Skip to content

Hash login password on server side with bcrypt#1139

Merged
mssalvatore merged 29 commits intodevelopfrom
pwd-hash
May 5, 2021
Merged

Hash login password on server side with bcrypt#1139
mssalvatore merged 29 commits intodevelopfrom
pwd-hash

Conversation

@shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented May 3, 2021

Fixes #969
Uses bcrypt to salt and hash the password on the server side before storing it.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running Island locally. Network traffic shows plaintext password. server_config.json stores salted and hashed password. Correct password results in authentication. Incorrect is denied.

  • If applicable, add screenshots or log transcripts of the feature working
@codecov
Copy link

codecov bot commented May 3, 2021
edited
Loading

Codecov Report

Merging #1139 (d86e8e8) into develop (7f06ec4) will decrease coverage by 0.07%.
The diff coverage is 18.60%.

❗ Current head d86e8e8 differs from pull request most recent head 7772ea6. Consider uploading reports for the commit 7772ea6 to get more accurate results
Impacted file tree graph

@@ Coverage Diff @@ ## develop #1139 +/- ## =========================================== - Coverage 28.71% 28.64% -0.08%  =========================================== Files 410 411 +1 Lines 12877 12892 +15 =========================================== - Hits 3698 3693 -5  - Misses 9179 9199 +20
Impacted Files Coverage Δ
monkey/monkey_island/cc/resources/auth/auth.py 0.00% <0.00%> (ø)
.../monkey_island/cc/resources/auth/password_utils.py 0.00% <0.00%> (ø)
...ey/monkey_island/cc/resources/auth/registration.py 0.00% <0.00%> (ø)
monkey/monkey_island/cc/environment/standard.py 88.88% <66.66%> (+1.38%) ⬆️
...monkey_island/cc/environment/environment_config.py 100.00% <100.00%> (ø)
monkey/monkey_island/cc/environment/user_creds.py 100.00% <100.00%> (+6.89%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7f06ec4...7772ea6. Read the comment docs.
@shreyamalviya shreyamalviya mentioned this pull request May 3, 2021
Closed
mssalvatore and others added 9 commits May 4, 2021 11:58
@mssalvatore mssalvatore mentioned this pull request May 4, 2021
Closed
7 tasks
mssalvatore added 2 commits May 4, 2021 17:07
@mssalvatore
monkey: Remove coupling between Registration and UserCreds
1aed5f3
@mssalvatore
island: Simplify UserCreds constructor by removing defaults
d56cb5c 
The default values were only really used by the test code. We can simplify the Usercreds's interface and test code by removing functionality (read: complication) we don't really need.
shreyamalviya
shreyamalviya commented May 5, 2021
View reviewed changes
@mssalvatore mssalvatore merged commit e609094 into develop May 5, 2021
@mssalvatore mssalvatore deleted the pwd-hash branch May 13, 2021 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

4 participants

@shreyamalviya @mssalvatore @PrajwalM2212 @VakarisZ