From 6fe4d6cb31f769bff492f0f270e994c920d41284 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 27 Sep 2021 14:36:55 +0530 Subject: [PATCH] island: Drop mongo db when registartion requirement is realised instead of when registration request is sent The issue with this whole change is that there's a long gap where nothing happens after you click on the log in or register button on the UI. But we don't need to worry about this because we plan on shipping Island's mongodb with attack mitigations already present. --- monkey/monkey_island/cc/resources/auth/registration.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/resources/auth/registration.py b/monkey/monkey_island/cc/resources/auth/registration.py index ad4ce796a..92fca24c9 100644 --- a/monkey/monkey_island/cc/resources/auth/registration.py +++ b/monkey/monkey_island/cc/resources/auth/registration.py @@ -16,14 +16,16 @@ logger = logging.getLogger(__name__) class Registration(flask_restful.Resource): def get(self): - return {"needs_registration": env_singleton.env.needs_registration()} + is_registration_needed = env_singleton.env.needs_registration() + if is_registration_needed: + # if registration is required, drop previous user's data (for credentials reset case) + _drop_mongo_db() + return {"needs_registration": is_registration_needed} def post(self): credentials = _get_user_credentials_from_request(request) try: - # if new registration is required (credentials are reset), drop previous user's data - _drop_mongo_db() env_singleton.env.try_add_user(credentials) init_collections() return make_response({"error": ""}, 200)