feat: integrate passwap for human user password hashing (#6196)

* feat: use passwap for human user passwords

* fix tests

* passwap config

* add the event mapper

* cleanup query side and api

* solve linting errors

* regression test

* try to fix linter errors again

* pass systemdefaults into externalConfigChange migration

* fix: user password set in auth view

* pin passwap v0.2.0

* v2: validate hashed password hash based on prefix

* resolve remaining comments

* add error tag and translation for unsupported hash encoding

* fix unit test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/user/repository/eventsourcing/model/password.go

@@ -15,6 +15,7 @@ type Password struct {
 	es_models.ObjectRoot
 
 	Secret         *crypto.CryptoValue `json:"secret,omitempty"`
+	EncodedHash    string              `json:"encodedHash,omitempty"`
 	ChangeRequired bool                `json:"changeRequired,omitempty"`
 }
 

internal/user/repository/view/model/notify_user.go

@@ -128,6 +128,6 @@ func (u *NotifyUser) setPasswordData(event *models.Event) error {
 		logging.Log("MODEL-dfhw6").WithError(err).Error("could not unmarshal event data")
 		return caos_errs.ThrowInternal(nil, "MODEL-BHFD2", "could not unmarshal data")
 	}
-	u.PasswordSet = password.Secret != nil
+	u.PasswordSet = password.Secret != nil || password.EncodedHash != ""
 	return nil
 }

internal/user/repository/view/model/user.go

@@ -380,7 +380,7 @@ func (u *UserView) setPasswordData(event *models.Event) error {
 		logging.Log("MODEL-sdw4r").WithError(err).Error("could not unmarshal event data")
 		return errors.ThrowInternal(nil, "MODEL-6jhsw", "could not unmarshal data")
 	}
-	u.PasswordSet = password.Secret != nil
+	u.PasswordSet = password.Secret != nil || password.EncodedHash != ""
 	u.PasswordInitRequired = !u.PasswordSet
 	u.PasswordChangeRequired = password.ChangeRequired
 	u.PasswordChanged = event.CreationDate