Resolve "Register user password must be hashed before store on DB"

5eab19d4 · Alex Kakiris · 5e5dc289 · 5eab19d4 · 5eab19d4
Commit 5eab19d4 authored 1 year ago by Alex Kakiris
--- a/services/register/register_service/core/register_operations.py
+++ b/services/register/register_service/core/register_operations.py
@@ -6,6 +6,7 @@ import secrets
 import requests
 import json
 import sys
+import bcrypt
 class RegisterOperations:
@@ -14,6 +15,10 @@ class RegisterOperations:
        self.mimetype = 'application/json'
        self.config = Config().get_config()
+    def hash_password(self, password):
+        hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
+        return hashed_password
    def register_user(self, username, password, description, cn, role):
        mycol = self.db.get_col_by_name(self.db.capif_users)
@@ -21,7 +26,8 @@ class RegisterOperations:
        if exist_user:
            return jsonify("user already exists"), 409
-        user_info = dict(_id=secrets.token_hex(7), username=username, password=password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
+        hashed_password = self.hash_password(password)
+        user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
        obj = mycol.insert_one(user_info)
        if role == "invoker":
@@ -42,11 +48,16 @@ class RegisterOperations:
        try:
-            exist_user = mycol.find_one({"username": username, "password": password})
+            #exist_user = mycol.find_one({"username": username, "password": password})
+            exist_user = mycol.find_one({"username": username})
            if exist_user is None:
                return jsonify("Not exister user with this credentials"), 400
+            stored_password = exist_user["password"]
+            if not bcrypt.checkpw(password.encode('utf-8'), stored_password):
+                    return jsonify("Not exister user with this credentials"), 400
            access_token = create_access_token(identity=(username + " " + exist_user["role"]))
            url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca"
            headers = {
@@ -64,7 +75,16 @@ class RegisterOperations:
        mycol = self.db.get_col_by_name(self.db.capif_users)
        try:
-            mycol.delete_one({"username": username, "password": password})
+            exist_user = mycol.find_one({"username": username})
+            if exist_user is None:
+                return jsonify("Not exister user with this username"), 400
+            stored_password = exist_user["password"]
+            if not bcrypt.checkpw(password.encode('utf-8'), stored_password):
+                    return jsonify("Not exister user with this password"), 400
+            mycol.delete_one({"username": username})
            return jsonify(message="User removed successfully"), 204
        except Exception as e:
            return jsonify(message=f"Errors when try remove user: {e}"), 500

--- a/services/register/requirements.txt
+++ b/services/register/requirements.txt
@@ -6,3 +6,4 @@ flask_jwt_extended
 pyopenssl
 pyyaml
 requests
+bcrypt