GODT-1609: Fix bridge password encoding

2025-12-10 04:36:43 +00:00 · 2022-10-04 17:50:44 +02:00
parent 51633e000b
commit 6ac68984f2
9 changed files with 23 additions and 10 deletions
--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502
+	github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
 	github.com/ProtonMail/go-rfc5322 v0.11.0
 	github.com/ProtonMail/gopenpgp/v2 v2.4.10
--- a/go.sum
+++ b/go.sum
@ -29,10 +29,8 @@ github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
 github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkFn/XLzSqPOB5AAthuk9xPk=
 github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
-github.com/ProtonMail/gluon v0.11.1-0.20221003131446-151fe7c114e2 h1:4AVKhOmX5n0xa7fEbq6DUFj0yO9PTK5V/k7633oyBwg=
-github.com/ProtonMail/gluon v0.11.1-0.20221003131446-151fe7c114e2/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
-github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502 h1:J3xJzMsepbP22bYJI8szJEwu3DNAdMyGIMyGCJ3CSFc=
-github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
+github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0 h1:SsacIP40QP64FNZrBlm5XDLHZMIx0i36mUYmTSWI2Y4=
+github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@ -19,7 +19,7 @@ func newSMTPBackend() (*smtpBackend, error) {
 	return &smtpBackend{}, nil
 }

-func (backend *smtpBackend) Login(state *smtp.ConnectionState, username string, password string) (smtp.Session, error) {
+func (backend *smtpBackend) Login(state *smtp.ConnectionState, username, password string) (smtp.Session, error) {
 	backend.usersLock.RLock()
 	defer backend.usersLock.RUnlock()

--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -76,7 +76,8 @@ func (bridge *Bridge) QueryUserInfo(query string) (UserInfo, error) {
 // If necessary, a TOTP and mailbox password are requested via the callbacks.
 func (bridge *Bridge) LoginUser(
 	ctx context.Context,
-	username string, password []byte,
+	username string,
+	password []byte,
 	getTOTP func() (string, error),
 	getKeyPass func() ([]byte, error),
 ) (string, error) {
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@ -256,6 +256,7 @@ func TestBridge_LoginDeleteRestart(t *testing.T) {
 func TestBridge_BridgePass(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, dialer *bridge.TestDialer, locator bridge.Locator, storeKey []byte) {
 		var userID string
+
 		var pass []byte

 		withBridge(t, ctx, s.GetHostURL(), dialer, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
--- a/internal/focus/proto/focus.pb.go
+++ b/internal/focus/proto/focus.pb.go
@ -24,10 +24,11 @@
 package proto

 import (
+	reflect "reflect"
+
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	reflect "reflect"
 )

 const (
--- a/internal/focus/proto/focus_grpc.pb.go
+++ b/internal/focus/proto/focus_grpc.pb.go
@ -8,6 +8,7 @@ package proto

 import (
 	context "context"
+
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
--- a/internal/vault/token.go
+++ b/internal/vault/token.go
@ -1,6 +1,8 @@
 package vault

 import (
+	"encoding/hex"
+
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 )

@ -16,3 +18,12 @@ func newRandomToken(size int) []byte {

 	return token
 }
+
+func newRandomString(size int) []byte {
+	token, err := RandomToken(size)
+	if err != nil {
+		panic(err)
+	}
+
+	return []byte(hex.EncodeToString(token))
+}
--- a/internal/vault/vault.go
+++ b/internal/vault/vault.go
@ -91,7 +91,7 @@ func (vault *Vault) ForUser(fn func(*User) error) error {
 }

 // AddUser creates a new user in the vault with the given ID and username.
-// A bridge password is generated using the package's token generator.
+// A bridge password and gluon key are generated using the package's token generator.
 func (vault *Vault) AddUser(userID, username, authUID, authRef string, keyPass []byte) (*User, error) {
 	if idx := xslices.IndexFunc(vault.get().Users, func(user UserData) bool {
 		return user.UserID == userID
@ -107,7 +107,7 @@ func (vault *Vault) AddUser(userID, username, authUID, authRef string, keyPass [
 			GluonKey:    newRandomToken(32),
 			GluonIDs:    make(map[string]string),
 			UIDValidity: make(map[string]imap.UID),
-			BridgePass:  newRandomToken(16),
+			BridgePass:  newRandomString(16),
 			AddressMode: CombinedMode,

 			AuthUID: authUID,