feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 20:27:32 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/command/user_v2_password_test.go
+++ b/internal/command/user_v2_password_test.go
@@ -330,7 +330,7 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 		checkPermission domain.PermissionCheck
 		eventstore      func(t *testing.T) *eventstore.Eventstore
 		userEncryption  crypto.EncryptionAlgorithm
-		newCode         cryptoCodeFunc
+		newCode         encrypedCodeFunc
 	}
 	type args struct {
 		ctx              context.Context
@@ -452,7 +452,7 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 					),
 				),
 				checkPermission: newMockPermissionCheckAllowed(),
-				newCode:         mockCode("code", 10*time.Minute),
+				newCode:         mockEncryptedCode("code", 10*time.Minute),
 			},
 			args: args{
 				ctx:    context.Background(),
@@ -492,7 +492,7 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 					),
 				),
 				checkPermission: newMockPermissionCheckAllowed(),
-				newCode:         mockCode("code", 10*time.Minute),
+				newCode:         mockEncryptedCode("code", 10*time.Minute),
 			},
 			args: args{
 				ctx:     context.Background(),
@@ -533,7 +533,7 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 					),
 				),
 				checkPermission: newMockPermissionCheckAllowed(),
-				newCode:         mockCode("code", 10*time.Minute),
+				newCode:         mockEncryptedCode("code", 10*time.Minute),
 			},
 			args: args{
 				ctx:              context.Background(),
@@ -575,7 +575,7 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 					),
 				),
 				checkPermission: newMockPermissionCheckAllowed(),
-				newCode:         mockCode("code", 10*time.Minute),
+				newCode:         mockEncryptedCode("code", 10*time.Minute),
 			},
 			args: args{
 				ctx:        context.Background(),
@@ -593,10 +593,10 @@ func TestCommands_requestPasswordReset(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c := &Commands{
-				checkPermission: tt.fields.checkPermission,
-				eventstore:      tt.fields.eventstore(t),
-				userEncryption:  tt.fields.userEncryption,
-				newCode:         tt.fields.newCode,
+				checkPermission:  tt.fields.checkPermission,
+				eventstore:       tt.fields.eventstore(t),
+				userEncryption:   tt.fields.userEncryption,
+				newEncryptedCode: tt.fields.newCode,
 			}
 			got, gotPlainCode, err := c.requestPasswordReset(tt.args.ctx, tt.args.userID, tt.args.returnCode, tt.args.urlTmpl, tt.args.notificationType)
 			require.ErrorIs(t, err, tt.res.err)