From 30e96dc7d360beec93dc12b8fcbf4096b4eabb09 Mon Sep 17 00:00:00 2001 From: itay Date: Tue, 12 Feb 2019 15:39:29 +0200 Subject: [PATCH] Checking with server if auth enabled --- monkey/monkey_island/cc/auth.py | 14 +++-- .../monkey_island/cc/environment/__init__.py | 4 -- monkey/monkey_island/cc/environment/aws.py | 3 -- .../monkey_island/cc/environment/password.py | 3 -- .../monkey_island/cc/environment/standard.py | 11 ++-- .../cc/ui/src/components/Main.js | 54 +++++++++++-------- .../cc/ui/src/components/pages/LoginPage.js | 9 ++-- monkey/monkey_island/cc/ui/src/index.js | 1 + .../cc/ui/src/services/AuthService.js | 43 ++++++++------- 9 files changed, 74 insertions(+), 68 deletions(-) diff --git a/monkey/monkey_island/cc/auth.py b/monkey/monkey_island/cc/auth.py index a32d6ec9d..f12a7f8cd 100644 --- a/monkey/monkey_island/cc/auth.py +++ b/monkey/monkey_island/cc/auth.py @@ -33,20 +33,18 @@ def init_jwt(app): user_id = payload['identity'] return userid_table.get(user_id, None) - if env.is_auth_enabled(): - JWT(app, authenticate, identity) + JWT(app, authenticate, identity) def jwt_required(realm=None): def wrapper(fn): @wraps(fn) def decorator(*args, **kwargs): - if env.is_auth_enabled(): - try: - _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) - except JWTError: - abort(401) - return fn(*args, **kwargs) + try: + _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) + return fn(*args, **kwargs) + except JWTError: + abort(401) return decorator diff --git a/monkey/monkey_island/cc/environment/__init__.py b/monkey/monkey_island/cc/environment/__init__.py index d29d558a6..62b0e9eed 100644 --- a/monkey/monkey_island/cc/environment/__init__.py +++ b/monkey/monkey_island/cc/environment/__init__.py @@ -37,10 +37,6 @@ class Environment(object): h.update(secret) return h.hexdigest() - @abc.abstractmethod - def is_auth_enabled(self): - return - @abc.abstractmethod def get_auth_users(self): return diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py index fc048443f..171eeb5c0 100644 --- a/monkey/monkey_island/cc/environment/aws.py +++ b/monkey/monkey_island/cc/environment/aws.py @@ -18,9 +18,6 @@ class AwsEnvironment(Environment): def _get_region(self): return self.aws_info.get_region() - def is_auth_enabled(self): - return True - def get_auth_users(self): return [ cc.auth.User(1, 'monkey', self.hash_secret(self._instance_id)) diff --git a/monkey/monkey_island/cc/environment/password.py b/monkey/monkey_island/cc/environment/password.py index 96ca043b8..30ddd8267 100644 --- a/monkey/monkey_island/cc/environment/password.py +++ b/monkey/monkey_island/cc/environment/password.py @@ -6,9 +6,6 @@ __author__ = 'itay.mizeretz' class PasswordEnvironment(Environment): - def is_auth_enabled(self): - return True - def get_auth_users(self): return [ cc.auth.User(1, self.config['user'], self.config['hash']) diff --git a/monkey/monkey_island/cc/environment/standard.py b/monkey/monkey_island/cc/environment/standard.py index 8df00a2c3..532ced959 100644 --- a/monkey/monkey_island/cc/environment/standard.py +++ b/monkey/monkey_island/cc/environment/standard.py @@ -1,12 +1,15 @@ +import cc.auth from cc.environment import Environment __author__ = 'itay.mizeretz' class StandardEnvironment(Environment): - - def is_auth_enabled(self): - return False + # SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()' + NO_AUTH_CREDS = '55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062' \ + '8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557' def get_auth_users(self): - return [] + return [ + cc.auth.User(1, StandardEnvironment.NO_AUTH_CREDS, StandardEnvironment.NO_AUTH_CREDS) + ] diff --git a/monkey/monkey_island/cc/ui/src/components/Main.js b/monkey/monkey_island/cc/ui/src/components/Main.js index 114775756..69eeb8500 100644 --- a/monkey/monkey_island/cc/ui/src/components/Main.js +++ b/monkey/monkey_island/cc/ui/src/components/Main.js @@ -27,31 +27,42 @@ let guardicoreLogoImage = require('../images/guardicore-logo.png'); class AppComponent extends AuthComponent { updateStatus = () => { - if (this.auth.loggedIn()){ - this.authFetch('/api') - .then(res => res.json()) - .then(res => { - // This check is used to prevent unnecessary re-rendering - let isChanged = false; - for (let step in this.state.completedSteps) { - if (this.state.completedSteps[step] !== res['completed_steps'][step]) { - isChanged = true; - break; - } - } - if (isChanged) { - this.setState({completedSteps: res['completed_steps']}); - } + this.auth.loggedIn() + .then(res => { + this.setState({ + isLoggedIn: res }); - } + + if (res) { + this.authFetch('/api') + .then(res => res.json()) + .then(res => { + // This check is used to prevent unnecessary re-rendering + let isChanged = false; + for (let step in this.state.completedSteps) { + if (this.state.completedSteps[step] !== res['completed_steps'][step]) { + isChanged = true; + break; + } + } + if (isChanged) { + this.setState({completedSteps: res['completed_steps']}); + } + }); + } + }); }; renderRoute = (route_path, page_component, is_exact_path = false) => { let render_func = (props) => { - if (this.auth.loggedIn()) { - return page_component; - } else { - return ; + switch (this.state.isLoggedIn) { + case true: + return page_component; + case false: + return ; + default: + return page_component; + } }; @@ -69,7 +80,8 @@ class AppComponent extends AuthComponent { run_server: true, run_monkey: false, infection_done: false, - report_done: false + report_done: false, + isLoggedIn: undefined } }; } diff --git a/monkey/monkey_island/cc/ui/src/components/pages/LoginPage.js b/monkey/monkey_island/cc/ui/src/components/pages/LoginPage.js index cc1eefecd..2fdba21aa 100644 --- a/monkey/monkey_island/cc/ui/src/components/pages/LoginPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/LoginPage.js @@ -34,9 +34,12 @@ class LoginPageComponent extends React.Component { this.state = { failed: false }; - if (this.auth.loggedIn()) { - this.redirectToHome(); - } + this.auth.loggedIn() + .then(res => { + if (res) { + this.redirectToHome(); + } + }); } render() { diff --git a/monkey/monkey_island/cc/ui/src/index.js b/monkey/monkey_island/cc/ui/src/index.js index 3b4138107..329e94dfe 100644 --- a/monkey/monkey_island/cc/ui/src/index.js +++ b/monkey/monkey_island/cc/ui/src/index.js @@ -1,6 +1,7 @@ import 'core-js/fn/object/assign'; import React from 'react'; import ReactDOM from 'react-dom'; +import 'babel-polyfill'; import App from './components/Main'; import Bootstrap from 'bootstrap/dist/css/bootstrap.css'; // eslint-disable-line no-unused-vars diff --git a/monkey/monkey_island/cc/ui/src/services/AuthService.js b/monkey/monkey_island/cc/ui/src/services/AuthService.js index 703a96559..547b14272 100644 --- a/monkey/monkey_island/cc/ui/src/services/AuthService.js +++ b/monkey/monkey_island/cc/ui/src/services/AuthService.js @@ -1,24 +1,18 @@ import { SHA3 } from 'sha3'; import decode from 'jwt-decode'; -import {SERVER_CONFIG} from '../server_config/ServerConfig'; export default class AuthService { - AUTH_ENABLED = SERVER_CONFIG.isAuthEnabled(); + // SHA3-512 of '1234567890!@#$%^&*()_nothing_up_my_sleeve_1234567890!@#$%^&*()' + NO_AUTH_CREDS = + "55e97c9dcfd22b8079189ddaeea9bce8125887e3237b800c6176c9afa80d2062" + + "8d2c8d0b1538d2208c1444ac66535b764a3d902b35e751df3faec1e477ed3557"; login = (username, password) => { - if (this.AUTH_ENABLED) { - return this._login(username, this.hashSha3(password)); - } else { - return {result: true}; - } + return this._login(username, this.hashSha3(password)); }; authFetch = (url, options) => { - if (this.AUTH_ENABLED) { - return this._authFetch(url, options); - } else { - return fetch(url, options); - } + return this._authFetch(url, options); }; hashSha3(text) { @@ -43,7 +37,6 @@ export default class AuthService { this._removeToken(); return {result: false}; } - }) }; @@ -53,7 +46,7 @@ export default class AuthService { 'Content-Type': 'application/json' }; - if (this.loggedIn()) { + if (this._loggedIn()) { headers['Authorization'] = 'JWT ' + this._getToken(); } @@ -74,20 +67,26 @@ export default class AuthService { }); }; - loggedIn() { - if (!this.AUTH_ENABLED) { - return true; + async loggedIn() { + let token = this._getToken(); + if ((token === null) || (this._isTokenExpired(token))) { + await this.attemptNoAuthLogin(); } + return this._loggedIn(); + } + attemptNoAuthLogin() { + return this._login(this.NO_AUTH_CREDS, this.NO_AUTH_CREDS); + } + + _loggedIn() { const token = this._getToken(); return ((token !== null) && !this._isTokenExpired(token)); } - logout() { - if (this.AUTH_ENABLED) { - this._removeToken(); - } - } + logout = () => { + this._removeToken(); + }; _isTokenExpired(token) { try {