GODT-1155 Update gopenpgp and use go-srp

2025-12-11 05:06:51 +00:00 · 2021-05-14 09:36:48 +02:00
parent c69239ca16
commit a2029002c4
40 changed files with 257 additions and 603 deletions
--- a/internal/frontend/cli-ie/accounts.go
+++ b/internal/frontend/cli-ie/accounts.go
@ -68,7 +68,7 @@ func (f *frontendCLI) loginAccount(c *ishell.Context) { // nolint[funlen]
 	}

 	f.Println("Authenticating ... ")
-	client, auth, err := f.ie.Login(loginName, password)
+	client, auth, err := f.ie.Login(loginName, []byte(password))
 	if err != nil {
 		f.processAPIError(err)
 		return
@ -96,7 +96,7 @@ func (f *frontendCLI) loginAccount(c *ishell.Context) { // nolint[funlen]
 	}

 	f.Println("Adding account ...")
-	user, err := f.ie.FinishLogin(client, auth, mailboxPassword)
+	user, err := f.ie.FinishLogin(client, auth, []byte(mailboxPassword))
 	if err != nil {
 		log.WithField("username", loginName).WithError(err).Error("Login was unsuccessful")
 		f.Println("Adding account was unsuccessful:", err)
--- a/internal/frontend/cli/accounts.go
+++ b/internal/frontend/cli/accounts.go
@ -115,7 +115,7 @@ func (f *frontendCLI) loginAccount(c *ishell.Context) { // nolint[funlen]
 	}

 	f.Println("Authenticating ... ")
-	client, auth, err := f.bridge.Login(loginName, password)
+	client, auth, err := f.bridge.Login(loginName, []byte(password))
 	if err != nil {
 		f.processAPIError(err)
 		return
@ -143,7 +143,7 @@ func (f *frontendCLI) loginAccount(c *ishell.Context) { // nolint[funlen]
 	}

 	f.Println("Adding account ...")
-	user, err := f.bridge.FinishLogin(client, auth, mailboxPassword)
+	user, err := f.bridge.FinishLogin(client, auth, []byte(mailboxPassword))
 	if err != nil {
 		log.WithField("username", loginName).WithError(err).Error("Login was unsuccessful")
 		f.Println("Adding account was unsuccessful:", err)
--- a/internal/frontend/qt-common/accounts.go
+++ b/internal/frontend/qt-common/accounts.go
@ -186,7 +186,7 @@ func (a *Accounts) showLoginError(err error, scope string) bool {
 //  2: when has no 2FA but have MBOX
 func (a *Accounts) Login(login, password string) int {
 	var err error
-	a.authClient, a.auth, err = a.um.Login(login, password)
+	a.authClient, a.auth, err = a.um.Login(login, []byte(password))
 	if a.showLoginError(err, "login") {
 		return -1
 	}
@ -230,7 +230,7 @@ func (a *Accounts) AddAccount(mailboxPassword string) int {
 		return -1
 	}

-	user, err := a.um.FinishLogin(a.authClient, a.auth, mailboxPassword)
+	user, err := a.um.FinishLogin(a.authClient, a.auth, []byte(mailboxPassword))
 	if err != nil {
 		log.WithError(err).Error("Login was unsuccessful")
 		a.qml.SetAddAccountWarning("Failure: "+err.Error(), -2)
--- a/internal/frontend/qt/accounts.go
+++ b/internal/frontend/qt/accounts.go
@ -152,7 +152,7 @@ func (s *FrontendQt) showLoginError(err error, scope string) bool {
 //  2: when has no 2FA but have MBOX
 func (s *FrontendQt) login(login, password string) int {
 	var err error
-	s.authClient, s.auth, err = s.bridge.Login(login, password)
+	s.authClient, s.auth, err = s.bridge.Login(login, []byte(password))
 	if s.showLoginError(err, "login") {
 		return -1
 	}
@ -195,7 +195,7 @@ func (s *FrontendQt) addAccount(mailboxPassword string) int {
 		return -1
 	}

-	user, err := s.bridge.FinishLogin(s.authClient, s.auth, mailboxPassword)
+	user, err := s.bridge.FinishLogin(s.authClient, s.auth, []byte(mailboxPassword))
 	if err != nil {
 		log.WithError(err).Error("Login was unsuccessful")
 		s.Qml.SetAddAccountWarning("Failure: "+err.Error(), -2)
--- a/internal/frontend/types/types.go
+++ b/internal/frontend/types/types.go
@ -49,8 +49,8 @@ type Updater interface {

 // UserManager is an interface of users needed by frontend.
 type UserManager interface {
-	Login(username, password string) (pmapi.Client, *pmapi.Auth, error)
-	FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword string) (User, error)
+	Login(username string, password []byte) (pmapi.Client, *pmapi.Auth, error)
+	FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword []byte) (User, error)
 	GetUsers() []User
 	GetUser(query string) (User, error)
 	DeleteUser(userID string, clearCache bool) error
@ -94,7 +94,7 @@ func NewBridgeWrap(bridge *bridge.Bridge) *bridgeWrap { //nolint[golint]
 	return &bridgeWrap{Bridge: bridge}
 }

-func (b *bridgeWrap) FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword string) (User, error) {
+func (b *bridgeWrap) FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword []byte) (User, error) {
 	return b.Bridge.FinishLogin(client, auth, mailboxPassword)
 }

@ -134,7 +134,7 @@ func NewImportExportWrap(ie *importexport.ImportExport) *importExportWrap { //no
 	return &importExportWrap{ImportExport: ie}
 }

-func (b *importExportWrap) FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword string) (User, error) {
+func (b *importExportWrap) FinishLogin(client pmapi.Client, auth *pmapi.Auth, mailboxPassword []byte) (User, error) {
 	return b.ImportExport.FinishLogin(client, auth, mailboxPassword)
 }

--- a/internal/users/credentials/credentials.go
+++ b/internal/users/credentials/credentials.go
@ -47,8 +47,8 @@ type Credentials struct {
 	UserID, // Do not marshal; used as a key.
 	Name,
 	Emails,
-	APIToken,
-	MailboxPassword,
+	APIToken string
+	MailboxPassword []byte
 	BridgePassword,
 	Version string
 	Timestamp int64
@ -58,15 +58,15 @@ type Credentials struct {

 func (s *Credentials) Marshal() string {
 	items := []string{
-		s.Name,            // 0
-		s.Emails,          // 1
-		s.APIToken,        // 2
-		s.MailboxPassword, // 3
-		s.BridgePassword,  // 4
-		s.Version,         // 5
-		"",                // 6
-		"",                // 7
-		"",                // 8
+		s.Name,                    // 0
+		s.Emails,                  // 1
+		s.APIToken,                // 2
+		string(s.MailboxPassword), // 3
+		s.BridgePassword,          // 4
+		s.Version,                 // 5
+		"",                        // 6
+		"",                        // 7
+		"",                        // 8
 	}

 	items[6] = fmt.Sprint(s.Timestamp)
@ -97,7 +97,7 @@ func (s *Credentials) Unmarshal(secret string) error {
 	s.Name = items[0]
 	s.Emails = items[1]
 	s.APIToken = items[2]
-	s.MailboxPassword = items[3]
+	s.MailboxPassword = []byte(items[3])

 	switch len(items) {
 	case itemLengthBridge:
@ -143,11 +143,11 @@ func (s *Credentials) CheckPassword(password string) error {

 func (s *Credentials) Logout() {
 	s.APIToken = ""
-	s.MailboxPassword = ""
+	s.MailboxPassword = []byte{}
 }

 func (s *Credentials) IsConnected() bool {
-	return s.APIToken != "" && s.MailboxPassword != ""
+	return s.APIToken != "" && len(s.MailboxPassword) != 0
 }

 func (s *Credentials) SplitAPIToken() (string, string, error) {
--- a/internal/users/credentials/credentials_test.go
+++ b/internal/users/credentials/credentials_test.go
@ -32,7 +32,7 @@ var wantCredentials = Credentials{
 	Name:                  "name",
 	Emails:                "email1;email2",
 	APIToken:              "token",
-	MailboxPassword:       "mailbox pass",
+	MailboxPassword:       []byte("mailbox pass"),
 	BridgePassword:        "bridge pass",
 	Version:               "k11",
 	Timestamp:             time.Now().Unix(),
@ -52,7 +52,7 @@ func TestUnmarshallImportExport(t *testing.T) {
 		wantCredentials.Name,
 		wantCredentials.Emails,
 		wantCredentials.APIToken,
-		wantCredentials.MailboxPassword,
+		string(wantCredentials.MailboxPassword),
 		"k11",
 		fmt.Sprint(wantCredentials.Timestamp),
 	}
--- a/internal/users/credentials/store.go
+++ b/internal/users/credentials/store.go
@ -39,7 +39,7 @@ func NewStore(keychain *keychain.Keychain) *Store {
 	return &Store{secrets: keychain}
 }

-func (s *Store) Add(userID, userName, uid, ref, mailboxPassword string, emails []string) (*Credentials, error) {
+func (s *Store) Add(userID, userName, uid, ref string, mailboxPassword []byte, emails []string) (*Credentials, error) {
 	storeLocker.Lock()
 	defer storeLocker.Unlock()

@ -108,7 +108,7 @@ func (s *Store) UpdateEmails(userID string, emails []string) (*Credentials, erro
 	return credentials, s.saveCredentials(credentials)
 }

-func (s *Store) UpdatePassword(userID, password string) (*Credentials, error) {
+func (s *Store) UpdatePassword(userID string, password []byte) (*Credentials, error) {
 	storeLocker.Lock()
 	defer storeLocker.Unlock()

--- a/internal/users/credentials/store_test.go
+++ b/internal/users/credentials/store_test.go
@ -277,7 +277,7 @@ func TestMarshal(t *testing.T) {
 		Name:                  "007",
 		Emails:                "ja@pm.me;aj@cus.tom",
 		APIToken:              "sdfdsfsdfsdfsdf",
-		MailboxPassword:       "cdcdcdcd",
+		MailboxPassword:       []byte("cdcdcdcd"),
 		BridgePassword:        "wew123",
 		Version:               "k11",
 		Timestamp:             152469263742,
--- a/internal/users/mocks/mocks.go
+++ b/internal/users/mocks/mocks.go
@ -108,7 +108,7 @@ func (m *MockCredentialsStorer) EXPECT() *MockCredentialsStorerMockRecorder {
 }

 // Add mocks base method
-func (m *MockCredentialsStorer) Add(arg0, arg1, arg2, arg3, arg4 string, arg5 []string) (*credentials.Credentials, error) {
+func (m *MockCredentialsStorer) Add(arg0, arg1, arg2, arg3 string, arg4 []byte, arg5 []string) (*credentials.Credentials, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Add", arg0, arg1, arg2, arg3, arg4, arg5)
 	ret0, _ := ret[0].(*credentials.Credentials)
@ -212,7 +212,7 @@ func (mr *MockCredentialsStorerMockRecorder) UpdateEmails(arg0, arg1 interface{}
 }

 // UpdatePassword mocks base method
-func (m *MockCredentialsStorer) UpdatePassword(arg0, arg1 string) (*credentials.Credentials, error) {
+func (m *MockCredentialsStorer) UpdatePassword(arg0 string, arg1 []byte) (*credentials.Credentials, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdatePassword", arg0, arg1)
 	ret0, _ := ret[0].(*credentials.Credentials)
--- a/internal/users/types.go
+++ b/internal/users/types.go
@ -32,11 +32,11 @@ type PanicHandler interface {

 type CredentialsStorer interface {
 	List() (userIDs []string, err error)
-	Add(userID, userName, uid, ref, mailboxPassword string, emails []string) (*credentials.Credentials, error)
+	Add(userID, userName, uid, ref string, mailboxPassword []byte, emails []string) (*credentials.Credentials, error)
 	Get(userID string) (*credentials.Credentials, error)
 	SwitchAddressMode(userID string) (*credentials.Credentials, error)
 	UpdateEmails(userID string, emails []string) (*credentials.Credentials, error)
-	UpdatePassword(userID, password string) (*credentials.Credentials, error)
+	UpdatePassword(userID string, password []byte) (*credentials.Credentials, error)
 	UpdateToken(userID, uid, ref string) (*credentials.Credentials, error)
 	Logout(userID string) (*credentials.Credentials, error)
 	Delete(userID string) error
--- a/internal/users/user.go
+++ b/internal/users/user.go
@ -227,7 +227,7 @@ func (u *User) unlockIfNecessary() error {
 	// client. Unlock should only finish unlocking when connection is back up.
 	// That means it should try it fast enough and not retry if connection
 	// is still down.
-	err := u.client.Unlock(pmapi.ContextWithoutRetry(context.Background()), []byte(u.creds.MailboxPassword))
+	err := u.client.Unlock(pmapi.ContextWithoutRetry(context.Background()), u.creds.MailboxPassword)
 	if err == nil {
 		return nil
 	}
@ -364,7 +364,7 @@ func (u *User) UpdateUser(ctx context.Context) error {
 		return err
 	}

-	if err := u.client.ReloadKeys(ctx, []byte(u.creds.MailboxPassword)); err != nil {
+	if err := u.client.ReloadKeys(ctx, u.creds.MailboxPassword); err != nil {
 		return errors.Wrap(err, "failed to reload keys")
 	}

--- a/internal/users/user_credentials_test.go
+++ b/internal/users/user_credentials_test.go
@ -37,7 +37,7 @@ func TestUpdateUser(t *testing.T) {

 	gomock.InOrder(
 		m.pmapiClient.EXPECT().UpdateUser(gomock.Any()).Return(nil, nil),
-		m.pmapiClient.EXPECT().ReloadKeys(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
+		m.pmapiClient.EXPECT().ReloadKeys(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
 		m.pmapiClient.EXPECT().Addresses().Return([]*pmapi.Address{testPMAPIAddress}),

 		m.credentialsStore.EXPECT().UpdateEmails("user", []string{testPMAPIAddress.Email}).Return(testCredentials, nil),
--- a/internal/users/user_new_test.go
+++ b/internal/users/user_new_test.go
@ -46,7 +46,7 @@ func TestNewUserUnlockFails(t *testing.T) {
 		m.credentialsStore.EXPECT().Get("user").Return(testCredentials, nil),
 		m.pmapiClient.EXPECT().AddAuthRefreshHandler(gomock.Any()),
 		m.pmapiClient.EXPECT().IsUnlocked().Return(false),
-		m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("bad password")),
+		m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("bad password")),

 		// Handle of unlock error.
 		m.pmapiClient.EXPECT().AuthDelete(gomock.Any()).Return(nil),
--- a/internal/users/users.go
+++ b/internal/users/users.go
@ -200,14 +200,14 @@ func (u *Users) closeAllConnections() {

 // Login authenticates a user by username/password, returning an authorised client and an auth object.
 // The authorisation scope may not yet be full if the user has 2FA enabled.
-func (u *Users) Login(username, password string) (authClient pmapi.Client, auth *pmapi.Auth, err error) {
+func (u *Users) Login(username string, password []byte) (authClient pmapi.Client, auth *pmapi.Auth, err error) {
 	u.crashBandicoot(username)

 	return u.clientManager.NewClientWithLogin(context.Background(), username, password)
 }

 // FinishLogin finishes the login procedure and adds the user into the credentials store.
-func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password string) (user *User, err error) { //nolint[funlen]
+func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password []byte) (user *User, err error) { //nolint[funlen]
 	apiUser, passphrase, err := getAPIUser(context.Background(), client, password)
 	if err != nil {
 		return nil, err
@ -228,7 +228,7 @@ func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password stri
 		}

 		// Update the password in case the user changed it.
-		creds, err := u.credStorer.UpdatePassword(apiUser.ID, string(passphrase))
+		creds, err := u.credStorer.UpdatePassword(apiUser.ID, passphrase)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to update password of user in credentials store")
 		}
@ -264,7 +264,7 @@ func (u *Users) addNewUser(client pmapi.Client, apiUser *pmapi.User, auth *pmapi
 		emails = client.Addresses().AllEmails()
 	}

-	if _, err := u.credStorer.Add(apiUser.ID, apiUser.Name, auth.UID, auth.RefreshToken, string(passphrase), emails); err != nil {
+	if _, err := u.credStorer.Add(apiUser.ID, apiUser.Name, auth.UID, auth.RefreshToken, passphrase, emails); err != nil {
 		return errors.Wrap(err, "failed to add user credentials to credentials store")
 	}

@ -286,7 +286,7 @@ func (u *Users) addNewUser(client pmapi.Client, apiUser *pmapi.User, auth *pmapi
 	return nil
 }

-func getAPIUser(ctx context.Context, client pmapi.Client, password string) (*pmapi.User, []byte, error) {
+func getAPIUser(ctx context.Context, client pmapi.Client, password []byte) (*pmapi.User, []byte, error) {
 	salt, err := client.AuthSalt(ctx)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "failed to get salt")
--- a/internal/users/users_login_test.go
+++ b/internal/users/users_login_test.go
@ -37,7 +37,7 @@ func TestUsersFinishLoginBadMailboxPassword(t *testing.T) {

 	// Set up mocks for FinishLogin.
 	m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil)
-	m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("no keys could be unlocked"))
+	m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("no keys could be unlocked"))

 	checkUsersFinishLogin(t, m, testAuthRefresh, testCredentials.MailboxPassword, "", ErrWrongMailboxPassword)
 }
@ -69,7 +69,7 @@ func TestUsersFinishLoginExistingDisconnectedUser(t *testing.T) {
 	// Mock process of FinishLogin of already added user.
 	gomock.InOrder(
 		m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
-		m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
+		m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
 		m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUserDisconnected, nil),
 		m.credentialsStore.EXPECT().UpdateToken(testCredentialsDisconnected.UserID, testAuthRefresh.UID, testAuthRefresh.RefreshToken).Return(testCredentials, nil),
 		m.credentialsStore.EXPECT().UpdatePassword(testCredentialsDisconnected.UserID, testCredentials.MailboxPassword).Return(testCredentials, nil),
@ -101,7 +101,7 @@ func TestUsersFinishLoginConnectedUser(t *testing.T) {
 	// Mock process of FinishLogin of already connected user.
 	gomock.InOrder(
 		m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
-		m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
+		m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
 		m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUser, nil),
 		m.pmapiClient.EXPECT().AuthDelete(gomock.Any()).Return(nil),
 	)
@ -113,7 +113,7 @@ func TestUsersFinishLoginConnectedUser(t *testing.T) {
 	r.EqualError(t, err, "user is already connected")
 }

-func checkUsersFinishLogin(t *testing.T, m mocks, auth *pmapi.Auth, mailboxPassword string, expectedUserID string, expectedErr error) {
+func checkUsersFinishLogin(t *testing.T, m mocks, auth *pmapi.Auth, mailboxPassword []byte, expectedUserID string, expectedErr error) {
 	users := testNewUsers(t, m)
 	defer cleanUpUsersData(users)

--- a/internal/users/users_new_test.go
+++ b/internal/users/users_new_test.go
@ -84,7 +84,7 @@ func TestNewUsersWithConnectedUserWithBadToken(t *testing.T) {
 	m.clientManager.EXPECT().NewClient("uid", "", "acc", time.Time{}).Return(m.pmapiClient)
 	m.pmapiClient.EXPECT().AddAuthRefreshHandler(gomock.Any())
 	m.pmapiClient.EXPECT().IsUnlocked().Return(false)
-	m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("not authorized"))
+	m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("not authorized"))
 	m.pmapiClient.EXPECT().AuthDelete(gomock.Any())

 	m.credentialsStore.EXPECT().List().Return([]string{"user"}, nil)
--- a/internal/users/users_test.go
+++ b/internal/users/users_test.go
@ -63,7 +63,7 @@ var (
 		Name:                  "username",
 		Emails:                "user@pm.me",
 		APIToken:              "uid:acc",
-		MailboxPassword:       "pass",
+		MailboxPassword:       []byte("pass"),
 		BridgePassword:        "0123456789abcdef",
 		Version:               "v1",
 		Timestamp:             123456789,
@ -76,7 +76,7 @@ var (
 		Name:                  "usersname",
 		Emails:                "users@pm.me;anotheruser@pm.me;alsouser@pm.me",
 		APIToken:              "uid:acc",
-		MailboxPassword:       "pass",
+		MailboxPassword:       []byte("pass"),
 		BridgePassword:        "0123456789abcdef",
 		Version:               "v1",
 		Timestamp:             123456789,
@ -89,7 +89,7 @@ var (
 		Name:                  "username",
 		Emails:                "user@pm.me",
 		APIToken:              "",
-		MailboxPassword:       "",
+		MailboxPassword:       []byte{},
 		BridgePassword:        "0123456789abcdef",
 		Version:               "v1",
 		Timestamp:             123456789,
@ -102,7 +102,7 @@ var (
 		Name:                  "usersname",
 		Emails:                "users@pm.me;anotheruser@pm.me;alsouser@pm.me",
 		APIToken:              "",
-		MailboxPassword:       "",
+		MailboxPassword:       []byte{},
 		BridgePassword:        "0123456789abcdef",
 		Version:               "v1",
 		Timestamp:             123456789,
@ -249,7 +249,7 @@ func mockAddingConnectedUser(m mocks) {
 	gomock.InOrder(
 		// Mock of users.FinishLogin.
 		m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
-		m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
+		m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
 		m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUser, nil),
 		m.pmapiClient.EXPECT().Addresses().Return([]*pmapi.Address{testPMAPIAddress}),
 		m.credentialsStore.EXPECT().Add("user", "username", testAuthRefresh.UID, testAuthRefresh.RefreshToken, testCredentials.MailboxPassword, []string{testPMAPIAddress.Email}).Return(testCredentials, nil),