From c7b212d3b6fc12d2390dc353a8a6476355c7699a Mon Sep 17 00:00:00 2001 From: vakarisz Date: Mon, 8 Aug 2022 10:35:06 +0300 Subject: [PATCH] TEMP: flask-security basic setup --- monkey/monkey_island/cc/app.py | 59 +++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index a5723c86e..05b8fd580 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -7,7 +7,16 @@ from typing import Iterable, Type import flask_restful from flask import Flask, Response, jsonify, send_from_directory from flask_login import LoginManager, UserMixin, login_required, logout_user -from mongoengine import Document, StringField +from flask_mongoengine import MongoEngine +from flask_security import MongoEngineUserDatastore, RoleMixin, Security +from mongoengine import ( + BooleanField, + DateTimeField, + Document, + ListField, + ReferenceField, + StringField, +) from werkzeug.exceptions import NotFound from common import DIContainer @@ -86,6 +95,7 @@ def serve_home(): def init_app_config(app, mongo_url): app.config["MONGO_URI"] = mongo_url + # Used for signing session tokens app.secret_key = str(uuid.uuid4()) # By default, Flask sorts keys of JSON objects alphabetically. @@ -100,29 +110,46 @@ def init_app_config(app, mongo_url): app.url_map.strict_slashes = False app.json_encoder = CustomJSONEncoder - -# TODO move -class User(Document, UserMixin): - username = StringField() - password_hash = StringField() - - @staticmethod - def get_by_id(id: str): - return User.objects.get(id=id) + # flask security configuration + # generated using: secrets.token_urlsafe() + app.config["SECRET_KEY"] = "pf9Wkove4IKEAXvy-cQkeDPhv9Cb3Ag-wyJILbq_dFw" + # argon2 uses double hashing by default - so provide key. + # For python3: secrets.SystemRandom().getrandbits(128) + app.config["SECURITY_PASSWORD_SALT"] = "146585145368132386173505678016728509634" def init_app_services(app): - login_manager = LoginManager() - login_manager.init_app(app) - login_manager.session_protection = "strong" mongo.init_app(app) + db = MongoEngine() + app.config["MONGODB_SETTINGS"] = [ + { + "db": "monkeyisland", + "host": "localhost", + "port": 27017, + "alias": "flask-security", + } + ] + + class Role(Document, RoleMixin): + name = StringField(max_length=80, unique=True) + description = StringField(max_length=255) + permissions = StringField(max_length=255) + + class User(Document, UserMixin): + email = StringField(max_length=255, unique=True) + password = StringField(max_length=255) + active = BooleanField(default=True) + fs_uniquifier = StringField(max_length=64, unique=True) + confirmed_at = DateTimeField() + roles = ListField(ReferenceField(Role), default=[]) + with app.app_context(): database.init() - @login_manager.user_loader - def load_user(user_id): - return User.get_by_id(user_id) + # Setup Flask-Security + user_datastore = MongoEngineUserDatastore(db, User, Role) + security = Security(app, user_datastore) def init_app_url_rules(app):