From e92ddee33a6ce45826a839f01fabc7e3717b3f8e Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 14 Jan 2025 17:26:58 +0100 Subject: [PATCH 1/3] :whale: Move devenv secret key env asignation to scripts from the docker compose --- backend/scripts/repl | 1 + backend/scripts/start-dev | 1 + docker/devenv/docker-compose.yaml | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/scripts/repl b/backend/scripts/repl index 4aa78f025..1540e3601 100755 --- a/backend/scripts/repl +++ b/backend/scripts/repl @@ -1,5 +1,6 @@ #!/usr/bin/env bash +export PENPOT_SECRET_KEY=super-secret-devenv-key export PENPOT_HOST=devenv export PENPOT_FLAGS="\ $PENPOT_FLAGS \ diff --git a/backend/scripts/start-dev b/backend/scripts/start-dev index 4e4c8497f..9fe2ccb1b 100755 --- a/backend/scripts/start-dev +++ b/backend/scripts/start-dev @@ -1,5 +1,6 @@ #!/usr/bin/env bash +export PENPOT_SECRET_KEY=super-secret-devenv-key export PENPOT_HOST=devenv export PENPOT_FLAGS="\ $PENPOT_FLAGS \ diff --git a/docker/devenv/docker-compose.yaml b/docker/devenv/docker-compose.yaml index d7b5da48a..82a3c0ad7 100644 --- a/docker/devenv/docker-compose.yaml +++ b/docker/devenv/docker-compose.yaml @@ -43,7 +43,6 @@ services: environment: - EXTERNAL_UID=${CURRENT_USER_ID} - - PENPOT_SECRET_KEY=super-secret-devenv-key # SMTP setup - PENPOT_SMTP_ENABLED=true - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com From 5c428b5aa507cff8c3666a7c565c2e0d688c7476 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 14 Jan 2025 17:41:28 +0100 Subject: [PATCH 2/3] :bug: Fix repeated password update on login because the default options were not being passed in the verification --- backend/src/app/auth.clj | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/app/auth.clj b/backend/src/app/auth.clj index fc6d25481..271e52e02 100644 --- a/backend/src/app/auth.clj +++ b/backend/src/app/auth.clj @@ -8,7 +8,7 @@ (:require [buddy.hashers :as hashers])) -(def default-params +(def ^:private default-options {:alg :argon2id :memory 32768 ;; 32 MiB :iterations 3 @@ -16,12 +16,12 @@ (defn derive-password [password] - (hashers/derive password default-params)) + (hashers/derive password default-options)) (defn verify-password [attempt password] (try - (hashers/verify attempt password) + (hashers/verify attempt password default-options) (catch Throwable _ {:update false :valid false}))) From 40693e6857ed375e04d60480f3cb290c700d95b1 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 14 Jan 2025 17:42:49 +0100 Subject: [PATCH 3/3] :bug: Make the PENPOT_SECRET_KEY optional Fix a regression introduced with 2.4 --- backend/src/app/setup.clj | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/src/app/setup.clj b/backend/src/app/setup.clj index 8e2733c6d..6df3ce657 100644 --- a/backend/src/app/setup.clj +++ b/backend/src/app/setup.clj @@ -74,8 +74,7 @@ (defmethod ig/assert-key ::props [_ params] - (assert (db/pool? (::db/pool params)) "expected valid database pool") - (assert (string? (::key params)) "expected valid key string")) + (assert (db/pool? (::db/pool params)) "expected valid database pool")) (defmethod ig/init-key ::props [_ {:keys [::db/pool ::key] :as cfg}]