feat: integrate passwap for human user password hashing (#6196)

* feat: use passwap for human user passwords * fix tests * passwap config * add the event mapper * cleanup query side and api * solve linting errors * regression test * try to fix linter errors again * pass systemdefaults into externalConfigChange migration * fix: user password set in auth view * pin passwap v0.2.0 * v2: validate hashed password hash based on prefix * resolve remaining comments * add error tag and translation for unsupported hash encoding * fix unit test --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2023-07-14 09:49:57 +03:00
parent 6fcfa63f54
commit 4589ddad4a
56 changed files with 1853 additions and 775 deletions
--- a/internal/command/user_human_init_test.go
+++ b/internal/command/user_human_init_test.go
@@ -5,7 +5,6 @@ import (
 	"testing"
 	"time"

-	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/text/language"

@@ -305,8 +304,8 @@ func TestCommandSide_ResendInitialMail(t *testing.T) {

 func TestCommandSide_VerifyInitCode(t *testing.T) {
 	type fields struct {
-		eventstore      *eventstore.Eventstore
-		userPasswordAlg crypto.HashAlgorithm
+		eventstore         *eventstore.Eventstore
+		userPasswordHasher *crypto.PasswordHasher
 	}
 	type args struct {
 		ctx             context.Context
@@ -584,18 +583,13 @@ func TestCommandSide_VerifyInitCode(t *testing.T) {
 							eventFromEventPusher(
 								user.NewHumanPasswordChangedEvent(context.Background(),
 									&user.NewAggregate("user1", "org1").Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeHash,
-										Algorithm:  "hash",
-										KeyID:      "",
-										Crypted:    []byte("password"),
-									},
+									"$plain$x$password",
 									false,
 									"")),
 						},
 					),
 				),
-				userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
+				userPasswordHasher: mockPasswordHasher("x"),
 			},
 			args: args{
 				ctx:             context.Background(),
@@ -615,8 +609,8 @@ func TestCommandSide_VerifyInitCode(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore:      tt.fields.eventstore,
-				userPasswordAlg: tt.fields.userPasswordAlg,
+				eventstore:         tt.fields.eventstore,
+				userPasswordHasher: tt.fields.userPasswordHasher,
 			}
 			err := r.HumanVerifyInitCode(tt.args.ctx, tt.args.userID, tt.args.resourceOwner, tt.args.code, tt.args.password, tt.args.secretGenerator)
 			if tt.res.err == nil {