freedomofpress · zenmonkeykstop · Nov 26, 2020 · Nov 24, 2020 · Nov 25, 2020 · Nov 26, 2020
@@ -230,7 +230,7 @@
   /var/www/securedrop/source_templates/session_timeout.html r,
   /var/www/securedrop/source_templates/tor2web-warning.html r,
   /var/www/securedrop/source_templates/use-tor-browser.html r,
-  /var/www/securedrop/source_templates/why-journalist-key.html r,
+  /var/www/securedrop/source_templates/why-public-key.html r,
   /var/www/securedrop/static/.webassets-cache/** rw,
   /var/www/securedrop/static/css/font-awesome.css r,
   /var/www/securedrop/static/css/journalist.css r,

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 import flask
-from flask import Blueprint, render_template, send_file, current_app
+from flask import Blueprint, render_template, send_file, current_app, redirect, url_for
+import werkzeug
 
 from io import BytesIO  # noqa
 
@@ -18,8 +19,8 @@ def tor2web_warning() -> str:
     def recommend_tor_browser() -> str:
         return render_template("use-tor-browser.html")
 
-    @view.route('/journalist-key')
-    def download_journalist_pubkey() -> flask.Response:
+    @view.route('/public-key')
+    def download_public_key() -> flask.Response:
         journalist_pubkey = current_app.crypto_util.gpg.export_keys(
             config.JOURNALIST_KEY)
         data = BytesIO(journalist_pubkey.encode('utf-8'))
@@ -28,8 +29,12 @@ def download_journalist_pubkey() -> flask.Response:
                          attachment_filename=config.JOURNALIST_KEY + ".asc",
                          as_attachment=True)
 
-    @view.route('/why-journalist-key')
-    def why_download_journalist_pubkey() -> str:
-        return render_template("why-journalist-key.html")
+    @view.route('/journalist-key')
+    def download_journalist_key() -> werkzeug.wrappers.Response:
+        return redirect(url_for('.download_public_key'), code=301)
+
+    @view.route('/why-public-key')
+    def why_download_public_key() -> str:
+        return render_template("why-public-key.html")
 
     return view
@@ -40,11 +40,11 @@ <h2 class="headline">{{ gettext('Submit Messages') }}</h2>
 
 <p class="explanation extended-explanation">
 {% if allow_document_uploads %}
-{{ gettext('If you are already familiar with GPG, you can optionally encrypt your files and messages with our <a href="{url}" class="text-link">public key</a> before submission. Files are encrypted as they are received by SecureDrop.').format(url=url_for('info.download_journalist_pubkey')) }}
+{{ gettext('If you are already familiar with GPG, you can optionally encrypt your files and messages with our <a href="{url}" class="text-link">public key</a> before submission. Files are encrypted as they are received by SecureDrop.').format(url=url_for('info.download_public_key')) }}
 {% else %}
-{{ gettext('If you are already familiar with GPG, you can optionally encrypt your messages with our <a href="{url}" class="text-link">public key</a> before submission.').format(url=url_for('info.download_journalist_pubkey')) }}
+{{ gettext('If you are already familiar with GPG, you can optionally encrypt your messages with our <a href="{url}" class="text-link">public key</a> before submission.').format(url=url_for('info.download_public_key')) }}
 {% endif %}
-{{ gettext('<a href="{url}" class="text-link">Learn more</a>.').format(url=url_for('info.why_download_journalist_pubkey')) }}</p>
+{{ gettext('<a href="{url}" class="text-link">Learn more</a>.').format(url=url_for('info.why_download_public_key')) }}</p>
 
 <hr class="no-line">
 

@@ -5,11 +5,11 @@ <h1>{{ gettext("Why download the team's public key?") }}</h1>
 <p>{{ gettext("If you are already familiar with the GPG encryption software, you may wish to encrypt your submissions yourself. To do so:") }}
 <ol>
     <li>{{ gettext('<a href="{url}">Download</a> the public key. It will be saved to a file called:
-        <p><code>{submission_key_fpr_filename}</code></p>').format(url=url_for('info.download_journalist_pubkey'), submission_key_fpr_filename=submission_key_fpr + '.asc')|safe }}</li>
+        <p><code>{submission_key_fpr_filename}</code></p>').format(url=url_for('info.download_public_key'), submission_key_fpr_filename=submission_key_fpr + '.asc')|safe }}</li>
 <li>{{ gettext('Import it into your GPG keyring.') }}
 <ul>
     <li>{{ gettext('If you are using <a href="{url}">Tails</a>, you can double-click the <code>.asc</code> file you just downloaded and it will be automatically imported to your keyring.').format(url='https://tails.boum.org') }}</li>
-    <li>{{ gettext('If you are using macOS or Linux, open the terminal. You can import the key with:<p><code>gpg --import /path/to/{submission_key_fpr_filename}</code></p>').format(url_for('info.download_journalist_pubkey'), submission_key_fpr_filename=submission_key_fpr + '.asc')|safe }}</li>
+    <li>{{ gettext('If you are using macOS or Linux, open the terminal. You can import the key with:<p><code>gpg --import /path/to/{submission_key_fpr_filename}</code></p>').format(url_for('info.download_public_key'), submission_key_fpr_filename=submission_key_fpr + '.asc')|safe }}</li>
 </ul>
 </li>
 <li>{{ gettext('Encrypt your submission. Open the terminal and enter this gpg command:') }}

@@ -223,7 +223,7 @@ def _source_tor2web_warning(self):
         self.driver.get(self.source_location + "/tor2web-warning")
 
     def _source_why_journalist_key(self):
-        self.driver.get(self.source_location + "/why-journalist-key")
+        self.driver.get(self.source_location + "/why-public-key")
 
     def _source_waits_for_session_to_timeout(self):
         time.sleep(self.session_expiration + 2)

@@ -48,7 +48,7 @@ class TestDownloadKey(
 
     def test_journalist_key_from_source_interface(self):
         data = self.return_downloaded_content(self.source_location +
-                                              "/journalist-key", None)
+                                              "/public-key", None)
 
         data = data.decode('utf-8')
         assert "BEGIN PGP PUBLIC KEY BLOCK" in data

@@ -5,7 +5,7 @@
 import time
 
 from io import BytesIO, StringIO
-from flask import session, escape, current_app, url_for, g
+from flask import session, escape, current_app, url_for, g, request
 from mock import patch, ANY
 
 import crypto_util
@@ -204,11 +204,21 @@ def test_lookup(source_app):
         text = resp.data.decode('utf-8')
         assert "public key" in text
         # download the public key
-        resp = app.get(url_for('info.download_journalist_pubkey'))
+        resp = app.get(url_for('info.download_public_key'))
         text = resp.data.decode('utf-8')
         assert "BEGIN PGP PUBLIC KEY BLOCK" in text
 
 
+def test_journalist_key_redirects_to_public_key(source_app):
+    """Test that the /journalist-key route redirects to /public-key."""
+    with source_app.test_client() as app:
+        resp = app.get(url_for('info.download_journalist_key'))
+        assert resp.status_code == 301
+        resp = app.get(url_for('info.download_journalist_key'), follow_redirects=True)
+        assert request.path == url_for('info.download_public_key')
+        assert "BEGIN PGP PUBLIC KEY BLOCK" in resp.data.decode('utf-8')
+
+
 def test_login_and_logout(source_app):
     with source_app.test_client() as app:
         resp = app.get(url_for('main.login'))
@@ -576,7 +586,7 @@ def test_why_use_tor_browser(source_app):
 
 def test_why_journalist_key(source_app):
     with source_app.test_client() as app:
-        resp = app.get(url_for('info.why_download_journalist_pubkey'))
+        resp = app.get(url_for('info.why_download_public_key'))
         assert resp.status_code == 200
         text = resp.data.decode('utf-8')
         assert "Why download the team's public key?" in text