securedrop-admin: when a journalist key is present, the email is required

Author: Loic Dachary

admin/securedrop_admin/__init__.py

@@ -43,6 +43,10 @@ class FingerprintException(Exception):
     pass
 
 
+class JournalistAlertEmailException(Exception):
+    pass
+
+
 class SiteConfig(object):
 
     class ValidateNotEmpty(Validator):
@@ -341,6 +345,7 @@ def update_config(self):
         self.config.update(self.user_prompt_config())
         self.save()
         self.validate_gpg_keys()
+        self.validate_journalist_alert_email()
         return True
 
     def user_prompt_config(self):
@@ -412,6 +417,23 @@ def validate_gpg_keys(self):
                     "the public key {}".format(public_key))
         return True
 
+    def validate_journalist_alert_email(self):
+        if (self.config['journalist_alert_gpg_public_key'] == '' and
+                self.config['journalist_gpg_fpr'] == ''):
+            return True
+
+        class Document(object):
+            def __init__(self, text):
+                self.text = text
+
+        try:
+            SiteConfig.ValidateEmail().validate(Document(
+                self.config['journalist_alert_email']))
+        except ValidationError as e:
+            raise JournalistAlertEmailException(
+                "journalist alerts email: " + e.message)
+        return True
+
     def exists(self):
         return os.path.exists(self.args.site_config)
 

admin/tests/test_securedrop-admin.py

@@ -411,6 +411,41 @@ def test_validate_gpg_key(self, caplog):
                 site_config.validate_gpg_keys()
             assert 'FAIL does not match' in e.value.message
 
+    def test_journalist_alert_email(self):
+        args = argparse.Namespace(site_config='INVALID',
+                                  ansible_path='tests/files',
+                                  app_path=dirname(__file__))
+        site_config = securedrop_admin.SiteConfig(args)
+        site_config.config = {
+            'journalist_alert_gpg_public_key':
+            '',
+
+            'journalist_gpg_fpr':
+            '',
+        }
+        assert site_config.validate_journalist_alert_email()
+        site_config.config = {
+            'journalist_alert_gpg_public_key':
+            'test_journalist_key.pub',
+
+            'journalist_gpg_fpr':
+            '65A1B5FF195B56353CC63DFFCC40EF1228271441',
+        }
+        site_config.config['journalist_alert_email'] = ''
+        with pytest.raises(
+                securedrop_admin.JournalistAlertEmailException) as e:
+            site_config.validate_journalist_alert_email()
+        assert 'not be empty' in e.value.message
+
+        site_config.config['journalist_alert_email'] = 'bademail'
+        with pytest.raises(
+                securedrop_admin.JournalistAlertEmailException) as e:
+            site_config.validate_journalist_alert_email()
+        assert 'Must contain a @' in e.value.message
+
+        site_config.config['journalist_alert_email'] = '[email protected]'
+        assert site_config.validate_journalist_alert_email()
+
     @mock.patch('securedrop_admin.SiteConfig.validated_input',
                 side_effect=lambda p, d, v, t: d)
     @mock.patch('securedrop_admin.SiteConfig.save')