upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-02-03 20:40:00 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mattermost/server/channels/app/users/errors.go
Alejandro García Montoro c28d13cbc9
MM-64692: Migrate passwords to PBKDF2 (#33830) 
* Add parser and hasher packages

The new `password` module includes two packages:
- `hashers` provides a structure allowing for seamless migrations
between password hashing methods. It also implements two password
hashers: bcrypt, which was the current hashing method, and PBKDF2, which
is the one we are migrating to.
- `parser` provides types and primitives to parse PHC[0] strings,
serving as the foundation of the `PasswordHasher` interface and
implementations, which are all PHC-based.

[0] https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md

* Use latest hasher to hash new passwords

The previous commit added a LatestHasher variable, that contains the
`PasswordHasher` currently in use. Here, we make sure we use it for
hashing new passwords, instead of the currently hardcoded bcrypt.

* Use errors from hashers' package

Some chore work to unify errors defined in `hashers`, not from external
packages like `bcrypt`.

* Implement password migration logic

This commit implements the actual logic to migrate passwords, which
can be summarized as:

0. When the user enters their password (either for login in
`App.CheckPasswordAndAllCriteria` or for double-checking the password
when the app needs additional confirmation for anything in
`App.DoubleCheckPassword`), this process is started.
1. The new `App.checkUserPassword` is called. In
`users.CheckUserPassword`, we parse the stored hashed password with the
new PHC parser and identify whether it was generated with the current
hashing method (PBKDF2). If it is, just verify the password as usual and
continue normally.
2. If not, start the migration calling `App.migratePassword`:
  a. First, we call `Users.MigratePassword`, which validates that the
  stored hash and the provided password match, using the hasher that
  generated the old hash.
  b. If the user-provided password matches the old hash, then we simply
  re-hash that password with our current hasher, the one in
  `hashers.LatestHasher`. If not, we fail.
  c. Back in `App.migratePassword`, if the migration was successful,
  then we update the user in the database with the newly generated hash.

* make i18n-extract

* Rename getDefaultHasher to getOriginalHasher

* Refactor App checkUserPsasword and migratePassword

Simplify the flow in these two methods, removing the similarly named
users.CheckUserPassword and users.MigratePassword, inlining the logic
needed in the App layer and at the same time removing the need to parse
the stored hash twice.

This implements a package-level function, CompareHashAndPassword: the
first step to unexport LatestHasher.

* Add a package level Hash method

This completely removes the need to expose LatestHasher, and lets us
also remove model.HashPassword, in favour of the new hashers.Hash

* Unexport LatestHasher

* Remove tests for removed functions

* Make the linter happy

* Remove error no longer used

* Allow for parameter migrations on the same hasher

Before this, we were only checking that the function ID of the stored
hash was the ID of the latest hashing method. Here, we no longer ignore
the parameters, so that if in the future we need to migrate to the same
hashing method with a different parameter (let's say PBKDF2 with work
factor 120,000 instead of work factor 60,000), we can do it by updating
the latestHasher variable. IsPHCValid will detect this change and force
a migration if needed.

* Document new functions

* make i18n-extract

* Fix typo in comment

Co-authored-by: Ben Cooke <benkcooke@gmail.com>

* Rename parser package to phcparser

* Simplify phcparser.New documentation

* Rename scanSymbol to scanSeparator

Redefine the list of separator tokens, including EOF as one.

* Document undocumented functions that are unexported

* Reorder error block in checkUserPassword

* Add unit tests for IsLatestHasher

* Reorder code in parser.go

* Enforce SHA256 as internal function for PBKDF2

* Fix typo in comment

Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>

---------

Co-authored-by: Ben Cooke <benkcooke@gmail.com>
Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
2025-09-11 16:43:34 +02:00

42 lines
1.3 KiB
Go
Raw Permalink Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package users
import "errors"
var (
AcceptedDomainError = errors.New("the email provided does not belong to an accepted domain")
VerifyUserError = errors.New("could not update verify email field")
UserCountError = errors.New("could not get the total number of the users.")
UserCreationDisabledError = errors.New("user creation is not allowed")
UserStoreIsEmptyError = errors.New("could not check if the user store is empty")
DeleteAllAccessDataError = errors.New("could not delete all access data")
DefaultFontError = errors.New("could not get default font")
UserInitialsError = errors.New("could not get user initials")
ImageEncodingError = errors.New("could not encode image")
GlyphError = errors.New("could not get glyph")
InvalidPasswordError = NewErrInvalidPassword("")
)
// ErrInvalidPassword indicates an error against the password settings
type ErrInvalidPassword struct {
id string
}
func NewErrInvalidPassword(id string) *ErrInvalidPassword {
return &ErrInvalidPassword{
id: id,
}
}
func (e *ErrInvalidPassword) Error() string {
return "invalid password"
}
func (e *ErrInvalidPassword) Id() string {
return e.id
}
Reference in a new issue View git blame Copy permalink