Password setup and bootstrap v4 migration #688
Conversation
| return [] | ||
|
|
||
| # Username:test Password:test | ||
| CONFIG_WITH_CREDENTIALS = { |
There was a problem hiding this comment.
Making tests scattered all around the codebase might've been a mistake: where should common code between tests go?
There was a problem hiding this comment.
We have IslandTestCase for example which is common to a lot of tests and works fine ¯_(ツ)_/¯
There was a problem hiding this comment.
Some minor comments, and a few usage questions:
- Do we support changing the password? If so, how?
- Do we support multiple users+password combos? If so, how?
The testing is very extensive and the design seems "lean and mean" to fit it! TDD paying dividends. 🤩
Also, like we've discussed, adding some short usage documentation with images/gifs will be useful (even on the open doc framework branch) , since this is the first screen that users are met with.
| # TODO change this to propper registration? | ||
| User(1, 'monkey', self.hash_secret(self._instance_id)) |
There was a problem hiding this comment.
That's a good question.
On the one hand, forcing people to use that machine ID seems worse than them choosing their own password, on the other, might be a tiny bit more secure (the time in between setting up the machine and logging in), but that's really a stretch.
Let's delete this user and use the same login method across all our instances
There was a problem hiding this comment.
Instance ID is public knowledge, right?
There was a problem hiding this comment.
No, instance-id requires either running code on the machine or having access to the ec2 dashboard.
There was a problem hiding this comment.
I think I've seen amazon support asking for it on a forum. Maybe it's not public knowledge, but it's not a secret either.
| return [] | ||
|
|
||
| # Username:test Password:test | ||
| CONFIG_WITH_CREDENTIALS = { |
There was a problem hiding this comment.
We have IslandTestCase for example which is common to a lot of tests and works fine ¯_(ツ)_/¯
| default: | ||
| return page_component; |
There was a problem hiding this comment.
Why is there a default case on a boolean value?
There was a problem hiding this comment.
On component init these are set to undefined. It becomes boolean once the component gets response from server.
|
|
||
| @staticmethod | ||
| def get_config_file_path() -> str: | ||
| return os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc/server_config.json') |
There was a problem hiding this comment.
This is a bug, should be os.path.join(MONKEY_ISLAND_ABS_PATH, 'cc', 'server_config.json')...
Or even better change MONKEY_ISLAND_ABS_PATH from a string to a Path (from pathlib) and then use
MONKEY_ISLAND_ABS_PATH.joinpath("cc").joinpath("server_config.json")There was a problem hiding this comment.
Not a bug, but I agree.
| @@ -7,7 +8,7 @@ | |||
|
|
|||
| class TestAwsEnvironment(IslandTestCase): | |||
There was a problem hiding this comment.
We're changing the AWS env behaviour to be default, so this test might become redundant - if so delete it : )
| if platform.system() == "Windows": | ||
| server_file_path = MONKEY_ISLAND_ABS_PATH + "\cc/server_config.json" | ||
| else: | ||
| server_file_path = MONKEY_ISLAND_ABS_PATH + "/cc/server_config.json" | ||
| self.assertEqual(EnvironmentConfig.get_config_file_path(), server_file_path) |
There was a problem hiding this comment.
Path equality should be done with pathlib and not strings
There was a problem hiding this comment.
I disagree: if test code is exactly the same as production then we'll get exactly the same results. This tests if we use pathlib correctly and if it's interface didn't change.
|
|
||
| class User(object): | ||
| def __init__(self, user_id, username, secret): | ||
| self.id = user_id |
There was a problem hiding this comment.
Are we ever using the UserId?
There was a problem hiding this comment.
No, but I think JWT interface requires it and that's why it was added in the first place.
| return cred_dict | ||
|
|
||
| def to_auth_user(self) -> User: | ||
| return User(1, self.username, self.password_hash) |
There was a problem hiding this comment.
Why is the UserId const 1 ?
|
Migrating to bootstrap v4 I had to use |
|
We can't do a CDN. No need to fork fontawesome (we're not planning on changing it). What's not working with |
# Conflicts: # monkey/monkey_island/cc/resources/netmap.py # monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage.js # monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
I changed it by removing a big portion of unused code. |
…path library in environment_config.py
Codecov Report
@@ Coverage Diff @@
## develop #688 +/- ##
===========================================
+ Coverage 58.06% 59.89% +1.82%
===========================================
Files 139 147 +8
Lines 4483 4787 +304
===========================================
+ Hits 2603 2867 +264
- Misses 1880 1920 +40
Continue to review full report at Codecov.
|
monkey/monkey_island/cc/ui/src/components/pages/RegisterPage.js
Outdated
Show resolved
Hide resolved
monkey/monkey_island/cc/ui/src/components/pages/RegisterPage.js
Outdated
Show resolved
Hide resolved
monkey/monkey_island/cc/ui/src/components/pages/RegisterPage.js
Outdated
Show resolved
Hide resolved
| Lets Go! | ||
| </Button> | ||
| <a href='#' onClick={this.setNoAuth} className={'no-auth-link'}> | ||
| I want anyone to access the island |
There was a problem hiding this comment.
perhaps change this to a button as well
There was a problem hiding this comment.
Nahh, this should be a link with small text that no one clicks :)
# Conflicts: # .travis.yml
Will possibly help debug client issues with registration in future.
…into password_setup
… in text, because typographically it's not an apostrophe
What is this?
Fixes #596
Migrates UI to bootstrap v4.
Checklist
Proof that it works
If applicable, add screenshots or log transcripts of the feature working
