TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 03:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,371 Commits 166 Branches 1,927 Tags 670 MiB
8d97363642
Commit Graph

7 Commits

Author SHA1 Message Date
Tim Möhlmann
dc170dc46e
feat(crypto): support md5 plain for imported password hashes (#8189) 
# Which Problems Are Solved

Allow verification of imported passwords hashed with plain md5, without
salt. These are password digests typically created by one of:

- `printf "password" | md5sum` on most linux systems.
- PHP's `md5("password")`
- Python3's `hashlib.md5(b"password").hexdigest()`

# How the Problems Are Solved

- Upgrade passwap to
[v0.6.0](https://github.com/zitadel/passwap/releases/tag/v0.6.0)
- Add md5plain as a new verfier option in `defaults.yaml`

# Additional Changes

- Updated documentation to explain difference between `md5` (crypt) and
`md5plain` verifiers.

# Additional Context

- Requested by customer for import case
 2024-06-25 11:10:49 +03:00
Tim Möhlmann
2089992d75
feat(crypto): use passwap for machine and app secrets (#7657) 
* feat(crypto): use passwap for machine and app secrets

* fix command package tests

* add hash generator command test

* naming convention, fix query tests

* rename PasswordHasher and cleanup start commands

* add reducer tests

* fix intergration tests, cleanup old config

* add app secret unit tests

* solve setup panics

* fix push of updated events

* add missing event translations

* update documentation

* solve linter errors

* remove nolint:SA1019 as it doesn't seem to help anyway

* add nolint to deprecated filter usage

* update users migration version

* remove unused ClientSecret from APIConfigChangedEvent

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-04-05 09:35:49 +00:00
Tim Möhlmann
1adfca9d28
fix(crypto): allow parsing of cost int from env string (#7061) 
fic(crypto): allow parsing of cost int from env string
 2023-12-15 11:16:05 +00:00
Tim Möhlmann
f680dd934d
refactor: rename package errors to zerrors (#7039) 
* chore: rename package errors to zerrors

* rename package errors to gerrors

* fix error related linting issues

* fix zitadel error assertion

* fix gosimple linting issues

* fix deprecated linting issues

* resolve gci linting issues

* fix import structure

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
 2023-12-08 15:30:55 +01:00
Tim Möhlmann
0af1c65c4c
fix: allow unused keys in hasher config (#6724) 2023-10-13 13:11:20 +00:00
Tim Möhlmann
4d09409328
feat(crypto): add pbkdf2 support (#6303) 
This change brings pbkdf2 support for password hashing and verification.
 2023-08-02 11:27:18 +00:00
Tim Möhlmann
4589ddad4a
feat: integrate passwap for human user password hashing (#6196) 
* feat: use passwap for human user passwords

* fix tests

* passwap config

* add the event mapper

* cleanup query side and api

* solve linting errors

* regression test

* try to fix linter errors again

* pass systemdefaults into externalConfigChange migration

* fix: user password set in auth view

* pin passwap v0.2.0

* v2: validate hashed password hash based on prefix

* resolve remaining comments

* add error tag and translation for unsupported hash encoding

* fix unit test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-07-14 09:49:57 +03:00