forked from p34709852/monkey
Move data store encryptor secret generation into the data store encryptor from credential_utils.py
This commit is contained in:
parent
f97ec4e9ed
commit
e280c4fb5a
|
@ -11,7 +11,6 @@ import monkey_island.cc.environment.environment_singleton as env_singleton
|
||||||
import monkey_island.cc.resources.auth.user_store as user_store
|
import monkey_island.cc.resources.auth.user_store as user_store
|
||||||
from monkey_island.cc.resources.auth.credential_utils import (
|
from monkey_island.cc.resources.auth.credential_utils import (
|
||||||
get_creds_from_request,
|
get_creds_from_request,
|
||||||
get_secret_from_request,
|
|
||||||
password_matches_hash,
|
password_matches_hash,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
|
||||||
|
@ -45,14 +44,14 @@ class Authenticate(flask_restful.Resource):
|
||||||
username, password = get_creds_from_request(request)
|
username, password = get_creds_from_request(request)
|
||||||
|
|
||||||
if _credentials_match_registered_user(username, password):
|
if _credentials_match_registered_user(username, password):
|
||||||
setup_datastore_key(get_secret_from_request(request))
|
setup_datastore_key(username, password)
|
||||||
access_token = _create_access_token(username)
|
access_token = _create_access_token(username)
|
||||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||||
else:
|
else:
|
||||||
return make_response({"error": "Invalid credentials"}, 401)
|
return make_response({"error": "Invalid credentials"}, 401)
|
||||||
|
|
||||||
|
|
||||||
def _credentials_match_registered_user(username: str, password: str):
|
def _credentials_match_registered_user(username: str, password: str) -> bool:
|
||||||
user = user_store.UserStore.username_table.get(username, None)
|
user = user_store.UserStore.username_table.get(username, None)
|
||||||
|
|
||||||
if user and password_matches_hash(password, user.secret):
|
if user and password_matches_hash(password, user.secret):
|
||||||
|
|
|
@ -25,11 +25,6 @@ def get_user_credentials_from_request(_request) -> UserCreds:
|
||||||
return UserCreds(username, password_hash)
|
return UserCreds(username, password_hash)
|
||||||
|
|
||||||
|
|
||||||
def get_secret_from_request(_request) -> str:
|
|
||||||
username, password = get_creds_from_request(_request)
|
|
||||||
return f"{username}:{password}"
|
|
||||||
|
|
||||||
|
|
||||||
def get_creds_from_request(_request: Request) -> Tuple[str, str]:
|
def get_creds_from_request(_request: Request) -> Tuple[str, str]:
|
||||||
cred_dict = json.loads(request.data)
|
cred_dict = json.loads(request.data)
|
||||||
username = cred_dict.get("username", "")
|
username = cred_dict.get("username", "")
|
||||||
|
|
|
@ -5,10 +5,7 @@ from flask import make_response, request
|
||||||
|
|
||||||
import monkey_island.cc.environment.environment_singleton as env_singleton
|
import monkey_island.cc.environment.environment_singleton as env_singleton
|
||||||
from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
|
from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
|
||||||
from monkey_island.cc.resources.auth.credential_utils import (
|
from monkey_island.cc.resources.auth.credential_utils import get_user_credentials_from_request
|
||||||
get_secret_from_request,
|
|
||||||
get_user_credentials_from_request,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key
|
from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key
|
||||||
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
||||||
|
|
||||||
|
@ -26,7 +23,8 @@ class Registration(flask_restful.Resource):
|
||||||
try:
|
try:
|
||||||
env_singleton.env.try_add_user(credentials)
|
env_singleton.env.try_add_user(credentials)
|
||||||
remove_old_datastore_key()
|
remove_old_datastore_key()
|
||||||
setup_datastore_key(get_secret_from_request(request))
|
username, password = get_user_credentials_from_request(request)
|
||||||
|
setup_datastore_key(username, password)
|
||||||
reset_database()
|
reset_database()
|
||||||
return make_response({"error": ""}, 200)
|
return make_response({"error": ""}, 200)
|
||||||
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
|
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
|
||||||
|
|
|
@ -69,6 +69,10 @@ class EncryptorNotInitializedError(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def _get_secret_from_credentials(username: str, password: str) -> str:
|
||||||
|
return f"{username}:{password}"
|
||||||
|
|
||||||
|
|
||||||
def encryptor_initialized_key_not_set(f):
|
def encryptor_initialized_key_not_set(f):
|
||||||
def inner_function(*args, **kwargs):
|
def inner_function(*args, **kwargs):
|
||||||
if _encryptor is None:
|
if _encryptor is None:
|
||||||
|
@ -89,7 +93,8 @@ def remove_old_datastore_key():
|
||||||
|
|
||||||
|
|
||||||
@encryptor_initialized_key_not_set
|
@encryptor_initialized_key_not_set
|
||||||
def setup_datastore_key(secret: str):
|
def setup_datastore_key(username: str, password: str):
|
||||||
|
secret = _get_secret_from_credentials(username, password)
|
||||||
_encryptor.init_key(secret)
|
_encryptor.init_key(secret)
|
||||||
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -28,10 +28,11 @@ def monkey_config_json(monkey_config):
|
||||||
return json.dumps(monkey_config)
|
return json.dumps(monkey_config)
|
||||||
|
|
||||||
|
|
||||||
ENCRYPTOR_SECRET = "m0nk3y_u53r:53cr3t_p455w0rd"
|
MOCK_USERNAME = "m0nk3y_u53r"
|
||||||
|
MOCK_PASSWORD = "3cr3t_p455w0rd"
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def uses_encryptor(data_for_tests_dir):
|
def uses_encryptor(data_for_tests_dir):
|
||||||
initialize_datastore_encryptor(data_for_tests_dir)
|
initialize_datastore_encryptor(data_for_tests_dir)
|
||||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
from tests.unit_tests.monkey_island.cc.conftest import ENCRYPTOR_SECRET
|
from tests.unit_tests.monkey_island.cc.conftest import MOCK_PASSWORD, MOCK_USERNAME
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
DataStoreEncryptor,
|
DataStoreEncryptor,
|
||||||
|
@ -28,7 +28,7 @@ def test_encryption(data_for_tests_dir):
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def initialized_key_dir(tmpdir):
|
def initialized_key_dir(tmpdir):
|
||||||
initialize_datastore_encryptor(tmpdir)
|
initialize_datastore_encryptor(tmpdir)
|
||||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||||
yield tmpdir
|
yield tmpdir
|
||||||
data_store_encryptor._encryptor = None
|
data_store_encryptor._encryptor = None
|
||||||
|
|
||||||
|
@ -66,6 +66,6 @@ def test_encryptor_not_initialized():
|
||||||
def test_setup_datastore_key(tmpdir):
|
def test_setup_datastore_key(tmpdir):
|
||||||
initialize_datastore_encryptor(tmpdir)
|
initialize_datastore_encryptor(tmpdir)
|
||||||
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
|
||||||
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
assert get_datastore_encryptor().is_key_setup()
|
assert get_datastore_encryptor().is_key_setup()
|
||||||
|
|
Loading…
Reference in New Issue