[SQSERVICES-1931] wire server allow backend to enforce stronger password restrictions when setting a password#3137
Merged
battermann merged 29 commits intodevelopfrom Mar 15, 2023
Conversation
zebot
added
the
ok-to-test
Contributor
Author
|
I am open to other naming suggestions, e.g. call the old/legacy password type |
…-to-enforce-stronger-password-restrictions-when-setting-a-password
fisx
reviewed
Mar 10, 2023
Contributor
fisx
left a comment
fisx
left a comment
There was a problem hiding this comment.
running gundeck integration tests locally i get this:
Tokens
register a push token: FAIL
Exception: Safe.readNote no parse on "NO_HEADER_VALUE", unable to parse Location header
CallStack (from HasCallStack):
readNote, called at test/integration/API.hs:1253:7 in main:API
Use -p '!/RealAWS/&&/Tokens.register a push token/' to rerun this test only.
unregister a push token: FAIL
Exception: Safe.readNote no parse on "NO_HEADER_VALUE", unable to parse Location header
CallStack (from HasCallStack):
readNote, called at test/integration/API.hs:1253:7 in main:API
Use -p '!/RealAWS/&&/unregister a push token/' to rerun this test only.
Websocket pingpong
data-level pings produce pongs: OK (1.00s)
control pings with payload produce pongs with the same payload: OK (1.00s)
data non-pings are ignored: OK (2.00s)
Redis migration
redis migration should work: FAIL
Exception: Error executing request: Safe.readNote no parse on "NO_HEADER_VALUE", unable to parse Location header
CallStack (from HasCallStack):
readNote, called at test/integration/API.hs:1253:7 in main:API
CallStack (from HasCallStack):
error, called at src/Bilge/Assert.hs:101:18 in bilge-0.22.0-inplace:Bilge.Assert
<!!, called at src/Bilge/Assert.hs:109:19 in bilge-0.22.0-inplace:Bilge.Assert
!!!, called at test/integration/API.hs:966:7 in main:API
Use -p '!/RealAWS/&&/redis migration should work/' to rerun this test only.
it doesn't look related, but it's only happening on this branch, not on develop.
[...] it is not possible to create test users with shorter passwords anymore.
you could either call cassandra directly and inject the short password, or implement an /i/-endpoint that allows this. the former used to happen in the spar tests, but somebody removed it, so maybe we should aim for the second option.
let's pair on this on monday?
libs/types-common/src/Data/Misc.hs
Outdated
Comment on lines
350
to
352
| type PlainTextPassword = PlainTextPassword' (6 :: Nat) | ||
|
|
||
| type PlainTextPasswordMinLength8 = PlainTextPassword' (8 :: Nat) |
Contributor
There was a problem hiding this comment.
Suggested change
| type PlainTextPassword = PlainTextPassword' (6 :: Nat) | |
| type PlainTextPasswordMinLength8 = PlainTextPassword' (8 :: Nat) | |
| type PlainTextPassword6 = PlainTextPassword' (6 :: Nat) | |
| type PlainTextPassword = PlainTextPassword' (8 :: Nat) |
The old passwords should have the more awkward name, the passwords we really want to deal with everywhere the simpler name.
libs/types-common/src/Data/Misc.hs
Outdated
Comment on lines
354
to
371
| plainTextPasswordLegacy :: Text -> Maybe PlainTextPassword | ||
| plainTextPasswordLegacy = fmap PlainTextPassword' . checked | ||
|
|
||
| plainTextPasswordLegacyUnsafe :: Text -> PlainTextPassword | ||
| plainTextPasswordLegacyUnsafe = PlainTextPassword' . unsafeRange | ||
|
|
||
| plainTextPassword :: Text -> Maybe PlainTextPasswordMinLength8 | ||
| plainTextPassword = fmap PlainTextPassword' . checked | ||
|
|
||
| plainTextPasswordUnsafe :: Text -> PlainTextPasswordMinLength8 | ||
| plainTextPasswordUnsafe = PlainTextPassword' . unsafeRange | ||
|
|
||
| fromPlainTextPassword :: PlainTextPassword' t -> Text | ||
| fromPlainTextPassword = fromRange . fromPlainTextPassword' | ||
|
|
||
| -- | Convert a 'PlainTextPasswordMinLength8' to a legacy 'PlainTextPassword'. | ||
| toLegacy :: PlainTextPasswordMinLength8 -> PlainTextPassword | ||
| toLegacy = PlainTextPassword' . unsafeRange . fromPlainTextPassword |
Contributor
There was a problem hiding this comment.
It's fine to use PlainTextPasswordLegacy instead of PlainTextPassword6, but please be consistent and name the constructors after the types they are constructing.
libs/types-common/src/Data/Misc.hs
Outdated
|
|
||
| instance Arbitrary PlainTextPassword where | ||
| instance Arbitrary (PlainTextPassword' (8 :: Nat)) where | ||
| -- TODO: why 6..1024? For tests we might want invalid passwords as well, e.g. 3 chars |
Contributor
There was a problem hiding this comment.
This TODO is obsolete: we don't have to test for errors that are caught by the type checker.
Contributor
|
before b2adfe0: after b2adfe0: I'd really like to know how this didn't trigger on CI or on your machine @battermann... |
Contributor
|
ah, maybe something to do with |
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bPlainTextPassword\b([^'\''])/PlainTextPassword6\1/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bPlainTextPasswordMinLength8\b/PlainTextPassword8/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bplainTextPasswordLegacy\b/plainTextPassword6/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bplainTextPasswordLegacyUnsafe\b/plainTextPassword6Unsafe/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bplainTextPassword\b/plainTextPassword8/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\bplainTextPasswordUnsafe\b/plainTextPassword8Unsafe/g' {} \;
find services/ libs/ tools/ -name '*.hs' -exec perl -i -pe 's/\btoLegacy\b/plainTextPassword8To6/g' {} \;
fisx
approved these changes
Mar 13, 2023
Contributor
fisx
left a comment
fisx
left a comment
There was a problem hiding this comment.
LGTM now! :)
please take a look at the changes (i think commit-by-commit is easiest, and you can ignore all the automatic renaming noise), and merge if you agree with everything.
Contributor
Author
I added this test. |
* Downgrade to our fork of http2 It seems the released version of http2 is causing issues with streaming of assets via federator. * Add CHANGELOG entry
* Fix ES reset command in Makefile * fixup! Fix ES reset command in Makefile
* Upgrade cachix to 1.3.1 * Trivial change to force rebuilding of haddocks
* Add `flakyTestCase` command and use it. This should make life slightly more bearable for everybody including concourse, while still allowing to run the pending tests locally by setting `RUN_FLAKY_TESTS=1`. * Make sanitize-pr faster by only looking at changed files.
…on (#3134) * FS-1530: Allow partial success when removing users from conversations * FS-1530 Adding tests for deleting conversations and removing members * FS-1530 Formatting and hlint * Hi CI * HI CI --------- Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com> Co-authored-by: Igor Ranieri <igor@elland.me>
This reverts commit cad8b61.
…-to-enforce-stronger-password-restrictions-when-setting-a-password
battermann
deleted the
SQSERVICES-1931-wire-server-allow-backend-to-enforce-stronger-password-restrictions-when-setting-a-password
branch
lepsa
pushed a commit
to lepsa/wire-server
that referenced
this pull request
Nov 28, 2023
…ord restrictions when setting a password (wireapp#3137)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://wearezeta.atlassian.net/browse/SQSERVICES-1931
PlainTextPasswordtype so that it contains a text range according to the previous constraint with a min of 6 charactersPlainTextPasswordMinLength8with a text range with a min of 8 charactersNewProviderResponseNewUserNewRawUserPasswordChangeCompletePasswordResetplainTextPasswordUnsafeandplainTextPasswordLegacyUnsafeto use where we need to construct a password from a string (in the prod code, these should be used with caution)toLegacyexists to convert from the new password type to the legacy type, which should always succeed because the constraints of the new type are strongerIt's currently not tested that login with an existing password with a length of less 8 characters still works. But according to how this is implemented, there is no reason it should not. Unfortunately, this would be very difficult to test, as it is not possible to create test users with shorter passwords anymore.
Checklist
changelog.d