freedomofpress · emkll · Jan 8, 2021 · Dec 21, 2020 · Dec 21, 2020 · Jan 6, 2021
@@ -261,6 +261,7 @@
   /var/www/securedrop/static/i/delete_gray.png r,
   /var/www/securedrop/static/i/delete_red.png r,
   /var/www/securedrop/static/i/bang-stop.png r,
+  /var/www/securedrop/static/i/bang-circle.png r,
   /var/www/securedrop/static/i/favicon.png r,
   /var/www/securedrop/static/i/font-awesome/black/guard.svg r,
   /var/www/securedrop/static/i/font-awesome/black/times.svg r,

@@ -53,8 +53,13 @@ def create_app(config: 'SDConfig') -> Flask:
     app.config['SQLALCHEMY_DATABASE_URI'] = config.DATABASE_URI
     db.init_app(app)
 
-    v2_enabled = path.exists(path.join(config.SECUREDROP_DATA_ROOT, 'source_v2_url'))
-    v3_enabled = path.exists(path.join(config.SECUREDROP_DATA_ROOT, 'source_v3_url'))
+    def _url_exists(u: str) -> bool:
+        return path.exists(path.join(config.SECUREDROP_DATA_ROOT, u))
+
+    v2_enabled = _url_exists('source_v2_url') or ((not _url_exists('source_v2_url'))
+                                                  and (not _url_exists('source_v3_url')))
+    v3_enabled = _url_exists('source_v3_url')
+
     app.config.update(V2_ONION_ENABLED=v2_enabled, V3_ONION_ENABLED=v3_enabled)
 
     # TODO: Attaching a Storage dynamically like this disables all type checking (and
@@ -161,9 +166,12 @@ def setup_g() -> 'Optional[Response]':
         else:
             g.organization_name = gettext('SecureDrop')
 
-        if not app.config['V3_ONION_ENABLED'] or app.config['V2_ONION_ENABLED']:
+        if app.config['V2_ONION_ENABLED'] and not app.config['V3_ONION_ENABLED']:
             g.show_v2_onion_eol_warning = True
 
+        if app.config['V2_ONION_ENABLED'] and app.config['V3_ONION_ENABLED']:
+            g.show_v2_onion_migration_warning = True
+
         if request.path.split('/')[1] == 'api':
             pass  # We use the @token_required decorator for the API endpoints
         else:  # We are not using the API

@@ -20,8 +20,14 @@
 
     {% if g.user %}
       {% if g.show_v2_onion_eol_warning %}
-      <div id="v2-onion-eol" class="warning-banner">
-        {{ gettext('<strong>Update Required:</strong> Your SecureDrop servers are still running v2 onion services, which are being phased out for security reasons. In February 2021, v2 onion services will be disabled, and your SecureDrop servers may become unreachable. <a href="//securedrop.org/v2-onion-eol" rel="noreferrer">Learn More</a>') }}
+      <div id="v2-onion-eol" class="alert-banner">
+        <img src="{{ url_for('static', filename='i/bang-circle.png') }}" width="20" height="20"> {{ gettext('<strong>Update Required</strong>&nbsp;&nbsp;Set up v3 Onion Services before April 30 to keep your SecureDrop servers online. Please contact your administrator. <a href="//securedrop.org/v2-onion-eol" rel="noreferrer">Learn More</a>') }}
+      </div>
+      {% endif %}
+
+      {% if g.show_v2_onion_migration_warning %}
+      <div id="v2-complete-migration" class="alert-banner">
+        <img src="{{ url_for('static', filename='i/bang-circle.png') }}" width="20" height="20"> {{ gettext('<strong>Update Required</strong>&nbsp;&nbsp;Complete the v3 Onion Services setup before April 30. Please contact your administrator. <a href="//securedrop.org/v2-onion-eol" rel="noreferrer">Learn More</a>') }}
       </div>
       {% endif %}
 

@@ -40,6 +40,8 @@
 @import modules/warning
 // Warning - Warning messages that show up in a banner to the user.
 @import modules/warning-banner
+// Alert - Urgent messages requiring action that show up in a banner to the user.
+@import modules/alert-banner
 // Confirm prompt - When deleting something this prompt is shown
 @import modules/confirm-prompt
 // 'Serious' text - Seems to be unused. Delete?
@@ -122,6 +124,7 @@
   +panel
   +warning
   +warning-banner
+  +alert-banner
   +confirm-prompt
   +serious-text
   +code

@@ -0,0 +1,21 @@
+=alert-banner
+  .alert-banner
+    display: block
+    background-color: $color_urgent_coral
+    color: white
+    padding: 10px 0
+    width: 100%
+    text-align: center
+    font-size: small
+    box-sizing: border-box
+    -moz-box-sizing: border-box
+
+    img
+      vertical-align: text-bottom
+
+    a
+      color: white
+      border-bottom: 1px solid white
+
+    .close
+      cursor: pointer
@@ -76,7 +76,8 @@ def test_user_sees_v2_eol_warning_if_only_v2_is_enabled(config, journalist_app,
         resp = app.get(url_for('main.index'))
 
     text = resp.data.decode('utf-8')
-    assert "v2-onion-eol" in text, text
+    assert 'id="v2-onion-eol"' in text, text
+    assert 'id="v2-complete-migration"' not in text, text
 
 
 def test_user_sees_v2_eol_warning_if_both_v2_and_v3_enabled(config, journalist_app, test_journo):
@@ -91,7 +92,8 @@ def test_user_sees_v2_eol_warning_if_both_v2_and_v3_enabled(config, journalist_a
         resp = app.get(url_for('main.index'))
 
     text = resp.data.decode('utf-8')
-    assert "v2-onion-eol" in text, text
+    assert 'id="v2-onion-eol"' not in text, text
+    assert 'id="v2-complete-migration"' in text, text
 
 
 def test_user_does_not_see_v2_eol_warning_if_only_v3_enabled(config, journalist_app, test_journo):
@@ -106,22 +108,8 @@ def test_user_does_not_see_v2_eol_warning_if_only_v3_enabled(config, journalist_
         resp = app.get(url_for('main.index'))
 
     text = resp.data.decode('utf-8')
-    assert "v2-onion-eol" not in text, text
-
-
-def test_user_sees_v2_eol_warning_if_both_urls_do_not_exist(config, journalist_app, test_journo):
-    journalist_app.config.update(V2_ONION_ENABLED=False, V3_ONION_ENABLED=False)
-    with journalist_app.test_client() as app:
-        _login_user(
-            app,
-            test_journo['username'],
-            test_journo['password'],
-            test_journo['otp_secret'])
-
-        resp = app.get(url_for('main.index'))
-
-    text = resp.data.decode('utf-8')
-    assert "v2-onion-eol" in text, text
+    assert 'id="v2-onion-eol"' not in text, text
+    assert 'id="v2-complete-migration"' not in text, text
 
 
 def test_user_with_whitespace_in_username_can_login(journalist_app):