mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 02:54:20 +00:00
4589ddad4a
* feat: use passwap for human user passwords * fix tests * passwap config * add the event mapper * cleanup query side and api * solve linting errors * regression test * try to fix linter errors again * pass systemdefaults into externalConfigChange migration * fix: user password set in auth view * pin passwap v0.2.0 * v2: validate hashed password hash based on prefix * resolve remaining comments * add error tag and translation for unsupported hash encoding * fix unit test --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
61 lines
1.3 KiB
Go
61 lines
1.3 KiB
Go
package domain
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
caos_errs "github.com/zitadel/zitadel/internal/errors"
|
|
es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
)
|
|
|
|
type Password struct {
|
|
es_models.ObjectRoot
|
|
|
|
SecretString string
|
|
EncodedSecret string
|
|
ChangeRequired bool
|
|
}
|
|
|
|
func NewPassword(password string) *Password {
|
|
return &Password{
|
|
SecretString: password,
|
|
}
|
|
}
|
|
|
|
type PasswordCode struct {
|
|
es_models.ObjectRoot
|
|
|
|
Code *crypto.CryptoValue
|
|
Expiry time.Duration
|
|
NotificationType NotificationType
|
|
}
|
|
|
|
func (p *Password) HashPasswordIfExisting(policy *PasswordComplexityPolicy, hasher *crypto.PasswordHasher) error {
|
|
if p.SecretString == "" {
|
|
return nil
|
|
}
|
|
if policy == nil {
|
|
return caos_errs.ThrowPreconditionFailed(nil, "DOMAIN-s8ifS", "Errors.User.PasswordComplexityPolicy.NotFound")
|
|
}
|
|
if err := policy.Check(p.SecretString); err != nil {
|
|
return err
|
|
}
|
|
encoded, err := hasher.Hash(p.SecretString)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
p.EncodedSecret = encoded
|
|
return nil
|
|
}
|
|
|
|
func NewPasswordCode(passwordGenerator crypto.Generator) (*PasswordCode, error) {
|
|
passwordCodeCrypto, _, err := crypto.NewCode(passwordGenerator)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &PasswordCode{
|
|
Code: passwordCodeCrypto,
|
|
Expiry: passwordGenerator.Expiry(),
|
|
}, nil
|
|
}
|