From bfd0eb6fa5bfa34878d2b45f6ee59d9bb124b064 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 4 Aug 2022 11:56:01 +0200
Subject: [PATCH 1/4] Island: Authenticate `api/island/version`

---
 monkey/monkey_island/cc/resources/version.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/monkey/monkey_island/cc/resources/version.py b/monkey/monkey_island/cc/resources/version.py
index 97dca4a4c..69a9cb851 100644
--- a/monkey/monkey_island/cc/resources/version.py
+++ b/monkey/monkey_island/cc/resources/version.py
@@ -2,6 +2,7 @@ import logging
 
 from monkey_island.cc import Version
 from monkey_island.cc.resources.AbstractResource import AbstractResource
+from monkey_island.cc.resources.request_authentication import jwt_required
 
 logger = logging.getLogger(__name__)
 
@@ -12,8 +13,7 @@ class Version(AbstractResource):
     def __init__(self, version: Version):
         self._version = version
 
-    # We don't secure this since it doesn't give out any private info and we want UI to know version
-    # even when not authenticated
+    @jwt_required
     def get(self):
         return {
             "version_number": self._version.version_number,

From aa8e020df63415b3fa2a5095c0a81b9ab82547c2 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 4 Aug 2022 11:57:09 +0200
Subject: [PATCH 2/4] UI: Use AuthComponent in VersionComponent

---
 .../cc/ui/src/components/logo/VersionComponent.js           | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js b/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
index 10dbd0bf0..34d164f4a 100644
--- a/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
+++ b/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
@@ -2,8 +2,9 @@ import React from 'react';
 
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import { faDownload } from '@fortawesome/free-solid-svg-icons/faDownload';
+import AuthComponent from '../AuthComponent';
 
-class VersionComponent extends React.Component {
+class VersionComponent extends AuthComponent {
   constructor(props) {
     super(props);
     this.state = {
@@ -14,7 +15,7 @@ class VersionComponent extends React.Component {
   }
 
   componentDidMount() {
-    fetch('/api/island/version') // This is not authenticated on purpose
+    this.authFetch('/api/island/version') // This is not authenticated on purpose
       .then(res => res.json())
       .then(res => {
         this.setState({
@@ -27,6 +28,7 @@ class VersionComponent extends React.Component {
 
   newerVersionAvailable() {
     const semverGt = require('semver/functions/gt');
+    console.log(this.state);
     if(this.state.latestVersion !== undefined && this.state.versionNumber !== undefined) {
       return semverGt(this.state.latestVersion, this.state.versionNumber);
     }

From efffde6321091d7b5167cac75642bf6023142e44 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 4 Aug 2022 11:59:07 +0200
Subject: [PATCH 3/4] Changelog: Added entry for authentication of
 `api/island/version`

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d4bdc810..4f88d9851 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - `/api/reset-agent-configuration` endpoint. #2036
 - `/api/clear-simulation-data` endpoint. #2036
 - `/api/registration-status` endpoint. #2149
+- authentication to `/api/island/version`. #2109
 
 ### Changed
 - Reset workflow. Now it's possible to delete data gathered by agents without

From 85af7f0f39486dc8abace531228563fcb932f0a4 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 4 Aug 2022 13:41:40 +0200
Subject: [PATCH 4/4] UI: Remove leftovers in VersionComponent

---
 .../cc/ui/src/components/logo/VersionComponent.js              | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js b/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
index 34d164f4a..fe93158ec 100644
--- a/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
+++ b/monkey/monkey_island/cc/ui/src/components/logo/VersionComponent.js
@@ -15,7 +15,7 @@ class VersionComponent extends AuthComponent {
   }
 
   componentDidMount() {
-    this.authFetch('/api/island/version') // This is not authenticated on purpose
+    this.authFetch('/api/island/version')
       .then(res => res.json())
       .then(res => {
         this.setState({
@@ -28,7 +28,6 @@ class VersionComponent extends AuthComponent {
 
   newerVersionAvailable() {
     const semverGt = require('semver/functions/gt');
-    console.log(this.state);
     if(this.state.latestVersion !== undefined && this.state.versionNumber !== undefined) {
       return semverGt(this.state.latestVersion, this.state.versionNumber);
     }