feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/command/session.go
+++ b/internal/command/session.go
@@ -31,11 +31,11 @@ type SessionCommands struct {
 	eventstore         *eventstore.Eventstore
 	eventCommands      []eventstore.Command

-	hasher      *crypto.PasswordHasher
+	hasher      *crypto.Hasher
 	intentAlg   crypto.EncryptionAlgorithm
 	totpAlg     crypto.EncryptionAlgorithm
 	otpAlg      crypto.EncryptionAlgorithm
-	createCode  cryptoCodeWithDefaultFunc
+	createCode  encryptedCodeWithDefaultFunc
 	createToken func(sessionID string) (id string, token string, err error)
 	now         func() time.Time
 }
@@ -49,7 +49,7 @@ func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWri
 		intentAlg:         c.idpConfigEncryption,
 		totpAlg:           c.multifactors.OTP.CryptoMFA,
 		otpAlg:            c.userEncryption,
-		createCode:        c.newCodeWithDefault,
+		createCode:        c.newEncryptedCodeWithDefault,
 		createToken:       c.sessionTokenCreator,
 		now:               time.Now,
 	}