Merge pull request #54 from MicroscopeIT/AQ-163-secondary-password

AQ-163 Handling secondary password implemented

README.md

@@ -62,3 +62,4 @@ In order to run the stack you need to setup a few environment files and fill req
 * JWT_SECRET_KEY - key for signing JWT tokens
 * AQUASCOPE_TEST_USER - username of the only user in the system
 * AQUASCOPE_TEST_PASS - password of the only user in the system encoded with `pbkdf2_sha256` algorithm from `passlib` library.
+* AQUASCOPE_SECONDARY_PASS - secondary password to the system encoded with `pbkdf2_sha256` algorithm from `passlib` library.

aquascope/tests/aquascope/webserver/api/test_user.py

@@ -2,8 +2,8 @@
 
 from flask import json
 
-from aquascope.tests.aquascope.webserver.data_access.db.dummy_users import DUMMY_USERS, \
-    DUMMY_USERS_WITH_DEFAULT_PROJECTION
+from aquascope.tests.aquascope.webserver.data_access.db.dummy_users import (
+    DUMMY_USERS, DUMMY_USERS_WITH_DEFAULT_PROJECTION)
 from aquascope.tests.flask_app_test_case import FlaskAppTestCase
 
 
@@ -19,6 +19,16 @@ def test_api_can_post_login_with_proper_credentials(self):
                                  content_type='application/json')
         self.assertEqual(res.status_code, 200)
 
+    def test_api_can_post_login_with_secondary_password(self):
+        request_data = json.dumps({
+            'username': self.auth_user,
+            'password': self.auth_secondary_pass_raw
+        })
+
+        res = self.client().post('/user/login', data=request_data,
+                                 content_type='application/json')
+        self.assertEqual(res.status_code, 200)
+
     def test_api_can_post_login_with_user_from_db(self):
         request_data = json.dumps({
             'username': DUMMY_USERS[0]['username'],

aquascope/tests/flask_app_test_case.py

@@ -40,10 +40,12 @@ def setUpClass(cls):
         cls.auth_user = 'testuser'
         cls.auth_pass_raw = 'testpassword'
         auth_pass = sha256.hash(cls.auth_pass_raw)
+        cls.auth_secondary_pass_raw = 'secondpassword'
+        secondary_pass = sha256.hash(cls.auth_secondary_pass_raw)
 
         cls.app = make_app(cls.db, storage_connection_string, 'jwtdummysecret', cls.auth_user, auth_pass,
-                           environment='TESTING', celery_user='',
-                           celery_password='', celery_address='', page_size=500)
+                           secondary_pass, environment='TESTING', celery_user='', celery_password='',
+                           celery_address='', page_size=500)
 
     def purge_storage(self):
         storage_client = self.app.config['storage_client']

aquascope/webserver/api/user.py

@@ -24,8 +24,8 @@ def post(self):
         username, password = args['username'], args['password']
 
         try:
-            verified_password = sha256.verify(password,
-                                          app.config['AQUASCOPE_TEST_PASS'])
+            verified_password = sha256.verify(password, app.config['AQUASCOPE_TEST_PASS']) \
+                                or sha256.verify(password, app.config['AQUASCOPE_SECONDARY_PASS'])
         except ValueError as e:
             app.logger.error(e)
             return {'message': 'Server error'}, 500

aquascope/webserver/app.py

@@ -12,8 +12,8 @@
 
 
 def make_app(db, storage_connection_string, jwt_secret_key,
-             aquascope_test_user, aquascope_test_pass, environment,
-             celery_user, celery_password, celery_address, page_size):
+             aquascope_test_user, aquascope_test_pass, aquascope_secondary_pass,
+             environment, celery_user, celery_password, celery_address, page_size):
     logging.basicConfig(filename='webserver.log', level=logging.DEBUG,
                         format="[%(asctime)s] %(levelname)s in %(module)s: %(message)s")
     logging.getLogger("azure.storage").setLevel(logging.CRITICAL)
@@ -27,6 +27,7 @@ def make_app(db, storage_connection_string, jwt_secret_key,
     app.config['JWT_SECRET_KEY'] = jwt_secret_key
     app.config['AQUASCOPE_TEST_USER'] = aquascope_test_user
     app.config['AQUASCOPE_TEST_PASS'] = aquascope_test_pass
+    app.config['AQUASCOPE_SECONDARY_PASS'] = aquascope_secondary_pass
     app.config['ENVIRONMENT'] = environment
 
     if app.config['ENVIRONMENT'] != 'production':
@@ -65,6 +66,7 @@ def get_app():
     jwt_secret_key = os.environ['JWT_SECRET_KEY']
     aquascope_test_user = os.environ['AQUASCOPE_TEST_USER']
     aquascope_test_pass = os.environ['AQUASCOPE_TEST_PASS']
+    aquascope_secondary_pass = os.environ['AQUASCOPE_SECONDARY_PASS']
     environment = os.environ['ENVIRONMENT']
     celery_user = os.environ['CELERY_USER']
     celery_password = os.environ['CELERY_PASS']
@@ -73,8 +75,8 @@ def get_app():
 
     db = get_db_from_env()
     app = make_app(db, storage_connection_string, jwt_secret_key,
-                   aquascope_test_user, aquascope_test_pass, environment,
-                   celery_user, celery_password, celery_address, page_size)
+                   aquascope_test_user, aquascope_test_pass, aquascope_secondary_pass,
+                   environment, celery_user, celery_password, celery_address, page_size)
     return app
 
 

user_authentication.env

@@ -1,3 +1,4 @@
 JWT_SECRET_KEY=473074924
 AQUASCOPE_TEST_USER=aquascopeuser
 AQUASCOPE_TEST_PASS=$pbkdf2-sha256$29000$n9M6Z8zZuzdmjNHau9d67w$6nrOHpq7rDPiRB4qlhFDNlHJjoz23T45ywE3BPBDhSA
+AQUASCOPE_SECONDARY_PASS=$pbkdf2-sha256$29000$0xqDEALA.D9nrHUOwbj33g$YgZVypTKAYLsnVn63e3zj1jCpKg57LUxaL4subCSt6E