It does deliver reports, but it also stores them encrypted and matches them.

Cyclomatic complexity is too high in method generate_match_report. (11)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/report_delivery.py#issue_5769b1b5a781c10001de1266

mentioned in accessibility audit--not sure of exact issues

Sort all imports per django's guidelines and add some words to the contributor guidelines reminding folks to stick to those guidelines.

(I'm breaking #4 into three separate issues.)

https://django-fernet-fields.readthedocs.io/en/latest/

encrypt contact info (phone number, email address, etc) symmetrically with a key set in settings, or with the school's public key

use signals for various events in delivery and receive them in the evaluation module

If someone submits a report to matching and for some reason puts the same perpetrator identifier down twice, we should only create one MatchReport entry.

It would be nice to know which versions of Python/Django/other libraries are needed.

https://github.com/SexualHealthInnovations/callisto-core/blob/master/callisto/delivery/report_delivery.py#L173

including student email verification

(inspired by @swenson)
Currently, the information needed to report a match is stored with other system metadata as database rows. The combination of survivor contact information and unique assailant ID is especially sensitive and we want to protect it further. However, match information is delivered to the reporting party immediately upon a match being found, to prevent users from "fishing" for a specific assailant's name with unfounded match entries. Because of this, stored match entries need to be matchable and deliverable without the survivor who originally submitted needing to enter a key at the time a match is found.

Encrypting the match data with a Callisto admin-provided symmetric key would provide some security, but relies on strong key management and protection. Additionally, the data is still vulnerable to subpoena. We could encrypt the stored match data asymmetrically with the school/reporting authority's public key. We would still need to keep around assailant identifier data in some form to allow for a match, and we are dependent on the school's key management, which isn't under our full control.

Chris proposed, instead, using the unique assailant ID as a key to encrypt the survivor contact information. When a survivor submits a report to matching, we first encrypt their contact information using the submitted assailant ID as a key. We then use the submitted assailant ID as a key to try to decrypt the existing matching entries. If any decryption attempt is successful, we know that entry was a match, and we can combine the submitted contact information with the decrypted contact information to compile a match report and deliver it safely to the reporting authority.

Hey,

Was on your site via VPN and then TOR and noticed that it blocks both due to your use of CloudFlare.
AFAIK you can actually remove this problem, esp as some victims may seek to use such services for extra privacy:

https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

This should include test coverage in Travis (related to #5). Tried it out quickly in this branch:
https://github.com/SexualHealthInnovations/callisto-core/tree/divergentdave-travis-ci-try-other-python-versions

See results here:
https://travis-ci.org/SexualHealthInnovations/callisto-core/builds/139120215

Python 3.3/Django 1.9 needs to be excluded--that combination is not supported by Django. Code changes are needed to support the 2.7 builds

It's really important that we know that admins have gotten a report after a user has elected to send it to them, so we want to use some sort of email tracking (Google Analytics?) on the emails that have encrypted reports attached to them to confirm that they've been opened.

Similar code found in 1 other location (mass = 107)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/views.py#issue_5769a9ac92630f0001d567d1

At some point, it would be helpful to use git-lfs to store and version media files. https://git-lfs.github.com/

@kevindaum: wanted to get this hammered out somewhere more discoverable than a PR.

Are you still getting the FileNotFoundError: [Errno 2] No such file or directory: 'gpg' errors on your machine? I think this may be an OS issue, so it'd be good for us to document how to fix it if so. What OS are you using? If it's Linux or Mac, can you run which gpg and let me know the output? I think that where gpg should do the same thing on Windows.

Cyclomatic complexity is too high in method render_question. (17)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/report_delivery.py#issue_5769b1b54a3c920001de113f

https://travis-ci.org/

https://github.com/SexualHealthInnovations/callisto-core/blob/master/callisto/delivery/wizard.py#L17

Example of how to retrieve emails in tests:
https://github.com/SexualHealthInnovations/callisto-core/blob/master/tests/callistocore/test_delivery.py#L257-L261

Example of how to test encryption:
https://github.com/SexualHealthInnovations/callisto-core/blob/master/tests/evaluation/tests.py#L71-L97

We'll need to store the old number of iterations somewhere, and update that when users decrypt their records. Look into how Django does this:
https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#password-upgrading
http://tech.marksblogg.com/passwords-in-django.html

When I first started working on #4, pyflakes was finding some issues. This may no longer be the case since Travis seems to be running pyflakes on everyone's pull requests now... but it probably still is.

related to #41

ideas on how to do this: https://bugzilla.mozilla.org/show_bug.cgi?id=1192957

we should be able to toggle this on and off via settings

want to validate the output of the PDF created in https://github.com/SexualHealthInnovations/callisto-core/blob/master/delivery/report_delivery.py

Similar code found in 2 other locations (mass = 49)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/views.py#issue_5769a9ac8814e10001d56c2d

Leaning towards Codecov, but open to others. Want something that integrates with Travis and ideally has branch coverage

TODO found

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/forms.py#issue_5769b1b492630f0001de0f9c

Looks like there are a lot of options for doing this in Python

see #41--waiting for after #38

https://github.com/SexualHealthInnovations/callisto-core/blob/master/callisto/delivery/report_delivery.py#L254

Cyclomatic complexity is too high in method _extract_answers. (7)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/evaluation/models.py#issue_5769b1b58814e10001de14a2

Similar code found in 2 other locations (mass = 46)

https://codeclimate.com/github/SexualHealthInnovations/callisto-core/callisto/delivery/forms.py#issue_5769b1b34a3c920001de0f48

from #43

https://github.com/SexualHealthInnovations/callisto-core/blob/72283d2e230550c1c373e71bfd78d7634709a648/delivery/models.py#L120

see more here:
https://medium.com/@marcochiappetta/validating-models-in-django-1-8-499cdc842ae8#.qy1ks8nre

We don't use many ModelForms, so a review to see if our objects are being properly validated before save would be good.