feat(#427): change password to passphrase

Changed password to passphrase and also changed
the REST-API to require base64-encoding for the
passphrases.

.github/workflows/build_test.yml

@@ -11,7 +11,7 @@ env:
   REGISTRY_DOCS_IMAGE: kitsudaiki/openhanami_docs
   HANAMI_ADMIN_USER_ID: asdf
   HANAMI_ADMIN_USER_NAME: asdf
-  HANAMI_ADMIN_PASSWORD: asdfasdf
+  HANAMI_ADMIN_PASSPHRASE: asdfasdf
 
 jobs:
 
@@ -718,7 +718,7 @@ jobs:
           cd ${GITHUB_REPOSITORY#*/}/testing/go_cli_api
           export HANAMI_ADDRESS=http://127.0.0.1:11418
           export HANAMI_USER=asdf
-          export HANAMI_PW=asdfasdf
+          export HANAMI_PASSPHRASE=asdfasdf
           export train_inputs=/tmp/train-images-idx3-ubyte
           export train_labels=/tmp/train-labels-idx1-ubyte
           export request_inputs=/tmp/t10k-images-idx3-ubyte
@@ -830,7 +830,7 @@ jobs:
             --name=hanami \
             --env HANAMI_ADMIN_USER_ID=asdf \
             --env HANAMI_ADMIN_USER_NAME=asdf \
-            --env HANAMI_ADMIN_PASSWORD=asdfasdf \
+            --env HANAMI_ADMIN_PASSPHRASE=asdfasdf \
             kitsudaiki/hanami:test
       - 
         name: Sleep for 15 seconds
@@ -1129,7 +1129,7 @@ jobs:
       -
         name: Install hanami
         run: |
-          helm install --set docker.tag="${{ env.BRANCH_NAME }}" --set user.id=asdf --set user.name="test user" --set user.pw="asdfasdf" --set token.pw="this is a test-token" --set api.domain=local-hanami  openhanami /tmp/hanami_helm_build_result/openhanami-$HELM_VERSION.tgz
+          helm install --set docker.tag="${{ env.BRANCH_NAME }}" --set user.id=asdf --set user.name="test user" --set user.passphrase="asdfasdf" --set token.passphrase="this is a test-token" --set api.domain=local-hanami  openhanami /tmp/hanami_helm_build_result/openhanami-$HELM_VERSION.tgz
       - 
         name: Sleep for 60 seconds
         uses: jakejarvis/wait-action@919fc193e07906705e5b7a50f90ea9e74d20b2b0

.secrets.baseline

@@ -123,15 +123,6 @@
     }
   ],
   "results": {
-    ".github/workflows/build_test.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": ".github/workflows/build_test.yml",
-        "hashed_secret": "92429d82a41e930486c6de5ebda9602d55c39986",
-        "is_verified": false,
-        "line_number": 14
-      }
-    ],
     "deploy/k8s/openhanami/templates/hanami-certificate.yaml": [
       {
         "type": "Secret Keyword",
@@ -166,15 +157,6 @@
         "line_number": 86
       }
     ],
-    "src/archive/deploy/old-installation-guide-with-ansible.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/archive/deploy/old-installation-guide-with-ansible.md",
-        "hashed_secret": "7165f6d407dc2fd68528da63260a913e71623e86",
-        "is_verified": false,
-        "line_number": 40
-      }
-    ],
     "src/archive/libraries/hanami_network/tests/functional_tests/cert_init.h": [
       {
         "type": "Base64 High Entropy String",
@@ -804,22 +786,6 @@
         "line_number": 59
       }
     ],
-    "src/cli/hanamictl/resources/user.go": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/cli/hanamictl/resources/user.go",
-        "hashed_secret": "b1f5af73219befb9fcfec34923edf7d8fec1948a",
-        "is_verified": false,
-        "line_number": 79
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/cli/hanamictl/resources/user.go",
-        "hashed_secret": "91e650861725c8411156525f8e94d31544cd8026",
-        "is_verified": false,
-        "line_number": 156
-      }
-    ],
     "src/libraries/hanami_crypto/tests/unit_tests/hashes_test.cpp": [
       {
         "type": "Hex High Entropy String",
@@ -828,16 +794,7 @@
         "is_verified": false,
         "line_number": 43
       }
-    ],
-    "testing/python_sdk_api/sdk_api_test.py": [
-      {
-        "type": "Secret Keyword",
-        "filename": "testing/python_sdk_api/sdk_api_test.py",
-        "hashed_secret": "a1fc568e8104d91580079594101035b92e3fcce1",
-        "is_verified": false,
-        "line_number": 76
-      }
     ]
   },
-  "generated_at": "2024-10-15T21:12:30Z"
+  "generated_at": "2024-10-19T15:27:22Z"
 }

CHANGELOG.md

@@ -8,6 +8,7 @@
 
 - the input definition for the tasks was changes to removed the naming restriction between dataset-column and hexagon-name
 - the external REST-API endpoint to validate a token was removed and replaced by an internal function, which is used instead for all incoming api-requests
+- changed password to passphrase, which is now required to be base64 encoded
 
 #### Checkpoint-breaking
 
@@ -19,6 +20,10 @@
 - removed `target`-keyword from cluster-templates
 - removed number of nodes from inputs and outputs from the cluster-templates
 
+#### Database-Breaking
+
+- the base64-representation of the passphrases is now used for the pw-hash inside the database, which makes all old hashes in the database invalid
+
 ### Added
 
 - added new workaround to be able to handle binary input-data

README.md

@@ -132,7 +132,7 @@ and multi-tenancy.
 
     The projects supports multiple user and multiple projects with different roles (member,
     project-admin and admin) and also managing the access to single api-endpoints via policy-file.
-    Each user can login by username and password and gets an JWT-token to access the user- and
+    Each user can login by username and passphrase and gets an JWT-token to access the user- and
     project-specific resources.
 
     See [Authentication-docu](https://docs.openhanami.com/inner_workings/user_and_projects/)

deploy/k8s/openhanami/templates/hanami-deployment.yaml

@@ -42,8 +42,8 @@ spec:
           value: {{ .Values.user.id }}
         - name: HANAMI_ADMIN_USER_NAME
           value: {{ .Values.user.name }}
-        - name: HANAMI_ADMIN_PASSWORD
-          value: {{ .Values.user.pw }}
+        - name: HANAMI_ADMIN_PASSPHRASE
+          value: {{ .Values.user.passphrase }}
         volumeMounts:
         - name: data-volume
           mountPath: /etc/openhanami/data/

deploy/k8s/openhanami/templates/token-key.yaml

@@ -4,4 +4,4 @@ metadata:
   name: token-key
 type: Opaque
 data:
-  token-key: {{ .Values.token.pw | b64enc }}
+  token-key: {{ .Values.token.data | b64enc }}

deploy/k8s/openhanami/values.yaml

@@ -4,10 +4,10 @@ replicaCount: 1
 user:
   id: "test_user"
   name: "Test User"
-  pw: "asdfasdf"
+  passphrase: "asdfasdf"
 
 token:
-  pw: "asdf"
+  data: "asdf"
   expire_time: 3600
 
 docker:

docs/backend/installation.md

@@ -132,8 +132,8 @@ helm install \
     --set docker.tag=DOCKER_IMAGE_TAG \
     --set user.id=USER_ID  \
     --set user.name=USER_NAME  \
-    --set user.pw=PASSWORD  \
-    --set token.pw=TOKEN_KEY  \
+    --set user.passphrase=PASSPHRASE  \
+    --set token.passphrase=TOKEN_KEY  \
     --set api.domain=DOMAIN_NAME  \
     openhanami \
     ./openhanami/
@@ -148,8 +148,8 @@ helm install \
     --set docker.tag=DOCKER_IMAGE_TAG \
     --set user.id=USER_ID  \
     --set user.name=USER_NAME  \
-    --set user.pw=PASSWORD  \
-    --set token.pw=TOKEN_KEY  \
+    --set user.passphrase=PASSPHRASE  \
+    --set token.passphrase=TOKEN_KEY  \
     --set api.domain=DOMAIN_NAME  \
     openhanami \
     openhanami-x.y.z.tgz
@@ -169,9 +169,9 @@ The `--set`-flag defining the login-information for the initial admin-user of th
     -   String, which MUST match the regex `[a-zA-Z][a-zA-Z_0-9 ]*` with between `4` and `256`
         characters length
 
--   `PASSWORD`
+-   `PASSPHRASE`
 
-    -   Password for the initial user
+    -   Passphrase for the initial user
     -   String, with between `8` and `4096` characters length
 
 -   `TOKEN_KEY`
@@ -189,7 +189,7 @@ The `--set`-flag defining the login-information for the initial admin-user of th
         [docker-hub](https://hub.docker.com/repository/docker/kitsudaiki/hanami/tags)
     -   String
 
-After a successful installation the `USER_ID` and `PASSWORD` have to be used for login to the
+After a successful installation the `USER_ID` and `PASSPHRASE` have to be used for login to the
 system.
 
 ### Using
@@ -235,7 +235,7 @@ system.
           https://local-hanami/
           ```
 
--   login with `USER_ID` and `PASSWORD`
+-   login with `USER_ID` and `PASSPHRASE`
 
     !!! note
 

docs/frontend/cli_sdk_docu.md

@@ -86,7 +86,7 @@ amount of time until it expires, based on the configuration of the server.
     ```bash
     export HANAMI_ADDRESS=http://127.0.0.1:11418
     export HANAMI_USER=asdf
-    export HANAMI_PW=asdfasdf
+    export HANAMI_PASSPHRASE=asdfasdf
     ```
 
 === "Python-SDK"
@@ -96,9 +96,9 @@ amount of time until it expires, based on the configuration of the server.
 
     address = "http://127.0.0.1:11418"
     test_user = "asdf"
-    test_pw = "asdfasdf"
+    test_passphrase = "asdfasdf"
 
-    token = hanami_token.request_token(address, test_user, test_pw)
+    token = hanami_token.request_token(address, test_user, test_passphrase)
 
     ```
 
@@ -306,15 +306,15 @@ If the `is_admin` is set to true, the user becomes a global admin.
     ```bash
     ./hanamictl user create -n <NAME> <USER_ID>
 
-    (the cli will request the password for the new user after enter this command)
+    (the cli will request the passphrase for the new user after enter this command)
     ```
 
     example:
 
     ```bash
     ./hanamictl user create -n "cli test user" -p "asdfasdfasdf" cli_test_user
-    Enter Password:
-    Enter Password again:
+    Enter Passphrase:
+    Enter Passphrase again:
 
     +------------+---------------------+
     | ID         | cli_test_user       |

docs/frontend/dashboard/dashboard.md

@@ -16,7 +16,7 @@ The dashboard is one way to interact with hanami.
 
 Login should quite self-explaining. In case you used the
 [installation-guide](/How_To/1_installation/) you have to use the values of `USER_ID` (NOT the
-`USER_NAME`) and `PASSWORD` for the login.
+`USER_NAME`) and `PASSPHRASE` for the login.
 
 ![step2](img/step2.jpg)
 

docs/frontend/example_workflow.md

@@ -40,15 +40,15 @@ directly with the neural network via the python-version of the SDK. See for furt
     ```bash
     export HANAMI_ADDRESS=<ADDRESS_OF_HANAMI_DEPLOYMENT>
     export HANAMI_USER=<USER_ID>
-    export HANAMI_PW=<USER_PASSWORD>
+    export HANAMI_PASSPHRASE=<USER_PASSPHRASE>
     ```
 
     !!! example
 
           ```bash
           export HANAMI_ADDRESS=https://local-hanami-new
           export HANAMI_USER=asdf
-          export HANAMI_PW=asdfasdf
+          export HANAMI_PASSPHRASE=asdfasdf
           ```
 
 ## Example

docs/index.md

@@ -105,7 +105,7 @@ and multi-tenancy.
 
     The projects supports multiple user and multiple projects with different roles (member,
     project-admin and admin) and also managing the access to single api-endpoints via policy-file.
-    Each user can login by username and password and gets an JWT-token to access the user- and
+    Each user can login by username and passphrase and gets an JWT-token to access the user- and
     project-specific resources.
 
     See [Authentication-docu](https://docs.openhanami.com/inner_workings/user_and_projects/)

docs/repo/development.md

@@ -41,7 +41,7 @@ This document should help to setup a local environment for development.
     ```bash
     export HANAMI_ADMIN_USER_ID=asdf
     export HANAMI_ADMIN_USER_NAME=asdf
-    export HANAMI_ADMIN_PASSWORD=asdfasdf
+    export HANAMI_ADMIN_PASSPHRASE=asdfasdf
     ```
 
     These are the default testing-configs, to match with the test-confic
@@ -121,7 +121,7 @@ API.
     ```bash
     export HANAMI_ADDRESS=http://127.0.0.1:11418
     export HANAMI_USER=asdf
-    export HANAMI_PW=asdfasdf
+    export HANAMI_PASSPHRASE=asdfasdf
 
     export train_inputs=/tmp/train-images-idx3-ubyte
     export train_labels=/tmp/train-labels-idx1-ubyte

example_configs/openhanami/hanami_testing.conf

@@ -1,7 +1,7 @@
 [connection]
 address = http://127.0.0.1:11418
 test_user = asdf
-test_pw = asdfasdf
+test_passphrase = asdfasdf
 
 [test_data]
 train_inputs = /tmp/train-images-idx3-ubyte

src/archive/deploy/Vagrantfile

@@ -1,6 +1,6 @@
 ADMIN_USER_ID = ENV['ADMIN_USER_ID']
 ADMIN_USER_NAME = ENV['ADMIN_USER_NAME']
-ADMIN_PASSWORD = ENV['ADMIN_PASSWORD']
+ADMIN_PASSPHRASE = ENV['ADMIN_PASSPHRASE']
 TOKEN_KEY = ENV['TOKEN_KEY']
 
 Vagrant.configure("2") do |config|
@@ -19,7 +19,7 @@ Vagrant.configure("2") do |config|
     ansible.extra_vars = {
       env: ADMIN_USER_ID,
       env: ADMIN_USER_NAME,
-      env: ADMIN_PASSWORD,
+      env: ADMIN_PASSPHRASE,
       env: TOKEN_KEY,
     }
     # ansible.inventory_path = "inventory"

src/archive/deploy/ansible/openhanami/roles/hanami/tasks/deploy_hanami.yml

@@ -58,7 +58,7 @@
     env:
       HANAMI_ADMIN_USER_ID: "{{ lookup('env', 'ADMIN_USER_ID') }}"
       HANAMI_ADMIN_USER_NAME: "{{ lookup('env', 'ADMIN_USER_NAME') }}"
-      HANAMI_ADMIN_PASSWORD: "{{ lookup('env', 'ADMIN_PASSWORD') }}"
+      HANAMI_ADMIN_PASSPHRASE: "{{ lookup('env', 'ADMIN_PASSPHRASE') }}"
     ports:
       - "11418:11418"
     mounts:

src/archive/deploy/old-installation-guide-with-ansible.md

@@ -23,9 +23,9 @@ Basic parameter have to be set by environemt-variables:
     -   String, which MUST match the regex `[a-zA-Z][a-zA-Z_0-9 ]*` with between `4` and `256`
         characters length
 
--   `ADMIN_PASSWORD`
+-   `ADMIN_PASSPHRASE`
 
-    -   Password for the initial user
+    -   Passphrase for the initial user
     -   String, with between `8` and `4096` characters length
 
 -   `TOKEN_KEY`
@@ -37,7 +37,7 @@ Basic parameter have to be set by environemt-variables:
     ```bash
     export ADMIN_USER_ID="admin"
     export ADMIN_USER_NAME="admin"
-    export ADMIN_PASSWORD="some_password"
+    export ADMIN_PASSPHRASE="some_passphrase"
     export TOKEN_KEY="random_token_key"
     ```
 

src/archive/frontend/Hanami-Dashboard/src/login.html

@@ -34,8 +34,8 @@
                 </div>
                 <br><br>
                 <div>
-                    <label class="modal_label" for="password">Password</label>
-                    <input type="password" id="login_pw_field" name="password" required>
+                    <label class="modal_label" for="passphrase">Passphrase</label>
+                    <input type="passphrase" id="login_pw_field" name="passphrase" required>
                 </div>
             </div>
             <div id="login_alert_box" class="alert">

src/archive/frontend/Hanami-Dashboard/src/scripts/login.js

@@ -60,8 +60,8 @@ var loginModalFunction = function()
     loginButton.onclick = function() 
     {
         const userId = document.getElementById("login_id_field").value;
-        const pw = document.getElementById("login_pw_field").value;
-        login_request(loginFunction, userId, pw);
+        const passphrase = document.getElementById("login_pw_field").value;
+        login_request(loginFunction, userId, passphrase);
     }
 
     modal.style.display = "block";

src/archive/frontend/Hanami-Dashboard/src/styles/base.css

@@ -91,7 +91,7 @@ input[type="text"] {
     width: 100%;
 }
 
-input[type="password"] {
+input[type="passphrase"] {
     border: 0;
     outline: 0;
     background: transparent;