feat-use-new-passwd #1095

Merged
xuu merged 8 commits from feat-use-new-passwd into main 2 months ago
xuu commented 2 months ago
Owner

implements a new password system that includes preferred hash + complexity to automatically rehash on login if needed.

This is using argon2i but i can add support for argon2id.

now prefers argon2id per comments on #1093

closes #1093

implements a new password system that includes preferred hash + complexity to automatically rehash on login if needed. ~~This is using argon2i but i can add support for argon2id.~~ now prefers argon2id per comments on #1093 closes #1093
xuu added 2 commits 2 months ago
xuu requested review from prologic 2 months ago
xuu requested review from lyse 2 months ago
xuu added 1 commit 2 months ago
e0dabfce82
chore: add argon2id as preferred
xuu added the
area/backend
enhancement
security
labels 2 months ago
xuu added 1 commit 2 months ago
133b296755
chore: update to go-passwd v0.0.1
xuu force-pushed feat-use-new-passwd from 133b296755 to 420c7b5bf3 2 months ago
lyse approved these changes 2 months ago
lyse left a comment
Owner

Didn't run the code, only looked at it so far. Couldn't find any obvious mistakes. Will try it on the weekend.

Didn't run the code, only looked at it so far. Couldn't find any obvious mistakes. Will try it on the weekend.
internal/api.go Outdated
hash, err := a.pm.Passwd(password, "")
if err != nil {
log.WithError(err).Error("error creating password hash")
http.Error(w, "Passwrod Creation Failed", http.StatusInternalServerError)
Owner

Just noticed a typo in "Passw_or_d".

Just noticed a typo in "Passw_or_d".
Poster
Owner

:D the method for go-passwd's *passwd.Passwd is -in fact- Passwd()

:D the method for go-passwd's *passwd.Passwd is -in fact- Passwd()
xuu marked this conversation as resolved
internal/api.go Outdated
// Save upgraded user password
if err := a.db.SetUser(username, user); err != nil {
log.WithError(err).Error("error saving user object for user")
Owner

Maybe it would be helpful to know a bit more context: error saving user after password upgrade

Maybe it would be helpful to know a bit more context: `error saving user after password upgrade`
Poster
Owner

i agree.. i grabbed this from where i could find the save take place.

i agree.. i grabbed this from where i could find the save take place.
xuu marked this conversation as resolved
// Save upgraded user password
if err := s.db.SetUser(username, user); err != nil {
ctx.Error = true
ctx.Message = s.tr(ctx, "ErrorGetUser")
Owner

I've no idea what to use instead, but ErrorGetUser seems to be misleading.

I've no idea what to use instead, but `ErrorGetUser` seems to be misleading.
xuu marked this conversation as resolved
xuu added 1 commit 2 months ago
8782383797
chore: more descriptive errors
prologic force-pushed feat-use-new-passwd from 8782383797 to b2109420b6 2 months ago
prologic approved these changes 2 months ago
prologic left a comment
Owner

Did some manual testing...

Did some manual testing...
xuu added 1 commit 2 months ago
xuu force-pushed feat-use-new-passwd from cd923a3e47 to 7c9eef44a3 2 months ago
xuu added 1 commit 2 months ago
383e57f3f9 Merge branch 'main' into feat-use-new-passwd
xuu merged commit b0f72b9e9b into main 2 months ago
xuu referenced this issue from a commit 2 months ago
xuu deleted branch feat-use-new-passwd 2 months ago

Reviewers

lyse approved these changes 2 months ago
prologic approved these changes 2 months ago
continuous-integration/drone/pr Build is passing
The pull request has been merged as b0f72b9e9b.
Sign in to join this conversation.
Loading…
There is no content yet.