forked from p15670423/monkey
Island: Move authentication logic into AuthenticationService
This commit is contained in:
parent
17f7e22584
commit
8a2bae7e14
|
@ -7,11 +7,7 @@ from flask import make_response, request
|
||||||
from flask_jwt_extended.exceptions import JWTExtendedException
|
from flask_jwt_extended.exceptions import JWTExtendedException
|
||||||
from jwt import PyJWTError
|
from jwt import PyJWTError
|
||||||
|
|
||||||
import monkey_island.cc.environment.environment_singleton as env_singleton
|
from monkey_island.cc.resources.auth.credential_utils import get_username_password_from_request
|
||||||
from monkey_island.cc.resources.auth.credential_utils import (
|
|
||||||
get_username_password_from_request,
|
|
||||||
password_matches_hash,
|
|
||||||
)
|
|
||||||
from monkey_island.cc.services.authentication import AuthenticationService
|
from monkey_island.cc.services.authentication import AuthenticationService
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
@ -41,21 +37,11 @@ class Authenticate(flask_restful.Resource):
|
||||||
"""
|
"""
|
||||||
username, password = get_username_password_from_request(request)
|
username, password = get_username_password_from_request(request)
|
||||||
|
|
||||||
if _credentials_match_registered_user(username, password):
|
if AuthenticationService.authenticate(username, password):
|
||||||
AuthenticationService.unlock_datastore_encryptor(username, password)
|
|
||||||
access_token = _create_access_token(username)
|
access_token = _create_access_token(username)
|
||||||
return make_response({"access_token": access_token, "error": ""}, 200)
|
return make_response({"access_token": access_token, "error": ""}, 200)
|
||||||
else:
|
|
||||||
return make_response({"error": "Invalid credentials"}, 401)
|
|
||||||
|
|
||||||
|
return make_response({"error": "Invalid credentials"}, 401)
|
||||||
def _credentials_match_registered_user(username: str, password: str) -> bool:
|
|
||||||
registered_user = env_singleton.env.get_user()
|
|
||||||
|
|
||||||
if not registered_user:
|
|
||||||
return False
|
|
||||||
|
|
||||||
return (registered_user.username == username) and password_matches_hash(password, registered_user.password_hash)
|
|
||||||
|
|
||||||
|
|
||||||
def _create_access_token(username):
|
def _create_access_token(username):
|
||||||
|
|
|
@ -2,6 +2,7 @@ import bcrypt
|
||||||
|
|
||||||
import monkey_island.cc.environment.environment_singleton as env_singleton
|
import monkey_island.cc.environment.environment_singleton as env_singleton
|
||||||
from monkey_island.cc.environment.user_creds import UserCreds
|
from monkey_island.cc.environment.user_creds import UserCreds
|
||||||
|
from monkey_island.cc.resources.auth.credential_utils import password_matches_hash
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
reset_datastore_encryptor,
|
reset_datastore_encryptor,
|
||||||
unlock_datastore_encryptor,
|
unlock_datastore_encryptor,
|
||||||
|
@ -19,8 +20,8 @@ class AuthenticationService:
|
||||||
def initialize(cls, key_file_directory):
|
def initialize(cls, key_file_directory):
|
||||||
cls.KEY_FILE_DIRECTORY = key_file_directory
|
cls.KEY_FILE_DIRECTORY = key_file_directory
|
||||||
|
|
||||||
@classmethod
|
@staticmethod
|
||||||
def needs_registration(cls) -> bool:
|
def needs_registration() -> bool:
|
||||||
return env_singleton.env.needs_registration()
|
return env_singleton.env.needs_registration()
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
@ -30,6 +31,14 @@ class AuthenticationService:
|
||||||
AuthenticationService.reset_datastore_encryptor(username, password)
|
AuthenticationService.reset_datastore_encryptor(username, password)
|
||||||
reset_database()
|
reset_database()
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def authenticate(cls, username: str, password: str) -> bool:
|
||||||
|
if _credentials_match_registered_user(username, password):
|
||||||
|
AuthenticationService.unlock_datastore_encryptor(username, password)
|
||||||
|
return True
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unlock_datastore_encryptor(username: str, password: str):
|
def unlock_datastore_encryptor(username: str, password: str):
|
||||||
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
secret = AuthenticationService._get_secret_from_credentials(username, password)
|
||||||
|
@ -50,3 +59,14 @@ def _hash_password(plaintext_password):
|
||||||
password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt)
|
password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt)
|
||||||
|
|
||||||
return password_hash.decode()
|
return password_hash.decode()
|
||||||
|
|
||||||
|
|
||||||
|
def _credentials_match_registered_user(username: str, password: str) -> bool:
|
||||||
|
registered_user = env_singleton.env.get_user()
|
||||||
|
|
||||||
|
if not registered_user:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return (registered_user.username == username) and password_matches_hash(
|
||||||
|
password, registered_user.password_hash
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in New Issue