feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 20:27:32 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/command/org_test.go
+++ b/internal/command/org_test.go
@@ -1260,7 +1260,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 	type fields struct {
 		eventstore   func(t *testing.T) *eventstore.Eventstore
 		idGenerator  id.Generator
-		newCode      cryptoCodeFunc
+		newCode      encrypedCodeFunc
 		keyAlgorithm crypto.EncryptionAlgorithm
 	}
 	type args struct {
@@ -1437,7 +1437,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					),
 				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID"),
-				newCode:     mockCode("userinit", time.Hour),
+				newCode:     mockEncryptedCode("userinit", time.Hour),
 			},
 			args: args{
 				ctx: authz.WithRequestedDomain(context.Background(), "iam-domain"),
@@ -1616,7 +1616,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					),
 				),
 				idGenerator:  id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID", "tokenID"),
-				newCode:      mockCode("userinit", time.Hour),
+				newCode:      mockEncryptedCode("userinit", time.Hour),
 				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
@@ -1669,10 +1669,10 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore:   tt.fields.eventstore(t),
-				idGenerator:  tt.fields.idGenerator,
-				newCode:      tt.fields.newCode,
-				keyAlgorithm: tt.fields.keyAlgorithm,
+				eventstore:       tt.fields.eventstore(t),
+				idGenerator:      tt.fields.idGenerator,
+				newEncryptedCode: tt.fields.newCode,
+				keyAlgorithm:     tt.fields.keyAlgorithm,
 				zitadelRoles: []authz.RoleMapping{
 					{
 						Role: domain.RoleOrgOwner,