GODT-1155 Update gopenpgp and use go-srp

test/accounts/account.go

@@ -177,12 +177,12 @@ func (a *TestAccount) EnsureAddress(addressOrAddressTestID string) string {
 	return addressOrAddressTestID
 }
 
-func (a *TestAccount) Password() string {
-	return a.password
+func (a *TestAccount) Password() []byte {
+	return []byte(a.password)
 }
 
-func (a *TestAccount) MailboxPassword() string {
-	return a.mailboxPassword
+func (a *TestAccount) MailboxPassword() []byte {
+	return []byte(a.mailboxPassword)
 }
 
 func (a *TestAccount) IsTwoFAEnabled() bool {

test/context/credentials.go

@@ -51,7 +51,7 @@ func (c *fakeCredStore) List() (userIDs []string, err error) {
 	return keys, nil
 }
 
-func (c *fakeCredStore) Add(userID, userName, uid, ref, mailboxPassword string, emails []string) (*credentials.Credentials, error) {
+func (c *fakeCredStore) Add(userID, userName, uid, ref string, mailboxPassword []byte, emails []string) (*credentials.Credentials, error) {
 	bridgePassword := bridgePassword
 	if c, ok := c.credentials[userID]; ok {
 		bridgePassword = c.BridgePassword
@@ -80,7 +80,7 @@ func (c *fakeCredStore) UpdateEmails(userID string, emails []string) (*credentia
 	return c.credentials[userID], nil
 }
 
-func (c *fakeCredStore) UpdatePassword(userID, password string) (*credentials.Credentials, error) {
+func (c *fakeCredStore) UpdatePassword(userID string, password []byte) (*credentials.Credentials, error) {
 	creds, err := c.Get(userID)
 	if err != nil {
 		return nil, err
@@ -100,7 +100,7 @@ func (c *fakeCredStore) UpdateToken(userID, uid, ref string) (*credentials.Crede
 
 func (c *fakeCredStore) Logout(userID string) (*credentials.Credentials, error) {
 	c.credentials[userID].APIToken = ""
-	c.credentials[userID].MailboxPassword = ""
+	c.credentials[userID].MailboxPassword = []byte{}
 	return c.credentials[userID], nil
 }
 

test/context/pmapi_controller.go

@@ -30,7 +30,7 @@ import (
 type PMAPIController interface {
 	TurnInternetConnectionOff()
 	TurnInternetConnectionOn()
-	AddUser(user *pmapi.User, addresses *pmapi.AddressList, password string, twoFAEnabled bool) error
+	AddUser(user *pmapi.User, addresses *pmapi.AddressList, password []byte, twoFAEnabled bool) error
 	AddUserLabel(username string, label *pmapi.Label) error
 	GetLabelIDs(username string, labelNames []string) ([]string, error)
 	AddUserMessage(username string, message *pmapi.Message) (string, error)

test/context/users.go

@@ -24,9 +24,9 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/ProtonMail/go-srp"
 	"github.com/ProtonMail/proton-bridge/internal/store"
 	"github.com/ProtonMail/proton-bridge/internal/users"
-	"github.com/ProtonMail/proton-bridge/pkg/srp"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 )
@@ -37,7 +37,7 @@ func (ctx *TestContext) GetUsers() *users.Users {
 }
 
 // LoginUser logs in the user with the given username, password, and mailbox password.
-func (ctx *TestContext) LoginUser(username, password, mailboxPassword string) error {
+func (ctx *TestContext) LoginUser(username string, password, mailboxPassword []byte) error {
 	srp.RandReader = rand.New(rand.NewSource(42)) //nolint[gosec] It is OK to use weaker random number generator here
 
 	client, auth, err := ctx.users.Login(username, password)

test/fakeapi/controller_control.go

@@ -61,7 +61,7 @@ func (ctl *Controller) ReorderAddresses(user *pmapi.User, addressIDs []string) e
 	return api.ReorderAddresses(context.Background(), addressIDs)
 }
 
-func (ctl *Controller) AddUser(user *pmapi.User, addresses *pmapi.AddressList, password string, twoFAEnabled bool) error {
+func (ctl *Controller) AddUser(user *pmapi.User, addresses *pmapi.AddressList, password []byte, twoFAEnabled bool) error {
 	ctl.usersByUsername[user.Name] = &fakeUser{
 		user:     user,
 		password: password,

test/fakeapi/controller_session.go

@@ -18,6 +18,7 @@
 package fakeapi
 
 import (
+	"bytes"
 	"errors"
 
 	"github.com/ProtonMail/proton-bridge/pkg/pmapi"
@@ -49,10 +50,10 @@ func (ctl *Controller) checkScope(uid string) bool {
 	return session.hasFullScope
 }
 
-func (ctl *Controller) createSessionIfAuthorized(username, password string) (*fakeSession, error) {
+func (ctl *Controller) createSessionIfAuthorized(username string, password []byte) (*fakeSession, error) {
 	// get user
 	user, ok := ctl.usersByUsername[username]
-	if !ok || user.password != password {
+	if !ok || !bytes.Equal(user.password, password) {
 		return nil, errWrongNameOrPassword
 	}
 

test/fakeapi/controller_user.go

@@ -21,6 +21,6 @@ import "github.com/ProtonMail/proton-bridge/pkg/pmapi"
 
 type fakeUser struct {
 	user     *pmapi.User
-	password string
+	password []byte
 	has2FA   bool
 }

test/fakeapi/manager.go

@@ -94,7 +94,7 @@ func (m *fakePMAPIManager) NewClientWithRefresh(_ context.Context, uid, ref stri
 	return client, auth, nil
 }
 
-func (m *fakePMAPIManager) NewClientWithLogin(_ context.Context, username string, password string) (pmapi.Client, *pmapi.Auth, error) {
+func (m *fakePMAPIManager) NewClientWithLogin(_ context.Context, username string, password []byte) (pmapi.Client, *pmapi.Auth, error) {
 	if err := m.controller.checkAndRecordCall(POST, "/auth/info", &pmapi.GetAuthInfoReq{Username: username}); err != nil {
 		return nil, nil, err
 	}

test/liveapi/users.go

@@ -25,7 +25,7 @@ import (
 	"github.com/pkg/errors"
 )
 
-func (ctl *Controller) AddUser(user *pmapi.User, addresses *pmapi.AddressList, password string, twoFAEnabled bool) error {
+func (ctl *Controller) AddUser(user *pmapi.User, addresses *pmapi.AddressList, password []byte, twoFAEnabled bool) error {
 	if twoFAEnabled {
 		return godog.ErrPending
 	}

test/users_actions_test.go

@@ -45,7 +45,7 @@ func userLogsInWithBadPassword(bddUserID string) error {
 	if account == nil {
 		return godog.ErrPending
 	}
-	ctx.SetLastError(ctx.LoginUser(account.Username(), "you shall not pass!", "123"))
+	ctx.SetLastError(ctx.LoginUser(account.Username(), []byte("you shall not pass!"), []byte("123")))
 	return nil
 }