diff --git a/monkey/monkey_island/cc/resources/auth/auth.py b/monkey/monkey_island/cc/resources/auth/auth.py index 92a372a99..4e31778bf 100644 --- a/monkey/monkey_island/cc/resources/auth/auth.py +++ b/monkey/monkey_island/cc/resources/auth/auth.py @@ -44,7 +44,7 @@ class Authenticate(flask_restful.Resource): username, password = get_username_password_from_request(request) if _credentials_match_registered_user(username, password): - AuthenticationService.ensure_datastore_encryptor(username, password) + AuthenticationService.unlock_datastore_encryptor(username, password) access_token = _create_access_token(username) return make_response({"access_token": access_token, "error": ""}, 200) else: diff --git a/monkey/monkey_island/cc/server_utils/encryption/__init__.py b/monkey/monkey_island/cc/server_utils/encryption/__init__.py index 7fbc882cb..16ac78cbe 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/__init__.py +++ b/monkey/monkey_island/cc/server_utils/encryption/__init__.py @@ -13,8 +13,8 @@ from .password_based_bytes_encryptor import ( ) from .data_store_encryptor import ( get_datastore_encryptor, - initialize_datastore_encryptor, - reinitialize_datastore_encryptor, + unlock_datastore_encryptor, + reset_datastore_encryptor, ) from .dict_encryptor import ( SensitiveField, diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index 9ade1364d..3e5415f0d 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -50,18 +50,16 @@ class DataStoreEncryptor(IEncryptor): return self._key_based_encryptor.decrypt(ciphertext) -def reinitialize_datastore_encryptor( - key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin" -): +def reset_datastore_encryptor(key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin"): key_file_path = Path(key_file_dir) / key_file_name if key_file_path.is_file(): key_file_path.unlink() - initialize_datastore_encryptor(key_file_dir, secret, key_file_name) + unlock_datastore_encryptor(key_file_dir, secret, key_file_name) -def initialize_datastore_encryptor( +def unlock_datastore_encryptor( key_file_dir: str, secret: str, key_file_name: str = "mongo_key.bin" ): global _encryptor diff --git a/monkey/monkey_island/cc/services/authentication.py b/monkey/monkey_island/cc/services/authentication.py index 9cb0121c5..88b5f3fb0 100644 --- a/monkey/monkey_island/cc/services/authentication.py +++ b/monkey/monkey_island/cc/services/authentication.py @@ -1,7 +1,6 @@ from monkey_island.cc.server_utils.encryption import ( - get_datastore_encryptor, - initialize_datastore_encryptor, - reinitialize_datastore_encryptor, + reset_datastore_encryptor, + unlock_datastore_encryptor, ) @@ -16,19 +15,14 @@ class AuthenticationService: cls.KEY_FILE_DIRECTORY = key_file_directory @staticmethod - def ensure_datastore_encryptor(username: str, password: str): - if not get_datastore_encryptor(): - AuthenticationService._init_encryptor_from_credentials(username, password) + def unlock_datastore_encryptor(username: str, password: str): + secret = AuthenticationService._get_secret_from_credentials(username, password) + unlock_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret) @staticmethod def reset_datastore_encryptor(username: str, password: str): secret = AuthenticationService._get_secret_from_credentials(username, password) - reinitialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret) - - @staticmethod - def _init_encryptor_from_credentials(username: str, password: str): - secret = AuthenticationService._get_secret_from_credentials(username, password) - initialize_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret) + reset_datastore_encryptor(AuthenticationService.KEY_FILE_DIRECTORY, secret) @staticmethod def _get_secret_from_credentials(username: str, password: str) -> str: diff --git a/monkey/tests/unit_tests/monkey_island/cc/conftest.py b/monkey/tests/unit_tests/monkey_island/cc/conftest.py index 22390dea7..dfd927f4a 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/conftest.py +++ b/monkey/tests/unit_tests/monkey_island/cc/conftest.py @@ -10,7 +10,7 @@ from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_bas STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME, ) -from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor +from monkey_island.cc.server_utils.encryption import unlock_datastore_encryptor @pytest.fixture @@ -30,4 +30,4 @@ def monkey_config_json(monkey_config): @pytest.fixture def uses_encryptor(data_for_tests_dir): secret = "m0nk3y_u53r:3cr3t_p455w0rd" - initialize_datastore_encryptor(data_for_tests_dir, secret) + unlock_datastore_encryptor(data_for_tests_dir, secret) diff --git a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py index 8f6c8947a..da4a9ec09 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py +++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py @@ -4,8 +4,8 @@ from common.utils.file_utils import get_file_sha256_hash from monkey_island.cc.server_utils.encryption import ( data_store_encryptor, get_datastore_encryptor, - initialize_datastore_encryptor, - reinitialize_datastore_encryptor, + reset_datastore_encryptor, + unlock_datastore_encryptor, ) # Mark all tests in this module as slow @@ -27,7 +27,7 @@ def key_file(tmp_path): def test_encryption(tmp_path): - initialize_datastore_encryptor(tmp_path, MOCK_SECRET) + unlock_datastore_encryptor(tmp_path, MOCK_SECRET) encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT) assert encrypted_data != PLAINTEXT @@ -38,46 +38,46 @@ def test_encryption(tmp_path): def test_key_creation(key_file): assert not key_file.is_file() - initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) assert key_file.is_file() def test_existing_key_reused(key_file): assert not key_file.is_file() - initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) key_file_hash_1 = get_file_sha256_hash(key_file) - initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) key_file_hash_2 = get_file_sha256_hash(key_file) assert key_file_hash_1 == key_file_hash_2 -def test_reinitialize_datastore_encryptor(key_file): - initialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) +def test_reset_datastore_encryptor(key_file): + unlock_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) key_file_hash_1 = get_file_sha256_hash(key_file) - reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) key_file_hash_2 = get_file_sha256_hash(key_file) assert key_file_hash_1 != key_file_hash_2 -def test_reinitialize_when_encryptor_is_none(key_file): +def test_reset_when_encryptor_is_none(key_file): with key_file.open(mode="w") as f: f.write("") - reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) assert ( get_file_sha256_hash(key_file) != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" ) -def test_reinitialize_when_file_not_found(key_file): +def test_reset_when_file_not_found(key_file): assert not key_file.is_file() - reinitialize_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) + reset_datastore_encryptor(key_file.parent, MOCK_SECRET, key_file.name) encrypted_data = get_datastore_encryptor().encrypt(PLAINTEXT) assert encrypted_data != PLAINTEXT