Skip to content

Hash login password on server side with bcrypt#1139

Merged
mssalvatore merged 29 commits into
developfrom
pwd-hash
May 5, 2021
Merged

Hash login password on server side with bcrypt#1139
mssalvatore merged 29 commits into
developfrom
pwd-hash

Conversation

@shreyamalviya

Copy link
Copy Markdown
Contributor

Fixes #969
Uses bcrypt to salt and hash the password on the server side before storing it.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running Island locally. Network traffic shows plaintext password. server_config.json stores salted and hashed password. Correct password results in authentication. Incorrect is denied.

  • If applicable, add screenshots or log transcripts of the feature working

@codecov

codecov Bot commented May 3, 2021

Copy link
Copy Markdown

Codecov Report

Merging #1139 (d86e8e8) into develop (7f06ec4) will decrease coverage by 0.07%.
The diff coverage is 18.60%.

❗ Current head d86e8e8 differs from pull request most recent head 7772ea6. Consider uploading reports for the commit 7772ea6 to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1139      +/-   ##
===========================================
- Coverage    28.71%   28.64%   -0.08%     
===========================================
  Files          410      411       +1     
  Lines        12877    12892      +15     
===========================================
- Hits          3698     3693       -5     
- Misses        9179     9199      +20     
Impacted Files Coverage Δ
monkey/monkey_island/cc/resources/auth/auth.py 0.00% <0.00%> (ø)
.../monkey_island/cc/resources/auth/password_utils.py 0.00% <0.00%> (ø)
...ey/monkey_island/cc/resources/auth/registration.py 0.00% <0.00%> (ø)
monkey/monkey_island/cc/environment/standard.py 88.88% <66.66%> (+1.38%) ⬆️
...monkey_island/cc/environment/environment_config.py 100.00% <100.00%> (ø)
monkey/monkey_island/cc/environment/user_creds.py 100.00% <100.00%> (+6.89%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7f06ec4...7772ea6. Read the comment docs.

@shreyamalviya shreyamalviya mentioned this pull request May 3, 2021
@mssalvatore mssalvatore mentioned this pull request May 4, 2021
7 tasks
The default values were only really used by the test code. We can
simplify the Usercreds's interface and test code by removing
functionality (read: complication) we don't really need.
Comment thread monkey/tests/monkey_island/cc/environment/test_environment.py Outdated
@mssalvatore mssalvatore merged commit e609094 into develop May 5, 2021
@mssalvatore mssalvatore deleted the pwd-hash branch May 13, 2021 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Login password should be hashed on the server side

4 participants