Merge pull request #2168 from guardicore/2109-auth-island-version

2109 auth island version

CHANGELOG.md

@@ -19,6 +19,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - `/api/reset-agent-configuration` endpoint. #2036
 - `/api/clear-simulation-data` endpoint. #2036
 - `/api/registration-status` endpoint. #2149
+- authentication to `/api/island/version`. #2109
 
 ### Changed
 - Reset workflow. Now it's possible to delete data gathered by agents without

monkey/monkey_island/cc/resources/version.py

@@ -2,6 +2,7 @@ import logging
 
 from monkey_island.cc import Version
 from monkey_island.cc.resources.AbstractResource import AbstractResource
+from monkey_island.cc.resources.request_authentication import jwt_required
 
 logger = logging.getLogger(__name__)
 
@@ -12,8 +13,7 @@ class Version(AbstractResource):
     def __init__(self, version: Version):
         self._version = version
 
-    # We don't secure this since it doesn't give out any private info and we want UI to know version
-    # even when not authenticated
+    @jwt_required
     def get(self):
         return {
             "version_number": self._version.version_number,

monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js

@@ -2,8 +2,9 @@ import React from 'react';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { faDownload } from '@fortawesome/free-solid-svg-icons/faDownload';
+import AuthComponent from '../AuthComponent';
 
-class VersionComponent extends React.Component {
+class VersionComponent extends AuthComponent {
   constructor(props) {
     super(props);
     this.state = {
@@ -14,7 +15,7 @@ class VersionComponent extends React.Component {
   }
 
   componentDidMount() {
-    fetch('/api/island/version') // This is not authenticated on purpose
+    this.authFetch('/api/island/version')
       .then(res => res.json())
       .then(res => {
         this.setState({