feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:47:33 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/domain/human_password.go
+++ b/internal/domain/human_password.go
@@ -1,10 +1,12 @@
 package domain

 import (
+	"context"
 	"time"

 	"github.com/zitadel/zitadel/internal/crypto"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

@@ -30,7 +32,7 @@ type PasswordCode struct {
 	NotificationType NotificationType
 }

-func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, hasher *crypto.PasswordHasher) error {
+func (p *Password) HashPasswordIfExisting(ctx context.Context, policy *PasswordComplexityPolicy, hasher *crypto.Hasher) error {
 	if p.SecretString == "" {
 		return nil
 	}
@@ -40,7 +42,9 @@ func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, hash
 	if err := policy.Check(p.SecretString); err != nil {
 		return err
 	}
+	_, spanHash := tracing.NewNamedSpan(ctx, "passwap.Hash")
 	encoded, err := hasher.Hash(p.SecretString)
+	spanHash.EndWithError(err)
 	if err != nil {
 		return err
 	}