Add support for overriding Argon2Id settings in client for improved E2E test speed (#186)

2025-12-23 22:28:22 -05:00 · 2024-09-17 16:57:02 +02:00
parent a1291b1951
commit cb25be8962
6 changed files with 48 additions and 8 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -81,9 +81,20 @@ Here is an example file with the various options explained:
 {
    "ApiUrl": "http://localhost:5092",
    "PrivateEmailDomains": ["example.tld"],
-    "UseDebugEncryptionKey": "true"
+    "UseDebugEncryptionKey": "true",
+    "CryptographyOverrideType" : "Argon2Id",
+    "CryptographyOverrideSettings" : "{\"DegreeOfParallelism\":1,\"MemorySize\":1024,\"Iterations\":1}"
 }
 ```

 - UseDebugEncryptionKey
    - This setting will use a static encryption key so that if you login as a user you can refresh the page without needing to unlock the database again. This speeds up development when changing things in the WebApp WASM project. Note: the project needs to be run in "Development" mode for this setting to be used.
+
+- CryptographyOverrideType
+    - This setting allows overriding the default encryption type (Argon2id) with a different encryption type. This is useful for testing different encryption types without having to change code.
+
+- CryptographyOverrideSettings
+    - This setting allows overriding the default encryption settings (Argon2id) with different settings. This is useful for testing different encryption settings without having to change code. The default Argon2id settings
+    are defined in the project as `Utilities/Cryptography/Cryptography.Client/Defaults.cs`. These default settings
+    are focused on security but NOT performance. Normally for key derivation purposes the slower/heavier the algorithm
+    the better protection against attackers. For production builds this is what we want, however in case of automated testing or debugging extra performance can be gained by tweaking (lowering) these settings.
--- a/src/AliasVault.Api/Controllers/AuthController.cs
+++ b/src/AliasVault.Api/Controllers/AuthController.cs
@@ -331,8 +331,8 @@ public class AuthController(IDbContextFactory<AliasServerDbContext> dbContextFac
            RevisionNumber = 0,
            Salt = model.Salt,
            Verifier = model.Verifier,
-            EncryptionType = Defaults.EncryptionType,
-            EncryptionSettings = Defaults.EncryptionSettings,
+            EncryptionType = model.EncryptionType,
+            EncryptionSettings = model.EncryptionSettings,
            CreatedAt = timeProvider.UtcNow,
            UpdatedAt = timeProvider.UtcNow,
        });
--- a/src/AliasVault.Client/Auth/Pages/Register.razor
+++ b/src/AliasVault.Client/Auth/Pages/Register.razor
@@ -5,6 +5,7 @@
@inject AuthenticationStateProvider AuthStateProvider
@inject NavigationManager NavigationManager
@inject AuthService AuthService
+@inject IConfiguration Configuration
@using System.Text.Json
@using AliasVault.Shared.Models.WebApi.Auth
@using AliasVault.Client.Auth.Components
@@ -68,12 +69,21 @@
            var client = new SrpClient();
            var salt = client.GenerateSalt();

-            byte[] passwordHash = await Encryption.DeriveKeyFromPasswordAsync(RegisterModel.Password, salt);
-            var passwordHashString = BitConverter.ToString(passwordHash).Replace("-", string.Empty);
+            byte[] passwordHash;
+            string encryptionType = Defaults.EncryptionType;
+            string encryptionSettings = Defaults.EncryptionSettings;
+            if (Configuration["CryptographyOverrideType"] is not null && Configuration["CryptographyOverrideSettings"] is not null) {
+                // If cryptography type and settings override are present in appsettings.json, use them instead of defaults
+                // declared in code. This is used in certain cases e.g. E2E tests to speed up the process.
+                encryptionType = Configuration["CryptographyOverrideType"]!;
+                encryptionSettings = Configuration["CryptographyOverrideSettings"]!;
+            }

+            passwordHash = await Encryption.DeriveKeyFromPasswordAsync(RegisterModel.Password, salt, encryptionType, encryptionSettings);
+            var passwordHashString = BitConverter.ToString(passwordHash).Replace("-", string.Empty);
            var srpSignup = Srp.PasswordChangeAsync(client, salt, RegisterModel.Username, passwordHashString);

-            var registerRequest = new RegisterRequest(srpSignup.Username, srpSignup.Salt, srpSignup.Verifier);
+            var registerRequest = new RegisterRequest(srpSignup.Username, srpSignup.Salt, srpSignup.Verifier, encryptionType, encryptionSettings);
            var result = await Http.PostAsJsonAsync("api/v1/Auth/register", registerRequest);
            var responseContent = await result.Content.ReadAsStringAsync();

--- a/src/AliasVault.Shared/Models/WebApi/Auth/RegisterRequest.cs
+++ b/src/AliasVault.Shared/Models/WebApi/Auth/RegisterRequest.cs
@@ -18,11 +18,15 @@ public class RegisterRequest
    /// <param name="username">The username.</param>
    /// <param name="salt">The salt value.</param>
    /// <param name="verifier">The verifier value.</param>
-    public RegisterRequest(string username, string salt, string verifier)
+    /// <param name="encryptionType">The encryption type.</param>
+    /// <param name="encryptionSettings">The encryption settings.</param>
+    public RegisterRequest(string username, string salt, string verifier, string encryptionType, string encryptionSettings)
    {
        Username = username.ToLowerInvariant().Trim();
        Salt = salt;
        Verifier = verifier;
+        EncryptionType = encryptionType;
+        EncryptionSettings = encryptionSettings;
    }

    /// <summary>
@@ -39,4 +43,14 @@ public class RegisterRequest
    /// Gets the verifier value.
    /// </summary>
    public string Verifier { get; }
+
+    /// <summary>
+    /// Gets the encryption type.
+    /// </summary>
+    public string EncryptionType { get; }
+
+    /// <summary>
+    /// Gets the encryption settings.
+    /// </summary>
+    public string EncryptionSettings { get; }
 }
--- a/src/Tests/AliasVault.E2ETests/Common/ClientPlaywrightTest.cs
+++ b/src/Tests/AliasVault.E2ETests/Common/ClientPlaywrightTest.cs
@@ -107,6 +107,7 @@ public class ClientPlaywrightTest : PlaywrightTest
                        Body = System.Text.Json.JsonSerializer.Serialize(response),
                    });
            });
+
        await Context.RouteAsync(
            "**/appsettings.Development.json",
            async route =>
@@ -115,6 +116,10 @@ public class ClientPlaywrightTest : PlaywrightTest
                {
                    ApiUrl = ApiBaseUrl.TrimEnd('/'),
                    PrivateEmailDomains = privateEmailDomains,
+
+                    // Override encryption settings for faster testing.
+                    CryptographyOverrideType = "Argon2Id",
+                    CryptographyOverrideSettings = "{\"DegreeOfParallelism\":1,\"MemorySize\":1024,\"Iterations\":1}",
                };
                await route.FulfillAsync(
                    new RouteFulfillOptions
--- a/src/Utilities/Cryptography/Cryptography.Client/Encryption.cs
+++ b/src/Utilities/Cryptography/Cryptography.Client/Encryption.cs
@@ -39,7 +39,7 @@ public static class Encryption
            case "Argon2Id":
                return await Argon2Id(passwordBytes, saltBytes, encryptionSettings);
            default:
-                throw new NotSupportedException($"Encryption type {Defaults.EncryptionType} is not supported.");
+                throw new NotSupportedException($"Encryption type {encryptionType} is not supported.");
        }
    }