renamed "document interface" to "journalist interface"

.gitignore

@@ -10,7 +10,8 @@ wheelhouse
 
 # ignore the ATHS/THS hostname file ansible places
 app-ssh-aths
-app-document-aths
+app-document-aths # leave this here for historic reasons
+app-journalist-aths
 app-source-ths
 mon-ssh-aths
 
@@ -96,4 +97,4 @@ securedrop/static/.webassets-cache
 # Ignore .bundle directory added by Vagrant 1.8.0
 # Vagrant adding this directory is a bug, and should be fixed in Vagrant 1.8.1:
 # https://github.com/mitchellh/vagrant/issues/6705
-.bundle
+.bundle

docs/backup_and_restore.rst

@@ -25,8 +25,8 @@ Minimizing disk space
 Since the backup and restore operations both involve transferring *all* of
 your SecureDrop's stored submissions over Tor, the process can take a long time.
 To save time and improve reliability for the transfers, take a moment to clean up
-older submissions in the Document Interface. As a general practice, you should
-encourage your Journalists to delete submissions from the Document Interface
+older submissions in the Journalist Interface. As a general practice, you should
+encourage your Journalists to delete submissions from the Journalist Interface
 regularly.
 
 .. tip:: The throughput of a Tor Hidden Service seems to average around 150 kB/s,
@@ -37,15 +37,15 @@ currently on the *Application Server* by SSHing in and running
 ``sudo du -sh /var/lib/securedrop/store``.
 
 .. note:: Submissions are deleted asynchronously and one at a time, so if you
-          delete a lot of submissions through the Document Interface, it may
+          delete a lot of submissions through the Journalist Interface, it may
           take a while for all of the submissions to actually be deleted. This
           is especially true because SecureDrop uses ``srm`` to securely erase
           file submissions, which takes significantly more time than normal file
           deletion. You can monitor the progress of queued deletion jobs with
           ``sudo tail -f /var/log/securedrop_worker/err.log``.
 
 If you find you cannot perform a backup or restore due to this
-constraint, and have already deleted old submissions from the Document Interface,
+constraint, and have already deleted old submissions from the Journalist Interface,
 contact us through the `SecureDrop Support Portal`_.
 
 .. _SecureDrop Support Portal: https://securedrop-support.readthedocs.io/en/latest/

docs/configure_admin_workstation_post_install.rst

@@ -6,33 +6,33 @@ Configure the Admin Workstation Post-Install
 Auto-connect to the Authenticated Tor Hidden Services
 -----------------------------------------------------
 
-The SecureDrop installation process adds multiple layers of authentication to 
+The SecureDrop installation process adds multiple layers of authentication to
 protect access to the most sensitive assets in the SecureDrop system:
 
-#. The Document Interface, because it provides access to submissions (although 
-   they are encrypted to an offline key), and some metadata about sources and 
+#. The Journalist Interface, because it provides access to submissions (although
+   they are encrypted to an offline key), and some metadata about sources and
    submissions.
 #. SSH on the Application Server
 #. SSH on the Monitor Server
 
-The installation process blocks direct access to each of these assets, and sets 
-up `Authenticated Tor Hidden Services`_ (ATHS) to provide authenticated access 
-instead. Authenticated Tor Hidden Services share the benefits of Tor Hidden 
-Services, but are only accessible to users who possess a shared secret 
-(``auth-cookie`` in the Tor documentation) that is generated during the hidden 
+The installation process blocks direct access to each of these assets, and sets
+up `Authenticated Tor Hidden Services`_ (ATHS) to provide authenticated access
+instead. Authenticated Tor Hidden Services share the benefits of Tor Hidden
+Services, but are only accessible to users who possess a shared secret
+(``auth-cookie`` in the Tor documentation) that is generated during the hidden
 service setup process.
 
-In order to access an ATHS, you need to add one or more "auth-cookie" values 
-to your Tor configuration file (``torrc``) and restart Tor. Doing this manually 
-is annoying and error-prone, so SecureDrop includes a set of scripts in 
-``./tails_files`` that can set up a Tails instance to automatically 
-configure Tor to access a set of ATHS. In order to persist these changes across 
-reboots, the Tails instance must have persistence enabled (specifically, the 
+In order to access an ATHS, you need to add one or more "auth-cookie" values
+to your Tor configuration file (``torrc``) and restart Tor. Doing this manually
+is annoying and error-prone, so SecureDrop includes a set of scripts in
+``./tails_files`` that can set up a Tails instance to automatically
+configure Tor to access a set of ATHS. In order to persist these changes across
+reboots, the Tails instance must have persistence enabled (specifically, the
 "dotfiles persistence").
 
 .. note:: Starting in version 0.3.7, SecureDrop requires Tails 2.x or greater.
 
-To install the auto-connect configuration, start by navigating to the directory 
+To install the auto-connect configuration, start by navigating to the directory
 with these scripts, and run the install script:
 
 .. code:: sh
@@ -43,18 +43,18 @@ with these scripts, and run the install script:
 Type the Administration Password that you selected when starting Tails and hit
 **Enter**. This script installs a persistent script that runs every time you
 connect to a network in Tails, and automatically configures access to
-the Document Interface and to the servers via SSH. The HidServAuth info is
+the Journalist Interface and to the servers via SSH. The HidServAuth info is
 collected from files in
 ``~/Persistent/securedrop/install_files/ansible-base`` and stored in
 ``~/Persistent/.securedrop/torrc_additions`` thereafter.
 
-.. tip:: Copy the files ``app-document-aths`` and ``app-source-ths`` to
+.. tip:: Copy the files ``app-journalist-aths`` and ``app-source-ths`` to
          the Transfer Device in preparation for setting up the Journalist
-         Workstation. Then you can use the ``install.sh`` script to configure 
+         Workstation. Then you can use the ``install.sh`` script to configure
          access for Journalists as well.
 
 In addition, the script creates desktop and menu shortcuts for the Source
-and Document Interfaces, updates the Ansible inventory file to access the servers
+and Journalist Interfaces, updates the Ansible inventory file to access the servers
 playbooks over Tor in the future, directs Tails to install Ansible at the
 beginning of every session, and sets up SSH host aliases for the servers.
 

docs/create_admin_account.rst

@@ -1,31 +1,31 @@
-Create an admin account on the Document Interface
+Create an admin account on the Journalist Interface
 =================================================
 
 In order for any user (administrator or journalist) to access the
-Document Interface, they need:
+Journalist Interface, they need:
 
-1. The ``auth-cookie`` for the Document Interface's ATHS
-2. An account on the Document Interface, which requires the following
+1. The ``auth-cookie`` for the Journalist Interface's ATHS
+2. An account on the Journalist Interface, which requires the following
    credentials to log in:
 
    * Username
    * Password
    * Two-factor authentication code
 
-You should create a separate account on the Document Interface for
+You should create a separate account on the Journalist Interface for
 each user who needs access. This makes it easy to enable or disable
-access to the Document Interface on an individual basis, so you can
+access to the Journalist Interface on an individual basis, so you can
 grant access to new users or revoke access for users who have left the
-organization or should no longer be allowed to access the Document
+organization or should no longer be allowed to access the Journalist 
 Interface.
 
-There are two types of accounts on the Document Interface: admin
+There are two types of accounts on the Journalist Interface: admin
 accounts and normal accounts. Admins accounts are like normal
 accounts, but they are additionally allowed to manage (add, change,
 delete) other user accounts through the web interface.
 
-You must create the first admin account on the Document Interface by
-running a command on the App Server. After that, the Document
+You must create the first admin account on the Journalist Interface by
+running a command on the App Server. After that, the Journalist
 Interface admin can create additional accounts through the web
 interface.
 
@@ -41,10 +41,10 @@ Follow the prompts.
 
 .. todo:: Clarify how to set up TOTP/HOTP through ``./manage.py
           add-admin``.
-	  
+
 Once that's done, you should open the Tor Browser |TorBrowser| and
-navigate to the Document Interface's .onion address. Verify that you
-can log in to the Document Interface with the admin account you just
+navigate to the Journalist Interface's .onion address. Verify that you
+can log in to the Journalist Interface with the admin account you just
 created.
 
 For adding more user accounts, please refer now to our :doc:`Admin

docs/development/threat_model.rst

@@ -125,8 +125,8 @@ What the Application Server can achieve
    hours <https://github.com/freedomofpress/securedrop/pull/805>`__.
 -  The server stores sanitized Tor logs, created using the `SafeLogging
    option <https://www.torproject.org/docs/tor-manual.html.en>`__, for
-   the Source Interface, the Document Interface, and SSH.
--  The server stores both access and error logs for the Document
+   the Source Interface, the Journalist Interface, and SSH.
+-  The server stores both access and error logs for the Journalist
    Interface.
 -  The server stores connection history and audit logs for the admin.
 -  The server can connect to the Monitor server using an SSH key and a
@@ -161,9 +161,9 @@ What the Workstations can achieve
    Monitor Server will encrypt OSSEC alerts to.
 -  The **Journalist Workstation** requires Tails with a persistent
    volume, which stores information such as the Hidden Service value
-   required to connect to the Document Interface, as well as a :doc:`database
+   required to connect to the Journalist Interface, as well as a :doc:`database
    with passphrases <../passphrases>` for the
-   Document Interface and the journalist's personal GPG key.
+   Journalist Interface and the journalist's personal GPG key.
 -  The **Secure Viewing Station** requires Tails with a persistent
    volume, which stores information such as the SecureDrop application's
    GPG key, as well as a :doc:`database with the
@@ -227,12 +227,12 @@ What a physical seizure of the source's property can achieve
 
 -  A physical seizure of, and access to, the admin's Tails persistent
    volume, password database, and two-factor authentication device will
-   allow the attacker to access both servers and the Document Interface.
+   allow the attacker to access both servers and the Journalist Interface.
 
 What a compromise of the admin's property can achieve
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  To access the Document Interface, the Application Server, or the
+-  To access the Journalist Interface, the Application Server, or the
    Monitor Server, the attacker needs to obtain the admin's login
    credentials and the admin's two-factor authentication device. Unless
    the attacker has physical access to the servers, the attacker will
@@ -261,7 +261,7 @@ What a compromise of the admin's property can achieve
       to.
    -  Access the admin's personal GPG key.
 
--  An attacker with admin access to the **Document Interface** can:
+-  An attacker with admin access to the **Journalist Interface** can:
 
    -  Add, modify, and delete journalist users.
    -  Change the codenames associated with sources within the Interface.
@@ -314,12 +314,12 @@ What a physical seizure of the admin's property can achieve
    analyze any plaintext information that resides in RAM.
 -  A physical seizure of, and access to, the admin's Tails persistent
    volume, password database, and two-factor authentication device will
-   allow the attacker to access both servers and the Document Interface.
+   allow the attacker to access both servers and the Journalist Interface.
 
 What a compromise of the journalist's property can achieve
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  To access the Document Interface, the attacker needs to obtain the
+-  To access the Journalist Interface, the attacker needs to obtain the
    journalist's login credentials and the journalist's two-factor
    authentication device. Unless the attacker has physical access to the
    server, the attacker will also need to obtain the Hidden Service
@@ -337,12 +337,12 @@ What a compromise of the journalist's property can achieve
    journalist's Tails device can:
 
    -  Add, modify, and delete files on the volume.
-   -  Access the Hidden Service values used by the Document Interface.
+   -  Access the Hidden Service values used by the Journalist Interface.
    -  Access SSH keys and passphrases for the Application Server and the
       Monitor Server.
    -  Access the journalist's personal GPG key.
 
--  An attacker with journalist access to the **Document Interface** can:
+-  An attacker with journalist access to the **Journalist Interface** can:
 
    -  Change the codenames associated with sources within the Interface.
    -  Download, but not decrypt, submissions.
@@ -361,7 +361,7 @@ What a physical seizure of the journalist's property can achieve
    analyze any plaintext information that resides in RAM.
 -  A physical seizure of, and access to, the journalist's Tails
    persistent volume, password database, and two-factor authentication
-   device will allow the attacker to access the Document Interface.
+   device will allow the attacker to access the Journalist Interface.
 
 What a compromise of the Application Server can achieve
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -375,7 +375,7 @@ What a compromise of the Application Server can achieve
    -  View, modify, and delete all files owned by this user. This
       includes sanitized Tor logs, created using the `SafeLogging
       option <https://www.torproject.org/docs/tor-manual.html.en>`__,
-      for SSH, the Source Interface and the Document Interface.
+      for SSH, the Source Interface and the Journalist Interface.
    -  View, modify, and delete the Tor configuration file, root is
       required to reload the config.
 
@@ -392,7 +392,7 @@ What a compromise of the Application Server can achieve
       communications. The attacker needs root access to reload
       configuration files.
    -  View, modify, and delete both access and error logs for the
-      Document Interface.
+      Journalist Interface.
    -  View any HTTP requests made by the source, the admin, and the
       journalist in that moment. This includes seeing plaintext
       codenames, submissions, and communications.

docs/development/tips_and_tricks.rst

@@ -98,7 +98,7 @@ for each server by examining the contents of ``app-ssh-aths`` and ``mon-ssh-aths
 in ``./install_files/ansible-base``. You can manually inspect these files
 to append values to your local ``torrc``, as in the ``cat`` example above.
 Note that the ``cat`` example above will also add the ATHS info for the
-Document Interface, as well, which is useful for testing.
+Journalist Interface, as well, which is useful for testing.
 
 Architecture Diagrams
 ---------------------

docs/development/virtual_environments.rst

@@ -16,26 +16,26 @@ development
     For working on the application code. Forwarded ports:
 
     -  Source Interface: localhost:8080
-    -  Document Interface: localhost:8081
+    -  Journalist Interface: localhost:8081
 
 app-staging
     For working on the application code in a more realistic environment,
     with most system hardening active.
     The interfaces and SSH are also available over Tor.
-    A copy of the the Onion URLs for Source and Document Interfaces,
+    A copy of the the Onion URLs for Source and Journalist Interfaces,
     as well as SSH access, are written to the Vagrant host's
     ``install_files/ansible-base`` directory, named:
 
     - ``app-source-ths``
-    - ``app-document-aths``
+    - ``app-journalist-aths``
     - ``app-ssh-aths``
 
     The AppArmor profiles run complain mode to aid in debugging.
 
     Forwarded ports:
 
     -  Source Interface: localhost:8082
-    -  Document Interface: localhost:8083
+    -  Journalist Interface: localhost:8083
 
 mon-staging
     For working on OSSEC monitoring rules, with most system hardening active.
@@ -53,15 +53,15 @@ mon-staging
 app-prod
     This is like a production installation with all of the system
     hardening active, but virtualized, rather than running on hardware.
-    A copy of the the Onion URLs for Source and Document Interfaces,
+    A copy of the the Onion URLs for Source and Journalist Interfaces,
     as well as SSH access, are written to the Vagrant host's
     ``install_files/ansible-base`` directory, named:
 
     - ``app-source-ths``
-    - ``app-document-aths``
+    - ``app-journalist-aths``
     - ``app-ssh-aths``
 
-    There are no active forwarded ports for the Document and Source Interfaces
+    There are no active forwarded ports for the Journalist and Source Interfaces
     on ``app-prod``. You must use the Onion URLs to view the pages over Tor.
 
 mon-prod
@@ -99,10 +99,10 @@ course, you can specify the name if you want to.
    ./manage.py run         # run development servers
    ./manage.py test        # run the unit and functional tests
    ./manage.py reset       # resets the state of the development instance
-   ./manage.py add-admin   # create a user to use when logging in to the Document Interface
+   ./manage.py add-admin   # create a user to use when logging in to the Journalist Interface
 
 SecureDrop consists of two separate web appications (the Source Interface and
-the Document Interface) that run concurrently. The development servers will
+the Journalist Interface) that run concurrently. The development servers will
 detect code changes when they are saved and automatically reload.
 
 Staging

docs/install.rst

@@ -37,7 +37,7 @@ continuing:
    can add more later)
 -  The username of the system administrator
 -  (Optional) An image to replace the SecureDrop logo on the *Source
-   Interface* and *Document Interface*
+   Interface* and *Journalist Interface*
 
    -  Recommended size: ``500px x 450px``
    -  Recommended format: PNG
@@ -140,8 +140,8 @@ Service will be available in the following files in
 
 -  ``app-source-ths``: This is the .onion address of the Source
    Interface
--  ``app-document-aths``: This is the ``HidServAuth`` configuration line
-   for the Document Interface. During a later step, this will be
+-  ``app-journalist-aths``: This is the ``HidServAuth`` configuration line
+   for the Journalist Interface. During a later step, this will be
    automatically added to your Tor configuration file in order to
    exclusively connect to the hidden service.
 -  ``app-ssh-aths``: Same as above, for SSH access to the Application