mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 20:38:48 +00:00 
			
		
		
		
	feat: integrate passwap for human user password hashing (#6196)
* feat: use passwap for human user passwords * fix tests * passwap config * add the event mapper * cleanup query side and api * solve linting errors * regression test * try to fix linter errors again * pass systemdefaults into externalConfigChange migration * fix: user password set in auth view * pin passwap v0.2.0 * v2: validate hashed password hash based on prefix * resolve remaining comments * add error tag and translation for unsupported hash encoding * fix unit test --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
		| @@ -326,7 +326,7 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, | ||||
|  | ||||
| 	projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel) | ||||
| 	ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash") | ||||
| 	err = crypto.CompareHash(app.ClientSecret, []byte(secret), c.userPasswordAlg) | ||||
| 	err = crypto.CompareHash(app.ClientSecret, []byte(secret), c.codeAlg) | ||||
| 	spanPasswordComparison.EndWithError(err) | ||||
| 	if err == nil { | ||||
| 		_, err = c.eventstore.Push(ctx, project_repo.NewOIDCConfigSecretCheckSucceededEvent(ctx, projectAgg, app.AppID)) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Tim Möhlmann
					Tim Möhlmann