yarnsocial
/
yarn
22
21
Fork 29
Code Issues 94 Pull Requests 7 Releases 35 Wiki Activity
Labels Milestones

feat-use-new-passwd #1095

Merged
xuu merged 8 commits from feat-use-new-passwd into main 3 months ago
Conversation 0 Commits 8 Files Changed 12
xuu commented 4 months ago
Owner

implements a new password system that includes preferred hash + complexity to automatically rehash on login if needed.

This is using argon2i but i can add support for argon2id.

now prefers argon2id per comments on #1093

closes #1093

implements a new password system that includes preferred hash + complexity to automatically rehash on login if needed. ~~This is using argon2i but i can add support for argon2id.~~ now prefers argon2id per comments on #1093 closes #1093
xuu added 2 commits 4 months ago
continuous-integration/drone/pr Build is passing Details
4feb329fee
fix: reverse password hash on api endpoint
xuu requested review from prologic 4 months ago
xuu requested review from lyse 4 months ago
xuu added 1 commit 4 months ago
continuous-integration/drone/pr Build is passing Details
e0dabfce82
chore: add argon2id as preferred
xuu added the area/backend enhancement security labels 4 months ago
xuu added 1 commit 4 months ago
continuous-integration/drone/pr Build is failing Details
133b296755
chore: update to go-passwd v0.0.1
xuu force-pushed feat-use-new-passwd from 133b296755 to 420c7b5bf3 4 months ago
lyse approved these changes 4 months ago
lyse left a comment
Owner

Didn't run the code, only looked at it so far. Couldn't find any obvious mistakes. Will try it on the weekend.

Didn't run the code, only looked at it so far. Couldn't find any obvious mistakes. Will try it on the weekend.
internal/api.go Outdated
hash, err := a.pm.Passwd(password, "")
if err != nil {
log.WithError(err).Error("error creating password hash")
http.Error(w, "Passwrod Creation Failed", http.StatusInternalServerError)
lyse commented 4 months ago
Owner

Just noticed a typo in "Passw_or_d".

Just noticed a typo in "Passw_or_d".
xuu commented 3 months ago
Poster
Owner

:D the method for go-passwd's *passwd.Passwd is -in fact- Passwd()

:D the method for go-passwd's *passwd.Passwd is -in fact- Passwd()
xuu marked this conversation as resolved
internal/api.go Outdated
// Save upgraded user password
if err := a.db.SetUser(username, user); err != nil {
log.WithError(err).Error("error saving user object for user")
lyse commented 4 months ago
Owner

Maybe it would be helpful to know a bit more context: error saving user after password upgrade

Maybe it would be helpful to know a bit more context: `error saving user after password upgrade`
xuu commented 3 months ago
Poster
Owner

i agree.. i grabbed this from where i could find the save take place.

i agree.. i grabbed this from where i could find the save take place.
xuu marked this conversation as resolved
internal/login_handlers.go Outdated
// Save upgraded user password
if err := s.db.SetUser(username, user); err != nil {
ctx.Error = true
ctx.Message = s.tr(ctx, "ErrorGetUser")
lyse commented 4 months ago
Owner

I've no idea what to use instead, but ErrorGetUser seems to be misleading.

I've no idea what to use instead, but `ErrorGetUser` seems to be misleading.
xuu marked this conversation as resolved
xuu added 1 commit 3 months ago
continuous-integration/drone/pr Build is passing Details
8782383797
chore: more descriptive errors
prologic force-pushed feat-use-new-passwd from 8782383797 to b2109420b6 3 months ago
prologic approved these changes 3 months ago
prologic left a comment
Owner

Did some manual testing...

Did some manual testing...
xuu added 1 commit 3 months ago
xuu force-pushed feat-use-new-passwd from cd923a3e47 to 7c9eef44a3 3 months ago
xuu added 1 commit 3 months ago
continuous-integration/drone/pr Build is passing Details
383e57f3f9 Merge branch 'main' into feat-use-new-passwd
xuu merged commit b0f72b9e9b into main 3 months ago
xuu referenced this issue from a commit 3 months ago
feat-use-new-passwd (#1095)
xuu deleted branch feat-use-new-passwd 3 months ago

Reviewers

lyse approved these changes 4 months ago
prologic approved these changes 3 months ago
continuous-integration/drone/pr Build is passing
Details
The pull request has been merged as b0f72b9e9b.
Sign in to join this conversation.
Reviewers
Request review
No reviewers
lyse
prologic
Labels
Apply labels
Clear labels
area/backend area/ci area/cli area/desktop area/hosting area/mobile area/packaging area/ui browser/chrome browser/edge browser/firefox browser/safari bug
Something isn't working dependencies discussion documentation
Improvements or additions to documentation duplicate
This issue or pull request already exists enhancement
New feature or request good first issue
Good for newcomers help wanted
Extra attention is needed invalid
This doesn't seem right on hold question
Further information is requested security stale tests wontfix
This will not be worked on
No Label area/backend area/ci area/cli area/desktop area/hosting area/mobile area/packaging area/ui browser/chrome browser/edge browser/firefox browser/safari bug dependencies discussion documentation duplicate enhancement good first issue help wanted invalid on hold question security stale tests wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: yarnsocial/yarn#1095
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch 'feat-use-new-passwd'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes