From 5eab19d4d273bc9ebb51d64f2057456b95bf08fa Mon Sep 17 00:00:00 2001 From: Alex Kakyris Date: Thu, 29 Feb 2024 14:26:11 +0200 Subject: [PATCH 1/4] Resolve "Register user password must be hashed before store on DB" --- .../core/register_operations.py | 26 ++++++++++++++++--- services/register/requirements.txt | 1 + 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index f929820..707828b 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -6,6 +6,7 @@ import secrets import requests import json import sys +import bcrypt class RegisterOperations: @@ -14,6 +15,10 @@ class RegisterOperations: self.mimetype = 'application/json' self.config = Config().get_config() + def hash_password(self, password): + hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) + return hashed_password + def register_user(self, username, password, description, cn, role): mycol = self.db.get_col_by_name(self.db.capif_users) @@ -21,7 +26,8 @@ class RegisterOperations: if exist_user: return jsonify("user already exists"), 409 - user_info = dict(_id=secrets.token_hex(7), username=username, password=password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[]) + hashed_password = self.hash_password(password) + user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[]) obj = mycol.insert_one(user_info) if role == "invoker": @@ -42,11 +48,16 @@ class RegisterOperations: try: - exist_user = mycol.find_one({"username": username, "password": password}) + #exist_user = mycol.find_one({"username": username, "password": password}) + exist_user = mycol.find_one({"username": username}) if exist_user is None: return jsonify("Not exister user with this credentials"), 400 + stored_password = exist_user["password"] + if not bcrypt.checkpw(password.encode('utf-8'), stored_password): + return jsonify("Not exister user with this credentials"), 400 + access_token = create_access_token(identity=(username + " " + exist_user["role"])) url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca" headers = { @@ -64,7 +75,16 @@ class RegisterOperations: mycol = self.db.get_col_by_name(self.db.capif_users) try: - mycol.delete_one({"username": username, "password": password}) + exist_user = mycol.find_one({"username": username}) + + if exist_user is None: + return jsonify("Not exister user with this username"), 400 + + stored_password = exist_user["password"] + if not bcrypt.checkpw(password.encode('utf-8'), stored_password): + return jsonify("Not exister user with this password"), 400 + + mycol.delete_one({"username": username}) return jsonify(message="User removed successfully"), 204 except Exception as e: return jsonify(message=f"Errors when try remove user: {e}"), 500 diff --git a/services/register/requirements.txt b/services/register/requirements.txt index c5a4f37..05b9f7d 100644 --- a/services/register/requirements.txt +++ b/services/register/requirements.txt @@ -6,3 +6,4 @@ flask_jwt_extended pyopenssl pyyaml requests +bcrypt -- GitLab From c19b4db88fce0b4bc279e9f320b75ddea3b4a85c Mon Sep 17 00:00:00 2001 From: Alex Kakyris Date: Fri, 1 Mar 2024 10:00:59 +0200 Subject: [PATCH 2/4] Fix response messages for register operations --- .../register/register_service/core/register_operations.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 707828b..d1d0921 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -52,11 +52,11 @@ class RegisterOperations: exist_user = mycol.find_one({"username": username}) if exist_user is None: - return jsonify("Not exister user with this credentials"), 400 + return jsonify("No user with these credentials"), 400 stored_password = exist_user["password"] if not bcrypt.checkpw(password.encode('utf-8'), stored_password): - return jsonify("Not exister user with this credentials"), 400 + return jsonify("No user with these credentials"), 400 access_token = create_access_token(identity=(username + " " + exist_user["role"])) url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca" @@ -78,11 +78,11 @@ class RegisterOperations: exist_user = mycol.find_one({"username": username}) if exist_user is None: - return jsonify("Not exister user with this username"), 400 + return jsonify("No user with these credentials"), 400 stored_password = exist_user["password"] if not bcrypt.checkpw(password.encode('utf-8'), stored_password): - return jsonify("Not exister user with this password"), 400 + return jsonify("No user with these credentials"), 400 mycol.delete_one({"username": username}) return jsonify(message="User removed successfully"), 204 -- GitLab From ef1a274071e0f9423afba34366e86f21ac0b2454 Mon Sep 17 00:00:00 2001 From: Stavros Charismiadis Date: Fri, 1 Mar 2024 15:16:24 +0200 Subject: [PATCH 3/4] fix some bugs on postman files --- docs/testing_with_postman/CAPIF.postman_collection.json | 2 +- docs/testing_with_postman/CAPIF.postman_environment.json | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/testing_with_postman/CAPIF.postman_collection.json b/docs/testing_with_postman/CAPIF.postman_collection.json index e65c826..dcbd5ad 100644 --- a/docs/testing_with_postman/CAPIF.postman_collection.json +++ b/docs/testing_with_postman/CAPIF.postman_collection.json @@ -806,7 +806,7 @@ ], "body": { "mode": "raw", - "raw": "{\n\"name\": {{USERNAME_INVOKER}}\n}", + "raw": "{\n\"name\": \"{{USERNAME_INVOKER}}\"\n}", "options": { "raw": { "language": "json" diff --git a/docs/testing_with_postman/CAPIF.postman_environment.json b/docs/testing_with_postman/CAPIF.postman_environment.json index ab3839e..fd084b3 100644 --- a/docs/testing_with_postman/CAPIF.postman_environment.json +++ b/docs/testing_with_postman/CAPIF.postman_environment.json @@ -32,6 +32,12 @@ "type": "default", "enabled": true }, + { + "key": "USERNAME_INVOKER", + "value": "InvokerONE", + "type": "default", + "enabled": true + }, { "key": "PASSWORD", "value": "pass", -- GitLab From 102093d23da0e5d4740a92ac3aa1b7270279aa27 Mon Sep 17 00:00:00 2001 From: Alex Kakyris Date: Tue, 5 Mar 2024 14:11:52 +0200 Subject: [PATCH 4/4] Refactor "Register user password must be hashed before store on DB" --- .../register/register_service/auth_utils.py | 8 ++++++++ .../core/register_operations.py | 17 ++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 services/register/register_service/auth_utils.py diff --git a/services/register/register_service/auth_utils.py b/services/register/register_service/auth_utils.py new file mode 100644 index 0000000..f799772 --- /dev/null +++ b/services/register/register_service/auth_utils.py @@ -0,0 +1,8 @@ +import bcrypt + +def hash_password(password): + hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) + return hashed_password + +def check_password(input_password, stored_password): + return bcrypt.checkpw(input_password.encode('utf-8'), stored_password) \ No newline at end of file diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index d1d0921..4cc5c37 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -2,12 +2,12 @@ from flask import Flask, jsonify, request, current_app from flask_jwt_extended import create_access_token from ..db.db import MongoDatabse from ..config import Config +from register_service import auth_utils import secrets import requests import json import sys -import bcrypt - + class RegisterOperations: def __init__(self): @@ -15,10 +15,6 @@ class RegisterOperations: self.mimetype = 'application/json' self.config = Config().get_config() - def hash_password(self, password): - hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) - return hashed_password - def register_user(self, username, password, description, cn, role): mycol = self.db.get_col_by_name(self.db.capif_users) @@ -26,7 +22,7 @@ class RegisterOperations: if exist_user: return jsonify("user already exists"), 409 - hashed_password = self.hash_password(password) + hashed_password = auth_utils.hash_password(password) user_info = dict(_id=secrets.token_hex(7), username=username, password=hashed_password, role=role, description=description, cn=cn, list_invokers=[], list_providers=[]) obj = mycol.insert_one(user_info) @@ -48,15 +44,14 @@ class RegisterOperations: try: - #exist_user = mycol.find_one({"username": username, "password": password}) exist_user = mycol.find_one({"username": username}) if exist_user is None: return jsonify("No user with these credentials"), 400 stored_password = exist_user["password"] - if not bcrypt.checkpw(password.encode('utf-8'), stored_password): - return jsonify("No user with these credentials"), 400 + if not auth_utils.check_password(password, stored_password): + return jsonify("No user with these credentials"), 400 access_token = create_access_token(identity=(username + " " + exist_user["role"])) url = f"http://{self.config['ca_factory']['url']}:{self.config['ca_factory']['port']}/v1/secret/data/ca" @@ -81,7 +76,7 @@ class RegisterOperations: return jsonify("No user with these credentials"), 400 stored_password = exist_user["password"] - if not bcrypt.checkpw(password.encode('utf-8'), stored_password): + if not auth_utils.check_password(password, stored_password): return jsonify("No user with these credentials"), 400 mycol.delete_one({"username": username}) -- GitLab