Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Agent login via OTP #3196

Merged
merged 19 commits into from
Apr 5, 2023
Merged

Implement Agent login via OTP #3196

merged 19 commits into from
Apr 5, 2023

Conversation

shreyamalviya
Copy link
Contributor

What does this PR do?

Fixes a part of #3078

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Do all unit tests pass?
  • Do all end-to-end tests pass?
  • Any other testing performed?

    Tested the endpoint manually

  • If applicable, add screenshots or log transcripts of the feature working

@mssalvatore mssalvatore force-pushed the 3078-implement-AgentOTPLogin-resource branch from 9cc0376 to f42db0e Compare April 5, 2023 12:38
@codecov
Copy link

codecov bot commented Apr 5, 2023
edited
Loading

Codecov Report

Patch coverage has no change and project coverage change: +0.04 🎉

Comparison is base (48be9b5) 72.93% compared to head (5595e43) 72.97%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #3196      +/-   ##
===========================================
+ Coverage    72.93%   72.97%   +0.04%     
===========================================
  Files          471      471              
  Lines        13496    13538      +42     
===========================================
+ Hits          9843     9880      +37     
- Misses        3653     3658       +5

see 10 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

mssalvatore
mssalvatore reviewed Apr 5, 2023
View reviewed changes
monkey/monkey_island/cc/services/authentication_service/flask_resources/agent_otp_login.py
return make_response(f"Missing argument {err}", HTTPStatus.BAD_REQUEST)
except TypeError:
return make_response("Could not parse the login request", HTTPStatus.BAD_REQUEST)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: Verify that AgentID exists in the agent repository.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't do that because Agent registration happens after the login.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call. We'll need to add a cleanup step to ensure that if agents fail to register their users get cleaned up.

@shreyamalviya shreyamalviya force-pushed the 3078-implement-AgentOTPLogin-resource branch from c231470 to cedef47 Compare April 5, 2023 14:22
@shreyamalviya shreyamalviya force-pushed the 3078-implement-AgentOTPLogin-resource branch from cedef47 to 93fc73a Compare April 5, 2023 14:29
@mssalvatore
Island: Use ArgumentParsingException in AgentOTPLogin
5595e43
@mssalvatore
Island: Narrow password character set for Agent users
453de37 
It's probably a bad idea to include certain whitespace characters in the
password field. Even though this password should never be used, I'm not
sure whether or not Flask Security or Flask Login would be expecting
such inputs.
@mssalvatore mssalvatore merged commit b11ec8e into develop Apr 5, 2023
@mssalvatore mssalvatore deleted the 3078-implement-AgentOTPLogin-resource branch April 5, 2023 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shreyamalviya @mssalvatore