search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.58k stars 767 forks source link

Incompatible pyjwt #960

Closed mssalvatore closed 3 years ago

mssalvatore commented 3 years ago

Describe the bug

Monkey Island is not compatible with the latest version of pyjwt. monkey/monkey_island/requirements.txt specifies pyjwt>=1.5.1. When a pyjwt > 1.7 is installed, the following error occurrs:

2021-01-19 18:17:32,559 - app.py:1892 - log_exception() - ERROR - Exception on /api/auth [POST]
Traceback (most recent call last):
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_restful/__init__.py", line 468, in wrapper
    resp = resource(*args, **kwargs)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask/views.py", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_restful/__init__.py", line 583, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/home/msalvatore/save.infection_monkey/monkey/monkey_island/cc/resources/auth/auth.py", line 49, in post
    access_token = flask_jwt_extended.create_access_token(identity=user_store.UserStore.username_table[username].id)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_jwt_extended/utils.py", line 173, in create_access_token
    headers=headers)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_jwt_extended/jwt_manager.py", line 522, in _create_access_token
    headers=headers
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_jwt_extended/tokens.py", line 77, in encode_access_token
    json_encoder=json_encoder, headers=headers)
  File "/home/msalvatore/.local/lib/python3.7/site-packages/flask_jwt_extended/tokens.py", line 30, in _encode_jwt
    json_encoder=json_encoder, headers=headers).decode('utf-8')
AttributeError: 'str' object has no attribute 'decode'

To Reproduce

Steps to reproduce the behavior:

  1. Use the deployment scripts to deploy Monkey Island in a fresh environment
  2. Start Monkey island

Expected behavior

I expect Monkey Island not to raise exceptions

Possible Solutions

  1. Update all code that uses pyjwt to be compatible with the latest version, update requirements.txt accordingly (PREFERRED)
  2. Pin pyjwt to version 1.7 in requirements.txt (DISCOURAGED)

Machine version (please complete the following information):

VakarisZ commented 3 years ago

What solved it for me was updating Flask-JWT-Extended to the latest. Sanity tests passed.

mssalvatore commented 3 years ago

4.0.2?

VakarisZ commented 3 years ago

Yes

mssalvatore commented 3 years ago

resolved by ed589bd46aff7ec869156bd952f475d5f2f86f71