Island: Move authentication logic into AuthenticationService

2021-10-08 10:31:37 -04:00 · 2021-10-08 10:31:37 -04:00 · 8a2bae7e14
parent 17f7e22584
commit 8a2bae7e14
2 changed files with 25 additions and 19 deletions
--- a/monkey/monkey_island/cc/resources/auth/auth.py
+++ b/monkey/monkey_island/cc/resources/auth/auth.py
@ -7,11 +7,7 @@ from flask import make_response, request
 from flask_jwt_extended.exceptions import JWTExtendedException
 from jwt import PyJWTError

-import monkey_island.cc.environment.environment_singleton as env_singleton
-from monkey_island.cc.resources.auth.credential_utils import (
-    get_username_password_from_request,
-    password_matches_hash,
-)
+from monkey_island.cc.resources.auth.credential_utils import get_username_password_from_request
 from monkey_island.cc.services.authentication import AuthenticationService

 logger = logging.getLogger(__name__)
@ -41,21 +37,11 @@ class Authenticate(flask_restful.Resource):
        """
        username, password = get_username_password_from_request(request)

-        if _credentials_match_registered_user(username, password):
-            AuthenticationService.unlock_datastore_encryptor(username, password)
+        if AuthenticationService.authenticate(username, password):
            access_token = _create_access_token(username)
            return make_response({"access_token": access_token, "error": ""}, 200)
-        else:
-            return make_response({"error": "Invalid credentials"}, 401)

-
-def _credentials_match_registered_user(username: str, password: str) -> bool:
-    registered_user = env_singleton.env.get_user()
-
-    if not registered_user:
-        return False
-
-    return (registered_user.username == username) and password_matches_hash(password, registered_user.password_hash)
+        return make_response({"error": "Invalid credentials"}, 401)


 def _create_access_token(username):
--- a/monkey/monkey_island/cc/services/authentication.py
+++ b/monkey/monkey_island/cc/services/authentication.py
@ -2,6 +2,7 @@ import bcrypt

 import monkey_island.cc.environment.environment_singleton as env_singleton
 from monkey_island.cc.environment.user_creds import UserCreds
+from monkey_island.cc.resources.auth.credential_utils import password_matches_hash
 from monkey_island.cc.server_utils.encryption import (
    reset_datastore_encryptor,
    unlock_datastore_encryptor,
@ -19,8 +20,8 @@ class AuthenticationService:
    def initialize(cls, key_file_directory):
        cls.KEY_FILE_DIRECTORY = key_file_directory

-    @classmethod
-    def needs_registration(cls) -> bool:
+    @staticmethod
+    def needs_registration() -> bool:
        return env_singleton.env.needs_registration()

    @classmethod
@ -30,6 +31,14 @@ class AuthenticationService:
        AuthenticationService.reset_datastore_encryptor(username, password)
        reset_database()

+    @classmethod
+    def authenticate(cls, username: str, password: str) -> bool:
+        if _credentials_match_registered_user(username, password):
+            AuthenticationService.unlock_datastore_encryptor(username, password)
+            return True
+
+        return False
+
    @staticmethod
    def unlock_datastore_encryptor(username: str, password: str):
        secret = AuthenticationService._get_secret_from_credentials(username, password)
@ -50,3 +59,14 @@ def _hash_password(plaintext_password):
    password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt)

    return password_hash.decode()
+
+
+def _credentials_match_registered_user(username: str, password: str) -> bool:
+    registered_user = env_singleton.env.get_user()
+
+    if not registered_user:
+        return False
+
+    return (registered_user.username == username) and password_matches_hash(
+        password, registered_user.password_hash
+    )