From 8a2bae7e142266bef5ab50a1db206422023c123a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Fri, 8 Oct 2021 10:31:37 -0400 Subject: [PATCH] Island: Move authentication logic into AuthenticationService --- .../monkey_island/cc/resources/auth/auth.py | 20 +++------------- .../cc/services/authentication.py | 24 +++++++++++++++++-- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/monkey/monkey_island/cc/resources/auth/auth.py b/monkey/monkey_island/cc/resources/auth/auth.py index 453a45027..91abb9752 100644 --- a/monkey/monkey_island/cc/resources/auth/auth.py +++ b/monkey/monkey_island/cc/resources/auth/auth.py @@ -7,11 +7,7 @@ from flask import make_response, request from flask_jwt_extended.exceptions import JWTExtendedException from jwt import PyJWTError -import monkey_island.cc.environment.environment_singleton as env_singleton -from monkey_island.cc.resources.auth.credential_utils import ( - get_username_password_from_request, - password_matches_hash, -) +from monkey_island.cc.resources.auth.credential_utils import get_username_password_from_request from monkey_island.cc.services.authentication import AuthenticationService logger = logging.getLogger(__name__) @@ -41,21 +37,11 @@ class Authenticate(flask_restful.Resource): """ username, password = get_username_password_from_request(request) - if _credentials_match_registered_user(username, password): - AuthenticationService.unlock_datastore_encryptor(username, password) + if AuthenticationService.authenticate(username, password): access_token = _create_access_token(username) return make_response({"access_token": access_token, "error": ""}, 200) - else: - return make_response({"error": "Invalid credentials"}, 401) - -def _credentials_match_registered_user(username: str, password: str) -> bool: - registered_user = env_singleton.env.get_user() - - if not registered_user: - return False - - return (registered_user.username == username) and password_matches_hash(password, registered_user.password_hash) + return make_response({"error": "Invalid credentials"}, 401) def _create_access_token(username): diff --git a/monkey/monkey_island/cc/services/authentication.py b/monkey/monkey_island/cc/services/authentication.py index fe3542f51..de3458b3e 100644 --- a/monkey/monkey_island/cc/services/authentication.py +++ b/monkey/monkey_island/cc/services/authentication.py @@ -2,6 +2,7 @@ import bcrypt import monkey_island.cc.environment.environment_singleton as env_singleton from monkey_island.cc.environment.user_creds import UserCreds +from monkey_island.cc.resources.auth.credential_utils import password_matches_hash from monkey_island.cc.server_utils.encryption import ( reset_datastore_encryptor, unlock_datastore_encryptor, @@ -19,8 +20,8 @@ class AuthenticationService: def initialize(cls, key_file_directory): cls.KEY_FILE_DIRECTORY = key_file_directory - @classmethod - def needs_registration(cls) -> bool: + @staticmethod + def needs_registration() -> bool: return env_singleton.env.needs_registration() @classmethod @@ -30,6 +31,14 @@ class AuthenticationService: AuthenticationService.reset_datastore_encryptor(username, password) reset_database() + @classmethod + def authenticate(cls, username: str, password: str) -> bool: + if _credentials_match_registered_user(username, password): + AuthenticationService.unlock_datastore_encryptor(username, password) + return True + + return False + @staticmethod def unlock_datastore_encryptor(username: str, password: str): secret = AuthenticationService._get_secret_from_credentials(username, password) @@ -50,3 +59,14 @@ def _hash_password(plaintext_password): password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt) return password_hash.decode() + + +def _credentials_match_registered_user(username: str, password: str) -> bool: + registered_user = env_singleton.env.get_user() + + if not registered_user: + return False + + return (registered_user.username == username) and password_matches_hash( + password, registered_user.password_hash + )