Add functionality to hash passwords on server side
This commit is contained in:
parent
7f06ec4034
commit
9363cadb09
|
@ -1,6 +1,7 @@
|
|||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
from hashlib import sha3_512
|
||||
from typing import Dict
|
||||
|
||||
from monkey_island.cc.resources.auth.auth_user import User
|
||||
|
@ -30,8 +31,8 @@ class UserCreds:
|
|||
creds = UserCreds()
|
||||
if "user" in data_dict:
|
||||
creds.username = data_dict["user"]
|
||||
if "password_hash" in data_dict:
|
||||
creds.password_hash = data_dict["password_hash"]
|
||||
if "password" in data_dict:
|
||||
creds.password_hash = sha3_512(data_dict["password"].encode("utf-8")).hexdigest()
|
||||
return creds
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import json
|
||||
import logging
|
||||
from functools import wraps
|
||||
from hashlib import sha3_512
|
||||
|
||||
import flask_jwt_extended
|
||||
import flask_restful
|
||||
|
@ -25,7 +26,7 @@ def init_jwt(app):
|
|||
|
||||
class Authenticate(flask_restful.Resource):
|
||||
"""
|
||||
Resource for user authentication. The user provides the username and hashed password and we
|
||||
Resource for user authentication. The user provides the username and password and we
|
||||
give them a JWT.
|
||||
See `AuthService.js` file for the frontend counterpart for this code.
|
||||
"""
|
||||
|
@ -33,7 +34,7 @@ class Authenticate(flask_restful.Resource):
|
|||
@staticmethod
|
||||
def _authenticate(username, secret):
|
||||
user = user_store.UserStore.username_table.get(username, None)
|
||||
if user and safe_str_cmp(user.secret.encode("utf-8"), secret.encode("utf-8")):
|
||||
if user and safe_str_cmp(user.secret, secret):
|
||||
return user
|
||||
|
||||
def post(self):
|
||||
|
@ -41,13 +42,14 @@ class Authenticate(flask_restful.Resource):
|
|||
Example request:
|
||||
{
|
||||
"username": "my_user",
|
||||
"password": "343bb87e553b05430e5c44baf99569d4b66..."
|
||||
"password": "mypassword...."
|
||||
}
|
||||
"""
|
||||
credentials = json.loads(request.data)
|
||||
# Unpack auth info from request
|
||||
username = credentials["username"]
|
||||
secret = credentials["password"]
|
||||
password = credentials["password"]
|
||||
secret = sha3_512(password.encode("utf-8")).hexdigest()
|
||||
# If the user and password have been previously registered
|
||||
if self._authenticate(username, secret):
|
||||
access_token = flask_jwt_extended.create_access_token(
|
||||
|
|
|
@ -2,17 +2,14 @@ import {SHA3} from 'sha3';
|
|||
import decode from 'jwt-decode';
|
||||
|
||||
export default class AuthService {
|
||||
// SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
|
||||
NO_AUTH_CREDS =
|
||||
'55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' +
|
||||
'8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557';
|
||||
NO_AUTH_CREDS = 'loginwithoutpassword';
|
||||
|
||||
SECONDS_BEFORE_JWT_EXPIRES = 20;
|
||||
AUTHENTICATION_API_ENDPOINT = '/api/auth';
|
||||
REGISTRATION_API_ENDPOINT = '/api/registration';
|
||||
|
||||
login = (username, password) => {
|
||||
return this._login(username, this.hashSha3(password));
|
||||
return this._login(username, password);
|
||||
};
|
||||
|
||||
authFetch = (url, options) => {
|
||||
|
@ -25,12 +22,6 @@ export default class AuthService {
|
|||
}
|
||||
};
|
||||
|
||||
hashSha3(text) {
|
||||
let hash = new SHA3(512);
|
||||
hash.update(text);
|
||||
return this._toHexStr(hash.digest());
|
||||
}
|
||||
|
||||
_login = (username, password) => {
|
||||
return this._authFetch(this.AUTHENTICATION_API_ENDPOINT, {
|
||||
method: 'POST',
|
||||
|
@ -52,7 +43,7 @@ export default class AuthService {
|
|||
|
||||
register = (username, password) => {
|
||||
if (password !== '') {
|
||||
return this._register(username, this.hashSha3(password));
|
||||
return this._register(username, password);
|
||||
} else {
|
||||
return this._register(username, password);
|
||||
}
|
||||
|
@ -63,7 +54,7 @@ export default class AuthService {
|
|||
method: 'POST',
|
||||
body: JSON.stringify({
|
||||
'user': username,
|
||||
'password_hash': password
|
||||
'password': password
|
||||
})
|
||||
}).then(res => {
|
||||
if (res.status === 200) {
|
||||
|
@ -156,7 +147,4 @@ export default class AuthService {
|
|||
return localStorage.getItem('jwt')
|
||||
}
|
||||
|
||||
_toHexStr(byteArr) {
|
||||
return byteArr.reduce((acc, x) => (acc + ('0' + x.toString(0x10)).slice(-2)), '');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue