island: Move all bcrypt dependencies to password_utils

2021-05-04 21:26:06 -04:00 · 2021-05-04 21:26:06 -04:00 · 9024a512b0
parent 0f49a2c96a
commit 9024a512b0
4 changed files with 17 additions and 9 deletions
--- a/monkey/monkey_island/cc/environment/standard.py
+++ b/monkey/monkey_island/cc/environment/standard.py
@ -1,5 +1,3 @@
-import bcrypt
-
 from monkey_island.cc.environment import Environment
 from monkey_island.cc.resources.auth.auth_user import User

@ -10,9 +8,7 @@ class StandardEnvironment(Environment):
    _credentials_required = False

    NO_AUTH_USER = "1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()"
-    NO_AUTH_SECRET = bcrypt.hashpw(
-        NO_AUTH_USER.encode("utf-8"), b"$2b$12$frH7uEwV3jkDNGgReW6j2u"
-    ).decode()
+    NO_AUTH_SECRET = "$2b$12$frH7uEwV3jkDNGgReW6j2udw8hy/Yw1SWAqytrcBYK48kn1V5lQIa"

    def get_auth_users(self):
        return [User(1, StandardEnvironment.NO_AUTH_USER, StandardEnvironment.NO_AUTH_SECRET)]
--- a/monkey/monkey_island/cc/resources/auth/auth.py
+++ b/monkey/monkey_island/cc/resources/auth/auth.py
@ -2,7 +2,6 @@ import json
 import logging
 from functools import wraps

-import bcrypt
 import flask_jwt_extended
 import flask_restful
 from flask import make_response, request
@ -10,6 +9,7 @@ from flask_jwt_extended.exceptions import JWTExtendedException
 from jwt import PyJWTError

 import monkey_island.cc.environment.environment_singleton as env_singleton
+import monkey_island.cc.resources.auth.password_utils as password_utils
 import monkey_island.cc.resources.auth.user_store as user_store

 logger = logging.getLogger(__name__)
@ -59,7 +59,7 @@ def _get_credentials_from_request(request):
 def _credentials_match_registered_user(username, password):
    user = user_store.UserStore.username_table.get(username, None)

-    if user and bcrypt.checkpw(password.encode("utf-8"), user.secret.encode("utf-8")):
+    if user and password_utils.password_matches_hash(password, user.secret):
        return True

    return False
--- a/monkey/monkey_island/cc/resources/auth/password_utils.py
+++ b/monkey/monkey_island/cc/resources/auth/password_utils.py
@ -0,0 +1,12 @@
+import bcrypt
+
+
+def hash_password(plaintext_password):
+    salt = bcrypt.gensalt()
+    password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt)
+
+    return password_hash.decode()
+
+
+def password_matches_hash(plaintext_password, password_hash):
+    return bcrypt.checkpw(plaintext_password.encode("utf-8"), password_hash.encode("utf-8"))
--- a/monkey/monkey_island/cc/resources/auth/registration.py
+++ b/monkey/monkey_island/cc/resources/auth/registration.py
@ -1,10 +1,10 @@
 import json

-import bcrypt
 import flask_restful
 from flask import make_response, request

 import monkey_island.cc.environment.environment_singleton as env_singleton
+import monkey_island.cc.resources.auth.password_utils as password_utils
 from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
 from monkey_island.cc.environment.user_creds import UserCreds

@ -28,6 +28,6 @@ def _get_user_credentials_from_request(request):

    username = cred_dict.get("user", "")
    password = cred_dict.get("password", "")
-    password_hash = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode()
+    password_hash = password_utils.hash_password(password)

    return UserCreds(username, password_hash)