feat: integrate passwap for human user password hashing (#6196)

* feat: use passwap for human user passwords * fix tests * passwap config * add the event mapper * cleanup query side and api * solve linting errors * regression test * try to fix linter errors again * pass systemdefaults into externalConfigChange migration * fix: user password set in auth view * pin passwap v0.2.0 * v2: validate hashed password hash based on prefix * resolve remaining comments * add error tag and translation for unsupported hash encoding * fix unit test --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:47:33 +00:00 · 2023-07-14 09:49:57 +03:00
parent 6fcfa63f54
commit 4589ddad4a
56 changed files with 1853 additions and 775 deletions
--- a/internal/api/grpc/user/v2/user_test.go
+++ b/internal/api/grpc/user/v2/user_test.go
@@ -1,7 +1,6 @@
 package user

 import (
-	"errors"
 	"testing"
 	"time"

@@ -25,74 +24,6 @@ import (

 var ignoreTypes = []protoreflect.FullName{"google.protobuf.Duration", "google.protobuf.Struct"}

-func Test_hashedPasswordToCommand(t *testing.T) {
-	type args struct {
-		hashed *user.HashedPassword
-	}
-	type res struct {
-		want string
-		err  func(error) bool
-	}
-	tests := []struct {
-		name string
-		args args
-		res  res
-	}{
-		{
-			"not hashed",
-			args{
-				hashed: nil,
-			},
-			res{
-				"",
-				nil,
-			},
-		},
-		{
-			"hashed, not bcrypt",
-			args{
-				hashed: &user.HashedPassword{
-					Hash:      "hash",
-					Algorithm: "custom",
-				},
-			},
-			res{
-				"",
-				func(err error) bool {
-					return errors.Is(err, caos_errs.ThrowInvalidArgument(nil, "USER-JDk4t", "Errors.InvalidArgument"))
-				},
-			},
-		},
-		{
-			"hashed, bcrypt",
-			args{
-				hashed: &user.HashedPassword{
-					Hash:      "hash",
-					Algorithm: "bcrypt",
-				},
-			},
-			res{
-				"hash",
-				nil,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := hashedPasswordToCommand(tt.args.hashed)
-			if tt.res.err == nil {
-				require.NoError(t, err)
-			}
-			if tt.res.err != nil && !tt.res.err(err) {
-				t.Errorf("got wrong err: %v ", err)
-			}
-			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
-			}
-		})
-	}
-}
-
 func Test_intentToIDPInformationPb(t *testing.T) {
 	decryption := func(err error) crypto.EncryptionAlgorithm {
 		mCrypto := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))