Skip to content

Log in on Island restart bug #3122

New issue
New issue
Closed
#3178
#3154
Closed
Log in on Island restart bug#3122
#3178
#3154
Assignees
shreyamalviya
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: MediumImpact: Critical
Milestone
v2.1.0
@shreyamalviya

Description

@shreyamalviya
shreyamalviya
opened on Mar 17, 2023

Describe the bug

If you run the Island, stop it, and run it again within a few seconds (I don't know the exact time for which this happens), you don't have to log in to the Island again, and you get an error in the credentials repository (because without logging in again, the encryptor can't be unlocked).

It goes away if you logout (using the /logout endpoint) and then login again, and any credentials configured will also appear in the configuration then.

To Reproduce

Steps to reproduce the behavior:

  1. Run the Island
  2. Configure some credentials
  3. Stop the Island
  4. Run the Island again
  5. Check Island logs for error
  6. Check configured credentials to see none
  7. Use the /logout endpoint to log out
  8. Log in again
  9. Check Island logs for no errors
  10. Check configured credentials, you can see them again

Expected behavior

You should be asked to log in again if the Island is restarted. The credentials repository error will also go away then.

Logs and Video

Relevant Island logs 
2023-03-17 07:33:47,234 - ERROR - app.py:1744 - log_exception() - Exception on /api/propagation-credentials/configured-credentials [GET]
Traceback (most recent call last):
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/repositories/mongo_credentials_repository.py", line 63, in _get_credentials_from_collection
    plaintext_credentials = self._decrypt_credentials_mapping(encrypted_credentials)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/repositories/mongo_credentials_repository.py", line 103, in _decrypt_credentials_mapping
    decrypted_component = {
                          ^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/repositories/mongo_credentials_repository.py", line 104, in <dictcomp>
    key: self._repository_encryptor.decrypt(value).decode()
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py", line 67, in decrypt
    raise LockedKeyError("Cannot decrypt while the encryptor is locked")
monkey_island.cc.server_utils.encryption.i_lockable_encryptor.LockedKeyError: Cannot decrypt while the encryptor is locked

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/shreya_malviya/.local/share/virtualenvs/monkey_island-KafKf6jB/lib/python3.11/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/.local/share/virtualenvs/monkey_island-KafKf6jB/lib/python3.11/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/.local/share/virtualenvs/monkey_island-KafKf6jB/lib/python3.11/site-packages/flask_restful/__init__.py", line 467, in wrapper
    resp = resource(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/.local/share/virtualenvs/monkey_island-KafKf6jB/lib/python3.11/site-packages/flask/views.py", line 107, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/.local/share/virtualenvs/monkey_island-KafKf6jB/lib/python3.11/site-packages/flask_restful/__init__.py", line 582, in dispatch_request
    resp = meth(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/resources/propagation_credentials.py", line 22, in get
    propagation_credentials = self._credentials_repository.get_configured_credentials()
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/repositories/mongo_credentials_repository.py", line 27, in get_configured_credentials
    return self._get_credentials_from_collection(self._database.configured_credentials)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/shreya_malviya/infection_monkey/monkey/monkey_island/cc/repositories/mongo_credentials_repository.py", line 68, in _get_credentials_from_collection
    raise RetrievalError(err)
monkey_island.cc.repositories.errors.RetrievalError: Cannot decrypt while the encryptor is locked
2023-03-17 07:33:47,237 - INFO - pywsgi.py:1226 - write() - 127.0.0.1 - "GET /api/propagation-credentials/configured-credentials HTTP/1.1" 500 163 0.007080
Video
2023-03-17.13-25-51.mp4

Machine version (please complete the following information):

  • OS: Linux

Tasks

  • Modify the AuthenticationService to invalidate all sessions/tokens on startup (0d)
    • Clear uuid field for all users on startup (call the AuthenticationService.logout() function??)
  • Unit test for logout on restart (0.25d) @cakekoa
  • BB test for logout (0d) @cakekoa

Metadata

Metadata

Assignees

Labels

BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: MediumImpact: Critical

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions