Merge pull request #263 from guardicore/bugfix/set-auth-by-server

Checking with server if auth enabled
This commit is contained in:
Daniel Goldberg 2019-02-12 17:03:19 +02:00 committed by GitHub
commit 08aede237e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 74 additions and 68 deletions

View File

@ -33,7 +33,6 @@ def init_jwt(app):
user_id = payload['identity']
return userid_table.get(user_id, None)
if env.is_auth_enabled():
JWT(app, authenticate, identity)
@ -41,12 +40,11 @@ def jwt_required(realm=None):
def wrapper(fn):
@wraps(fn)
def decorator(*args, **kwargs):
if env.is_auth_enabled():
try:
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
return fn(*args, **kwargs)
except JWTError:
abort(401)
return fn(*args, **kwargs)
return decorator

View File

@ -37,10 +37,6 @@ class Environment(object):
h.update(secret)
return h.hexdigest()
@abc.abstractmethod
def is_auth_enabled(self):
return
@abc.abstractmethod
def get_auth_users(self):
return

View File

@ -18,9 +18,6 @@ class AwsEnvironment(Environment):
def _get_region(self):
return self.aws_info.get_region()
def is_auth_enabled(self):
return True
def get_auth_users(self):
return [
cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id))

View File

@ -6,9 +6,6 @@ __author__ = 'itay.mizeretz'
class PasswordEnvironment(Environment):
def is_auth_enabled(self):
return True
def get_auth_users(self):
return [
cc.auth.User(1, self.config['user'], self.config['hash'])

View File

@ -1,12 +1,15 @@
import cc.auth
from cc.environment import Environment
__author__ = 'itay.mizeretz'
class StandardEnvironment(Environment):
def is_auth_enabled(self):
return False
# SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \
'8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557'
def get_auth_users(self):
return []
return [
cc.auth.User(1, StandardEnvironment.NO_AUTH_CREDS, StandardEnvironment.NO_AUTH_CREDS)
]

View File

@ -27,7 +27,13 @@ let guardicoreLogoImage = require('../images/guardicore-logo.png');
class AppComponent extends AuthComponent {
updateStatus = () => {
if (this.auth.loggedIn()){
this.auth.loggedIn()
.then(res => {
this.setState({
isLoggedIn: res
});
if (res) {
this.authFetch('/api')
.then(res => res.json())
.then(res => {
@ -44,14 +50,19 @@ class AppComponent extends AuthComponent {
}
});
}
});
};
renderRoute = (route_path, page_component, is_exact_path = false) => {
let render_func = (props) => {
if (this.auth.loggedIn()) {
switch (this.state.isLoggedIn) {
case true:
return page_component;
} else {
case false:
return <Redirect to={{pathname: '/login'}}/>;
default:
return page_component;
}
};
@ -69,7 +80,8 @@ class AppComponent extends AuthComponent {
run_server: true,
run_monkey: false,
infection_done: false,
report_done: false
report_done: false,
isLoggedIn: undefined
}
};
}

View File

@ -34,9 +34,12 @@ class LoginPageComponent extends React.Component {
this.state = {
failed: false
};
if (this.auth.loggedIn()) {
this.auth.loggedIn()
.then(res => {
if (res) {
this.redirectToHome();
}
});
}
render() {

View File

@ -1,6 +1,7 @@
import 'core-js/fn/object/assign';
import React from 'react';
import ReactDOM from 'react-dom';
import 'babel-polyfill';
import App from './components/Main';
import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars

View File

@ -1,24 +1,18 @@
import { SHA3 } from 'sha3';
import decode from 'jwt-decode';
import {SERVER_CONFIG} from '../server_config/ServerConfig';
export default class AuthService {
AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled();
// SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()'
NO_AUTH_CREDS =
"55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062" +
"8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557";
login = (username, password) => {
if (this.AUTH_ENABLED) {
return this._login(username, this.hashSha3(password));
} else {
return {result: true};
}
};
authFetch = (url, options) => {
if (this.AUTH_ENABLED) {
return this._authFetch(url, options);
} else {
return fetch(url, options);
}
};
hashSha3(text) {
@ -43,7 +37,6 @@ export default class AuthService {
this._removeToken();
return {result: false};
}
})
};
@ -53,7 +46,7 @@ export default class AuthService {
'Content-Type': 'application/json'
};
if (this.loggedIn()) {
if (this._loggedIn()) {
headers['Authorization'] = 'JWT ' + this._getToken();
}
@ -74,20 +67,26 @@ export default class AuthService {
});
};
loggedIn() {
if (!this.AUTH_ENABLED) {
return true;
async loggedIn() {
let token = this._getToken();
if ((token === null) || (this._isTokenExpired(token))) {
await this.attemptNoAuthLogin();
}
return this._loggedIn();
}
attemptNoAuthLogin() {
return this._login(this.NO_AUTH_CREDS, this.NO_AUTH_CREDS);
}
_loggedIn() {
const token = this._getToken();
return ((token !== null) && !this._isTokenExpired(token));
}
logout() {
if (this.AUTH_ENABLED) {
logout = () => {
this._removeToken();
}
}
};
_isTokenExpired(token) {
try {