Skip to content
Snippets Groups Projects
Commit 5eab19d4 authored by Alex Kakiris's avatar Alex Kakiris
Browse files

Resolve "Register user password must be hashed before store on DB"

parent 5e5dc289
No related branches found
No related tags found
2 merge requests!43Staging to Main for Release 1,!10Ocf4 register user password must be hashed
...@@ -6,6 +6,7 @@ import secrets ...@@ -6,6 +6,7 @@ import secrets
import requests import requests
import json import json
import sys import sys
import bcrypt
class RegisterOperations: class RegisterOperations:
...@@ -14,6 +15,10 @@ class RegisterOperations: ...@@ -14,6 +15,10 @@ class RegisterOperations:
self.mimetype = 'application/json' self.mimetype = 'application/json'
self.config = Config().get_config() self.config = Config().get_config()
def hash_password(self, password):
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
return hashed_password
def register_user(self, username, password, description, cn, role): def register_user(self, username, password, description, cn, role):
mycol = self.db.get_col_by_name(self.db.capif_users) mycol = self.db.get_col_by_name(self.db.capif_users)
...@@ -21,7 +26,8 @@ class RegisterOperations: ...@@ -21,7 +26,8 @@ class RegisterOperations:
if exist_user: if exist_user:
return jsonify("user already exists"), 409 return jsonify("user already exists"), 409
user_info = dict(_id=secrets.token_hex(7), username=username, password=password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[]) hashed_password = self.hash_password(password)
user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[])
obj = mycol.insert_one(user_info) obj = mycol.insert_one(user_info)
if role == "invoker": if role == "invoker":
...@@ -42,11 +48,16 @@ class RegisterOperations: ...@@ -42,11 +48,16 @@ class RegisterOperations:
try: try:
exist_user = mycol.find_one({"username": username, "password": password}) #exist_user = mycol.find_one({"username": username, "password": password})
exist_user = mycol.find_one({"username": username})
if exist_user is None: if exist_user is None:
return jsonify("Not exister user with this credentials"), 400 return jsonify("Not exister user with this credentials"), 400
stored_password = exist_user["password"]
if not bcrypt.checkpw(password.encode('utf-8'), stored_password):
return jsonify("Not exister user with this credentials"), 400
access_token = create_access_token(identity=(username + " " + exist_user["role"])) access_token = create_access_token(identity=(username + " " + exist_user["role"]))
url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca" url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca"
headers = { headers = {
...@@ -64,7 +75,16 @@ class RegisterOperations: ...@@ -64,7 +75,16 @@ class RegisterOperations:
mycol = self.db.get_col_by_name(self.db.capif_users) mycol = self.db.get_col_by_name(self.db.capif_users)
try: try:
mycol.delete_one({"username": username, "password": password}) exist_user = mycol.find_one({"username": username})
if exist_user is None:
return jsonify("Not exister user with this username"), 400
stored_password = exist_user["password"]
if not bcrypt.checkpw(password.encode('utf-8'), stored_password):
return jsonify("Not exister user with this password"), 400
mycol.delete_one({"username": username})
return jsonify(message="User removed successfully"), 204 return jsonify(message="User removed successfully"), 204
except Exception as e: except Exception as e:
return jsonify(message=f"Errors when try remove user: {e}"), 500 return jsonify(message=f"Errors when try remove user: {e}"), 500
......
...@@ -6,3 +6,4 @@ flask_jwt_extended ...@@ -6,3 +6,4 @@ flask_jwt_extended
pyopenssl pyopenssl
pyyaml pyyaml
requests requests
bcrypt
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment