Merge pull request #2147 from guardicore/2105-refactor-auth-endpoints

Rename endpoints for auth and register, remove unnecessary error

CHANGELOG.md

@@ -48,6 +48,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - `/api/version-update` to `api/island/version`. #2109
 - The `/api/island-mode` to `/api/island/mode`. #2106
 - The `/api/log/island/download` endpoint to `/api/island/log`. #2107
+- The `/api/auth` endpoint to `/api/authenticate`. #2105
+- The `/api/registration` endpoint to `/api/register`. #2105
 
 ### Removed
 - VSFTPD exploiter. #1533

envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py

@@ -39,7 +39,7 @@ class MonkeyIslandRequests(object):
 
     def get_jwt_from_server(self):
         resp = requests.post(  # noqa: DUO123
-            self.addr + "api/auth",
+            self.addr + "api/authenticate",
             json={"username": ISLAND_USERNAME, "password": ISLAND_PASSWORD},
             verify=False,
         )
@@ -49,7 +49,7 @@ class MonkeyIslandRequests(object):
 
     def try_set_island_to_credentials(self):
         resp = requests.post(  # noqa: DUO123
-            self.addr + "api/registration",
+            self.addr + "api/register",
             json={"username": ISLAND_USERNAME, "password": ISLAND_PASSWORD},
             verify=False,
         )

monkey/monkey_island/cc/app.py

@@ -21,8 +21,8 @@ from monkey_island.cc.resources.AbstractResource import AbstractResource
 from monkey_island.cc.resources.agent_configuration import AgentConfiguration
 from monkey_island.cc.resources.agent_controls import StopAgentCheck, StopAllAgents
 from monkey_island.cc.resources.attack.attack_report import AttackReport
-from monkey_island.cc.resources.auth.auth import Authenticate, init_jwt
-from monkey_island.cc.resources.auth.registration import Registration
+from monkey_island.cc.resources.auth.authenticate import Authenticate, init_jwt
+from monkey_island.cc.resources.auth.register import Registration
 from monkey_island.cc.resources.blackbox.log_blackbox_endpoint import LogBlackboxEndpoint
 from monkey_island.cc.resources.blackbox.monkey_blackbox_endpoint import MonkeyBlackboxEndpoint
 from monkey_island.cc.resources.blackbox.telemetry_blackbox_endpoint import (

monkey/monkey_island/cc/resources/auth/authenticate.py

@@ -28,7 +28,7 @@ class Authenticate(AbstractResource):
 
     """
 
-    urls = ["/api/auth"]
+    urls = ["/api/authenticate"]
 
     def __init__(self, authentication_service: AuthenticationService):
         self._authentication_service = authentication_service
@@ -50,5 +50,4 @@ class Authenticate(AbstractResource):
         except IncorrectCredentialsError:
             return make_response({"error": "Invalid credentials"}, HTTPStatus.UNAUTHORIZED)
 
-        # API Spec: Why are we sending "error" here?
-        return make_response({"access_token": access_token, "error": ""}, HTTPStatus.OK)
+        return make_response({"access_token": access_token}, HTTPStatus.OK)

monkey/monkey_island/cc/resources/auth/register.py

@@ -13,7 +13,7 @@ logger = logging.getLogger(__name__)
 
 class Registration(AbstractResource):
 
-    urls = ["/api/registration"]
+    urls = ["/api/register"]
 
     def __init__(self, authentication_service: AuthenticationService):
         self._authentication_service = authentication_service

monkey/monkey_island/cc/ui/src/services/AuthService.js

@@ -2,8 +2,8 @@ import decode from 'jwt-decode';
 
 export default class AuthService {
   SECONDS_BEFORE_JWT_EXPIRES = 20;
-  AUTHENTICATION_API_ENDPOINT = '/api/auth';
-  REGISTRATION_API_ENDPOINT = '/api/registration';
+  AUTHENTICATION_API_ENDPOINT = '/api/authenticate';
+  REGISTRATION_API_ENDPOINT = '/api/register';
 
   login = (username, password) => {
     return this._login(username, password);

monkey/tests/unit_tests/monkey_island/cc/resources/auth/test_authenticate.py

@@ -4,7 +4,7 @@ from unittest.mock import MagicMock
 import pytest
 
 from common.utils.exceptions import IncorrectCredentialsError
-from monkey_island.cc.resources.auth.auth import Authenticate
+from monkey_island.cc.resources.auth.authenticate import Authenticate
 
 USERNAME = "test_user"
 PASSWORD = "test_password"
@@ -37,7 +37,6 @@ def test_authentication_successful(make_auth_request, mock_authentication_servic
     response = make_auth_request(TEST_REQUEST)
 
     assert response.status_code == 200
-    assert response.json["error"] == ""
     assert re.match(
         r"^[a-zA-Z0-9+/=]+\.[a-zA-Z0-9+/=]+\.[a-zA-Z0-9+/=\-_]+$", response.json["access_token"]
     )

monkey/tests/unit_tests/monkey_island/cc/resources/auth/test_register.py

@@ -4,7 +4,7 @@ from unittest.mock import MagicMock
 import pytest
 
 from common.utils.exceptions import AlreadyRegisteredError, InvalidRegistrationCredentialsError
-from monkey_island.cc.resources.auth.registration import Registration
+from monkey_island.cc.resources.auth.register import Registration
 
 REGISTRATION_URL = Registration.urls[0]
 

monkey/tests/unit_tests/monkey_island/cc/resources/conftest.py

@@ -7,7 +7,7 @@ from tests.monkey_island import OpenErrorFileRepository
 from tests.unit_tests.monkey_island.conftest import init_mock_app
 
 import monkey_island.cc.app
-import monkey_island.cc.resources.auth.auth
+import monkey_island.cc.resources.auth.authenticate
 import monkey_island.cc.resources.island_mode
 from monkey_island.cc.repository import IFileRepository