feat: integrate passwap for human user password hashing (#6196)

* feat: use passwap for human user passwords * fix tests * passwap config * add the event mapper * cleanup query side and api * solve linting errors * regression test * try to fix linter errors again * pass systemdefaults into externalConfigChange migration * fix: user password set in auth view * pin passwap v0.2.0 * v2: validate hashed password hash based on prefix * resolve remaining comments * add error tag and translation for unsupported hash encoding * fix unit test --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:07:31 +00:00 · 2023-07-14 09:49:57 +03:00
parent 6fcfa63f54
commit 4589ddad4a
56 changed files with 1853 additions and 775 deletions
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -577,15 +577,14 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 			}
 			if withPasswords {
 				ctx, pwspan := tracing.NewSpan(ctx)
-				hashedPassword, hashAlgorithm, err := s.query.GetHumanPassword(ctx, org, user.ID)
+				encodedHash, err := s.query.GetHumanPassword(ctx, org, user.ID)
 				pwspan.EndWithError(err)
 				if err != nil && !caos_errors.IsNotFound(err) {
 					return nil, nil, nil, nil, err
 				}
-				if err == nil && hashedPassword != nil {
+				if err == nil && encodedHash != "" {
 					dataUser.User.HashedPassword = &management_pb.ImportHumanUserRequest_HashedPassword{
-						Value:     string(hashedPassword),
-						Algorithm: hashAlgorithm,
+						Value: encodedHash,
 					}
 				}
 			}