Merge branch '3122-test-logout-on-restart' into develop

Issue #3122
PR #3179

monkey/monkey_island/cc/app.py

@@ -3,9 +3,11 @@
 
 import flask_restful
 from flask import Flask, Response, send_from_directory
+from flask_security import UserDatastore
 from werkzeug.exceptions import NotFound
 
 from common import DIContainer
+from monkey_island.cc.event_queue import IIslandEventQueue
 from monkey_island.cc.flask_utils import FlaskDIWrapper
 from monkey_island.cc.resources import (
     AgentBinaries,
@@ -34,7 +36,14 @@
 from monkey_island.cc.resources.security_report import SecurityReport
 from monkey_island.cc.resources.version import Version
 from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
+from monkey_island.cc.server_utils.encryption import ILockableEncryptor
 from monkey_island.cc.services import register_agent_configuration_resources, setup_authentication
+from monkey_island.cc.services.authentication_service.authentication_facade import (
+    AuthenticationFacade,
+)
+from monkey_island.cc.services.authentication_service.configure_flask_security import (
+    configure_flask_security,
+)
 from monkey_island.cc.services.representations import output_json
 
 HOME_FILE = "index.html"
@@ -141,7 +150,15 @@ def init_app(
     init_app_url_rules(app)
 
     flask_resource_manager = FlaskDIWrapper(api, container)
-    setup_authentication(app, api, data_dir, container)
+    datastore = configure_flask_security(app, data_dir)
+    authentication_facade = _build_authentication_facade(container, datastore)
+    setup_authentication(api, authentication_facade)
     init_api_resources(flask_resource_manager)
 
     return app
+
+
+def _build_authentication_facade(container: DIContainer, user_datastore: UserDatastore):
+    repository_encryptor = container.resolve(ILockableEncryptor)
+    island_event_queue = container.resolve(IIslandEventQueue)
+    return AuthenticationFacade(repository_encryptor, island_event_queue, user_datastore)

monkey/monkey_island/cc/services/authentication_service/setup.py

@@ -1,25 +1,8 @@
-from pathlib import Path
-
-from flask_security import UserDatastore
-
-from common import DIContainer
-from monkey_island.cc.event_queue import IIslandEventQueue
-from monkey_island.cc.server_utils.encryption import ILockableEncryptor
-
 from . import register_resources
 from .authentication_facade import AuthenticationFacade
-from .configure_flask_security import configure_flask_security
 
 
-def setup_authentication(app, api, data_dir: Path, container: DIContainer):
-    datastore = configure_flask_security(app, data_dir)
-    authentication_facade = _build_authentication_facade(container, datastore)
+def setup_authentication(api, authentication_facade: AuthenticationFacade):
     register_resources(api, authentication_facade)
     # revoke all old tokens so that the user has to log in again on startup
     authentication_facade.revoke_all_tokens_for_all_users()
-
-
-def _build_authentication_facade(container: DIContainer, user_datastore: UserDatastore):
-    repository_encryptor = container.resolve(ILockableEncryptor)
-    island_event_queue = container.resolve(IIslandEventQueue)
-    return AuthenticationFacade(repository_encryptor, island_event_queue, user_datastore)

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/test_authentication_service.py

@@ -2,18 +2,25 @@
 
 import pytest
 from flask_security import UserDatastore
+from tests.common import StubDIContainer
 
 from monkey_island.cc.event_queue import IIslandEventQueue, IslandEventTopic
 from monkey_island.cc.models import IslandMode
 from monkey_island.cc.server_utils.encryption import ILockableEncryptor
 from monkey_island.cc.services.authentication_service.authentication_facade import (
     AuthenticationFacade,
 )
+from monkey_island.cc.services.authentication_service.setup import setup_authentication
 from monkey_island.cc.services.authentication_service.user import User
 
 USERNAME = "user1"
 PASSWORD = "test"
 PASSWORD_HASH = "$2b$12$yQzymz55fRvm8rApg7erluIvIAKSFSDrNIOIrOlxC4sXsDSkeu9z2"
+USERS = [
+    User(username="user1", password="test1", fs_uniquifier="a"),
+    User(username="user2", password="test2", fs_uniquifier="b"),
+    User(username="user3", password="test3", fs_uniquifier="c"),
+]
 
 
 # Some tests have these fixtures as arguments even though `autouse=True`, because
@@ -41,6 +48,7 @@ def authentication_facade(
     mock_flask_app,
     mock_repository_encryptor: ILockableEncryptor,
     mock_island_event_queue: IIslandEventQueue,
+    mock_user_datastore: UserDatastore,
 ) -> AuthenticationFacade:
     return AuthenticationFacade(
         mock_repository_encryptor, mock_island_event_queue, mock_user_datastore
@@ -89,3 +97,27 @@ def test_handle_sucessful_login(
     mock_repository_encryptor.unlock.assert_called_once()
     assert mock_repository_encryptor.unlock.call_args[0][0] != USERNAME
     assert mock_repository_encryptor.unlock.call_args[0][0] != PASSWORD
+
+
+def test_revoke_all_tokens_for_all_users(
+    mock_user_datastore: UserDatastore,
+    authentication_facade: AuthenticationFacade,
+):
+    [user.save() for user in USERS]
+    authentication_facade.revoke_all_tokens_for_all_users()
+
+    assert mock_user_datastore.set_uniquifier.call_count == len(USERS)
+    [mock_user_datastore.set_uniquifier.assert_any_call(user) for user in USERS]
+
+
+def test_setup_authentication__revokes_tokens(
+    mock_island_event_queue: IIslandEventQueue,
+    mock_repository_encryptor: ILockableEncryptor,
+    mock_authentication_facade: AuthenticationFacade,
+):
+    container = StubDIContainer()
+    container.register_instance(ILockableEncryptor, mock_repository_encryptor)
+    container.register_instance(IIslandEventQueue, mock_island_event_queue)
+    setup_authentication(MagicMock(), mock_authentication_facade)
+
+    assert mock_authentication_facade.revoke_all_tokens_for_all_users.called