island: Add attack mitigations to mongo upon registration

2021-09-27 13:51:20 +05:30 · 2021-09-27 13:51:20 +05:30 · 3cbeb3dbf7
parent b791ee16e1
commit 3cbeb3dbf7
2 changed files with 11 additions and 3 deletions
--- a/monkey/monkey_island/cc/resources/auth/registration.py
+++ b/monkey/monkey_island/cc/resources/auth/registration.py
@ -1,4 +1,5 @@
 import json
+import logging

 import flask_restful
 from flask import make_response, request
@ -7,6 +8,9 @@ import monkey_island.cc.environment.environment_singleton as env_singleton
 import monkey_island.cc.resources.auth.password_utils as password_utils
 from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
 from monkey_island.cc.environment.user_creds import UserCreds
+from monkey_island.cc.setup.mongo.database_initializer import init_collections
+
+logger = logging.getLogger(__name__)


 class Registration(flask_restful.Resource):
@ -18,9 +22,16 @@ class Registration(flask_restful.Resource):

        try:
            env_singleton.env.try_add_user(credentials)
+            init_collections()
            return make_response({"error": ""}, 200)
        except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
            return make_response({"error": str(e)}, 400)
+        except Exception as ex:
+            logger.error(
+                "Exception raised during registration; most likely an issue with the "
+                f"mongo collection's initialisation. Exception: {str(ex)}."
+            )
+            return make_response({"error": str(ex)}, 400)


 def _get_user_credentials_from_request(request):
--- a/monkey/monkey_island/cc/server_setup.py
+++ b/monkey/monkey_island/cc/server_setup.py
@ -36,7 +36,6 @@ from monkey_island.cc.setup import island_config_options_validator  # noqa: E402
 from monkey_island.cc.setup.gevent_hub_error_handler import GeventHubErrorHandler  # noqa: E402
 from monkey_island.cc.setup.island_config_options import IslandConfigOptions  # noqa: E402
 from monkey_island.cc.setup.mongo import mongo_setup  # noqa: E402
-from monkey_island.cc.setup.mongo.database_initializer import init_collections  # noqa: E402
 from monkey_island.cc.setup.mongo.mongo_db_process import MongoDbProcess  # noqa: E402

 logger = logging.getLogger(__name__)
@ -131,8 +130,6 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
    populate_exporter_list()
    app = init_app(mongo_setup.MONGO_URL)

-    init_collections()
-
    if should_setup_only:
        logger.warning("Setup only flag passed. Exiting.")
        return