Reduce twofactor_duo_ctx state/nonce column size in postgres and maria

migrations/mysql/2024-06-05-131359_add_2fa_duo_store/up.sql

@@ -1,10 +1,7 @@
 CREATE TABLE twofactor_duo_ctx (
-    -- For mysql, the character set on state is overridden to ascii because the utf8mb4 database charset recommended in
+    state      VARCHAR(64)  NOT NULL,
-    -- the Vaultwarden docs causes 1 character to consume 4 bytes, exceeding innodb's 3072 max key size if we want to
-    -- accommodate the largest supported state size. This isn't a problem for nonce since it's not a key for the table.
-    state      VARCHAR(1024) CHARACTER SET ascii COLLATE ascii_general_ci NOT NULL,
     user_email VARCHAR(255) NOT NULL,
-    nonce      VARCHAR(1024) NOT NULL,
+    nonce      VARCHAR(64)  NOT NULL,
     exp        BIGINT       NOT NULL,
 
     PRIMARY KEY (state)

migrations/postgresql/2024-06-05-131359_add_2fa_duo_store/up.sql

@@ -1,7 +1,7 @@
 CREATE TABLE twofactor_duo_ctx (
-    state      VARCHAR(1024) NOT NULL,
+    state      VARCHAR(64) NOT NULL,
     user_email VARCHAR(255)  NOT NULL,
-    nonce      VARCHAR(1024) NOT NULL,
+    nonce      VARCHAR(64) NOT NULL,
     exp        BIGINT        NOT NULL,
 
     PRIMARY KEY (state)

src/api/core/two_factor/duo_oidc.rs

@@ -63,6 +63,8 @@ const DUO_RESP_SIGNATURE_ALG: Algorithm = Algorithm::HS512;
 const JWT_SIGNATURE_ALG: Algorithm = Algorithm::HS512;
 
 // Size of random strings for state and nonce. Must be at least 16 characters and at most 1024 characters.
+// If increasing this above 64, also increase the size of the twofactor_duo_ctx.state and
+// twofactor_duo_ctx.nonce database columns for postgres and mariadb.
 const STATE_LENGTH: usize = 64;
 
 // client_assertion payload for health checks and obtaining MFA results.