Move data store encryptor secret generation into the data store encryptor from credential_utils.py
This commit is contained in:
parent
f97ec4e9ed
commit
e280c4fb5a
|
@ -11,7 +11,6 @@ import monkey_island.cc.environment.environment_singleton as env_singleton
|
|||
import monkey_island.cc.resources.auth.user_store as user_store
|
||||
from monkey_island.cc.resources.auth.credential_utils import (
|
||||
get_creds_from_request,
|
||||
get_secret_from_request,
|
||||
password_matches_hash,
|
||||
)
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
|
||||
|
@ -45,14 +44,14 @@ class Authenticate(flask_restful.Resource):
|
|||
username, password = get_creds_from_request(request)
|
||||
|
||||
if _credentials_match_registered_user(username, password):
|
||||
setup_datastore_key(get_secret_from_request(request))
|
||||
setup_datastore_key(username, password)
|
||||
access_token = _create_access_token(username)
|
||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||
else:
|
||||
return make_response({"error": "Invalid credentials"}, 401)
|
||||
|
||||
|
||||
def _credentials_match_registered_user(username: str, password: str):
|
||||
def _credentials_match_registered_user(username: str, password: str) -> bool:
|
||||
user = user_store.UserStore.username_table.get(username, None)
|
||||
|
||||
if user and password_matches_hash(password, user.secret):
|
||||
|
|
|
@ -25,11 +25,6 @@ def get_user_credentials_from_request(_request) -> UserCreds:
|
|||
return UserCreds(username, password_hash)
|
||||
|
||||
|
||||
def get_secret_from_request(_request) -> str:
|
||||
username, password = get_creds_from_request(_request)
|
||||
return f"{username}:{password}"
|
||||
|
||||
|
||||
def get_creds_from_request(_request: Request) -> Tuple[str, str]:
|
||||
cred_dict = json.loads(request.data)
|
||||
username = cred_dict.get("username", "")
|
||||
|
|
|
@ -5,10 +5,7 @@ from flask import make_response, request
|
|||
|
||||
import monkey_island.cc.environment.environment_singleton as env_singleton
|
||||
from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
|
||||
from monkey_island.cc.resources.auth.credential_utils import (
|
||||
get_secret_from_request,
|
||||
get_user_credentials_from_request,
|
||||
)
|
||||
from monkey_island.cc.resources.auth.credential_utils import get_user_credentials_from_request
|
||||
from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key
|
||||
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
||||
|
||||
|
@ -26,7 +23,8 @@ class Registration(flask_restful.Resource):
|
|||
try:
|
||||
env_singleton.env.try_add_user(credentials)
|
||||
remove_old_datastore_key()
|
||||
setup_datastore_key(get_secret_from_request(request))
|
||||
username, password = get_user_credentials_from_request(request)
|
||||
setup_datastore_key(username, password)
|
||||
reset_database()
|
||||
return make_response({"error": ""}, 200)
|
||||
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
|
||||
|
|
|
@ -69,6 +69,10 @@ class EncryptorNotInitializedError(Exception):
|
|||
pass
|
||||
|
||||
|
||||
def _get_secret_from_credentials(username: str, password: str) -> str:
|
||||
return f"{username}:{password}"
|
||||
|
||||
|
||||
def encryptor_initialized_key_not_set(f):
|
||||
def inner_function(*args, **kwargs):
|
||||
if _encryptor is None:
|
||||
|
@ -89,7 +93,8 @@ def remove_old_datastore_key():
|
|||
|
||||
|
||||
@encryptor_initialized_key_not_set
|
||||
def setup_datastore_key(secret: str):
|
||||
def setup_datastore_key(username: str, password: str):
|
||||
secret = _get_secret_from_credentials(username, password)
|
||||
_encryptor.init_key(secret)
|
||||
|
||||
|
||||
|
|
Binary file not shown.
|
@ -28,10 +28,11 @@ def monkey_config_json(monkey_config):
|
|||
return json.dumps(monkey_config)
|
||||
|
||||
|
||||
ENCRYPTOR_SECRET = "m0nk3y_u53r:53cr3t_p455w0rd"
|
||||
MOCK_USERNAME = "m0nk3y_u53r"
|
||||
MOCK_PASSWORD = "3cr3t_p455w0rd"
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def uses_encryptor(data_for_tests_dir):
|
||||
initialize_datastore_encryptor(data_for_tests_dir)
|
||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
||||
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import os
|
||||
|
||||
import pytest
|
||||
from tests.unit_tests.monkey_island.cc.conftest import ENCRYPTOR_SECRET
|
||||
from tests.unit_tests.monkey_island.cc.conftest import MOCK_PASSWORD, MOCK_USERNAME
|
||||
|
||||
from monkey_island.cc.server_utils.encryption import (
|
||||
DataStoreEncryptor,
|
||||
|
@ -28,7 +28,7 @@ def test_encryption(data_for_tests_dir):
|
|||
@pytest.fixture
|
||||
def initialized_key_dir(tmpdir):
|
||||
initialize_datastore_encryptor(tmpdir)
|
||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
||||
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||
yield tmpdir
|
||||
data_store_encryptor._encryptor = None
|
||||
|
||||
|
@ -66,6 +66,6 @@ def test_encryptor_not_initialized():
|
|||
def test_setup_datastore_key(tmpdir):
|
||||
initialize_datastore_encryptor(tmpdir)
|
||||
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
||||
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||
assert get_datastore_encryptor().is_key_setup()
|
||||
|
|
Loading…
Reference in New Issue