[Brig] Move password verification to the AuthenticationSubsystem, move to Argon2id with default settings. #4271
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zebot
added
the
ok-to-test
fisx
changed the title
elland
force-pushed
the
wpb-9746/password
branch
from
cdb06a4
to
8189763
Compare
elland
changed the title
elland
force-pushed
the
wpb-9746/password
branch
2 times, most recently
from
f6c408d
to
1bdae8c
Compare
elland
force-pushed
the
wpb-9746/password
branch
from
586b48e
to
b8a0ef3
Compare
elland
force-pushed
the
wpb-9746/password
branch
from
40496f4
to
7aa6812
Compare
elland
force-pushed
the
wpb-9746/password
branch
from
d87fbc1
to
e4cb90f
Compare
mdimjasevic
reviewed
Oct 3, 2024
Comment on lines
171
to
174
| salt <- newSalt 32 | ||
| salt <- newSalt 16 |
There was a problem hiding this comment.
I don't have the context, but why this change?
Comment on lines
+285
to
+287
| -- CryptoFailed occurs when salt, output or input are too small/big. | ||
| -- since we control those values ourselves, it should never have a runtime error | ||
| CryptoFailed cErr -> error $ "Impossible error: " <> show cErr |
There was a problem hiding this comment.
So still something to change given the comment?
Comment on lines
+358
to
+366
|
|
||
| ------------------------------------------------------------------------------- | ||
| -- Generate test passwords, benchmark | ||
|
|
||
| genTestPasswords :: IO [(Text, Text)] | ||
| genTestPasswords = replicateM 100 do | ||
| pwd <- genPassword | ||
| hash <- mkSafePassword pwd | ||
| pure (fromPlainTextPassword pwd, fromPassword hash) |
There was a problem hiding this comment.
This sounds like it belongs to a test module instead.
There was a problem hiding this comment.
Requires access to private functions, unsafe to deconstruct the opaque password type. I should document it.
| import Wire.UserKeyStore | ||
|
|
||
| data AuthenticationSubsystem m a where | ||
| VerifyPassword :: Local UserId -> PlainTextPassword6 -> AuthenticationSubsystem m () | ||
| VerifyPasswordE :: Local UserId -> PlainTextPassword6 -> AuthenticationSubsystem m () |
There was a problem hiding this comment.
What is "E" in the name?
Comment on lines
+35
to
+37
| VerifyPassword :: PlainTextPassword6 -> Password -> AuthenticationSubsystem m (Bool, PasswordStatus) | ||
| VerifyUserPassword :: UserId -> PlainTextPassword6 -> AuthenticationSubsystem r (Bool, PasswordStatus) | ||
| VerifyProviderPassword :: ProviderId -> PlainTextPassword6 -> AuthenticationSubsystem r (Bool, PasswordStatus) |
There was a problem hiding this comment.
How is the 6-character password topic related to the Scrypt vs. Argon2id topic? Does the choice of algorithm apply the minimal length?
Comment on lines
+281
to
+282
| PasswordStore.lookupHashedProviderPassword pid | ||
| >>= maybe (throw AuthenticationSubsystemBadCredentials) pure |
There was a problem hiding this comment.
Suggested change
| PasswordStore.lookupHashedProviderPassword pid | |
| >>= maybe (throw AuthenticationSubsystemBadCredentials) pure | |
| PasswordStore.lookupHashedProviderPassword pid >>= noteS @'AuthenticationSubsystemBadCredentials |
Comment on lines
+292
to
+293
| PasswordStore.lookupHashedPassword uid | ||
| >>= maybe (throw AuthenticationSubsystemBadCredentials) pure |
| @@ -16,6 +16,12 @@ interpretPasswordStore casClient = | |||
| runEmbedded (runClient casClient) . \case | |||
| UpsertHashedPassword uid password -> embed $ updatePasswordImpl uid password | |||
| LookupHashedPassword uid -> embed $ lookupPasswordImpl uid | |||
| LookupHashedProviderPassword pid -> embed $ lookupProviderPasswordImpl pid | |||
There was a problem hiding this comment.
Why is there a need to treat provider password differently, i.e., why do we have this action?
There was a problem hiding this comment.
Yes, different table.
| suspendTimeout: 4 | ||
| suspendTimeout: 10 |
| @@ -100,6 +106,7 @@ registerOAuthClient (OAuthClientConfig name uri) = do | |||
| createSecret :: (MonadIO m) => m OAuthClientPlainTextSecret | |||
| createSecret = OAuthClientPlainTextSecret <$> rand32Bytes | |||
|
|
|||
| -- TODO(elland): figure out why | |||
|
Have you searched for all usages of |
mdimjasevic
reviewed
Oct 3, 2024
| authenticate u pw = | ||
| -- TODO: Move this logic into auth subsystem. |
| @@ -225,10 +231,10 @@ reauthenticate u pw = | |||
| where | |||
| maybeReAuth pw' = case pw of | |||
| Nothing -> do | |||
| musr <- lookupUser NoPendingInvitations u | |||
| musr <- wrapClientE $ lookupUser NoPendingInvitations u | |||
There was a problem hiding this comment.
Don't we have an equivalent in the UserStore effect?
| @@ -265,20 +273,31 @@ activateAccountKey key val = do | |||
| lift $ sendApprovalConfirmMail name email | |||
| pure . Just $ Public.ProviderActivationResponse email | |||
|
|
|||
| getActivationCodeH :: (Member GalleyAPIAccess r, Member VerificationCodeSubsystem r) => EmailAddress -> (Handler r) Code.KeyValuePair | |||
| getActivationCodeH :: | |||
There was a problem hiding this comment.
We could drop this wai-routes convention of ending handler names with "H" now that you've already changed the line.
elland
force-pushed
the
wpb-9746/password
branch
from
da03847
to
5ced70d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://wearezeta.atlassian.net/browse/WPB-9746
Checklist
changelog.d