From 4433d6b0f7333b394b290ac9bdf4aa11c07cde0f Mon Sep 17 00:00:00 2001 From: Kevin O Gorman Date: Fri, 27 Sep 2019 11:53:37 -0400 Subject: [PATCH] added check for admin password in GUI updater --- .../journalist_gui/SecureDropUpdater.py | 27 ++++++++++++++----- journalist_gui/journalist_gui/strings.py | 4 +++ journalist_gui/test_gui.py | 8 ++++++ 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/journalist_gui/journalist_gui/SecureDropUpdater.py b/journalist_gui/journalist_gui/SecureDropUpdater.py index d64cd5365e..96f56a7708 100644 --- a/journalist_gui/journalist_gui/SecureDropUpdater.py +++ b/journalist_gui/journalist_gui/SecureDropUpdater.py @@ -15,6 +15,15 @@ ESCAPE_POD = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]') +def password_is_set(): + + pwd_flag = subprocess.check_output(['passwd', '--status']).decode('utf-8').split()[1] + + if pwd_flag == 'NP': + return False + return True + + def prevent_second_instance(app: QtWidgets.QApplication, name: str) -> None: # noqa # Null byte triggers abstract namespace @@ -27,7 +36,7 @@ def prevent_second_instance(app: QtWidgets.QApplication, name: str) -> None: # except OSError as e: if e.errno == ALREADY_BOUND_ERRNO: err_dialog = QtWidgets.QMessageBox() - err_dialog.setText(name + ' is already running.') + err_dialog.setText(name + strings.app_is_already_running) err_dialog.exec() sys.exit() else: @@ -280,11 +289,17 @@ def on_failure(self): self.progressBar.setProperty("value", 0) def update_securedrop(self): - self.pushButton_2.setEnabled(False) - self.pushButton.setEnabled(False) - self.progressBar.setProperty("value", 10) - self.update_status_bar_and_output(strings.fetching_update) - self.update_thread.start() + if password_is_set(): + self.pushButton_2.setEnabled(False) + self.pushButton.setEnabled(False) + self.progressBar.setProperty("value", 10) + self.update_status_bar_and_output(strings.fetching_update) + self.update_thread.start() + else: + self.pushButton_2.setEnabled(False) + pwd_err_dialog = QtWidgets.QMessageBox() + pwd_err_dialog.setText(strings.no_password_set_message) + pwd_err_dialog.exec() def alert_success(self): self.success_dialog = QtWidgets.QMessageBox() diff --git a/journalist_gui/journalist_gui/strings.py b/journalist_gui/journalist_gui/strings.py index 2528bbfdca..9792df1e07 100644 --- a/journalist_gui/journalist_gui/strings.py +++ b/journalist_gui/journalist_gui/strings.py @@ -42,3 +42,7 @@ initial_text_box = ("When the update begins, this area will populate with " "output.\n") doing_setup = "Checking dependencies are up to date... (2 mins remaining)" +no_password_set_message = ("The Tails Administration Password was not set.\n\n" + "Please reboot and set a password before updating " + "SecureDrop.") +app_is_already_running = " is already running." diff --git a/journalist_gui/test_gui.py b/journalist_gui/test_gui.py index 418eea0bc6..10f99b1096 100644 --- a/journalist_gui/test_gui.py +++ b/journalist_gui/test_gui.py @@ -250,6 +250,14 @@ def test_tails_status_failure(self): mock_remove.assert_not_called() self.assertEqual(self.window.progressBar.value(), 0) + @mock.patch('journalist_gui.SecureDropUpdater.QtWidgets.QMessageBox') + def test_no_update_without_password(self, mock_msgbox): + with mock.patch('journalist_gui.SecureDropUpdater.password_is_set', + return_value=False): + self.window.update_securedrop() + self.assertEqual(self.window.pushButton.isEnabled(), True) + self.assertEqual(self.window.pushButton_2.isEnabled(), False) + if __name__ == '__main__': unittest.main()