feat(general): User_profile_add_set cli changes #3770
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3770 +/- ##
==========================================
+ Coverage 75.86% 76.93% +1.06%
==========================================
Files 470 476 +6
Lines 37301 28943 -8358
==========================================
- Hits 28299 22266 -6033
+ Misses 7071 4736 -2335
- Partials 1931 1941 +10 ☔ View full report in Codecov by Sentry. |
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Comment on lines
+43
to
+49
| type scryptKeyDeriver struct { | ||
| // n scryptCostParameterN is scrypt's CPU/memory cost parameter. | ||
| n int | ||
| // r scryptCostParameterR is scrypt's work factor. | ||
| r int | ||
| // p scryptCostParameterP is scrypt's parallelization parameter. | ||
| p int |
Collaborator
There was a problem hiding this comment.
Thank you for adding these comments!
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Shrekster
reviewed
Apr 5, 2024
Collaborator
|
@bathina2 Sirish, changes look very good. Took first pass and left some comments, please take look. This is looking very close to done. |
Shrekster
reviewed
Apr 10, 2024
internal/user/user_profile.go
Outdated
| // compare against valid user to avoid revealing whether the user account exists. | ||
| isValidPassword(password, dummyV1HashThatNeverMatchesAnyPassword, crypto.DefaultKeyDerivationAlgorithm) | ||
|
|
||
| isValidPassword(password, dummyV1HashThatNeverMatchesAnyPassword, algorithms[rand.Intn(len(algorithms))]) |
Shrekster
reviewed
Apr 10, 2024
Collaborator
|
Looks good now pending some linters cleanup that @bathina2 is looking into. I'll just hold on to Jarek/Julio to respond to my comment until afternoon (pacific time), then we can take this in. |
Shrekster
approved these changes
Apr 11, 2024
Collaborator
Shrekster
left a comment
There was a problem hiding this comment.
LGTM 👍
Merging this. @julio-lopez / @jkowalski PTAL at my comment regarding user profiles post merge as well.
bathina2
commented
Apr 23, 2024
julio-lopez
reviewed
Apr 23, 2024
This was referenced Apr 26, 2024
julio-lopez
added a commit
that referenced
this pull request
Apr 27, 2024
…3821) Code movement and simplification, no functional changes. Objectives: - Allow callers specifying the needed key (or hash) size, instead of hard-coding it in the registered PBK derivers. Conceptually, the caller needs to specify the key size, since that is a requirement of the (encryption) algorithm being used in the caller. Now, the code changes here do not result in any functional changes since the key size is always 32 bytes. - Remove a global definition for the default PB key deriver to use. Instead, each of the 3 use case sets the default value. Changes: - `crypto.DeriveKeyFromPassword` now takes a key size. - Adds new constants for the key sizes at the callers. - Removes the global `crypto.MasterKeySize` const. - Removes the global `crypto.DefaultKeyDerivationAlgorithm` const. - Adds const for the default derivation algorithms for each use case. - Adds a const for the salt length in the `internal/user` package, to ensure the same salt length is used in both hash versions. - Unexports various functions, variables and constants in the `internal/crypto` & `internal/user` packages. - Renames various constants for consistency. - Removes unused functions and symbols. - Renames files to be consistent and better reflect the structure of the code. - Adds a couple of tests to ensure the const values are in sync and supported. - Fixes a couple of typos Followups to: - #3725 - #3770 - #3779 - #3799 - #3816 The individual commits show the code transformations to simplify the review of the changes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR allows users to set the key derivation algorithm in a profile.
The previous control
user-password-hash-versionwas in place to handle any variations, however it has only ever supported 1 version and is not quite accurate. It has been replace withkey-derivation-algorithm.There is support to handle older profiles that have the PasswordHashVersion set. It will default to using the
Scryptkey derivation algorithm as it had in the past.An example where a profile is created with the old changes and one that is created with these new ones-