Merge branch 'OCF4_register_user_password_must_be_hashed' into 'staging' (28baddc9) · Commits · OCF / capif

docs/testing_with_postman/CAPIF.postman_collection.json

+1 −1

Original line number	Diff line number	Diff line
		@@ -806,7 +806,7 @@
		],
		"body": {
		"mode": "raw",
		"raw": "{\n\"name\": {{USERNAME_INVOKER}}\n}",
		"raw": "{\n\"name\": \"{{USERNAME_INVOKER}}\"\n}",
		"options": {
		"raw": {
		"language": "json"

docs/testing_with_postman/CAPIF.postman_environment.json

+6 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,12 @@
		"type": "default",
		"enabled": true
		},
		{
		"key": "USERNAME_INVOKER",
		"value": "InvokerONE",
		"type": "default",
		"enabled": true
		},
		{
		"key": "PASSWORD",
		"value": "pass",

services/register/register_service/auth_utils.py

0 → 100644

+8 −0

Original line number	Diff line number	Diff line
		import bcrypt

		def hash_password(password):
		hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
		return hashed_password

		def check_password(input_password, stored_password):
		return bcrypt.checkpw(input_password.encode('utf-8'), stored_password)
		No newline at end of file

services/register/register_service/core/register_operations.py

+20 −5

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@ from flask import Flask, jsonify, request, current_app
		from flask_jwt_extended import create_access_token
		from ..db.db import MongoDatabse
		from ..config import Config
		from register_service import auth_utils
		import secrets
		import requests
		import json
		@@ -21,7 +22,8 @@ class RegisterOperations:
		if exist_user:
		return jsonify("user already exists"), 409

		user_info = dict(_id=secrets.token_hex(7), username=username, password=password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
		hashed_password = auth_utils.hash_password(password)
		user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
		obj = mycol.insert_one(user_info)

		if role == "invoker":
		@@ -42,10 +44,14 @@ class RegisterOperations:

		try:

		exist_user = mycol.find_one({"username": username, "password": password})
		exist_user = mycol.find_one({"username": username})

		if exist_user is None:
		return jsonify("Not exister user with this credentials"), 400
		return jsonify("No user with these credentials"), 400

		stored_password = exist_user["password"]
		if not auth_utils.check_password(password, stored_password):
		return jsonify("No user with these credentials"), 400

		access_token = create_access_token(identity=(username + " " + exist_user["role"]))
		url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca"
		@@ -64,7 +70,16 @@ class RegisterOperations:
		mycol = self.db.get_col_by_name(self.db.capif_users)

		try:
		mycol.delete_one({"username": username, "password": password})
		exist_user = mycol.find_one({"username": username})

		if exist_user is None:
		return jsonify("No user with these credentials"), 400

		stored_password = exist_user["password"]
		if not auth_utils.check_password(password, stored_password):
		return jsonify("No user with these credentials"), 400

		mycol.delete_one({"username": username})
		return jsonify(message="User removed successfully"), 204
		except Exception as e:
		return jsonify(message=f"Errors when try remove user: {e}"), 500

services/register/requirements.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -6,3 +6,4 @@ flask_jwt_extended
		pyopenssl
		pyyaml
		requests
		bcrypt