GODT-1609: use byte array for password

2022-10-03 21:12:00 +02:00
parent 3b5f931f06
commit b536b8707e
20 changed files with 64 additions and 73 deletions
--- a/internal/bridge/bridge_test.go
+++ b/internal/bridge/bridge_test.go
@ -26,9 +26,10 @@ import (

 const (
 	username = "username"
-	password = "password"
 )

+var password = []byte("password")
+
 var (
 	v2_3_0 = semver.MustParse("2.3.0")
 	v2_4_0 = semver.MustParse("2.4.0")
@ -339,7 +340,7 @@ func withEnv(t *testing.T, tests func(ctx context.Context, server *server.Server
 	defer server.Close()

 	// Add test user.
-	_, _, err := server.AddUser(username, password, username+"@pm.me")
+	_, _, err := server.AddUser(username, string(password), username+"@pm.me")
 	require.NoError(t, err)

 	// Generate a random vault key.
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@ -23,7 +23,7 @@ func (backend *smtpBackend) Login(state *smtp.ConnectionState, username string,
 	defer backend.usersLock.RUnlock()

 	for _, user := range backend.users {
-		if slices.Contains(user.Emails(), username) && user.BridgePass() == password {
+		if slices.Contains(user.Emails(), username) && string(user.BridgePass()) == password {
 			return user.NewSMTPSession(username), nil
 		}
 	}
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -32,7 +32,7 @@ type UserInfo struct {
 	AddressMode vault.AddressMode

 	// BridgePass is the user's bridge password.
-	BridgePass string
+	BridgePass []byte

 	// UsedSpace is the amount of space used by the user.
 	UsedSpace int
@ -76,11 +76,11 @@ func (bridge *Bridge) QueryUserInfo(query string) (UserInfo, error) {
 // If necessary, a TOTP and mailbox password are requested via the callbacks.
 func (bridge *Bridge) LoginUser(
 	ctx context.Context,
-	username, password string,
+	username string, password []byte,
 	getTOTP func() (string, error),
 	getKeyPass func() ([]byte, error),
 ) (string, error) {
-	client, auth, err := bridge.api.NewClientWithLogin(ctx, username, password)
+	client, auth, err := bridge.api.NewClientWithLogin(ctx, username, string(password))
 	if err != nil {
 		return "", err
 	}
@ -106,7 +106,7 @@ func (bridge *Bridge) LoginUser(

 		keyPass = pass
 	} else {
-		keyPass = []byte(password)
+		keyPass = password
 	}

 	apiUser, apiAddrs, userKR, addrKRs, saltedKeyPass, err := client.Unlock(ctx, keyPass)
--- a/internal/bridge/user_test.go
+++ b/internal/bridge/user_test.go
@ -255,7 +255,8 @@ func TestBridge_LoginDeleteRestart(t *testing.T) {

 func TestBridge_BridgePass(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, dialer *bridge.TestDialer, locator bridge.Locator, storeKey []byte) {
-		var userID, pass string
+		var userID string
+		var pass []byte

 		withBridge(t, ctx, s.GetHostURL(), dialer, locator, storeKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
 			// Login the user.