Skip to content
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
9bb0151
range
battermann Mar 8, 2023
a0aff3f
using pw with range everywhere
battermann Mar 8, 2023
c31a899
using min length password in relevant places
battermann Mar 9, 2023
7d5468e
changelog
battermann Mar 9, 2023
51c4fa7
Generalize password type instances.
fisx Mar 10, 2023
29f4602
Merge branch 'develop' into SQSERVICES-1931-wire-server-allow-backend…
fisx Mar 10, 2023
1731b48
hi ci
fisx Mar 13, 2023
b2adfe0
fix integration test.
fisx Mar 13, 2023
fca8388
automatic renames (1)
fisx Mar 13, 2023
fe632a7
automatic renames (2)
fisx Mar 13, 2023
369e1ec
automatic renames (3)
fisx Mar 13, 2023
becc36e
test login with 6 char password still works
battermann Mar 13, 2023
8abfe18
hi ci
fisx Mar 15, 2023
3766cbd
Downgrade to our fork of http2 (#3141)
pcapriotti Mar 13, 2023
952b67f
Add release note (#3146)
smatting Mar 13, 2023
25400f5
Add changelog for Release 2023-03-06
zebot Mar 6, 2023
55ccf1c
Fix gundeck leak (#3136)
isovector Mar 13, 2023
c21f8e3
Fix ES reset command in Makefile (#3114)
pcapriotti Mar 13, 2023
82f4d8f
Upgrade cachix to 1.3.1 (#3144)
smatting Mar 13, 2023
5ba26cc
Revert "Use openssl instead of tls in federator http2 client (#3051)"…
smatting Mar 13, 2023
1f3da62
Add `flakyTestCase` command and use it. (#3143)
fisx Mar 13, 2023
91b315e
Add docs for creating diagrams in markdown files
battermann Feb 22, 2023
7231764
FS-1530 Suppress federated errors when removing users from conversati…
lepsa Mar 14, 2023
2127ded
[SQSERVICES-1942] Fix DPoP access token error propagation (2/2) (#3142)
battermann Mar 14, 2023
01838ca
OAuth (#2989)
fisx Mar 14, 2023
974cd63
Set versions in Helm charts for Frida (BUND release)
supersven Mar 15, 2023
4d69dc0
Revert "Set versions in Helm charts for Frida (BUND release)"
supersven Mar 15, 2023
c2c94c5
resolved merge issue
battermann Mar 15, 2023
613919b
Merge branch 'develop' into SQSERVICES-1931-wire-server-allow-backend…
battermann Mar 15, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/2-features/pr-3137
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Enforce a minimum length of 8 characters when setting a new password
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Cache.hs
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ put c a = liftIO . atomicModifyIORef (cache c) $ \u -> (a : u, ())

toUser :: HasCallStack => Logger -> Domain -> [CachedUser] -> [LText] -> IO [CachedUser]
toUser _ domain acc [i, e, p] = do
let pw = PlainTextPassword . Text.toStrict $ Text.strip p
let pw = plainTextPasswordLegacyUnsafe . Text.toStrict $ Text.strip p
let iu = error "Cache.toUser: invalid user"
let ie = error "Cache.toUser: invalid email"
let ui = fromMaybe iu . fromByteString . encodeUtf8 . Text.toStrict . Text.strip $ i
Expand Down
8 changes: 4 additions & 4 deletions libs/api-bot/src/Network/Wire/Bot/Monad.hs
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ import qualified Data.HashMap.Strict as HashMap
import Data.Id
import Data.Metrics (Metrics)
import qualified Data.Metrics as Metrics
import Data.Misc (PlainTextPassword (..))
import Data.Misc
import Data.Qualified (Local, toLocalUnsafe)
import Data.Text (pack, unpack)
import Data.Time.Clock
Expand Down Expand Up @@ -452,7 +452,7 @@ newBot tag = liftBotNet $ do
keys <- liftIO $ awaitActivationMail mbox folders sndr email
log Info $ botLogFields (userId user) tag . msg (val "Activate user")
forM_ keys (uncurry activateKey >=> flip assertTrue "Activation failed.")
bot <- mkBot tag user pw
bot <- mkBot tag user (toLegacy pw)
-- TODO: addBotClient?
incrBotsCreatedNew
pure bot
Expand Down Expand Up @@ -978,12 +978,12 @@ botLogFields u t = field "Bot" (show u) . field "Tag" (unTag t)
-------------------------------------------------------------------------------
-- Randomness

randUser :: Email -> BotTag -> IO (NewUser, PlainTextPassword)
randUser :: Email -> BotTag -> IO (NewUser, PlainTextPasswordMinLength8)
randUser (Email loc dom) (BotTag tag) = do
uuid <- nextRandom
pwdUuid <- nextRandom
let email = Email (loc <> "+" <> tag <> "-" <> pack (toString uuid)) dom
let passw = PlainTextPassword (pack (toString pwdUuid))
let passw = plainTextPasswordUnsafe (pack (toString pwdUuid))
pure
( NewUser
{ newUserDisplayName = Name (tag <> "-Wirebot-" <> pack (toString uuid)),
Expand Down
2 changes: 1 addition & 1 deletion libs/brig-types/src/Brig/Types/User/Auth.hs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ where

import Data.Aeson
import Data.Id (UserId)
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPassword)
import Imports
import Wire.API.User.Auth

Expand Down
66 changes: 53 additions & 13 deletions libs/types-common/src/Data/Misc.hs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,15 @@ module Data.Misc
Rsa,

-- * PlainTextPassword
PlainTextPassword (..),
PlainTextPassword' (..),
PlainTextPassword,
PlainTextPasswordMinLength8,
plainTextPasswordLegacy,
plainTextPassword,
fromPlainTextPassword,
plainTextPasswordUnsafe,
plainTextPasswordLegacyUnsafe,
toLegacy,

-- * Typesafe FUTUREWORKS
FutureWork (..),
Expand All @@ -75,6 +83,7 @@ import Data.String.Conversions (cs)
import qualified Data.Swagger as S
import qualified Data.Text as Text
import Data.Text.Encoding (decodeUtf8, encodeUtf8)
import GHC.TypeLits (Nat)
import Imports
import Servant (FromHttpApiData (..))
import Test.QuickCheck (Arbitrary (arbitrary), chooseInteger)
Expand Down Expand Up @@ -338,23 +347,54 @@ instance Arbitrary (Fingerprint Rsa) where
--------------------------------------------------------------------------------
-- Password

newtype PlainTextPassword = PlainTextPassword
{fromPlainTextPassword :: Text}
type PlainTextPassword = PlainTextPassword' (6 :: Nat)

type PlainTextPasswordMinLength8 = PlainTextPassword' (8 :: Nat)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type PlainTextPassword = PlainTextPassword' (6 :: Nat)
type PlainTextPasswordMinLength8 = PlainTextPassword' (8 :: Nat)
type PlainTextPassword6 = PlainTextPassword' (6 :: Nat)
type PlainTextPassword = PlainTextPassword' (8 :: Nat)

The old passwords should have the more awkward name, the passwords we really want to deal with everywhere the simpler name.


plainTextPasswordLegacy :: Text -> Maybe PlainTextPassword
plainTextPasswordLegacy = fmap PlainTextPassword' . checked

plainTextPasswordLegacyUnsafe :: Text -> PlainTextPassword
plainTextPasswordLegacyUnsafe = PlainTextPassword' . unsafeRange

plainTextPassword :: Text -> Maybe PlainTextPasswordMinLength8
plainTextPassword = fmap PlainTextPassword' . checked

plainTextPasswordUnsafe :: Text -> PlainTextPasswordMinLength8
plainTextPasswordUnsafe = PlainTextPassword' . unsafeRange

fromPlainTextPassword :: PlainTextPassword' t -> Text
fromPlainTextPassword = fromRange . fromPlainTextPassword'

-- | Convert a 'PlainTextPasswordMinLength8' to a legacy 'PlainTextPassword'.
toLegacy :: PlainTextPasswordMinLength8 -> PlainTextPassword
toLegacy = PlainTextPassword' . unsafeRange . fromPlainTextPassword

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's fine to use PlainTextPasswordLegacy instead of PlainTextPassword6, but please be consistent and name the constructors after the types they are constructing.


newtype PlainTextPassword' (minLen :: Nat) = PlainTextPassword'
{fromPlainTextPassword' :: Range minLen (1024 :: Nat) Text}
deriving stock (Eq, Generic)
deriving (FromJSON, ToJSON, S.ToSchema) via Schema PlainTextPassword

instance Show PlainTextPassword where
show _ = "PlainTextPassword <hidden>"
deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => FromJSON (PlainTextPassword' tag)

instance ToSchema PlainTextPassword where
schema =
PlainTextPassword
<$> fromPlainTextPassword
.= untypedRangedSchema 6 1024 schema
deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => ToJSON (PlainTextPassword' tag)

deriving via (Schema (PlainTextPassword' tag)) instance ToSchema (PlainTextPassword' tag) => S.ToSchema (PlainTextPassword' tag)

instance Show (PlainTextPassword' minLen) where
show _ = "PlainTextPassword' <hidden>"

instance ToSchema (PlainTextPassword' (6 :: Nat)) where
schema = PlainTextPassword' <$> fromPlainTextPassword' .= schema

instance ToSchema (PlainTextPassword' (8 :: Nat)) where
schema = PlainTextPassword' <$> fromPlainTextPassword' .= schema

instance Arbitrary (PlainTextPassword' (6 :: Nat)) where
arbitrary = PlainTextPassword' <$> arbitrary

instance Arbitrary PlainTextPassword where
instance Arbitrary (PlainTextPassword' (8 :: Nat)) where
-- TODO: why 6..1024? For tests we might want invalid passwords as well, e.g. 3 chars

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This TODO is obsolete: we don't have to test for errors that are caught by the type checker.

arbitrary = PlainTextPassword . fromRange <$> genRangeText @6 @1024 arbitrary
arbitrary = PlainTextPassword' <$> arbitrary

-- | Usage:
-- 1. Use this type in patterns to mark FUTUREWORKS.
Expand Down
4 changes: 2 additions & 2 deletions libs/wire-api/src/Wire/API/Provider.hs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ import Data.Aeson
import Data.Aeson.TH
import Data.Id
import Data.Json.Util
import Data.Misc (HttpsUrl (..), PlainTextPassword (..))
import Data.Misc (HttpsUrl (..), PlainTextPassword, PlainTextPasswordMinLength8)
import Data.Range
import Imports
import Wire.API.Conversation.Code as Code
Expand Down Expand Up @@ -145,7 +145,7 @@ data NewProviderResponse = NewProviderResponse
{ rsNewProviderId :: ProviderId,
-- | The generated password, if none was provided
-- in the 'NewProvider' request.
rsNewProviderPassword :: Maybe PlainTextPassword
rsNewProviderPassword :: Maybe PlainTextPasswordMinLength8
}
deriving stock (Eq, Show, Generic)
deriving (Arbitrary) via (GenericUniform NewProviderResponse)
Expand Down
2 changes: 1 addition & 1 deletion libs/wire-api/src/Wire/API/Provider/Service.hs
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ import Data.ByteString.Conversion
import Data.Id
import Data.Json.Util ((#))
import Data.List1 (List1)
import Data.Misc (HttpsUrl (..), PlainTextPassword (..))
import Data.Misc (HttpsUrl (..), PlainTextPassword)
import Data.PEM (PEM, pemParseBS, pemWriteLBS)
import Data.Proxy
import Data.Range (Range)
Expand Down
2 changes: 1 addition & 1 deletion libs/wire-api/src/Wire/API/Team.hs
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ import Data.Attoparsec.Combinator (choice)
import Data.ByteString.Conversion
import qualified Data.Code as Code
import Data.Id (TeamId, UserId)
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPassword)
import Data.Range
import Data.Schema
import qualified Data.Swagger as S
Expand Down
2 changes: 1 addition & 1 deletion libs/wire-api/src/Wire/API/Team/Member.hs
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ import Data.Id (UserId)
import Data.Json.Util
import Data.Kind
import Data.LegalHold (UserLegalHoldStatus (..), defUserLegalHoldStatus)
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPassword)
import Data.Proxy
import Data.Schema
import Data.Swagger (ToParamSchema (..))
Expand Down
8 changes: 4 additions & 4 deletions libs/wire-api/src/Wire/API/User.hs
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ import qualified Data.HashMap.Strict.InsOrd as InsOrdHashMap
import Data.Id
import Data.Json.Util (UTCTimeMillis, (#))
import Data.LegalHold (UserLegalHoldStatus)
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPassword, PlainTextPasswordMinLength8)
import Data.Qualified
import Data.Range
import Data.SOP
Expand Down Expand Up @@ -711,7 +711,7 @@ data NewUser = NewUser
newUserOrigin :: Maybe NewUserOrigin,
newUserLabel :: Maybe CookieLabel,
newUserLocale :: Maybe Locale,
newUserPassword :: Maybe PlainTextPassword,
newUserPassword :: Maybe PlainTextPasswordMinLength8,
newUserExpiresIn :: Maybe ExpiresIn,
newUserManagedBy :: Maybe ManagedBy
}
Expand Down Expand Up @@ -759,7 +759,7 @@ data NewUserRaw = NewUserRaw
newUserRawTeamId :: Maybe TeamId,
newUserRawLabel :: Maybe CookieLabel,
newUserRawLocale :: Maybe Locale,
newUserRawPassword :: Maybe PlainTextPassword,
newUserRawPassword :: Maybe PlainTextPasswordMinLength8,
newUserRawExpiresIn :: Maybe ExpiresIn,
newUserRawManagedBy :: Maybe ManagedBy
}
Expand Down Expand Up @@ -1131,7 +1131,7 @@ instance (res ~ PutSelfResponses) => AsUnion res (Maybe UpdateProfileError) wher
-- | The payload for setting or changing a password.
data PasswordChange = PasswordChange
{ cpOldPassword :: Maybe PlainTextPassword,
cpNewPassword :: PlainTextPassword
cpNewPassword :: PlainTextPasswordMinLength8
}
deriving stock (Eq, Show, Generic)
deriving (Arbitrary) via (GenericUniform PasswordChange)
Expand Down
2 changes: 1 addition & 1 deletion libs/wire-api/src/Wire/API/User/Auth.hs
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ import Data.Code as Code
import Data.Handle (Handle)
import Data.Id
import Data.Json.Util
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPassword)
import Data.SOP
import Data.Schema
import qualified Data.Swagger as S
Expand Down
2 changes: 1 addition & 1 deletion libs/wire-api/src/Wire/API/User/Client.hs
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ import Data.Domain (Domain)
import Data.Id
import Data.Json.Util
import qualified Data.Map.Strict as Map
import Data.Misc (Latitude (..), Location, Longitude (..), PlainTextPassword (..), latitude, location, longitude)
import Data.Misc (Latitude (..), Location, Longitude (..), PlainTextPassword, latitude, location, longitude)
import Data.Qualified
import Data.Schema
import qualified Data.Set as Set
Expand Down
6 changes: 3 additions & 3 deletions libs/wire-api/src/Wire/API/User/Password.hs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ import Control.Lens ((?~))
import qualified Data.Aeson as A
import Data.Aeson.Types (Parser)
import Data.ByteString.Conversion
import Data.Misc (PlainTextPassword (..))
import Data.Misc (PlainTextPasswordMinLength8)
import Data.Proxy (Proxy (Proxy))
import Data.Range (Ranged (..))
import Data.Schema as Schema
Expand Down Expand Up @@ -103,7 +103,7 @@ instance ToSchema NewPasswordReset where
data CompletePasswordReset = CompletePasswordReset
{ cpwrIdent :: PasswordResetIdentity,
cpwrCode :: PasswordResetCode,
cpwrPassword :: PlainTextPassword
cpwrPassword :: PlainTextPasswordMinLength8
}
deriving stock (Eq, Show, Generic)
deriving (Arbitrary) via (GenericUniform CompletePasswordReset)
Expand Down Expand Up @@ -195,7 +195,7 @@ newtype PasswordResetCode = PasswordResetCode

data PasswordReset = PasswordReset
{ pwrCode :: PasswordResetCode,
pwrPassword :: PlainTextPassword
pwrPassword :: PlainTextPasswordMinLength8
}
deriving stock (Eq, Show, Generic)
deriving (Arbitrary) via (GenericUniform PasswordReset)
Expand Down
Loading