Some small CR fixes - improved doc and logs

2020-07-21 18:40:08 +03:00 · 2020-07-21 18:40:08 +03:00 · 2bbb2d2c2c
parent dd1320418a
commit 2bbb2d2c2c
2 changed files with 3 additions and 3 deletions
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -73,9 +73,9 @@ def init_app_config(app, mongo_url):
    app.config['MONGO_URI'] = mongo_url

    # See https://flask-jwt-extended.readthedocs.io/en/stable/options
-    app.config['JWT_TOKEN_LOCATION'] = ['headers']
    app.config['JWT_ACCESS_TOKEN_EXPIRES'] = env_singleton.env.get_auth_expiration_time()
-    # Invalidate the signature of JWTs between server resets.
+    # Invalidate the signature of JWTs if the server process restarts. This avoids the edge case of getting a JWT,
+    # deciding to reset credentials and then still logging in with the old JWT.
    app.config['JWT_SECRET_KEY'] = str(uuid.uuid4())


--- a/monkey/monkey_island/cc/resources/auth/auth.py
+++ b/monkey/monkey_island/cc/resources/auth/auth.py
@ -47,7 +47,7 @@ class Authenticate(flask_restful.Resource):
        # If the user and password have been previously registered
        if self._authenticate(username, secret):
            access_token = flask_jwt_extended.create_access_token(identity=user_store.UserStore.username_table[username].id)
-            logger.debug(f"Created access token for user {username}: {access_token}")
+            logger.debug(f"Created access token for user {username} that begins with {access_token[:4]}")
            return make_response({"access_token": access_token, "error": ""}, 200)
        else:
            return make_response({"error": "Invalid credentials"}, 401)