Merge pull request #263 from guardicore/bugfix/set-auth-by-server

Checking with server if auth enabled

monkey/monkey_island/cc/auth.py

@@ -33,20 +33,18 @@ def init_jwt(app):
         user_id = payload['identity']
         return userid_table.get(user_id, None)
 
-    if env.is_auth_enabled():
+    JWT(app, authenticate, identity)
-        JWT(app, authenticate, identity)
 
 
 def jwt_required(realm=None):
     def wrapper(fn):
         @wraps(fn)
         def decorator(*args, **kwargs):
-            if env.is_auth_enabled():
+            try:
-                try:
+                _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
-                    _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
+                return fn(*args, **kwargs)
-                except JWTError:
+            except JWTError:
-                    abort(401)
+                abort(401)
-            return fn(*args, **kwargs)
 
         return decorator
 

monkey/monkey_island/cc/environment/__init__.py

@@ -37,10 +37,6 @@ class Environment(object):
         h.update(secret)
         return h.hexdigest()
 
-    @abc.abstractmethod
-    def is_auth_enabled(self):
-        return
-
     @abc.abstractmethod
     def get_auth_users(self):
         return

monkey/monkey_island/cc/environment/aws.py

@@ -18,9 +18,6 @@ class AwsEnvironment(Environment):
     def _get_region(self):
         return self.aws_info.get_region()
 
-    def is_auth_enabled(self):
-        return True
-
     def get_auth_users(self):
         return [
             cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))

monkey/monkey_island/cc/environment/password.py

@@ -6,9 +6,6 @@ __author__ = 'itay.mizeretz'
 
 class PasswordEnvironment(Environment):
 
-    def is_auth_enabled(self):
-        return True
-
     def get_auth_users(self):
         return [
             cc.auth.User(1, self.config['user'], self.config['hash'])

monkey/monkey_island/cc/environment/standard.py

@@ -1,12 +1,15 @@
+import cc.auth
 from cc.environment import Environment
 
 __author__ = 'itay.mizeretz'
 
 
 class StandardEnvironment(Environment):
-
+    # SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
-    def is_auth_enabled(self):
+    NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
-        return False
+                    '8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557'
 
     def get_auth_users(self):
-        return []
+        return [
+            cc.auth.User(1, StandardEnvironment.NO_AUTH_CREDS, StandardEnvironment.NO_AUTH_CREDS)
+        ]

monkey/monkey_island/cc/ui/src/components/Main.js

@@ -27,31 +27,42 @@ let guardicoreLogoImage = require('../images/guardicore-logo.png');
 
 class AppComponent extends AuthComponent {
   updateStatus = () => {
-    if (this.auth.loggedIn()){
+    this.auth.loggedIn()
-      this.authFetch('/api')
+      .then(res => {
-        .then(res => res.json())
+        this.setState({
-        .then(res => {
+          isLoggedIn: res
-          // This check is used to prevent unnecessary re-rendering
-          let isChanged = false;
-          for (let step in this.state.completedSteps) {
-            if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
-              isChanged = true;
-              break;
-            }
-          }
-          if (isChanged) {
-            this.setState({completedSteps: res['completed_steps']});
-          }
         });
-    }
+
+        if (res) {
+          this.authFetch('/api')
+            .then(res => res.json())
+            .then(res => {
+              // This check is used to prevent unnecessary re-rendering
+              let isChanged = false;
+              for (let step in this.state.completedSteps) {
+                if (this.state.completedSteps[step] !== res['completed_steps'][step]) {
+                  isChanged = true;
+                  break;
+                }
+              }
+              if (isChanged) {
+                this.setState({completedSteps: res['completed_steps']});
+              }
+            });
+        }
+      });
   };
 
   renderRoute = (route_path, page_component, is_exact_path = false) => {
     let render_func = (props) => {
-      if (this.auth.loggedIn()) {
+      switch (this.state.isLoggedIn) {
-        return page_component;
+        case true:
-      } else {
+          return page_component;
-        return <Redirect to={{pathname: '/login'}}/>;
+        case false:
+          return <Redirect to={{pathname: '/login'}}/>;
+        default:
+          return page_component;
+
       }
     };
 
@@ -69,7 +80,8 @@ class AppComponent extends AuthComponent {
         run_server: true,
         run_monkey: false,
         infection_done: false,
-        report_done: false
+        report_done: false,
+        isLoggedIn: undefined
       }
     };
   }

monkey/monkey_island/cc/ui/src/components/pages/LoginPage.js

@@ -34,9 +34,12 @@ class LoginPageComponent extends React.Component {
     this.state = {
       failed: false
     };
-    if (this.auth.loggedIn()) {
+    this.auth.loggedIn()
-      this.redirectToHome();
+      .then(res => {
-    }
+        if (res) {
+          this.redirectToHome();
+        }
+      });
   }
 
   render() {

monkey/monkey_island/cc/ui/src/index.js

@@ -1,6 +1,7 @@
 import 'core-js/fn/object/assign';
 import React from 'react';
 import ReactDOM from 'react-dom';
+import 'babel-polyfill';
 import App from './components/Main';
 import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars
 

monkey/monkey_island/cc/ui/src/services/AuthService.js

@@ -1,24 +1,18 @@
 import { SHA3 } from 'sha3';
 import decode from 'jwt-decode';
-import {SERVER_CONFIG} from '../server_config/ServerConfig';
 
 export default class AuthService {
-  AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled();
+  // SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
+  NO_AUTH_CREDS =
+    "55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062" +
+    "8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557";
 
   login = (username, password) => {
-    if (this.AUTH_ENABLED) {
+    return this._login(username, this.hashSha3(password));
-      return this._login(username, this.hashSha3(password));
-    } else {
-      return {result: true};
-    }
   };
 
   authFetch = (url, options) => {
-    if (this.AUTH_ENABLED) {
+    return this._authFetch(url, options);
-      return this._authFetch(url, options);
-    } else {
-      return fetch(url, options);
-    }
   };
 
   hashSha3(text) {
@@ -43,7 +37,6 @@ export default class AuthService {
           this._removeToken();
           return {result: false};
         }
-
       })
   };
 
@@ -53,7 +46,7 @@ export default class AuthService {
       'Content-Type': 'application/json'
     };
 
-    if (this.loggedIn()) {
+    if (this._loggedIn()) {
       headers['Authorization'] = 'JWT ' + this._getToken();
     }
 
@@ -74,20 +67,26 @@ export default class AuthService {
       });
   };
 
-  loggedIn() {
+  async loggedIn() {
-    if (!this.AUTH_ENABLED) {
+    let token = this._getToken();
-      return true;
+    if ((token === null) || (this._isTokenExpired(token))) {
+      await this.attemptNoAuthLogin();
     }
+    return this._loggedIn();
+  }
 
+  attemptNoAuthLogin() {
+    return this._login(this.NO_AUTH_CREDS, this.NO_AUTH_CREDS);
+  }
+
+  _loggedIn() {
     const token = this._getToken();
     return ((token !== null) && !this._isTokenExpired(token));
   }
 
-  logout() {
+  logout = () => {
-    if (this.AUTH_ENABLED) {
+    this._removeToken();
-      this._removeToken();
+  };
-    }
-  }
 
   _isTokenExpired(token) {
     try {