Merge branch '3076-add-mock-agent-registration-resource' into develop

Issue #3076
PR #3084

Author: mssalvatore

CHANGELOG.md

@@ -9,6 +9,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 - Add an option to the Hadoop exploiter to try all discovered HTTP ports. #2136
 - `GET /api/agent-otp`. #3076
+- `POST /api/agent-otp-login` endpoint. #3076
 
 ### Changed
 ### Removed

monkey/monkey_island/cc/services/authentication_service/flask_resources/__init__.py

@@ -4,3 +4,4 @@
 from .logout import Logout
 from .register_resources import register_resources
 from .agent_otp import AgentOTP
+from .agent_otp_login import AgentOTPLogin

monkey/monkey_island/cc/services/authentication_service/flask_resources/agent_otp_login.py

@@ -0,0 +1,36 @@
+import json
+
+from flask import make_response, request
+
+from monkey_island.cc.flask_utils import AbstractResource
+from monkey_island.cc.server_utils.response_utils import response_to_invalid_request
+
+
+class AgentOTPLogin(AbstractResource):
+    """
+    A resource for logging in using an OTP
+
+    A client may authenticate with the Island by providing a one-time password.
+    """
+
+    urls = ["/api/agent-otp-login"]
+
+    def post(self):
+        """
+        Gets the one-time password from the request, and returns an authentication token
+
+        :return: Authentication token in the response body
+        """
+
+        try:
+            cred_dict = json.loads(request.data)
+            otp = cred_dict.get("otp", "")
+            if self._validate_otp(otp):
+                return make_response({"token": "supersecrettoken"})
+        except Exception:
+            pass
+
+        return response_to_invalid_request()
+
+    def _validate_otp(self, otp: str):
+        return len(otp) > 0

monkey/monkey_island/cc/services/authentication_service/flask_resources/register_resources.py

@@ -4,6 +4,7 @@
 
 from ..authentication_facade import AuthenticationFacade
 from .agent_otp import AgentOTP
+from .agent_otp_login import AgentOTPLogin
 from .login import Login
 from .logout import Logout
 from .register import Register
@@ -20,3 +21,4 @@ def register_resources(api: flask_restful.Api, container: DIContainer):
     api.add_resource(Login, *Login.urls, resource_class_args=(authentication_facade,))
     api.add_resource(Logout, *Logout.urls, resource_class_args=(authentication_facade,))
     api.add_resource(AgentOTP, *AgentOTP.urls)
+    api.add_resource(AgentOTPLogin, *AgentOTPLogin.urls)

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/conftest.py

@@ -8,6 +8,7 @@
 )
 from monkey_island.cc.services.authentication_service.flask_resources import (
     AgentOTP,
+    AgentOTPLogin,
     Login,
     Logout,
     Register,
@@ -39,6 +40,7 @@ def get_mock_auth_app(authentication_facade: AuthenticationFacade):
         RegistrationStatus, *RegistrationStatus.urls, resource_class_args=(authentication_facade,)
     )
     api.add_resource(AgentOTP, *AgentOTP.urls)
+    api.add_resource(AgentOTPLogin, *AgentOTPLogin.urls)
 
     return app
 

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/flask_resources/test_otp_login.py

@@ -0,0 +1,29 @@
+import pytest
+
+from monkey_island.cc.services.authentication_service.flask_resources.agent_otp_login import (
+    AgentOTPLogin,
+)
+
+
+@pytest.fixture
+def agent_otp_login(flask_client):
+    url = AgentOTPLogin.urls[0]
+
+    def _agent_otp_login(request_body):
+        return flask_client.post(url, data=request_body, follow_redirects=True)
+
+    return _agent_otp_login
+
+
+def test_agent_otp_login__successful(agent_otp_login):
+    response = agent_otp_login('{"otp": "supersecretpassword"}')
+
+    assert response.status_code == 200
+    assert response.json["token"] == "supersecrettoken"
+
+
+@pytest.mark.parametrize("data", [{}, [], '{"otp": ""}'])
+def test_agent_otp_login__failure(agent_otp_login, data):
+    response = agent_otp_login(data)
+
+    assert response.status_code == 400