From 08ebf7b1a00f481f89bcf99242b2db386a751f97 Mon Sep 17 00:00:00 2001
From: Stavros-Anastasios Charismiadis <charismiadis@fogus.gr>
Date: Mon, 23 Jun 2025 16:26:29 +0300
Subject: [PATCH] Add auth_utils with hashing and verification functions, the
 functionality for custom and admin users

---
 services/register/register_service/app.py             | 11 ++++++++---
 .../controllers/register_controller.py                |  8 +++++---
 .../register_service/core/register_operations.py      |  4 ++++
 .../register/register_service/utils/auth_utils.py     | 10 ++++++++++
 services/register/requirements.txt                    |  2 +-
 5 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 services/register/register_service/utils/auth_utils.py

diff --git a/services/register/register_service/app.py b/services/register/register_service/app.py
index 378bf88c..60447746 100644
--- a/services/register/register_service/app.py
+++ b/services/register/register_service/app.py
@@ -10,6 +10,7 @@ from db.db import MongoDatabse
 from flask import Flask
 from flask_jwt_extended import JWTManager
 from OpenSSL.crypto import FILETYPE_PEM, TYPE_RSA, PKey, X509Req, dump_certificate_request, dump_privatekey
+from utils.auth_utils import hash_password
 
 app = Flask(__name__)
 
@@ -87,9 +88,13 @@ key_data = json.loads(response.text)["data"]["data"]["key"]
 
 # Create an Admin in the Admin Collection
 client = MongoDatabse()
-if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):
-    print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}, admin_pass: {config["register"]["admin_users"]["admin_pass"]}')
-    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})
+admin_username = config["register"]["admin_users"]["admin_user"]
+admin_password = config["register"]["admin_users"]["admin_pass"]
+
+if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": admin_username}):
+    print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}')
+
+    client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": hash_password(config["register"]["admin_users"]["admin_pass"])})
 
 
 app.config['JWT_ALGORITHM'] = 'RS256'
diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py
index 93d7fafd..031185eb 100644
--- a/services/register/register_service/controllers/register_controller.py
+++ b/services/register/register_service/controllers/register_controller.py
@@ -9,6 +9,7 @@ from core.register_operations import RegisterOperations
 from db.db import MongoDatabse
 from flask import Blueprint, current_app, jsonify, request
 from flask_httpauth import HTTPBasicAuth
+from utils.auth_utils import check_password
 
 auth = HTTPBasicAuth()
 
@@ -39,15 +40,16 @@ def verify_password(username, password):
     current_app.logger.debug("Checking user credentials...")
     users = register_operation.get_users()[0].json["users"]
     client = MongoDatabse()
-    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})
-    if admin:
+    admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username})
+    if admin and check_password(password, admin["admin_pass"]):
         current_app.logger.debug(f"Verified admin {username}")
         return username, "admin"
     for user in users:
-        if user["username"] == username and user["password"]==password:
+        if user["username"] == username and check_password(password, user["password"]):
             current_app.logger.debug(f"Verified user {username}")
             return username, "client"
 
+
 # Function responsible for verifying the token
 def admin_required():
     def decorator(f):
diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py
index 844ce951..8dc4a2ea 100644
--- a/services/register/register_service/core/register_operations.py
+++ b/services/register/register_service/core/register_operations.py
@@ -8,6 +8,7 @@ from db.db import MongoDatabse
 from flask import current_app, jsonify
 from flask_jwt_extended import create_access_token
 from utils.utils import convert_dict_keys_to_snake_case, to_snake_case, validate_snake_case_keys
+from utils.auth_utils import hash_password
 
 
 class RegisterOperations:
@@ -31,6 +32,7 @@ class RegisterOperations:
 
         user_info["uuid"] = user_uuid
         user_info["onboarding_date"]=datetime.now()
+        user_info["password"] = hash_password(user_info["password"])
         mycol.insert_one(user_info)
 
         current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully")
@@ -90,7 +92,9 @@ class RegisterOperations:
         mycol = self.db.get_col_by_name(self.db.capif_users)
 
         try:
+            current_app.logger.debug(f"users")
             users=list(mycol.find({}, {"_id":0}))
+            current_app.logger.debug(f"{users}")
             return jsonify(message="Users successfully obtained", users=users), 200
         except Exception as e:
             return jsonify(message=f"Error trying to get users: {e}"), 500
diff --git a/services/register/register_service/utils/auth_utils.py b/services/register/register_service/utils/auth_utils.py
new file mode 100644
index 00000000..1216989b
--- /dev/null
+++ b/services/register/register_service/utils/auth_utils.py
@@ -0,0 +1,10 @@
+import bcrypt
+
+
+def hash_password(password):
+        hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
+        return hashed_password.decode('utf-8')
+
+
+def check_password(input_password, stored_password):
+    return bcrypt.checkpw(input_password.encode('utf-8'), stored_password.encode('utf-8'))
\ No newline at end of file
diff --git a/services/register/requirements.txt b/services/register/requirements.txt
index 15c8c083..dc9b58d9 100644
--- a/services/register/requirements.txt
+++ b/services/register/requirements.txt
@@ -6,7 +6,7 @@ flask_jwt_extended == 4.6.0
 pyopenssl == 24.1.0
 pyyaml == 6.0.1
 requests == 2.32.2
-bcrypt == 4.0.1
+bcrypt == 4.3.0
 flask_httpauth == 4.8.0
 gunicorn == 23.0.0
 packaging == 24.0
-- 
GitLab