Migrat pkg/password to using pkglib package

2023-02-26 10:24:06 +01:00 · 2023-02-26 10:24:06 +01:00 · aa3580c248
commit aa3580c248
parent 010fd536ea
11 changed files with 56 additions and 158 deletions
--- a/internal/config/password.go
+++ b/internal/config/password.go
@ -1,8 +1,13 @@
 package config

-import "github.com/FAU-CDI/wisski-distillery/pkg/password"
+import (
+	"crypto/rand"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/passwordx"
+	"github.com/tkw1536/pkglib/password"
+)

 // NewPassword returns a new password using the password settings from this configuration
 func (cfg Config) NewPassword() (string, error) {
-	return password.Password(cfg.PasswordLength)
+	return password.Generate(rand.Reader, cfg.PasswordLength, passwordx.Charset)
 }
--- a/internal/config/template.go
+++ b/internal/config/template.go
@ -1,13 +1,15 @@
 package config

 import (
+	"crypto/rand"
 	"path/filepath"
 	"time"

 	"github.com/FAU-CDI/wisski-distillery/internal/bootstrap"
+	"github.com/FAU-CDI/wisski-distillery/internal/passwordx"
 	"github.com/FAU-CDI/wisski-distillery/pkg/environment"
-	"github.com/FAU-CDI/wisski-distillery/pkg/password"
 	"github.com/tkw1536/pkglib/hostname"
+	"github.com/tkw1536/pkglib/password"
 )

 // Template is a template for the configuration file
@ -47,7 +49,7 @@ func (tpl *Template) SetDefaults(env environment.Environment) (err error) {
 	}

 	if tpl.TriplestoreAdminPassword == "" {
-		tpl.TriplestoreAdminPassword, err = password.Password(64)
+		tpl.TriplestoreAdminPassword, err = password.Generate(rand.Reader, 64, passwordx.Charset)
 		if err != nil {
 			return err
 		}
@ -58,14 +60,14 @@ func (tpl *Template) SetDefaults(env environment.Environment) (err error) {
 	}

 	if tpl.MysqlAdminPassword == "" {
-		tpl.MysqlAdminPassword, err = password.Password(64)
+		tpl.MysqlAdminPassword, err = password.Generate(rand.Reader, 64, passwordx.Charset)
 		if err != nil {
 			return err
 		}
 	}

 	if tpl.DockerNetworkName == "" {
-		tpl.DockerNetworkName, err = password.Password(10)
+		tpl.DockerNetworkName, err = password.Generate(rand.Reader, 10, passwordx.Charset)
 		if err != nil {
 			return err
 		}
@ -73,7 +75,7 @@ func (tpl *Template) SetDefaults(env environment.Environment) (err error) {
 	}

 	if tpl.SessionSecret == "" {
-		tpl.SessionSecret, err = password.Password(100)
+		tpl.SessionSecret, err = password.Generate(rand.Reader, 100, passwordx.Charset)
 		if err != nil {
 			return err
 		}
--- a/internal/dis/component/auth/user.go
+++ b/internal/dis/component/auth/user.go
@ -9,10 +9,11 @@ import (

 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
 	"github.com/FAU-CDI/wisski-distillery/internal/models"
-	"github.com/FAU-CDI/wisski-distillery/pkg/password"
+	"github.com/FAU-CDI/wisski-distillery/internal/passwordx"
 	"github.com/pkg/errors"
 	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
+	"github.com/tkw1536/pkglib/password"
 	"github.com/tkw1536/pkglib/pools"
 	"github.com/tkw1536/pkglib/reflectx"
 	"golang.org/x/crypto/bcrypt"
@ -263,7 +264,7 @@ func (auth *Auth) CheckPasswordPolicy(candidate string, username string) error {
 		return ErrPolicyTooShort
 	}

-	if err := password.CheckCommonPassword(func(common string) (bool, error) { return common == candidate, nil }); err != nil {
+	if err := password.CheckCommonPassword(func(common string) (bool, error) { return common == candidate, nil }, passwordx.Sources...); err != nil {
 		return ErrPolicyKnown
 	}

--- a/internal/dis/component/exporter/exporter.go
+++ b/internal/dis/component/exporter/exporter.go
@ -1,18 +1,19 @@
 package exporter

 import (
+	"crypto/rand"
 	"fmt"
 	"path/filepath"
 	"time"

 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
-
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/exporter/logger"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/instances"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/sql"
+	"github.com/FAU-CDI/wisski-distillery/internal/passwordx"
 	"github.com/FAU-CDI/wisski-distillery/pkg/environment"
 	"github.com/FAU-CDI/wisski-distillery/pkg/fsx"
-	"github.com/FAU-CDI/wisski-distillery/pkg/password"
+	"github.com/tkw1536/pkglib/password"
 )

 // Exporter manages snapshots and backups
@ -59,7 +60,7 @@ func (dis *Exporter) NewArchivePath(prefix string) (path string) {
 // newSnapshot name returns a new basename for a snapshot with the provided prefix.
 // The name is guaranteed to be unique within this process.
 func (*Exporter) newSnapshotName(prefix string) string {
-	suffix, _ := password.Password(10) // silently ignore any errors!
+	suffix, _ := password.Generate(rand.Reader, 10, passwordx.Snapshot) // silently ignore any errors!
 	if prefix == "" {
 		prefix = "backup"
 	} else {
--- a/internal/passwordx/charset.go
+++ b/internal/passwordx/charset.go
@ -0,0 +1,9 @@
+package passwordx
+
+import "github.com/tkw1536/pkglib/password"
+
+// Charset is a Charset safe for usage within the distillery
+const Charset = password.DefaultCharSet
+
+// Snapshot is a charset to be used to generate snapshot ids
+const Snapshot = password.DefaultCharSet
--- a/internal/passwordx/common.go
+++ b/internal/passwordx/common.go
@ -0,0 +1,23 @@
+package passwordx
+
+import (
+	"embed"
+
+	"github.com/tkw1536/pkglib/password"
+)
+
+//go:embed common
+var commonEmbed embed.FS
+
+var Sources []password.PasswordSource
+
+func init() {
+	var err error
+	Sources, err = password.NewSources(commonEmbed, "**/*.txt")
+	if err != nil {
+		panic(err)
+	}
+	if len(Sources) == 0 {
+		panic("no sources")
+	}
+}
--- a/internal/passwordx/common/top10_000.txt
+++ b/internal/passwordx/common/top10_000.txt
--- a/internal/passwordx/common/wisski.txt
+++ b/internal/passwordx/common/wisski.txt
--- a/internal/wisski/ingredient/php/users/password.go
+++ b/internal/wisski/ingredient/php/users/password.go
@ -6,8 +6,9 @@ import (
 	"fmt"
 	"io"

+	"github.com/FAU-CDI/wisski-distillery/internal/passwordx"
 	"github.com/FAU-CDI/wisski-distillery/internal/phpx"
-	"github.com/FAU-CDI/wisski-distillery/pkg/password"
+	"github.com/tkw1536/pkglib/password"
 )

 var errGetValidator = errors.New("GetPasswordValidator: Unknown Error")
@ -64,7 +65,7 @@ func (pv PasswordValidator) CheckDictionary(ctx context.Context, writer io.Write
 		}
 		return errPasswordUsername
 	}
-	for candidate := range password.CommonPasswords() {
+	for candidate := range password.Passwords(passwordx.Sources...) {
 		if ctx.Err() != nil {
 			continue
 		}
--- a/pkg/password/common.go
+++ b/pkg/password/common.go
@ -1,96 +0,0 @@
-package password
-
-import (
-	"bufio"
-	"embed"
-	"fmt"
-	"io/fs"
-	"strings"
-)
-
-// CommonPasswordError
-type CommonPasswordError struct {
-	CommonPassword
-}
-
-func (cpe CommonPasswordError) Error() string {
-	return fmt.Sprintf("%q from %q", cpe.Password, cpe.Source)
-}
-
-type CommonPassword struct {
-	Password string
-	Source   string
-}
-
-//go:embed common
-var commonEmbed embed.FS
-
-// CommonPasswords returns a channel that contains all passwords.
-// The caller must drain the channel.
-func CommonPasswords() <-chan CommonPassword {
-	pChan := make(chan CommonPassword, 10)
-	go func() {
-		defer close(pChan)
-
-		fs.WalkDir(commonEmbed, ".", func(path string, d fs.DirEntry, err error) error {
-			if err != nil {
-				return err
-			}
-
-			// get the full path
-			if d.IsDir() || !strings.HasSuffix(path, ".txt") {
-				return nil
-			}
-
-			// open it
-			file, err := commonEmbed.Open(path)
-			if err != nil {
-				return err
-			}
-			defer file.Close()
-
-			// scan it line by line
-			scanner := bufio.NewScanner(file)
-			for scanner.Scan() {
-				line := strings.TrimSpace(scanner.Text())
-				if line == "" || strings.HasPrefix(line, "//") {
-					continue
-				}
-				pChan <- CommonPassword{
-					Password: line,
-					Source:   path,
-				}
-			}
-
-			return scanner.Err()
-		})
-	}()
-	return pChan
-}
-
-// CheckCommonPassword checks if a password is a common password.
-//
-// check is called with each candidate password to perform the check.
-// check should return a boolean indicating if the password in question corresponds to the candidate.
-//
-// CheckCommonPassword returns one of three error values.
-//
-// - a CommonPasswordError (when a password matches a common password)
-// - an error returned by check (assuming some check went wrong)
-// - or nil (when a password is not a common password
-func CheckCommonPassword(check func(candidate string) (bool, error)) error {
-	for commmon := range CommonPasswords() {
-		ok, err := check(commmon.Password)
-		if err != nil {
-			return err
-		}
-
-		// password validation passed
-		if ok {
-			return CommonPasswordError{
-				CommonPassword: commmon,
-			}
-		}
-	}
-	return nil
-}
--- a/pkg/password/password.go
+++ b/pkg/password/password.go
@ -1,48 +0,0 @@
-// Package password allows generating random passwords
-package password
-
-import (
-	"crypto/rand"
-	"math/big"
-
-	"github.com/tkw1536/pkglib/pools"
-)
-
-// NOTE(twiesing): A bunch of scripts cannot properly handle the extra characters in the password.
-// For now it is disabled, but it should be re-enabled later.
-const PasswordCharSet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" // + "!@#$%&*"
-var passwordCharCount = big.NewInt(int64(len(PasswordCharSet)))
-
-// Password returns a randomly generated string with the provided length.
-// It consists of alphanumeric characters only.
-//
-// When an error occurs, it is guaranteed to return "", err.
-// [rand.Reader] is used as the source of randomness.
-func Password(length int) (string, error) {
-	if length < 0 {
-		panic("length < 0")
-	}
-
-	// create a buffer to write the string to!
-	password := pools.GetBuilder()
-	defer pools.ReleaseBuilder(password)
-	password.Grow(length)
-
-	for i := 0; i < length; i++ {
-
-		// grab a random bIndex!
-		bIndex, err := rand.Int(rand.Reader, passwordCharCount)
-		if err != nil {
-			return "", err
-		}
-
-		// and use that index!
-		index := int(bIndex.Int64())
-		if err := password.WriteByte(PasswordCharSet[index]); err != nil {
-			return "", err
-		}
-	}
-
-	// return the password!
-	return password.String(), nil
-}