From 6ac68984f2e0fef899fc50c4226bfca9e4bfb0aa Mon Sep 17 00:00:00 2001
From: James Houlahan <james.houlahan@proton.ch>
Date: Tue, 4 Oct 2022 17:50:44 +0200
Subject: [PATCH] GODT-1609: Fix bridge password encoding

---
 go.mod                                |  2 +-
 go.sum                                |  6 ++----
 internal/bridge/smtp_backend.go       |  2 +-
 internal/bridge/user.go               |  3 ++-
 internal/bridge/user_test.go          |  1 +
 internal/focus/proto/focus.pb.go      |  3 ++-
 internal/focus/proto/focus_grpc.pb.go |  1 +
 internal/vault/token.go               | 11 +++++++++++
 internal/vault/vault.go               |  4 ++--
 9 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index a1f49fbe..2c6897a9 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502
+	github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
 	github.com/ProtonMail/go-rfc5322 v0.11.0
 	github.com/ProtonMail/gopenpgp/v2 v2.4.10
diff --git a/go.sum b/go.sum
index dde33779..0623e607 100644
--- a/go.sum
+++ b/go.sum
@@ -29,10 +29,8 @@ github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
 github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkFn/XLzSqPOB5AAthuk9xPk=
 github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
-github.com/ProtonMail/gluon v0.11.1-0.20221003131446-151fe7c114e2 h1:4AVKhOmX5n0xa7fEbq6DUFj0yO9PTK5V/k7633oyBwg=
-github.com/ProtonMail/gluon v0.11.1-0.20221003131446-151fe7c114e2/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
-github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502 h1:J3xJzMsepbP22bYJI8szJEwu3DNAdMyGIMyGCJ3CSFc=
-github.com/ProtonMail/gluon v0.11.1-0.20221003134135-990f7daba502/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
+github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0 h1:SsacIP40QP64FNZrBlm5XDLHZMIx0i36mUYmTSWI2Y4=
+github.com/ProtonMail/gluon v0.11.1-0.20221004153055-7d144337dbd0/go.mod h1:9k3URQEASX9XSA+JEcukjIiK3S6aR9GzhLhwccy8AnI=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
diff --git a/internal/bridge/smtp_backend.go b/internal/bridge/smtp_backend.go
index 4fe90717..79ccbb67 100644
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@@ -19,7 +19,7 @@ func newSMTPBackend() (*smtpBackend, error) {
 	return &smtpBackend{}, nil
 }
 
-func (backend *smtpBackend) Login(state *smtp.ConnectionState, username string, password string) (smtp.Session, error) {
+func (backend *smtpBackend) Login(state *smtp.ConnectionState, username, password string) (smtp.Session, error) {
 	backend.usersLock.RLock()
 	defer backend.usersLock.RUnlock()
 
diff --git a/internal/bridge/user.go b/internal/bridge/user.go
index 1fb293d3..4536a3f2 100644
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@@ -76,7 +76,8 @@ func (bridge *Bridge) QueryUserInfo(query string) (UserInfo, error) {
 // If necessary, a TOTP and mailbox password are requested via the callbacks.
 func (bridge *Bridge) LoginUser(
 	ctx context.Context,
-	username string, password []byte,
+	username string,
+	password []byte,
 	getTOTP func() (string, error),
 	getKeyPass func() ([]byte, error),
 ) (string, error) {
diff --git a/internal/bridge/user_test.go b/internal/bridge/user_test.go
index c1300311..be928433 100644
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@@ -256,6 +256,7 @@ func TestBridge_LoginDeleteRestart(t *testing.T) {
 func TestBridge_BridgePass(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, dialer *bridge.TestDialer, locator bridge.Locator, storeKey []byte) {
 		var userID string
+
 		var pass []byte
 
 		withBridge(t, ctx, s.GetHostURL(), dialer, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
diff --git a/internal/focus/proto/focus.pb.go b/internal/focus/proto/focus.pb.go
index 17249a46..2225da58 100644
--- a/internal/focus/proto/focus.pb.go
+++ b/internal/focus/proto/focus.pb.go
@@ -24,10 +24,11 @@
 package proto
 
 import (
+	reflect "reflect"
+
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	reflect "reflect"
 )
 
 const (
diff --git a/internal/focus/proto/focus_grpc.pb.go b/internal/focus/proto/focus_grpc.pb.go
index 0dc9c6b5..fb9dda1e 100644
--- a/internal/focus/proto/focus_grpc.pb.go
+++ b/internal/focus/proto/focus_grpc.pb.go
@@ -8,6 +8,7 @@ package proto
 
 import (
 	context "context"
+
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
diff --git a/internal/vault/token.go b/internal/vault/token.go
index df55e3e1..5366e493 100644
--- a/internal/vault/token.go
+++ b/internal/vault/token.go
@@ -1,6 +1,8 @@
 package vault
 
 import (
+	"encoding/hex"
+
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 )
 
@@ -16,3 +18,12 @@ func newRandomToken(size int) []byte {
 
 	return token
 }
+
+func newRandomString(size int) []byte {
+	token, err := RandomToken(size)
+	if err != nil {
+		panic(err)
+	}
+
+	return []byte(hex.EncodeToString(token))
+}
diff --git a/internal/vault/vault.go b/internal/vault/vault.go
index 908021b5..f1c6b521 100644
--- a/internal/vault/vault.go
+++ b/internal/vault/vault.go
@@ -91,7 +91,7 @@ func (vault *Vault) ForUser(fn func(*User) error) error {
 }
 
 // AddUser creates a new user in the vault with the given ID and username.
-// A bridge password is generated using the package's token generator.
+// A bridge password and gluon key are generated using the package's token generator.
 func (vault *Vault) AddUser(userID, username, authUID, authRef string, keyPass []byte) (*User, error) {
 	if idx := xslices.IndexFunc(vault.get().Users, func(user UserData) bool {
 		return user.UserID == userID
@@ -107,7 +107,7 @@ func (vault *Vault) AddUser(userID, username, authUID, authRef string, keyPass [
 			GluonKey:    newRandomToken(32),
 			GluonIDs:    make(map[string]string),
 			UIDValidity: make(map[string]imap.UID),
-			BridgePass:  newRandomToken(16),
+			BridgePass:  newRandomString(16),
 			AddressMode: CombinedMode,
 
 			AuthUID: authUID,