Merge pull request #263 from guardicore/bugfix/set-auth-by-server
Checking with server if auth enabled
This commit is contained in:
commit
08aede237e
|
@ -33,20 +33,18 @@ def init_jwt(app):
|
|||
user_id = payload['identity']
|
||||
return userid_table.get(user_id, None)
|
||||
|
||||
if env.is_auth_enabled():
|
||||
JWT(app, authenticate, identity)
|
||||
JWT(app, authenticate, identity)
|
||||
|
||||
|
||||
def jwt_required(realm=None):
|
||||
def wrapper(fn):
|
||||
@wraps(fn)
|
||||
def decorator(*args, **kwargs):
|
||||
if env.is_auth_enabled():
|
||||
try:
|
||||
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
|
||||
except JWTError:
|
||||
abort(401)
|
||||
return fn(*args, **kwargs)
|
||||
try:
|
||||
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
|
||||
return fn(*args, **kwargs)
|
||||
except JWTError:
|
||||
abort(401)
|
||||
|
||||
return decorator
|
||||
|
||||
|
|
|
@ -37,10 +37,6 @@ class Environment(object):
|
|||
h.update(secret)
|
||||
return h.hexdigest()
|
||||
|
||||
@abc.abstractmethod
|
||||
def is_auth_enabled(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_auth_users(self):
|
||||
return
|
||||
|
|
|
@ -18,9 +18,6 @@ class AwsEnvironment(Environment):
|
|||
def _get_region(self):
|
||||
return self.aws_info.get_region()
|
||||
|
||||
def is_auth_enabled(self):
|
||||
return True
|
||||
|
||||
def get_auth_users(self):
|
||||
return [
|
||||
cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))
|
||||
|
|
|
@ -6,9 +6,6 @@ __author__ = 'itay.mizeretz'
|
|||
|
||||
class PasswordEnvironment(Environment):
|
||||
|
||||
def is_auth_enabled(self):
|
||||
return True
|
||||
|
||||
def get_auth_users(self):
|
||||
return [
|
||||
cc.auth.User(1, self.config['user'], self.config['hash'])
|
||||
|
|
|
@ -1,12 +1,15 @@
|
|||
import cc.auth
|
||||
from cc.environment import Environment
|
||||
|
||||
__author__ = 'itay.mizeretz'
|
||||
|
||||
|
||||
class StandardEnvironment(Environment):
|
||||
|
||||
def is_auth_enabled(self):
|
||||
return False
|
||||
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
||||
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
|
||||
'8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557'
|
||||
|
||||
def get_auth_users(self):
|
||||
return []
|
||||
return [
|
||||
cc.auth.User(1, StandardEnvironment.NO_AUTH_CREDS, StandardEnvironment.NO_AUTH_CREDS)
|
||||
]
|
||||
|
|
|
@ -27,31 +27,42 @@ let guardicoreLogoImage = require('../images/guardicore-logo.png');
|
|||
|
||||
class AppComponent extends AuthComponent {
|
||||
updateStatus = () => {
|
||||
if (this.auth.loggedIn()){
|
||||
this.authFetch('/api')
|
||||
.then(res => res.json())
|
||||
.then(res => {
|
||||
// This check is used to prevent unnecessary re-rendering
|
||||
let isChanged = false;
|
||||
for (let step in this.state.completedSteps) {
|
||||
if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
|
||||
isChanged = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (isChanged) {
|
||||
this.setState({completedSteps: res['completed_steps']});
|
||||
}
|
||||
this.auth.loggedIn()
|
||||
.then(res => {
|
||||
this.setState({
|
||||
isLoggedIn: res
|
||||
});
|
||||
}
|
||||
|
||||
if (res) {
|
||||
this.authFetch('/api')
|
||||
.then(res => res.json())
|
||||
.then(res => {
|
||||
// This check is used to prevent unnecessary re-rendering
|
||||
let isChanged = false;
|
||||
for (let step in this.state.completedSteps) {
|
||||
if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
|
||||
isChanged = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (isChanged) {
|
||||
this.setState({completedSteps: res['completed_steps']});
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
renderRoute = (route_path, page_component, is_exact_path = false) => {
|
||||
let render_func = (props) => {
|
||||
if (this.auth.loggedIn()) {
|
||||
return page_component;
|
||||
} else {
|
||||
return <Redirect to={{pathname: '/login'}}/>;
|
||||
switch (this.state.isLoggedIn) {
|
||||
case true:
|
||||
return page_component;
|
||||
case false:
|
||||
return <Redirect to={{pathname: '/login'}}/>;
|
||||
default:
|
||||
return page_component;
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -69,7 +80,8 @@ class AppComponent extends AuthComponent {
|
|||
run_server: true,
|
||||
run_monkey: false,
|
||||
infection_done: false,
|
||||
report_done: false
|
||||
report_done: false,
|
||||
isLoggedIn: undefined
|
||||
}
|
||||
};
|
||||
}
|
||||
|
|
|
@ -34,9 +34,12 @@ class LoginPageComponent extends React.Component {
|
|||
this.state = {
|
||||
failed: false
|
||||
};
|
||||
if (this.auth.loggedIn()) {
|
||||
this.redirectToHome();
|
||||
}
|
||||
this.auth.loggedIn()
|
||||
.then(res => {
|
||||
if (res) {
|
||||
this.redirectToHome();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
render() {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import 'core-js/fn/object/assign';
|
||||
import React from 'react';
|
||||
import ReactDOM from 'react-dom';
|
||||
import 'babel-polyfill';
|
||||
import App from './components/Main';
|
||||
import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars
|
||||
|
||||
|
|
|
@ -1,24 +1,18 @@
|
|||
import { SHA3 } from 'sha3';
|
||||
import decode from 'jwt-decode';
|
||||
import {SERVER_CONFIG} from '../server_config/ServerConfig';
|
||||
|
||||
export default class AuthService {
|
||||
AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled();
|
||||
// SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
||||
NO_AUTH_CREDS =
|
||||
"55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062" +
|
||||
"8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557";
|
||||
|
||||
login = (username, password) => {
|
||||
if (this.AUTH_ENABLED) {
|
||||
return this._login(username, this.hashSha3(password));
|
||||
} else {
|
||||
return {result: true};
|
||||
}
|
||||
return this._login(username, this.hashSha3(password));
|
||||
};
|
||||
|
||||
authFetch = (url, options) => {
|
||||
if (this.AUTH_ENABLED) {
|
||||
return this._authFetch(url, options);
|
||||
} else {
|
||||
return fetch(url, options);
|
||||
}
|
||||
return this._authFetch(url, options);
|
||||
};
|
||||
|
||||
hashSha3(text) {
|
||||
|
@ -43,7 +37,6 @@ export default class AuthService {
|
|||
this._removeToken();
|
||||
return {result: false};
|
||||
}
|
||||
|
||||
})
|
||||
};
|
||||
|
||||
|
@ -53,7 +46,7 @@ export default class AuthService {
|
|||
'Content-Type': 'application/json'
|
||||
};
|
||||
|
||||
if (this.loggedIn()) {
|
||||
if (this._loggedIn()) {
|
||||
headers['Authorization'] = 'JWT ' + this._getToken();
|
||||
}
|
||||
|
||||
|
@ -74,20 +67,26 @@ export default class AuthService {
|
|||
});
|
||||
};
|
||||
|
||||
loggedIn() {
|
||||
if (!this.AUTH_ENABLED) {
|
||||
return true;
|
||||
async loggedIn() {
|
||||
let token = this._getToken();
|
||||
if ((token === null) || (this._isTokenExpired(token))) {
|
||||
await this.attemptNoAuthLogin();
|
||||
}
|
||||
return this._loggedIn();
|
||||
}
|
||||
|
||||
attemptNoAuthLogin() {
|
||||
return this._login(this.NO_AUTH_CREDS, this.NO_AUTH_CREDS);
|
||||
}
|
||||
|
||||
_loggedIn() {
|
||||
const token = this._getToken();
|
||||
return ((token !== null) && !this._isTokenExpired(token));
|
||||
}
|
||||
|
||||
logout() {
|
||||
if (this.AUTH_ENABLED) {
|
||||
this._removeToken();
|
||||
}
|
||||
}
|
||||
logout = () => {
|
||||
this._removeToken();
|
||||
};
|
||||
|
||||
_isTokenExpired(token) {
|
||||
try {
|
||||
|
|
Loading…
Reference in New Issue