diff --git a/monkey/monkey_island/cc/resources/auth/credential_utils.py b/monkey/monkey_island/cc/resources/auth/credential_utils.py index a0823d42b..27fe761ae 100644 --- a/monkey/monkey_island/cc/resources/auth/credential_utils.py +++ b/monkey/monkey_island/cc/resources/auth/credential_utils.py @@ -4,27 +4,11 @@ from typing import Tuple import bcrypt from flask import Request, request -from monkey_island.cc.environment.user_creds import UserCreds - - -def hash_password(plaintext_password): - salt = bcrypt.gensalt() - password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt) - - return password_hash.decode() - def password_matches_hash(plaintext_password, password_hash): return bcrypt.checkpw(plaintext_password.encode("utf-8"), password_hash.encode("utf-8")) -def get_user_credentials_from_request(_request) -> UserCreds: - username, password = get_username_password_from_request(_request) - password_hash = hash_password(password) - - return UserCreds(username, password_hash) - - def get_username_password_from_request(_request: Request) -> Tuple[str, str]: cred_dict = json.loads(request.data) username = cred_dict.get("username", "") diff --git a/monkey/monkey_island/cc/resources/auth/registration.py b/monkey/monkey_island/cc/resources/auth/registration.py index 670fa4d19..75cef5018 100644 --- a/monkey/monkey_island/cc/resources/auth/registration.py +++ b/monkey/monkey_island/cc/resources/auth/registration.py @@ -5,12 +5,8 @@ from flask import make_response, request import monkey_island.cc.environment.environment_singleton as env_singleton from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError -from monkey_island.cc.resources.auth.credential_utils import ( - get_user_credentials_from_request, - get_username_password_from_request, -) +from monkey_island.cc.resources.auth.credential_utils import get_username_password_from_request from monkey_island.cc.services.authentication import AuthenticationService -from monkey_island.cc.setup.mongo.database_initializer import reset_database logger = logging.getLogger(__name__) @@ -21,13 +17,10 @@ class Registration(flask_restful.Resource): return {"needs_registration": is_registration_needed} def post(self): - credentials = get_user_credentials_from_request(request) + username, password = get_username_password_from_request(request) try: - env_singleton.env.try_add_user(credentials) - username, password = get_username_password_from_request(request) - AuthenticationService.reset_datastore_encryptor(username, password) - reset_database() + AuthenticationService.register_new_user(username, password) return make_response({"error": ""}, 200) except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e: return make_response({"error": str(e)}, 400) diff --git a/monkey/monkey_island/cc/services/authentication.py b/monkey/monkey_island/cc/services/authentication.py index 88b5f3fb0..517b3a50b 100644 --- a/monkey/monkey_island/cc/services/authentication.py +++ b/monkey/monkey_island/cc/services/authentication.py @@ -1,7 +1,12 @@ +import bcrypt + +import monkey_island.cc.environment.environment_singleton as env_singleton +from monkey_island.cc.environment.user_creds import UserCreds from monkey_island.cc.server_utils.encryption import ( reset_datastore_encryptor, unlock_datastore_encryptor, ) +from monkey_island.cc.setup.mongo.database_initializer import reset_database class AuthenticationService: @@ -14,6 +19,13 @@ class AuthenticationService: def initialize(cls, key_file_directory): cls.KEY_FILE_DIRECTORY = key_file_directory + @classmethod + def register_new_user(cls, username: str, password: str): + credentials = UserCreds(username, _hash_password(password)) + env_singleton.env.try_add_user(credentials) + AuthenticationService.reset_datastore_encryptor(username, password) + reset_database() + @staticmethod def unlock_datastore_encryptor(username: str, password: str): secret = AuthenticationService._get_secret_from_credentials(username, password) @@ -27,3 +39,10 @@ class AuthenticationService: @staticmethod def _get_secret_from_credentials(username: str, password: str) -> str: return f"{username}:{password}" + + +def _hash_password(plaintext_password): + salt = bcrypt.gensalt() + password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt) + + return password_hash.decode()