin_edit_user.html b/securedrop/journalist_templates/admin_edit_user.html
index 6871307d77..001a68e555 100644
--- a/securedrop/journalist_templates/admin_edit_user.html
+++ b/securedrop/journalist_templates/admin_edit_user.html
@@ -22,7 +22,7 @@ <h2>Edit user "{{ user.username }}"</h2>
     <input name="is_admin" id="is_admin" type="checkbox" {% if user.is_admin %}checked{% endif %} />
     <label for="is_admin">Is Administrator</label>
   </p>
-  <button type="submit" id="update-user">Update user</button>
+  <button class="sd-button" type="submit" id="update-user">UPDATE USER</button>
 </form>
 
 <hr class="no-line">
@@ -32,12 +32,16 @@ <h2>Reset Two Factor Authentication</h2>
 <form method="post" action="{{ url_for('admin_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button type="submit" class="center"><i class="fa fa-refresh"></i> Reset two factor authentication (Google Authenticator)</button>
+  <button type="submit" class="center">
+      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)
+  </button>
 </form>
 <br />
 <form method="post" action="{{ url_for('admin_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button type="submit" class="center"><i class="fa fa-refresh"></i> Reset two factor authentication (HOTP Yubikey)</button>
+  <button class="sd-button" type="submit" class="center">
+      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)
+  </button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/admin_new_user_two_factor.html b/securedrop/journalist_templates/admin_new_user_two_factor.html
index 329eff4308..5da6c78aa5 100644
--- a/securedrop/journalist_templates/admin_new_user_two_factor.html
+++ b/securedrop/journalist_templates/admin_new_user_two_factor.html
@@ -20,6 +20,6 @@ <h1>Enable Yubikey (OATH-HOTP)</h1>
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <label for="token">Verification code</label>
   <input name="token" id="token" type="text" placeholder="123456" />
-  <button type="submit">Submit</button>
+  <button class "sd-button" type="submit">SUBMIT</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/col.html b/securedrop/journalist_templates/col.html
index 45de6689fe..ff37fda8ef 100644
--- a/securedrop/journalist_templates/col.html
+++ b/securedrop/journalist_templates/col.html
@@ -13,7 +13,7 @@
       <a href="#change-codename-{{ source.journalist_designation }}" title="Generate a new random codename for this source. We recommend doing this if the first random codename is difficult to say or remember. You can generate new random codenames as many times as you like." class="plain" id="regenerate-codename-btn"><i class="fa fa-refresh"></i> <span id="regenerate-codename-btn-label">Change codename</span></a>
       <div id="change-codename-{{ source.journalist_designation }}" class="confirm-prompt">Are you sure you want to generate a new codename?
         <a href="#regenerate-code">Cancel</a>
-        <button type="submit">Confirm</button>
+        <button class="sd-button" type="submit">CONFIRM</button>
       </div>
     </p>
   </form>
@@ -23,8 +23,8 @@
     <form action="/bulk" method="post">
       <div class="document-actions">
         <div id='select-container'></div>
-        <button type="submit" name="action" value="download"><i class="fa fa-download"></i> Download</button>
-        <button type="submit" name="action" value="confirm_delete" class="danger" id="delete_selected"><i class="fa fa-trash-o"></i> Delete</button>
+        <button class="sd-button" type="submit" name="action" value="download"><i class="fa fa-download"></i> DOWNLOAD</button>
+        <button class="sd-button" type="submit" name="action" value="confirm_delete" class="danger" id="delete_selected"><i class="fa fa-trash-o"></i> DELETE</button>
       </div>
       <ul id="submissions" class="plain submissions">
         {% for doc in source.collection %}
@@ -76,7 +76,7 @@ <h3><i class="fa fa-reply"></i> Reply</h3>
       <input type="hidden" name="sid" value="{{ sid }}"/>
       <textarea name="msg" cols="72" rows="10"></textarea>
       <hr class="no-line" />
-      <button id="reply-button" class="button-custom" type="submit">Submit</button>
+      <button id="reply-button" class="sd-button" type="submit">SUBMIT</button>
     </form>
   {% elif source.flagged %}
     <p class="notification">You've flagged this source for reply.</p>
@@ -86,7 +86,7 @@ <h3><i class="fa fa-reply"></i> Reply</h3>
     <form action="/flag" method="post">
       <input type="hidden" name="sid" value="{{ sid }}"/>
       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
-      <button id="flag-button" class="button-custom" type="submit"><i class="fa fa-flag"></i> Flag this source for reply</button>
+      <button id="flag-button" class="sd-button" type="submit"><i class="fa fa-flag"></i> FLAG THIS SOURCE FOR REPLY</button>
     </form>
   {% endif %}
   <hr class="no-line" />
@@ -97,7 +97,7 @@ <h3><i class="fa fa-reply"></i> Reply</h3>
     <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
     <input type="hidden" name="sid" value="{{ sid }}"/>
     <input type="hidden" name="col_name" value="{{ source.journalist_designation }}"/>
-    <button type="submit" class="danger"><i class="fa fa-trash-o"></i> Delete Collection</button>
+    <button type="submit" class="sd-button danger"><i class="fa fa-trash-o"></i> DELETE COLLECTION</button>
   </form>
 
 </div>
diff --git a/securedrop/journalist_templates/delete.html b/securedrop/journalist_templates/delete.html
index 4db1703e04..99b21f27e6 100644
--- a/securedrop/journalist_templates/delete.html
+++ b/securedrop/journalist_templates/delete.html
@@ -17,7 +17,7 @@
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input type="hidden" name="sid" value="{{ sid }}" autocomplete="off"/>
   <input type="hidden" name="confirm_delete" value="true" />
-  <p><button type="submit" name="action" value="delete"><i class="fa fa-trash-o"></i> Permanently delete files</button></p>
+  <p><button class="sd-button" type="submit" name="action" value="delete"><i class="fa fa-trash-o"></i> PERMANENTLY DELETE FILES</button></p>
 </form>
 
 <p><a href="/col/{{ sid }}">Return to the list of documents for {{ source.journalist_designation }}...</a></p>
diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
index d52f249115..18a48119a7 100644
--- a/securedrop/journalist_templates/edit_account.html
+++ b/securedrop/journalist_templates/edit_account.html
@@ -12,7 +12,7 @@ <h2>Edit your account</h2>
     <label for="password_again">Change password (confirm)</label>
     <input name="password_again" id="password_again" type="password" />
   </p>
-  <button type="submit" id="update">Update</button>
+  <button class="sd-button" type="submit" id="update">UPDATE</button>
 </form>
 
 <hr class="no-line">
@@ -21,11 +21,15 @@ <h2>Reset Two Factor Authentication</h2>
 <p>If your two factor authentication credentials have been lost or compromised, or you got a new device, you can reset your credentials here. <em>If you do this, make sure you are ready to set up your new device, otherwise you will be locked out of your account.</em></p>
 <form method="post" action="{{ url_for('account_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button type="submit" class="center"><i class="fa fa-refresh"></i> Reset two factor authentication (Google Authenticator)</button>
+  <button class="sd-button" type="submit" class="center"><i class="fa fa-refresh"></i>
+      RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)
+  </button>
 </form>
 <br />
 <form method="post" action="{{ url_for('account_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button type="submit" class="center"><i class="fa fa-refresh"></i> Reset two factor authentication (HOTP Yubikey)</button>
+  <button class="sd-button" type="submit" class="center">
+      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)
+  </button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/login.html b/securedrop/journalist_templates/login.html
index cf595aed34..6e392efe5a 100644
--- a/securedrop/journalist_templates/login.html
+++ b/securedrop/journalist_templates/login.html
@@ -8,7 +8,7 @@ <h2>Login to access the journalist interface</h2>
   <p class="center"><input type="text" name="username" autocomplete="off" placeholder="Username" autofocus></p>
   <p class="center"><input type="password" name="password" placeholder="Password"></p>
   <p class="center"><input name="token" id="token" type="text" placeholder="Two-factor Code"></p>
-  <p class="center"><button type="submit">Log in <i class="fa fa-arrow-circle-o-right"></i></button></p>
+  <p class="center"><button class="sd-button" type="submit">LOG IN <i class="fa fa-arrow-circle-o-right"></i></button></p>
 </form>
 
 {% endblock %}
diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 2e5e3d94cc..0f28e01dac 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -56,6 +56,10 @@
   a.text-link
     color: $color_purple_medium
 
+  .sd-button
+    font-weight: normal
+    letter-spacing: 0.15em
+
   .select
     border: 1px #C4C2C2 solid
     padding: 3px 10px
diff --git a/securedrop/source_templates/base.html b/securedrop/source_templates/base.html
index 6e69bbecde..0bf8caebf9 100644
--- a/securedrop/source_templates/base.html
+++ b/securedrop/source_templates/base.html
@@ -26,7 +26,7 @@
 
       <div class="panel selected">
       {% if 'logged_in' in session %}
-        <a href="{{ url_for('logout') }}" class="btn pull-right" id="logout">Exit</a>
+        <a href="{{ url_for('logout') }}" class="sd-button btn pull-right" id="logout">EXIT</a>
       {% endif %}
         <hr class="no-line" />
 
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index 9e2921a341..8f3d9cbee3 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -31,9 +31,9 @@ <h2>Remember this codename and keep it secret</h2>
 
 <form id="create-form" method="post" action="/create" autocomplete="off">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
-  <button type="submit" class="btn block pull-right" id="continue-button">
+  <button type="submit" class="sd-button btn block pull-right" id="continue-button">
     <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/white/arrow-circle-o-right.svg') }}" width="20px" height="20px">
-    Continue</button>
+    CONTINUE</button>
   <a id="already-have-codename" href="/login">Already have a codename?</a>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html
index 246cb9ccfe..babdc57248 100644
--- a/securedrop/source_templates/index.html
+++ b/securedrop/source_templates/index.html
@@ -34,7 +34,7 @@ <h2>
           </h2>
           <hr class="cut-out" />
           <p>If this is your first time submitting documents to journalists, start here.</p>
-          <a href="/generate" class="btn alt block" id="submit-documents-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/cloud-upload.svg') }}" width="17px" height="17px"> Submit Documents</a>
+          <a href="/generate" class="sd-button btn alt block" id="submit-documents-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/cloud-upload.svg') }}" width="17px" height="17px"> SUBMIT DOCUMENTS</a>
         </div>
         <div class="grid-item option">
           <h2>
@@ -42,7 +42,7 @@ <h2>
           </h2>
           <hr class="cut-out" />
           <p>If you have already submitted documents in the past, log in here to check for responses.</p>
-          <a href="/login" class="btn block" id="login-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/comments.svg') }}" width="17px" height="17px"> Check for a response</a>
+          <a href="/login" class="sb-button btn block" id="login-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/comments.svg') }}" width="17px" height="17px"> CHECK FOR R RESPONSE</a>
         </div>
       </div>
 
diff --git a/securedrop/source_templates/login.html b/securedrop/source_templates/login.html
index 386a1f3cbd..345088b8a9 100644
--- a/securedrop/source_templates/login.html
+++ b/securedrop/source_templates/login.html
@@ -9,8 +9,8 @@ <h2>Enter Codename</h2>
 <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
 <p class="center"><input id="login-with-existing-codename" type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
 <p class="center">
-    <a href="{{ url_for('index') }}" class="btn secondary" id="cancel">Cancel</a>
-    <button type="submit" class="btn primary">Continue</button>
+    <a href="{{ url_for('index') }}" class="sd-button btn secondary" id="cancel">CANCEL</a>
+    <button type="submit" class="sd-button btn block"><img src="{{ url_for('static', filename='i/font-awesome/white/arrow-circle-o-right.svg') }}" width="20px" height="20px"> CONTINUE</button></p>
 </p>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index 3d6e0bf7c8..d6db249af6 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -35,10 +35,12 @@ <h2 class="headline">Submit Materials</h2>
 
   <hr class="no-line">
   <div class="center">
-    <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">Cancel</a>
-    <button type="submit" class="btn primary">Submit</button>
-    </form>
+    <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">CANCEL</a>
+      <button type="submit" class="sd-button btn primary">
+      <img src="{{ url_for('static', filename='i/font-awesome/white/cloud-upload.svg') }}" width="17px" height="17px">
+      SUBMIT</button>
   </div>
+</form>
 
 <hr class="no-line"/>
 
@@ -59,7 +61,7 @@ <h2 class="headline">Get Replies</h2>
           <div id="confirm-delete-{{ reply.filename }}" class="confirm-prompt">
             <p>Delete this reply?
               <a href="#delete">Cancel</a>
-              <button type="submit" class="btn danger">Delete</button>
+              <button type="submit" class="sd-button btn danger">DELETE</button>
               </p>
           </div>
         </form>
@@ -68,12 +70,12 @@ <h2 class="headline">Get Replies</h2>
       </div>
     {% endfor %}
     <form id="delete-all" method="post" action="/delete-all">
-      <a class="btn" href="#delete-all-confirm">Delete all replies</a>
+      <a class="sd-button btn" href="#delete-all-confirm">DELETE ALL REPLIES</a>
       <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
       <div id="delete-all-confirm" class="hidden-prompt">
         <p>Are you finished with the replies?</p>
-        <button class="danger" type="submit">Yes, delete all replies</button>
-        <a class="btn cancel" href="#delete-all">No, not yet</a>
+        <button class="sd-button danger" type="submit">YES, DELETE ALL REPLIES</button>
+        <a class="sd-button btn cancel" href="#delete-all">NO, NOT YET</a>
       </div>
     </form>
   {% else %}
diff --git a/securedrop/tests/functional/journalist_navigation_steps.py b/securedrop/tests/functional/journalist_navigation_steps.py
index c1b296a8ce..52351fb681 100644
--- a/securedrop/tests/functional/journalist_navigation_steps.py
+++ b/securedrop/tests/functional/journalist_navigation_steps.py
@@ -126,9 +126,9 @@ def _admin_adds_a_user(self):
             'button#add-user')
         add_user_btn.click()
 
-        # The add user page has a form with an "Add user" button
+        # The add user page has a form with an "ADD USER" button
         btns = self.driver.find_elements_by_tag_name('button')
-        self.assertIn('Add user', [el.text for el in btns])
+        self.assertIn('ADD USER', [el.text for el in btns])
 
         self.new_user = dict(
             username='dellsberg',
diff --git a/securedrop/tests/test_unit_journalist.py b/securedrop/tests/test_unit_journalist.py
index c9200cd251..04cff11352 100644
--- a/securedrop/tests/test_unit_journalist.py
+++ b/securedrop/tests/test_unit_journalist.py
@@ -355,7 +355,7 @@ def test_http_get_on_admin_add_user_page(self):
         self._login_admin()
         resp = self.client.get(url_for('admin_add_user'))
         # any GET req should take a user to the admin_add_user page
-        self.assertIn('Add user', resp.data)
+        self.assertIn('ADD USER', resp.data)
 
     def test_admin_add_user(self):
         self._login_admin()

From 0f589e5858c24d22a6fc6c325e95e89ef24e4a4a Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 28 Jan 2017 23:20:57 +0100
Subject: [PATCH 03/15] make dev VM warning much more obvious

---
 install_files/ansible-base/group_vars/development.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_files/ansible-base/group_vars/development.yml b/install_files/ansible-base/group_vars/development.yml
index 2362ce5b03..cb6ea530b0 100644
--- a/install_files/ansible-base/group_vars/development.yml
+++ b/install_files/ansible-base/group_vars/development.yml
@@ -23,7 +23,7 @@ securedrop_header_image: ""
 securedrop_app_gpg_public_key: "test_journalist_key.pub"
 securedrop_app_gpg_fingerprint: "65A1B5FF195B56353CC63DFFCC40EF1228271441"
 # Custom text that will appear on the source interface
-custom_notification_text: "This is a SecureDrop Development VM for testing ONLY"
+custom_notification_text: "This is an insecure SecureDrop Development server for testing ONLY. Do NOT submit documents here."
 
 ### Used by the mon role ###
 # The OSSEC alert GPG public key has to be in the install_files/ansible-base/ or

From f684470e61cecd888414c4af4d11e051922d4bce Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 28 Jan 2017 23:30:47 +0100
Subject: [PATCH 04/15] KILL ALL BUTTON ICONS

fixes item 5 in 1536
---
 securedrop/journalist_templates/admin.html           |  2 +-
 securedrop/journalist_templates/admin_edit_user.html |  8 ++------
 securedrop/journalist_templates/col.html             | 10 +++++-----
 securedrop/journalist_templates/delete.html          |  2 +-
 securedrop/journalist_templates/edit_account.html    |  8 ++------
 securedrop/journalist_templates/login.html           |  2 +-
 securedrop/source_templates/generate.html            |  4 +---
 securedrop/source_templates/index.html               |  5 +++--
 securedrop/source_templates/login.html               |  5 +++--
 securedrop/source_templates/lookup.html              |  6 +-----
 10 files changed, 20 insertions(+), 32 deletions(-)

diff --git a/securedrop/journalist_templates/admin.html b/securedrop/journalist_templates/admin.html
index 3532d21b04..73160e724d 100644
--- a/securedrop/journalist_templates/admin.html
+++ b/securedrop/journalist_templates/admin.html
@@ -3,7 +3,7 @@
 <h2>Admin Interface</h2>
 
 <form action="{{ url_for('admin_add_user') }}">
-  <button class="sd-button" type="submit" class="btn" id="add-user"><i class="fa fa-plus"></i> ADD USER</button>
+  <button class="sd-button" type="submit" class="btn" id="add-user">ADD USER</button>
 </form>
 
 <hr class="no-line" />
diff --git a/securedrop/journalist_templates/admin_edit_user.html b/securedrop/journalist_templates/admin_edit_user.html
index 001a68e555..02852f5e0e 100644
--- a/securedrop/journalist_templates/admin_edit_user.html
+++ b/securedrop/journalist_templates/admin_edit_user.html
@@ -32,16 +32,12 @@ <h2>Reset Two Factor Authentication</h2>
 <form method="post" action="{{ url_for('admin_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button type="submit" class="center">
-      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)
-  </button>
+  <button type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
 </form>
 <br />
 <form method="post" action="{{ url_for('admin_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button class="sd-button" type="submit" class="center">
-      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)
-  </button>
+  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/col.html b/securedrop/journalist_templates/col.html
index ff37fda8ef..0950b82a83 100644
--- a/securedrop/journalist_templates/col.html
+++ b/securedrop/journalist_templates/col.html
@@ -10,7 +10,7 @@
       <a href="/">All Sources</a>
       <i class="fa fa-chevron-right"></i>
       <strong>{{ source.journalist_designation }}</strong>
-      <a href="#change-codename-{{ source.journalist_designation }}" title="Generate a new random codename for this source. We recommend doing this if the first random codename is difficult to say or remember. You can generate new random codenames as many times as you like." class="plain" id="regenerate-codename-btn"><i class="fa fa-refresh"></i> <span id="regenerate-codename-btn-label">Change codename</span></a>
+      <a href="#change-codename-{{ source.journalist_designation }}" title="Generate a new random codename for this source. We recommend doing this if the first random codename is difficult to say or remember. You can generate new random codenames as many times as you like." class="plain" id="regenerate-codename-btn"><span id="regenerate-codename-btn-label">Change codename</span></a>
       <div id="change-codename-{{ source.journalist_designation }}" class="confirm-prompt">Are you sure you want to generate a new codename?
         <a href="#regenerate-code">Cancel</a>
         <button class="sd-button" type="submit">CONFIRM</button>
@@ -23,8 +23,8 @@
     <form action="/bulk" method="post">
       <div class="document-actions">
         <div id='select-container'></div>
-        <button class="sd-button" type="submit" name="action" value="download"><i class="fa fa-download"></i> DOWNLOAD</button>
-        <button class="sd-button" type="submit" name="action" value="confirm_delete" class="danger" id="delete_selected"><i class="fa fa-trash-o"></i> DELETE</button>
+        <button class="sd-button" type="submit" name="action" value="download"></i> DOWNLOAD</button>
+        <button class="sd-button" type="submit" name="action" value="confirm_delete" class="danger" id="delete_selected">DELETE</button>
       </div>
       <ul id="submissions" class="plain submissions">
         {% for doc in source.collection %}
@@ -86,7 +86,7 @@ <h3><i class="fa fa-reply"></i> Reply</h3>
     <form action="/flag" method="post">
       <input type="hidden" name="sid" value="{{ sid }}"/>
       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
-      <button id="flag-button" class="sd-button" type="submit"><i class="fa fa-flag"></i> FLAG THIS SOURCE FOR REPLY</button>
+      <button id="flag-button" class="sd-button" type="submit">FLAG THIS SOURCE FOR REPLY</button>
     </form>
   {% endif %}
   <hr class="no-line" />
@@ -97,7 +97,7 @@ <h3><i class="fa fa-reply"></i> Reply</h3>
     <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
     <input type="hidden" name="sid" value="{{ sid }}"/>
     <input type="hidden" name="col_name" value="{{ source.journalist_designation }}"/>
-    <button type="submit" class="sd-button danger"><i class="fa fa-trash-o"></i> DELETE COLLECTION</button>
+    <button type="submit" class="sd-button danger">DELETE COLLECTION</button>
   </form>
 
 </div>
diff --git a/securedrop/journalist_templates/delete.html b/securedrop/journalist_templates/delete.html
index 99b21f27e6..3131f90e10 100644
--- a/securedrop/journalist_templates/delete.html
+++ b/securedrop/journalist_templates/delete.html
@@ -17,7 +17,7 @@
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input type="hidden" name="sid" value="{{ sid }}" autocomplete="off"/>
   <input type="hidden" name="confirm_delete" value="true" />
-  <p><button class="sd-button" type="submit" name="action" value="delete"><i class="fa fa-trash-o"></i> PERMANENTLY DELETE FILES</button></p>
+  <p><button class="sd-button" type="submit" name="action" value="delete">PERMANENTLY DELETE FILES</button></p>
 </form>
 
 <p><a href="/col/{{ sid }}">Return to the list of documents for {{ source.journalist_designation }}...</a></p>
diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
index 18a48119a7..6e47179114 100644
--- a/securedrop/journalist_templates/edit_account.html
+++ b/securedrop/journalist_templates/edit_account.html
@@ -21,15 +21,11 @@ <h2>Reset Two Factor Authentication</h2>
 <p>If your two factor authentication credentials have been lost or compromised, or you got a new device, you can reset your credentials here. <em>If you do this, make sure you are ready to set up your new device, otherwise you will be locked out of your account.</em></p>
 <form method="post" action="{{ url_for('account_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button class="sd-button" type="submit" class="center"><i class="fa fa-refresh"></i>
-      RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)
-  </button>
+  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
 </form>
 <br />
 <form method="post" action="{{ url_for('account_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button class="sd-button" type="submit" class="center">
-      <i class="fa fa-refresh"></i> RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)
-  </button>
+  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/login.html b/securedrop/journalist_templates/login.html
index 6e392efe5a..15fd4075ac 100644
--- a/securedrop/journalist_templates/login.html
+++ b/securedrop/journalist_templates/login.html
@@ -8,7 +8,7 @@ <h2>Login to access the journalist interface</h2>
   <p class="center"><input type="text" name="username" autocomplete="off" placeholder="Username" autofocus></p>
   <p class="center"><input type="password" name="password" placeholder="Password"></p>
   <p class="center"><input name="token" id="token" type="text" placeholder="Two-factor Code"></p>
-  <p class="center"><button class="sd-button" type="submit">LOG IN <i class="fa fa-arrow-circle-o-right"></i></button></p>
+  <p class="center"><button class="sd-button" type="submit">LOG IN</i></button></p>
 </form>
 
 {% endblock %}
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index 8f3d9cbee3..b154b9f69e 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -31,9 +31,7 @@ <h2>Remember this codename and keep it secret</h2>
 
 <form id="create-form" method="post" action="/create" autocomplete="off">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
-  <button type="submit" class="sd-button btn block pull-right" id="continue-button">
-    <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/white/arrow-circle-o-right.svg') }}" width="20px" height="20px">
-    CONTINUE</button>
+  <button type="submit" class="sd-button btn block pull-right" id="continue-button">CONTINUE</button>
   <a id="already-have-codename" href="/login">Already have a codename?</a>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html
index babdc57248..0714486c87 100644
--- a/securedrop/source_templates/index.html
+++ b/securedrop/source_templates/index.html
@@ -34,7 +34,8 @@ <h2>
           </h2>
           <hr class="cut-out" />
           <p>If this is your first time submitting documents to journalists, start here.</p>
-          <a href="/generate" class="sd-button btn alt block" id="submit-documents-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/cloud-upload.svg') }}" width="17px" height="17px"> SUBMIT DOCUMENTS</a>
+          {# adding a break between 'submit' and 'documents' to make both containers equal sized #}
+          <a href="/generate" class="sd-button btn alt block" id="submit-documents-button">SUBMIT<br/>DOCUMENTS</a>
         </div>
         <div class="grid-item option">
           <h2>
@@ -42,7 +43,7 @@ <h2>
           </h2>
           <hr class="cut-out" />
           <p>If you have already submitted documents in the past, log in here to check for responses.</p>
-          <a href="/login" class="sb-button btn block" id="login-button"><img id="warning-close" src="{{ url_for('static', filename='i/font-awesome/white/comments.svg') }}" width="17px" height="17px"> CHECK FOR R RESPONSE</a>
+          <a href="/login" id="login-button" class="sd-button btn block">CHECK FOR A RESPONSE</a>
         </div>
       </div>
 
diff --git a/securedrop/source_templates/login.html b/securedrop/source_templates/login.html
index 345088b8a9..d9f9ffe0a7 100644
--- a/securedrop/source_templates/login.html
+++ b/securedrop/source_templates/login.html
@@ -9,8 +9,9 @@ <h2>Enter Codename</h2>
 <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
 <p class="center"><input id="login-with-existing-codename" type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
 <p class="center">
-    <a href="{{ url_for('index') }}" class="sd-button btn secondary" id="cancel">CANCEL</a>
-    <button type="submit" class="sd-button btn block"><img src="{{ url_for('static', filename='i/font-awesome/white/arrow-circle-o-right.svg') }}" width="20px" height="20px"> CONTINUE</button></p>
+  <p class="center"><input type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
+  <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">CANCEL</a>
+  <p class="center"><button type="submit" class="sd-button btn block">CONTINUE</button></p>
 </p>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index d6db249af6..4c3c49eec9 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -36,9 +36,7 @@ <h2 class="headline">Submit Materials</h2>
   <hr class="no-line">
   <div class="center">
     <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">CANCEL</a>
-      <button type="submit" class="sd-button btn primary">
-      <img src="{{ url_for('static', filename='i/font-awesome/white/cloud-upload.svg') }}" width="17px" height="17px">
-      SUBMIT</button>
+    <button type="submit" class="sd-button btn primary">SUBMIT</button>
   </div>
 </form>
 
@@ -85,9 +83,7 @@ <h2 class="headline">Get Replies</h2>
 
 <hr class="no-line">
 
-
 <div class="code-reminder">
-
   <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/black/lock.svg') }}" width="20px" height="20px"> Remember your codename is:
   <div id="show" class="show pull-right"></div>
   <span id="content"><p class="alert"><strong>{{ codename }}</strong></p></span>

From db8d75d08962575e5962393b6f6d6b0db8aff2b1 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sun, 29 Jan 2017 16:28:07 +0100
Subject: [PATCH 05/15] fixed broken css

rebasing of sass changes left out this bit of css
---
 securedrop/sass/journalist.sass | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/securedrop/sass/journalist.sass b/securedrop/sass/journalist.sass
index cfe58f9584..e54329e7f0 100644
--- a/securedrop/sass/journalist.sass
+++ b/securedrop/sass/journalist.sass
@@ -74,3 +74,54 @@ button.small-danger, a.btn.small-danger, .btn.small-danger
   display: inline-block
   width: 3.5%
   color: $color_purple_medium
+
+#cols li.source
+  .button-star
+    background-color: $color_grey_light
+
+  .assignment
+    p
+      margin: 0
+      display: inline-block
+
+    .assign-current
+      margin-left: 7%
+
+      font-size: 0.8em
+      a
+
+        margin-left: 1%
+    .btn
+      padding: .3%
+      width: 10%
+      display: inline-block
+
+    button
+      margin-left: 3%
+      padding: .3%
+      width: 10%
+
+  .assign-select
+    height: 0
+    overflow: hidden
+
+    &:target
+      height: auto
+      overflow: visible
+      margin-top: 1%
+      text-align: center
+
+    p
+      font-weight: bold
+      font-style: italic
+
+    select
+      margin-left: 2%
+      width: 23%
+
+    .btn
+      background-color: #999
+
+      &:hover
+        color: #999
+        background-color: white

From 1b4a6f31289cf47e7d07bcadc475bdeaba264910 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Thu, 2 Feb 2017 19:00:14 +0100
Subject: [PATCH 06/15] fixed h1/h2 ambiguity

---
 securedrop/journalist_templates/admin.html           |  2 +-
 securedrop/journalist_templates/admin_edit_user.html |  2 +-
 securedrop/journalist_templates/edit_account.html    |  2 +-
 securedrop/journalist_templates/index.html           |  2 +-
 securedrop/journalist_templates/login.html           |  2 +-
 securedrop/sass/_base.sass                           | 12 +++++++++---
 securedrop/source_templates/error.html               |  2 +-
 securedrop/source_templates/generate.html            |  2 +-
 securedrop/source_templates/index.html               |  4 ++--
 securedrop/source_templates/login.html               |  2 +-
 securedrop/source_templates/lookup.html              | 10 ++++++++--
 securedrop/source_templates/notfound.html            |  2 +-
 securedrop/source_templates/tor2web-warning.html     |  2 +-
 securedrop/source_templates/why-journalist-key.html  |  2 +-
 .../tests/functional/journalist_navigation_steps.py  |  4 ++--
 15 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/securedrop/journalist_templates/admin.html b/securedrop/journalist_templates/admin.html
index 73160e724d..cd51a64939 100644
--- a/securedrop/journalist_templates/admin.html
+++ b/securedrop/journalist_templates/admin.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block body %}
-<h2>Admin Interface</h2>
+<h1>Admin Interface</h1>
 
 <form action="{{ url_for('admin_add_user') }}">
   <button class="sd-button" type="submit" class="btn" id="add-user">ADD USER</button>
diff --git a/securedrop/journalist_templates/admin_edit_user.html b/securedrop/journalist_templates/admin_edit_user.html
index 02852f5e0e..ddcca01501 100644
--- a/securedrop/journalist_templates/admin_edit_user.html
+++ b/securedrop/journalist_templates/admin_edit_user.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block body %}
-<h2>Edit user "{{ user.username }}"</h2>
+<h1>Edit user "{{ user.username }}"</h1>
 <p><a href="/admin">&laquo; Back to admin interface</a></p>
 
 <form method="post">
diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
index 6e47179114..da0842ddf4 100644
--- a/securedrop/journalist_templates/edit_account.html
+++ b/securedrop/journalist_templates/edit_account.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block body %}
-<h2>Edit your account</h2>
+<h1>Edit your account</h1>
 
 <form method="post">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
diff --git a/securedrop/journalist_templates/index.html b/securedrop/journalist_templates/index.html
index 5489c46458..0c6a3beb98 100644
--- a/securedrop/journalist_templates/index.html
+++ b/securedrop/journalist_templates/index.html
@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 {% block body %}
 <div id="content" class="journalist-view-all">
-  <h2><span class="headline">Sources</span></h2>
+  <h1><span class="headline">Sources</span></h1>
   {% if unstarred or starred %}
     <div id='filter-container'></div>
     <form id="process_collections" action="/col/process" method="post">
diff --git a/securedrop/journalist_templates/login.html b/securedrop/journalist_templates/login.html
index 15fd4075ac..ef2a8dc070 100644
--- a/securedrop/journalist_templates/login.html
+++ b/securedrop/journalist_templates/login.html
@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 {% block body %}
 
-<h2>Login to access the journalist interface</h2>
+<h1>Login to access the journalist interface</h1>
 
 <form method="post" action="/login" autocomplete="off">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 0f28e01dac..f65f726c0a 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -21,17 +21,23 @@
   h1, h2, h3
     font-weight: bold
 
-  h2, h3
-    text-align: center
+  h1, h2
+    color: #004080
 
   h1
     text-align: left
     font-size: 30px
-    color: #004080
 
   h2
     font-size: 25px
 
+    &.welcome-text
+      color: inherit
+      text-align: center
+
+  h3
+    text-align: center
+
   .content
     position: relative
     margin: 15px auto
diff --git a/securedrop/source_templates/error.html b/securedrop/source_templates/error.html
index b2a41c6776..bbadf9134c 100644
--- a/securedrop/source_templates/error.html
+++ b/securedrop/source_templates/error.html
@@ -2,7 +2,7 @@
 {% block body %}
 <div id="content">
 
-<h2>Server error</h2>
+<h1>Server error</h1>
 
 <p>Sorry, the website encountered an error and was unable to complete your request.</p>
 
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index b154b9f69e..fd1d461437 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 
 {% block body %}
-<h2>Remember this codename and keep it secret</h2>
+<h1>Remember this codename and keep it secret</h1>
 <p class="center">To protect your identity, we're assigning you a unique codename.</p>
 
 <hr class="no-line" />
diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html
index 0714486c87..032a572f3b 100644
--- a/securedrop/source_templates/index.html
+++ b/securedrop/source_templates/index.html
@@ -29,7 +29,7 @@
         </div>
 
         <div class="grid-item option alt">
-          <h2>
+          <h2 class="welcome-text">
             Submit documents for the first time
           </h2>
           <hr class="cut-out" />
@@ -38,7 +38,7 @@ <h2>
           <a href="/generate" class="sd-button btn alt block" id="submit-documents-button">SUBMIT<br/>DOCUMENTS</a>
         </div>
         <div class="grid-item option">
-          <h2>
+          <h2 class="welcome-text">
             Already submitted something?
           </h2>
           <hr class="cut-out" />
diff --git a/securedrop/source_templates/login.html b/securedrop/source_templates/login.html
index d9f9ffe0a7..69e5e01a3b 100644
--- a/securedrop/source_templates/login.html
+++ b/securedrop/source_templates/login.html
@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 {% block body %}
 
-<h2>Enter Codename</h2>
+<h1>Enter Codename</h1>
 
 {% include 'flashed.html' %}
 
diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index 4c3c49eec9..f059978184 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -7,9 +7,15 @@
   {% if flagged and not haskey %}
   <p class="notification"> <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/black/info-circle.svg') }}" width="20px" height="20px">A journalist has been waiting for you to log in again so SecureDrop can generate a crypto key for you. Now that you have logged in, they are able to write you a reply. Check back later for replies.</p>
   {% endif %}
+</div>
+
+<h1 class="headline">Submit Materials</h1>
+<p class="explanation">If you are already familiar with GPG, you can optionally encrypt your files and messages with our <a href="/journalist-key" class="text-link">public key</a> before submission. Files are encrypted as they are received by SecureDrop. <a href="/why-journalist-key" class="text-link">Learn more</a>.</p>
 
-  <h2 class="headline">Submit Materials</h2>
-  <p class="explanation">If you are already familiar with GPG, you can optionally encrypt your files and messages with our <a href="/journalist-key" class="text-link">public key</a> before submission. Files are encrypted as they are received by SecureDrop. <a href="/why-journalist-key" class="text-link">Learn more</a>.</p>
+<h1 class="headline">Submit documents and messages</h1>
+
+<div class="center">
+  <p>You can send a file, a message, or both.</p>
 
   <hr class="no-line">
 </div>
diff --git a/securedrop/source_templates/notfound.html b/securedrop/source_templates/notfound.html
index d99c59e261..cad6a84239 100644
--- a/securedrop/source_templates/notfound.html
+++ b/securedrop/source_templates/notfound.html
@@ -2,7 +2,7 @@
 {% block body %}
 <div id="content">
 
-<h2>Page not found</h2>
+<h1>Page not found</h1>
 
 <p>Sorry, we couldn't locate what you requested.</p>
 
diff --git a/securedrop/source_templates/tor2web-warning.html b/securedrop/source_templates/tor2web-warning.html
index 4c71ed2511..f6aa69a283 100644
--- a/securedrop/source_templates/tor2web-warning.html
+++ b/securedrop/source_templates/tor2web-warning.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block body %}
-<h2>Why is there a warning about Tor2Web?</h2>
+<h1>Why is there a warning about Tor2Web?</h1>
 <p><a href='https://tor2web.org'>Tor2Web</a> is a proxy service that lets you browse Tor Hidden Services (.onion sites) without installing Tor. It was designed to facilitate anonymous publishing.</p>
 <p>Tor2Web only protects publishers, not readers. If you upload documents to us using Tor2Web, you are <strong>not anonymous</strong> and could be identified by your ISP or the Tor2Web proxy operators. Additionally, since Tor2Web sites typically use HTTPS, it is possible that your connection could be MITM'ed by a capable adversary.</p>
 <p>If you want to submit information, we <strong>strongly advise you</strong> to install <a href='https://www.torproject.org/download.html.en'>Tor</a> and use it to access our site safely and anonymously.</p>
diff --git a/securedrop/source_templates/why-journalist-key.html b/securedrop/source_templates/why-journalist-key.html
index 21ad0d922f..0babf1e003 100644
--- a/securedrop/source_templates/why-journalist-key.html
+++ b/securedrop/source_templates/why-journalist-key.html
@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block body %}
-<h2>Why download the journalist's public key?</h2>
+<h1>Why download the journalist's public key?</h1>
 <p>SecureDrop encrypts files and messages after they are submitted. Encrypting messages and files before submission can provide an extra layer of security before your data reaches the SecureDrop server.</p>
 <p>If you are already familiar with the GPG encryption software, you may wish to encrypt your submissions yourself. To do so:
 <ol>
diff --git a/securedrop/tests/functional/journalist_navigation_steps.py b/securedrop/tests/functional/journalist_navigation_steps.py
index 52351fb681..bbc6dc70bb 100644
--- a/securedrop/tests/functional/journalist_navigation_steps.py
+++ b/securedrop/tests/functional/journalist_navigation_steps.py
@@ -93,8 +93,8 @@ def _admin_visits_admin_interface(self):
         admin_interface_link = self.driver.find_element_by_link_text('Admin')
         admin_interface_link.click()
 
-        h2s = self.driver.find_elements_by_tag_name('h2')
-        self.assertIn("Admin Interface", [el.text for el in h2s])
+        h1s = self.driver.find_elements_by_tag_name('h1')
+        self.assertIn("Admin Interface", [el.text for el in h1s])
 
         users_table_rows = self.driver.find_elements_by_css_selector(
             'table#users tr.user')

From 10c937aaa45a140aa3ab29d787cf96fe52319aa6 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Thu, 2 Feb 2017 21:09:26 +0100
Subject: [PATCH 07/15] html/css additions after rebase

---
 .../journalist_templates/admin_edit_user.html   |  4 ++--
 .../journalist_templates/edit_account.html      |  4 ++--
 securedrop/journalist_templates/login.html      |  2 +-
 securedrop/sass/_base.sass                      | 17 +----------------
 securedrop/sass/_button-rules.sass              |  5 ++---
 securedrop/sass/_variables.sass                 |  3 +--
 securedrop/source_templates/generate.html       |  8 ++++----
 securedrop/source_templates/index.html          |  2 +-
 securedrop/source_templates/login.html          |  9 ++++-----
 securedrop/source_templates/lookup.html         | 11 +++--------
 securedrop/tests/test_unit_source.py            |  2 +-
 11 files changed, 22 insertions(+), 45 deletions(-)

diff --git a/securedrop/journalist_templates/admin_edit_user.html b/securedrop/journalist_templates/admin_edit_user.html
index ddcca01501..8155971fb6 100644
--- a/securedrop/journalist_templates/admin_edit_user.html
+++ b/securedrop/journalist_templates/admin_edit_user.html
@@ -32,12 +32,12 @@ <h2>Reset Two Factor Authentication</h2>
 <form method="post" action="{{ url_for('admin_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
+  <button type="submit" class="pull-right">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
 </form>
 <br />
 <form method="post" action="{{ url_for('admin_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <input name="uid" type="hidden" value="{{ user.id }}"/>
-  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
+  <button class="sd-button" type="submit" class="pull-right">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
index da0842ddf4..79f2157f7f 100644
--- a/securedrop/journalist_templates/edit_account.html
+++ b/securedrop/journalist_templates/edit_account.html
@@ -21,11 +21,11 @@ <h2>Reset Two Factor Authentication</h2>
 <p>If your two factor authentication credentials have been lost or compromised, or you got a new device, you can reset your credentials here. <em>If you do this, make sure you are ready to set up your new device, otherwise you will be locked out of your account.</em></p>
 <form method="post" action="{{ url_for('account_reset_two_factor_totp') }}" id="reset-two-factor-totp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
+  <button class="sd-button" type="submit" class="pull-right">RESET TWO FACTOR AUTHENTICATION (GOOGLE AUTHENTICATOR)</button>
 </form>
 <br />
 <form method="post" action="{{ url_for('account_reset_two_factor_hotp') }}" id="reset-two-factor-hotp">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
-  <button class="sd-button" type="submit" class="center">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
+  <button class="sd-button" type="submit" class="pull-right">RESET TWO FACTOR AUTHENTICATION (HOTP YUBIKEY)</button>
 </form>
 {% endblock %}
diff --git a/securedrop/journalist_templates/login.html b/securedrop/journalist_templates/login.html
index ef2a8dc070..4765676588 100644
--- a/securedrop/journalist_templates/login.html
+++ b/securedrop/journalist_templates/login.html
@@ -8,7 +8,7 @@ <h1>Login to access the journalist interface</h1>
   <p class="center"><input type="text" name="username" autocomplete="off" placeholder="Username" autofocus></p>
   <p class="center"><input type="password" name="password" placeholder="Password"></p>
   <p class="center"><input name="token" id="token" type="text" placeholder="Two-factor Code"></p>
-  <p class="center"><button class="sd-button" type="submit">LOG IN</i></button></p>
+  <p class="pull-right"><button class="sd-button" type="submit">LOG IN</i></button></p>
 </form>
 
 {% endblock %}
diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index f65f726c0a..5bd6cd50bb 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -22,7 +22,7 @@
     font-weight: bold
 
   h1, h2
-    color: #004080
+    color: #7985aa
 
   h1
     text-align: left
@@ -389,17 +389,6 @@
   ul.plain
     list-style: none
 
-  a#already-have-codename
-    float: right
-    margin-right: 12px
-    margin-top: 10px
-    color: #888
-    text-decoration: none
-
-    &:hover
-      text-decoration: underline
-      color: #666
-
   ul.starred
     margin-bottom: 1.33em
 
@@ -442,10 +431,6 @@
   #regenerate-codename-btn-label
     font-size: 10px
 
-  .journalist-view-single
-    padding-top: 0px
-    text-align: center
-
   footer
     clear: both
     text-align: center
diff --git a/securedrop/sass/_button-rules.sass b/securedrop/sass/_button-rules.sass
index 2386a1804f..75c586e682 100644
--- a/securedrop/sass/_button-rules.sass
+++ b/securedrop/sass/_button-rules.sass
@@ -56,14 +56,13 @@
     &.primary
       display: block
       margin: 0 auto
-      width: 35%
       display: inline-block
 
     &.secondary
       @extend .primary
       background: white
-      color: $color_blue_medium
-      border: 1px solid $color_blue_medium
+      color: $color_purple_medium_darker
+      border: 1px solid $color_purple_medium_darker
 
   button.block, a.btn.block
     text-decoration: none
diff --git a/securedrop/sass/_variables.sass b/securedrop/sass/_variables.sass
index 9e317141c6..3e63575668 100644
--- a/securedrop/sass/_variables.sass
+++ b/securedrop/sass/_variables.sass
@@ -2,10 +2,9 @@ $color_warning_red: #ae3840
 $color_warning_red_pale: #d55c5c
 
 $color_purple_medium: #7985aa
+$color_purple_medium_darker: #727c9b
 
 $color_grey_dark: #626161
 $color_grey_medium: #9e9e9e
 $color_grey_light:  #f0f0f0
 $color_grey_xlight: #f3f3f3
-
-$color_blue_medium: #004080
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index fd1d461437..b7a8f2b961 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -2,7 +2,7 @@
 
 {% block body %}
 <h1>Remember this codename and keep it secret</h1>
-<p class="center">To protect your identity, we're assigning you a unique codename.</p>
+<p>To protect your identity, we're assigning you a unique codename.</p>
 
 <hr class="no-line" />
 
@@ -29,9 +29,9 @@ <h1>Remember this codename and keep it secret</h1>
 
 <hr class="no-line" />
 
-<form id="create-form" method="post" action="/create" autocomplete="off">
+<form id="create-form" method="post" action="/create" autocomplete="off" class="pull-right">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
-  <button type="submit" class="sd-button btn block pull-right" id="continue-button">CONTINUE</button>
-  <a id="already-have-codename" href="/login">Already have a codename?</a>
+  <a id="already-have-codename" href="/login" class="sd-button btn secondary">ALREADY HAVE A CODENAME?</a>
+  <button type="submit" class="sd-button btn primary" id="continue-button">CONTINUE</button>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html
index 032a572f3b..f76b74c06b 100644
--- a/securedrop/source_templates/index.html
+++ b/securedrop/source_templates/index.html
@@ -43,7 +43,7 @@ <h2 class="welcome-text">
           </h2>
           <hr class="cut-out" />
           <p>If you have already submitted documents in the past, log in here to check for responses.</p>
-          <a href="/login" id="login-button" class="sd-button btn block">CHECK FOR A RESPONSE</a>
+          <a href="/login" id="login-button" class="sd-button btn primary index">CHECK FOR A RESPONSE</a>
         </div>
       </div>
 
diff --git a/securedrop/source_templates/login.html b/securedrop/source_templates/login.html
index 69e5e01a3b..a9bbeba517 100644
--- a/securedrop/source_templates/login.html
+++ b/securedrop/source_templates/login.html
@@ -8,10 +8,9 @@ <h1>Enter Codename</h1>
 <form method="post" action="/login" autocomplete="off">
 <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
 <p class="center"><input id="login-with-existing-codename" type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
-<p class="center">
-  <p class="center"><input type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
-  <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">CANCEL</a>
-  <p class="center"><button type="submit" class="sd-button btn block">CONTINUE</button></p>
-</p>
+<div class="pull-right">
+  <a href="{{ url_for('index') }}" class="btn secondary" id="cancel">CANCEL</a>
+  <button type="submit" class="sd-button btn primary">CONTINUE</button>
+</div>
 </form>
 {% endblock %}
diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index f059978184..d68a226061 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -12,13 +12,8 @@
 <h1 class="headline">Submit Materials</h1>
 <p class="explanation">If you are already familiar with GPG, you can optionally encrypt your files and messages with our <a href="/journalist-key" class="text-link">public key</a> before submission. Files are encrypted as they are received by SecureDrop. <a href="/why-journalist-key" class="text-link">Learn more</a>.</p>
 
-<h1 class="headline">Submit documents and messages</h1>
-
-<div class="center">
-  <p>You can send a file, a message, or both.</p>
-
-  <hr class="no-line">
-</div>
+<p>You can send a file, a message, or both.</p>
+<hr class="no-line">
 
 <form id="upload" method="post" action="/submit" enctype="multipart/form-data" autocomplete="off">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
@@ -40,7 +35,7 @@ <h1 class="headline">Submit documents and messages</h1>
   </div>
 
   <hr class="no-line">
-  <div class="center">
+  <div class="pull-right">
     <a href="{{ url_for('lookup') }}" class="btn secondary" id="cancel">CANCEL</a>
     <button type="submit" class="sd-button btn primary">SUBMIT</button>
   </div>
diff --git a/securedrop/tests/test_unit_source.py b/securedrop/tests/test_unit_source.py
index 2519b8d1fb..4189c4dc73 100644
--- a/securedrop/tests/test_unit_source.py
+++ b/securedrop/tests/test_unit_source.py
@@ -65,7 +65,7 @@ def test_generate_has_login_link(self):
            if they already have a codename, rather than create a new one.
         """
         resp = self.client.get('/generate')
-        self.assertIn("Already have a codename?", resp.data)
+        self.assertIn("ALREADY HAVE A CODENAME?", resp.data)
         soup = BeautifulSoup(resp.data)
         already_have_codename_link = soup.select('a#already-have-codename')[0]
         self.assertEqual(already_have_codename_link['href'], '/login')

From b14c5ecfb314730239d93ddd502e83c3678b12e7 Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@redshiftzero.com>
Date: Wed, 1 Feb 2017 16:47:54 -0800
Subject: [PATCH 08/15] Fix mismatched box sizes on source interface index

---
 securedrop/sass/_base.sass             | 2 +-
 securedrop/sass/_button-rules.sass     | 7 +++++++
 securedrop/source_templates/index.html | 3 +--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 5bd6cd50bb..5a745cf8e0 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -338,7 +338,7 @@
     display: inline-block
     width: 30%
     min-width: 300px
-    min-height: 290px
+    min-height: 310px
     margin: 1%
     padding: 25px
     border: 1px solid #c3c3c3
diff --git a/securedrop/sass/_button-rules.sass b/securedrop/sass/_button-rules.sass
index 75c586e682..c37d58b9c2 100644
--- a/securedrop/sass/_button-rules.sass
+++ b/securedrop/sass/_button-rules.sass
@@ -64,6 +64,13 @@
       color: $color_purple_medium_darker
       border: 1px solid $color_purple_medium_darker
 
+    &.index
+      display: block
+      position: absolute
+      bottom: 5%
+      left: 10%
+      right: 10%
+
   button.block, a.btn.block
     text-decoration: none
     min-width: 250px
diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html
index f76b74c06b..85b386f00f 100644
--- a/securedrop/source_templates/index.html
+++ b/securedrop/source_templates/index.html
@@ -34,8 +34,7 @@ <h2 class="welcome-text">
           </h2>
           <hr class="cut-out" />
           <p>If this is your first time submitting documents to journalists, start here.</p>
-          {# adding a break between 'submit' and 'documents' to make both containers equal sized #}
-          <a href="/generate" class="sd-button btn alt block" id="submit-documents-button">SUBMIT<br/>DOCUMENTS</a>
+          <a href="/generate" class="sd-button btn alt index" id="submit-documents-button">SUBMIT<br/>DOCUMENTS</a>
         </div>
         <div class="grid-item option">
           <h2 class="welcome-text">

From bed052e43aabea12a28def0ea5e6484ea5e5f6d4 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 4 Feb 2017 16:34:37 +0100
Subject: [PATCH 09/15] removed lock icon on source generate page

---
 securedrop/source_templates/generate.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index b7a8f2b961..84c9e030f8 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -7,7 +7,6 @@ <h1>Remember this codename and keep it secret</h1>
 <hr class="no-line" />
 
 <div class="code">
-  <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/black/lock.svg') }}" width="20px" height="20px">
   <p id="codename">{{ codename }}</p>
   <div class="pull-right">
     <form id="regenerate-form" method="post">

From c8b3a179d0c429ab64cdbc73a05dcd223e0410c8 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 4 Feb 2017 17:43:57 +0100
Subject: [PATCH 10/15] increased codename letter spacing

---
 securedrop/sass/source.sass               | 8 ++++++--
 securedrop/source_templates/generate.html | 2 +-
 securedrop/source_templates/login.html    | 2 +-
 securedrop/source_templates/lookup.html   | 2 +-
 securedrop/tests/test_unit_source.py      | 2 +-
 5 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/securedrop/sass/source.sass b/securedrop/sass/source.sass
index 6ca85aaa08..d6e7cf72e4 100644
--- a/securedrop/sass/source.sass
+++ b/securedrop/sass/source.sass
@@ -86,13 +86,17 @@ input#show
       font-size: 100%
       height: auto
 
-input.codename
+input.codename-box
   width: 400px
   padding: 10px
   font-weight: bold
 
-p#codename
+.codename
   font-family: monospace
+  letter-spacing: 0.15em
+  font-weight: normal
+
+p#codename
   /*
    * HACK: Firefox likes to add non-existent leading and/or trailing whitespace
    * to <span>s, but never does it to <p>s. This hack uses a <p> for the
diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index 84c9e030f8..5482f32d8f 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -7,7 +7,7 @@ <h1>Remember this codename and keep it secret</h1>
 <hr class="no-line" />
 
 <div class="code">
-  <p id="codename">{{ codename }}</p>
+  <p id="codename" class="codename">{{ codename }}</p>
   <div class="pull-right">
     <form id="regenerate-form" method="post">
       <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
diff --git a/securedrop/source_templates/login.html b/securedrop/source_templates/login.html
index a9bbeba517..2e489cbf79 100644
--- a/securedrop/source_templates/login.html
+++ b/securedrop/source_templates/login.html
@@ -7,7 +7,7 @@ <h1>Enter Codename</h1>
 
 <form method="post" action="/login" autocomplete="off">
 <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
-<p class="center"><input id="login-with-existing-codename" type="password" name="codename" class="codename" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
+<p class="center"><input id="login-with-existing-codename" type="password" name="codename" class="codename-box" autocomplete="off" placeholder="Enter your codename" autofocus /></p>
 <div class="pull-right">
   <a href="{{ url_for('index') }}" class="btn secondary" id="cancel">CANCEL</a>
   <button type="submit" class="sd-button btn primary">CONTINUE</button>
diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index d68a226061..b4fce1a997 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -87,7 +87,7 @@ <h2 class="headline">Get Replies</h2>
 <div class="code-reminder">
   <img class="pull-left" src="{{ url_for('static', filename='i/font-awesome/black/lock.svg') }}" width="20px" height="20px"> Remember your codename is:
   <div id="show" class="show pull-right"></div>
-  <span id="content"><p class="alert"><strong>{{ codename }}</strong></p></span>
+  <span id="content" class="codename"><p class="alert">{{ codename }}</p></span>
 </div>
 
 {% endblock %}
diff --git a/securedrop/tests/test_unit_source.py b/securedrop/tests/test_unit_source.py
index 4189c4dc73..f8aad39ca9 100644
--- a/securedrop/tests/test_unit_source.py
+++ b/securedrop/tests/test_unit_source.py
@@ -39,7 +39,7 @@ def _find_codename(self, html):
         """Find a source codename (diceware passphrase) in HTML"""
         # Codenames may contain HTML escape characters, and the wordlist
         # contains various symbols.
-        codename_re = r'<p id="codename">(?P<codename>[a-z0-9 &#;?:=@_.*+()\'"$%!-]+)</p>'
+        codename_re = r'<p [^>]*id="codename"[^>]*>(?P<codename>[a-z0-9 &#;?:=@_.*+()\'"$%!-]+)</p>'
         codename_match = re.search(codename_re, html)
         self.assertIsNotNone(codename_match)
         return codename_match.group('codename')

From db4a35f989baa9688d1426f45da80cec061386fc Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 4 Feb 2017 17:48:36 +0100
Subject: [PATCH 11/15] changed placeholder text on source /lookup page

---
 securedrop/source_templates/lookup.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index b4fce1a997..4c36ebbeef 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -30,7 +30,7 @@ <h1 class="headline">Submit Materials</h1>
       <p class="center" id="max-file-size">Maximum upload size: 500 MB</p>
     </div>
     <div class="message grid-item">
-      <textarea name="msg" class="fill-parent" placeholder="Add message"></textarea>
+      <textarea name="msg" class="fill-parent" placeholder="Write a message."></textarea>
     </div>
   </div>
 

From 7a604429f08ae7292b2dae1af6c57c6880537f56 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 4 Feb 2017 19:20:35 +0100
Subject: [PATCH 12/15] updated source copy for clarity / supportiveness

---
 securedrop/source_templates/generate.html | 16 +++++++++++-----
 securedrop/tests/test_unit_source.py      |  5 +----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/securedrop/source_templates/generate.html b/securedrop/source_templates/generate.html
index 5482f32d8f..0b7b27ce2f 100644
--- a/securedrop/source_templates/generate.html
+++ b/securedrop/source_templates/generate.html
@@ -1,8 +1,8 @@
 {% extends "base.html" %}
 
 {% block body %}
-<h1>Remember this codename and keep it secret</h1>
-<p>To protect your identity, we're assigning you a unique codename.</p>
+<h1>Welcome</h1>
+<p>This codename is what you will use in future visits to receive messages from our journalists in response to what you submit on the next screen.</p>
 
 <hr class="no-line" />
 
@@ -20,13 +20,19 @@ <h1>Remember this codename and keep it secret</h1>
 </div>
 
 <div class="clearfix"></div>
+
 <hr class="no-line">
 
-<p>After you submit documents and messages, you can return to this SecureDrop site later to read replies from journalists and submit more information. <strong>You will need this codename to log in.</strong> This is the only way we can communicate back to you.</p>
+<p>Because we use none of the traditional means to track users of our <strong>SecureDrop</strong>
+ service, using this codename with future visits is the  only way we have to communicate with you, should we have
+ questions or are interested in additional documents. Unlike passwords, there is no way to retrieve a lost codename.
+</p>
 
-<p class="serious">The best way to protect your codename is to memorize it. If you cannot memorize it right away, we recommend writing it down and keeping it in a safe place at first, and gradually working to memorize it over time. Once you have memorized it, you should destroy the written copy.</p>
+<hr class="no-line"/>
 
-<hr class="no-line" />
+<aside class="center">
+  <p>Please either write this codename down and keep it in a safe place, or memorize it.</p>
+</aside>
 
 <form id="create-form" method="post" action="/create" autocomplete="off" class="pull-right">
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
diff --git a/securedrop/tests/test_unit_source.py b/securedrop/tests/test_unit_source.py
index f8aad39ca9..c51cdd9dc3 100644
--- a/securedrop/tests/test_unit_source.py
+++ b/securedrop/tests/test_unit_source.py
@@ -49,10 +49,7 @@ def test_generate(self):
             resp = c.get('/generate')
             self.assertEqual(resp.status_code, 200)
             session_codename = session['codename']
-        self.assertIn("Remember this codename and keep it secret", resp.data)
-        self.assertIn(
-            "To protect your identity, we're assigning you a unique codename.",
-            resp.data)
+        self.assertIn("This codename is what you will use in future visits", resp.data)
         codename = self._find_codename(resp.data)
         # default codename length is 7 words
         self.assertEqual(len(codename.split()), 7)

From 420dd76233141319a0d8dc5625e44edb38d7edf4 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sat, 4 Feb 2017 19:21:16 +0100
Subject: [PATCH 13/15] updated sass for flashes / asides

---
 securedrop/sass/_base.sass | 51 ++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 5a745cf8e0..84174b82d7 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -295,32 +295,47 @@
     display: block
     margin: 0 auto
 
-  .flash
+  $color_error_border: #F68E8E
+  $color_error_background: #FCE3E3
+
+  aside, .flash, .banner-warning
+    border-radius: 10px
+
+    i
+      font-size: 18pt
+
+  aside
+    background-color: #fffbe6
+    color: #82572d
+
+  aside, .flash
     padding: 10px
     margin: 10px
     text-align: left
     font-size: medium
 
-  .notification
-    border: 1px solid #8ed9f6
-    background-color: #e3f7fc
-    border-radius: 10px
-    padding: 9px
-    font-size: medium
-    font-weight: normal
+    &.notification
+      border: 1px solid #8ed9f6
+      background-color: #e3f7fc
+      font-size: medium
+      font-weight: normal
 
-    i
-      color: #4f7685
-      font-size: 18pt
+      i
+        color: #4f7685
 
-  .error, .banner-warning
-    border: 1px solid #F68E8E
-    background-color: #FCE3E3
-    border-radius: 10px
+    &.error
+      border: 1px solid $color_error_border
+      background-color: $color_error_background
+
+      i
+        color: #D62727
 
-  .error i, .banner-warning i
-    color: #D62727
-    font-size: 18pt
+  .banner-warning
+    border: 1px solid $color_error_border
+    background-color: $color_error_background
+
+    i
+      color: #D62727
 
   div
     &#select-container

From a824f9977d7078a3891813590efa414e80035ff1 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sun, 5 Feb 2017 11:58:36 +0100
Subject: [PATCH 14/15] removed unused sass rule

---
 securedrop/sass/_base.sass | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/securedrop/sass/_base.sass b/securedrop/sass/_base.sass
index 84174b82d7..b7a2aa7ee0 100644
--- a/securedrop/sass/_base.sass
+++ b/securedrop/sass/_base.sass
@@ -240,14 +240,6 @@
       .file-options
         padding-top: 8px
 
-      .upload-icon
-        display: inline-block
-        width: 100%
-        text-align: center
-        font-size: 52pt
-        color: rgba(0, 0, 0, 0.5)
-        margin-bottom: 8px
-
       input[type="file"]
         background-color: rgba(0, 0, 0, 0.05)
         padding: 10px

From d99c77698d50d12a02a2eb55bafc7e39dd25f675 Mon Sep 17 00:00:00 2001
From: heartsucker <heartsucker@autistici.org>
Date: Sun, 5 Feb 2017 14:16:41 +0100
Subject: [PATCH 15/15] use 'include' for embedded SVGs to avoid clutter in
 HTML

---
 securedrop/source_templates/lookup.html           | 8 +-------
 securedrop/source_templates/svg/server_upload.svg | 7 +++++++
 2 files changed, 8 insertions(+), 7 deletions(-)
 create mode 100644 securedrop/source_templates/svg/server_upload.svg

diff --git a/securedrop/source_templates/lookup.html b/securedrop/source_templates/lookup.html
index 4c36ebbeef..c9bf96ac5f 100644
--- a/securedrop/source_templates/lookup.html
+++ b/securedrop/source_templates/lookup.html
@@ -19,13 +19,7 @@ <h1 class="headline">Submit Materials</h1>
   <input name="csrf_token" type="hidden" value="{{ csrf_token() }}"/>
   <div class="snippet">
     <div class="attachment grid-item center">
-      <svg width="73" height="62" viewBox="0 0 73 61.8">
-        <path d="M47.6 8.6c0 3.7-9.4 6.7-21 6.7 -11.6 0-21-3-21-6.7 0-3.7 9.4-6.7 21-6.7C38.2 2 47.6 4.9 47.6 8.6" class="icon"/>
-        <path d="M47.8 18.1c0 3.7-9.5 6.7-21.1 6.7 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 10.1 0 18.6-2.1 21.1-5L47.8 18.1z" class="icon"/>
-        <path d="M30.7 34.4c-1.2 0.1-2.5 0.1-3.8 0.1 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 3.5 0 6.8-0.2 9.7-0.7C34 28.5 31.9 31.3 30.7 34.4z" class="icon"/>
-        <path d="M29.3 43.9c-0.8 0-1.6 0-2.5 0 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 1.1 0 2.1 0 3.1-0.1 -0.5 1.8-0.8 3.6-0.8 5.5C29.2 42.6 29.3 43.2 29.3 43.9z" class="icon"/>
-        <path d="M49.2 23.9c-9.9 0-17.9 8-17.9 17.9s8 17.9 17.9 17.9c9.9 0 17.9-8 17.9-17.9S59.1 23.9 49.2 23.9zM49.2 30.4c0.7-0.7 1.4 0.1 1.4 0.1s8.1 8.2 9.2 9.3c1.6 1.5-0.2 1.9-0.2 1.9h-6v10.5h-7.5v-10.6h-5.9c-1.3 0-0.4-1.7-0.4-1.7L49.2 30.4" class="icon"/>
-      </svg>
+      {% include 'svg/server_upload.svg' %}
       <input type="file" name="fh" autocomplete="off">
       <p class="center" id="max-file-size">Maximum upload size: 500 MB</p>
     </div>
diff --git a/securedrop/source_templates/svg/server_upload.svg b/securedrop/source_templates/svg/server_upload.svg
new file mode 100644
index 0000000000..82b67709e5
--- /dev/null
+++ b/securedrop/source_templates/svg/server_upload.svg
@@ -0,0 +1,7 @@
+<svg width="73" height="62" viewBox="0 0 73 61.8" xmlns="http://www.w3.org/2000/svg" version="1.1">
+  <path d="M47.6 8.6c0 3.7-9.4 6.7-21 6.7 -11.6 0-21-3-21-6.7 0-3.7 9.4-6.7 21-6.7C38.2 2 47.6 4.9 47.6 8.6" class="icon"/>
+  <path d="M47.8 18.1c0 3.7-9.5 6.7-21.1 6.7 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 10.1 0 18.6-2.1 21.1-5L47.8 18.1z" class="icon"/>
+  <path d="M30.7 34.4c-1.2 0.1-2.5 0.1-3.8 0.1 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 3.5 0 6.8-0.2 9.7-0.7C34 28.5 31.9 31.3 30.7 34.4z" class="icon"/>
+  <path d="M29.3 43.9c-0.8 0-1.6 0-2.5 0 -11.7 0-21.1-3-21.1-6.7l0.1-5.6c2.5 2.8 11 4.9 21 4.9 1.1 0 2.1 0 3.1-0.1 -0.5 1.8-0.8 3.6-0.8 5.5C29.2 42.6 29.3 43.2 29.3 43.9z" class="icon"/>
+  <path d="M49.2 23.9c-9.9 0-17.9 8-17.9 17.9s8 17.9 17.9 17.9c9.9 0 17.9-8 17.9-17.9S59.1 23.9 49.2 23.9zM49.2 30.4c0.7-0.7 1.4 0.1 1.4 0.1s8.1 8.2 9.2 9.3c1.6 1.5-0.2 1.9-0.2 1.9h-6v10.5h-7.5v-10.6h-5.9c-1.3 0-0.4-1.7-0.4-1.7L49.2 30.4" class="icon"/>
+</svg>