p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Move data store encryptor secret generation into the data store encryptor from credential_utils.py

This commit is contained in:
VakarisZ 2021-10-01 11:58:32 +03:00
parent f97ec4e9ed
commit e280c4fb5a
7 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
monkey/monkey_island/cc/resources/auth/auth.py
View File

@ -11,7 +11,6 @@ import monkey_island.cc.environment.environment_singleton as env_singleton
import monkey_island.cc.resources.auth.user_store as user_store import monkey_island.cc.resources.auth.user_store as user_store
from monkey_island.cc.resources.auth.credential_utils import ( from monkey_island.cc.resources.auth.credential_utils import (
get_creds_from_request, get_creds_from_request,
get_secret_from_request,
password_matches_hash, password_matches_hash,
) )
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
@ -45,14 +44,14 @@ class Authenticate(flask_restful.Resource):
username, password = get_creds_from_request(request) username, password = get_creds_from_request(request)
if _credentials_match_registered_user(username, password): if _credentials_match_registered_user(username, password):
setup_datastore_key(get_secret_from_request(request)) setup_datastore_key(username, password)
access_token = _create_access_token(username) access_token = _create_access_token(username)
return make_response({"access_token": access_token, "error": ""}, 200) return make_response({"access_token": access_token, "error": ""}, 200)
else: else:
return make_response({"error": "Invalid credentials"}, 401) return make_response({"error": "Invalid credentials"}, 401)
def _credentials_match_registered_user(username: str, password: str): def _credentials_match_registered_user(username: str, password: str) -> bool:
user = user_store.UserStore.username_table.get(username, None) user = user_store.UserStore.username_table.get(username, None)
if user and password_matches_hash(password, user.secret): if user and password_matches_hash(password, user.secret):

5
monkey/monkey_island/cc/resources/auth/credential_utils.py
View File

@ -25,11 +25,6 @@ def get_user_credentials_from_request(_request) -> UserCreds:
return UserCreds(username, password_hash) return UserCreds(username, password_hash)
def get_secret_from_request(_request) -> str:
username, password = get_creds_from_request(_request)
return f"{username}:{password}"
def get_creds_from_request(_request: Request) -> Tuple[str, str]: def get_creds_from_request(_request: Request) -> Tuple[str, str]:
cred_dict = json.loads(request.data) cred_dict = json.loads(request.data)
username = cred_dict.get("username", "") username = cred_dict.get("username", "")

8
monkey/monkey_island/cc/resources/auth/registration.py
View File

@ -5,10 +5,7 @@ from flask import make_response, request
import monkey_island.cc.environment.environment_singleton as env_singleton import monkey_island.cc.environment.environment_singleton as env_singleton
from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
from monkey_island.cc.resources.auth.credential_utils import ( from monkey_island.cc.resources.auth.credential_utils import get_user_credentials_from_request
get_secret_from_request,
get_user_credentials_from_request,
)
from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key
from monkey_island.cc.setup.mongo.database_initializer import reset_database from monkey_island.cc.setup.mongo.database_initializer import reset_database
@ -26,7 +23,8 @@ class Registration(flask_restful.Resource):
try: try:
env_singleton.env.try_add_user(credentials) env_singleton.env.try_add_user(credentials)
remove_old_datastore_key() remove_old_datastore_key()
setup_datastore_key(get_secret_from_request(request)) username, password = get_user_credentials_from_request(request)
setup_datastore_key(username, password)
reset_database() reset_database()
return make_response({"error": ""}, 200) return make_response({"error": ""}, 200)
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e: except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:

7
monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
View File

@ -69,6 +69,10 @@ class EncryptorNotInitializedError(Exception):
pass pass
def _get_secret_from_credentials(username: str, password: str) -> str:
return f"{username}:{password}"
def encryptor_initialized_key_not_set(f): def encryptor_initialized_key_not_set(f):
def inner_function(*args, **kwargs): def inner_function(*args, **kwargs):
if _encryptor is None: if _encryptor is None:
@ -89,7 +93,8 @@ def remove_old_datastore_key():
@encryptor_initialized_key_not_set @encryptor_initialized_key_not_set
def setup_datastore_key(secret: str): def setup_datastore_key(username: str, password: str):
secret = _get_secret_from_credentials(username, password)
_encryptor.init_key(secret) _encryptor.init_key(secret)

BIN
monkey/tests/data_for_tests/mongo_key.bin
View File

Binary file not shown.

5
monkey/tests/unit_tests/monkey_island/cc/conftest.py
View File

@ -28,10 +28,11 @@ def monkey_config_json(monkey_config):
return json.dumps(monkey_config) return json.dumps(monkey_config)
ENCRYPTOR_SECRET = "m0nk3y_u53r:53cr3t_p455w0rd" MOCK_USERNAME = "m0nk3y_u53r"
MOCK_PASSWORD = "3cr3t_p455w0rd"
@pytest.fixture @pytest.fixture
def uses_encryptor(data_for_tests_dir): def uses_encryptor(data_for_tests_dir):
initialize_datastore_encryptor(data_for_tests_dir) initialize_datastore_encryptor(data_for_tests_dir)
setup_datastore_key(ENCRYPTOR_SECRET) setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)

6
monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py
View File

@ -1,7 +1,7 @@
import os import os
import pytest import pytest
from tests.unit_tests.monkey_island.cc.conftest import ENCRYPTOR_SECRET from tests.unit_tests.monkey_island.cc.conftest import MOCK_PASSWORD, MOCK_USERNAME
from monkey_island.cc.server_utils.encryption import ( from monkey_island.cc.server_utils.encryption import (
DataStoreEncryptor, DataStoreEncryptor,
@ -28,7 +28,7 @@ def test_encryption(data_for_tests_dir):
@pytest.fixture @pytest.fixture
def initialized_key_dir(tmpdir): def initialized_key_dir(tmpdir):
initialize_datastore_encryptor(tmpdir) initialize_datastore_encryptor(tmpdir)
setup_datastore_key(ENCRYPTOR_SECRET) setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
yield tmpdir yield tmpdir
data_store_encryptor._encryptor = None data_store_encryptor._encryptor = None
@ -66,6 +66,6 @@ def test_encryptor_not_initialized():
def test_setup_datastore_key(tmpdir): def test_setup_datastore_key(tmpdir):
initialize_datastore_encryptor(tmpdir) initialize_datastore_encryptor(tmpdir)
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME)) assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
setup_datastore_key(ENCRYPTOR_SECRET) setup_datastore_key(MOCK_USERNAME, MOCK_PASSWORD)
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME)) assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
assert get_datastore_encryptor().is_key_setup() assert get_datastore_encryptor().is_key_setup()