Merge branch 'OCF153-hash-all-passwords-stored-in-mongo-db' into 'staging' (873d7d1f) · Commits · OCF / capif

services/register/register_service/app.py

+8 −3

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@ from db.db import MongoDatabse
		from flask import Flask
		from flask_jwt_extended import JWTManager
		from OpenSSL.crypto import FILETYPE_PEM, TYPE_RSA, PKey, X509Req, dump_certificate_request, dump_privatekey
		from utils.auth_utils import hash_password

		app = Flask(__name__)

		@@ -87,9 +88,13 @@ key_data = json.loads(response.text)["data"]["data"]["key"]

		# Create an Admin in the Admin Collection
		client = MongoDatabse()
		if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):
		print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}, admin_pass: {config["register"]["admin_users"]["admin_pass"]}')
		client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})
		admin_username = config["register"]["admin_users"]["admin_user"]
		admin_password = config["register"]["admin_users"]["admin_pass"]

		if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": admin_username}):
		print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}')

		client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": hash_password(config["register"]["admin_users"]["admin_pass"])})


		app.config['JWT_ALGORITHM'] = 'RS256'

services/register/register_service/controllers/register_controller.py

+5 −3

Original line number	Diff line number	Diff line
		@@ -9,6 +9,7 @@ from core.register_operations import RegisterOperations
		from db.db import MongoDatabse
		from flask import Blueprint, current_app, jsonify, request
		from flask_httpauth import HTTPBasicAuth
		from utils.auth_utils import check_password

		auth = HTTPBasicAuth()

		@@ -39,15 +40,16 @@ def verify_password(username, password):
		current_app.logger.debug("Checking user credentials...")
		users = register_operation.get_users()[0].json["users"]
		client = MongoDatabse()
		admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})
		if admin:
		admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username})
		if admin and check_password(password, admin["admin_pass"]):
		current_app.logger.debug(f"Verified admin {username}")
		return username, "admin"
		for user in users:
		if user["username"] == username and user["password"]==password:
		if user["username"] == username and check_password(password, user["password"]):
		current_app.logger.debug(f"Verified user {username}")
		return username, "client"


		# Function responsible for verifying the token
		def admin_required():
		def decorator(f):

services/register/register_service/core/register_operations.py

+4 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@ from db.db import MongoDatabse
		from flask import current_app, jsonify
		from flask_jwt_extended import create_access_token
		from utils.utils import convert_dict_keys_to_snake_case, to_snake_case, validate_snake_case_keys
		from utils.auth_utils import hash_password


		class RegisterOperations:
		@@ -31,6 +32,7 @@ class RegisterOperations:

		user_info["uuid"] = user_uuid
		user_info["onboarding_date"]=datetime.now()
		user_info["password"] = hash_password(user_info["password"])
		mycol.insert_one(user_info)

		current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully")
		@@ -90,7 +92,9 @@ class RegisterOperations:
		mycol = self.db.get_col_by_name(self.db.capif_users)

		try:
		current_app.logger.debug(f"users")
		users=list(mycol.find({}, {"_id":0}))
		current_app.logger.debug(f"{users}")
		return jsonify(message="Users successfully obtained", users=users), 200
		except Exception as e:
		return jsonify(message=f"Error trying to get users: {e}"), 500

services/register/register_service/utils/auth_utils.py

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		import bcrypt


		def hash_password(password):
		hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
		return hashed_password.decode('utf-8')


		def check_password(input_password, stored_password):
		return bcrypt.checkpw(input_password.encode('utf-8'), stored_password.encode('utf-8'))
		No newline at end of file

services/register/requirements.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -6,7 +6,7 @@ flask_jwt_extended == 4.6.0
		pyopenssl == 24.1.0
		pyyaml == 6.0.1
		requests == 2.32.2
		bcrypt == 4.0.1
		bcrypt == 4.3.0
		flask_httpauth == 4.8.0
		gunicorn == 23.0.0
		packaging == 24.0