1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-16 04:12:53 +01:00

Reduce twofactor_duo_ctx state/nonce column size in postgres and maria

Dieser Commit ist enthalten in:
0x0fbc 2024-06-11 12:49:32 -04:00 committet von Mathijs van Veluw
Ursprung 7110a4fd51
Commit 7aaa7a32a7
3 geänderte Dateien mit 8 neuen und 9 gelöschten Zeilen

Datei anzeigen

@ -1,11 +1,8 @@
CREATE TABLE twofactor_duo_ctx (
-- For mysql, the character set on state is overridden to ascii because the utf8mb4 database charset recommended in
-- the Vaultwarden docs causes 1 character to consume 4 bytes, exceeding innodb's 3072 max key size if we want to
-- accommodate the largest supported state size. This isn't a problem for nonce since it's not a key for the table.
state VARCHAR(1024) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL,
user_email VARCHAR(255) NOT NULL,
nonce VARCHAR(1024) NOT NULL,
exp BIGINT NOT NULL,
state VARCHAR(64) NOT NULL,
user_email VARCHAR(255) NOT NULL,
nonce VARCHAR(64) NOT NULL,
exp BIGINT NOT NULL,
PRIMARY KEY (state)
);

Datei anzeigen

@ -1,7 +1,7 @@
CREATE TABLE twofactor_duo_ctx (
state VARCHAR(1024) NOT NULL,
state VARCHAR(64) NOT NULL,
user_email VARCHAR(255) NOT NULL,
nonce VARCHAR(1024) NOT NULL,
nonce VARCHAR(64) NOT NULL,
exp BIGINT NOT NULL,
PRIMARY KEY (state)

Datei anzeigen

@ -63,6 +63,8 @@ const DUO_RESP_SIGNATURE_ALG: Algorithm = Algorithm::HS512;
const JWT_SIGNATURE_ALG: Algorithm = Algorithm::HS512;
// Size of random strings for state and nonce. Must be at least 16 characters and at most 1024 characters.
// If increasing this above 64, also increase the size of the twofactor_duo_ctx.state and
// twofactor_duo_ctx.nonce database columns for postgres and mariadb.
const STATE_LENGTH: usize = 64;
// client_assertion payload for health checks and obtaining MFA results.