feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:07:31 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/crypto/code_test.go
+++ b/internal/crypto/code_test.go
@@ -102,25 +102,10 @@ func TestVerifyCode(t *testing.T) {
 			},
 			false,
 		},
-		{
-			"hash alg ok",
-			args{
-				creationDate: time.Now(),
-				expiry:       5 * time.Minute,
-				cryptoCode: &CryptoValue{
-					CryptoType: TypeHash,
-					Algorithm:  "hash",
-					Crypted:    []byte("code"),
-				},
-				verificationCode: "code",
-				g:                createMockGenerator(t, CreateMockHashAlg(gomock.NewController(t))),
-			},
-			false,
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := VerifyCode(tt.args.creationDate, tt.args.expiry, tt.args.cryptoCode, tt.args.verificationCode, tt.args.g); (err != nil) != tt.wantErr {
+			if err := VerifyCode(tt.args.creationDate, tt.args.expiry, tt.args.cryptoCode, tt.args.verificationCode, tt.args.g.Alg()); (err != nil) != tt.wantErr {
 				t.Errorf("VerifyCode() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -222,85 +207,3 @@ func Test_verifyEncryptedCode(t *testing.T) {
 		})
 	}
 }
-
-func Test_verifyHashedCode(t *testing.T) {
-	type args struct {
-		cryptoCode       *CryptoValue
-		verificationCode string
-		alg              HashAlgorithm
-	}
-	tests := []struct {
-		name    string
-		args    args
-		wantErr bool
-	}{
-
-		{
-			"nil error",
-			args{
-				cryptoCode:       nil,
-				verificationCode: "",
-				alg:              CreateMockHashAlg(gomock.NewController(t)),
-			},
-			true,
-		},
-		{
-			"wrong cryptotype error",
-			args{
-				cryptoCode: &CryptoValue{
-					CryptoType: TypeEncryption,
-					Crypted:    nil,
-				},
-				verificationCode: "",
-				alg:              CreateMockHashAlg(gomock.NewController(t)),
-			},
-			true,
-		},
-		{
-			"wrong algorithm error",
-			args{
-				cryptoCode: &CryptoValue{
-					CryptoType: TypeHash,
-					Algorithm:  "hash2",
-					Crypted:    nil,
-				},
-				verificationCode: "",
-				alg:              CreateMockHashAlg(gomock.NewController(t)),
-			},
-			true,
-		},
-		{
-			"wrong verification code error",
-			args{
-				cryptoCode: &CryptoValue{
-					CryptoType: TypeHash,
-					Algorithm:  "hash",
-					Crypted:    []byte("code"),
-				},
-				verificationCode: "wrong",
-				alg:              CreateMockHashAlg(gomock.NewController(t)),
-			},
-			true,
-		},
-		{
-			"verification code ok",
-			args{
-				cryptoCode: &CryptoValue{
-					CryptoType: TypeHash,
-					Algorithm:  "hash",
-					Crypted:    []byte("code"),
-				},
-				verificationCode: "code",
-				alg:              CreateMockHashAlg(gomock.NewController(t)),
-			},
-			false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if err := verifyHashedCode(tt.args.cryptoCode, tt.args.verificationCode, tt.args.alg); (err != nil) != tt.wantErr {
-				t.Errorf("verifyHashedCode() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}