feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:07:31 +00:00 · 2024-04-05 12:35:49 +03:00
parent 5931fb8f28
commit 2089992d75
135 changed files with 2407 additions and 1779 deletions
--- a/internal/query/introspection_test.go
+++ b/internal/query/introspection_test.go
@@ -4,7 +4,6 @@ import (
 	"database/sql"
 	"database/sql/driver"
 	_ "embed"
-	"encoding/json"
 	"regexp"
 	"testing"

@@ -12,20 +11,10 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/database"
 )

 func TestQueries_GetIntrospectionClientByID(t *testing.T) {
-	secret := &crypto.CryptoValue{
-		CryptoType: crypto.TypeHash,
-		Algorithm:  "alg",
-		KeyID:      "keyID",
-		Crypted:    []byte("secret"),
-	}
-	encSecret, err := json.Marshal(secret)
-	require.NoError(t, err)
-
 	pubkeys := database.Map[[]byte]{
 		"key1": {1, 2, 3},
 		"key2": {4, 5, 6},
@@ -61,14 +50,17 @@ func TestQueries_GetIntrospectionClientByID(t *testing.T) {
 				getKeys:  false,
 			},
 			mock: mockQuery(expQuery,
-				[]string{"client_id", "client_secret", "project_id", "public_keys"},
-				[]driver.Value{"clientID", encSecret, "projectID", nil},
+				[]string{"app_id", "client_id", "client_secret", "app_type", "project_id", "resource_owner", "public_keys"},
+				[]driver.Value{"appID", "clientID", "secret", "oidc", "projectID", "orgID", nil},
 				"instanceID", "clientID", false),
 			want: &IntrospectionClient{
-				ClientID:     "clientID",
-				ClientSecret: secret,
-				ProjectID:    "projectID",
-				PublicKeys:   nil,
+				AppID:         "appID",
+				ClientID:      "clientID",
+				HashedSecret:  "secret",
+				AppType:       AppTypeOIDC,
+				ProjectID:     "projectID",
+				ResourceOwner: "orgID",
+				PublicKeys:    nil,
 			},
 		},
 		{
@@ -78,14 +70,17 @@ func TestQueries_GetIntrospectionClientByID(t *testing.T) {
 				getKeys:  true,
 			},
 			mock: mockQuery(expQuery,
-				[]string{"client_id", "client_secret", "project_id", "public_keys"},
-				[]driver.Value{"clientID", nil, "projectID", encPubkeys},
+				[]string{"app_id", "client_id", "client_secret", "app_type", "project_id", "resource_owner", "public_keys"},
+				[]driver.Value{"appID", "clientID", "", "oidc", "projectID", "orgID", encPubkeys},
 				"instanceID", "clientID", true),
 			want: &IntrospectionClient{
-				ClientID:     "clientID",
-				ClientSecret: nil,
-				ProjectID:    "projectID",
-				PublicKeys:   pubkeys,
+				AppID:         "appID",
+				ClientID:      "clientID",
+				HashedSecret:  "",
+				AppType:       AppTypeOIDC,
+				ProjectID:     "projectID",
+				ResourceOwner: "orgID",
+				PublicKeys:    pubkeys,
 			},
 		},
 	}