[CRE-1848] Don't output hashed passwords.

core/sessions/ldapauth/ldap.go

@@ -629,7 +629,7 @@ func (l *ldapAuthenticator) localLoginFallback(ctx context.Context, sr sessions.
 		return user, errors.New("invalid email")
 	}
 
-	if !utils.CheckPasswordHash(sr.Password, user.HashedPassword) {
+	if !utils.CheckPasswordHash(sr.Password, string(user.HashedPassword)) {
 		l.auditLogger.Audit(audit.AuthLoginFailedPassword, map[string]any{"email": sr.Email})
 		return user, errors.New("invalid password")
 	}

core/sessions/localauth/orm.go

@@ -156,7 +156,7 @@ func (o *orm) CreateSession(ctx context.Context, sr sessions.SessionRequest) (st
 		return "", pkgerrors.New("Invalid email")
 	}
 
-	if !utils.CheckPasswordHash(sr.Password, user.HashedPassword) {
+	if !utils.CheckPasswordHash(sr.Password, string(user.HashedPassword)) {
 		o.auditLogger.Audit(audit.AuthLoginFailedPassword, map[string]any{"email": sr.Email})
 		return "", pkgerrors.New("Invalid password")
 	}
@@ -249,7 +249,7 @@ func (o *orm) ClearNonCurrentSessions(ctx context.Context, sessionID string) err
 // CreateUser creates a new API user
 func (o *orm) CreateUser(ctx context.Context, user *sessions.User) error {
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	return o.ds.GetContext(ctx, user, sql, strings.ToLower(user.Email), user.HashedPassword, user.Role)
+	return o.ds.GetContext(ctx, user, sql, strings.ToLower(user.Email), string(user.HashedPassword), user.Role)
 }
 
 // UpdateRole overwrites role field of the user specified by email.

core/sessions/oidcauth/oidc.go

@@ -584,7 +584,7 @@ func (oi *oidcAuthenticator) localLoginFallback(ctx context.Context, sr clsessio
 		return user, errors.New("invalid email")
 	}
 
-	if !utils.CheckPasswordHash(sr.Password, user.HashedPassword) {
+	if !utils.CheckPasswordHash(sr.Password, string(user.HashedPassword)) {
 		oi.auditLogger.Audit(audit.AuthLoginFailedPassword, map[string]any{"email": sr.Email})
 		return user, errors.New("invalid password")
 	}

core/sessions/oidcauth/oidc_test.go

@@ -53,7 +53,7 @@ func TestORM_FindUser_Single(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// Find user
@@ -140,7 +140,7 @@ func TestORM_ListUsers(t *testing.T) {
 	for _, u := range users {
 		// create user
 		sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-		_, err := db.ExecContext(ctx, sql, strings.ToLower(u.Email), u.HashedPassword, u.Role)
+		_, err := db.ExecContext(ctx, sql, strings.ToLower(u.Email), string(u.HashedPassword), u.Role)
 		require.NoError(t, err)
 	}
 
@@ -170,7 +170,7 @@ func TestORM_CreateSession(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -190,7 +190,7 @@ func TestORM_DeleteSession(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -213,7 +213,7 @@ func TestORM_ClearNonConcurrentSession(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -236,7 +236,7 @@ func Test_AuthorizeUserWithSession_Success(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -264,7 +264,7 @@ func Test_AuthorizeUserWithSession_Expired(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, user1.Role)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), user1.Role)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -294,7 +294,7 @@ func Test_AuthorizeUserWithSession_SessionRoleMatchesUserRole(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, sessions.UserRoleView)
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), sessions.UserRoleView)
 	require.NoError(t, err)
 
 	// create session for the user
@@ -320,7 +320,7 @@ func TestORM_CreateSession_LocalAdminFallbackLogin(t *testing.T) {
 
 	// create user
 	sql := "INSERT INTO users (email, hashed_password, role, created_at, updated_at) VALUES ($1, $2, $3, now(), now()) RETURNING *"
-	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), user1.HashedPassword, "admin")
+	_, err := db.ExecContext(ctx, sql, strings.ToLower(user1.Email), string(user1.HashedPassword), "admin")
 	require.NoError(t, err)
 
 	// create session with correct password, expect ok

core/sessions/user.go

@@ -8,13 +8,14 @@ import (
 	pkgerrors "github.com/pkg/errors"
 	"gopkg.in/guregu/null.v4"
 
+	"github.com/smartcontractkit/chainlink-common/pkg/config"
 	"github.com/smartcontractkit/chainlink/v2/core/utils"
 )
 
 // User holds the credentials for API user.
 type User struct {
 	Email             string
-	HashedPassword    string
+	HashedPassword    config.SecretString
 	Role              UserRole
 	CreatedAt         time.Time
 	TokenKey          null.String
@@ -50,7 +51,7 @@ func NewUser(email string, plainPwd string, role UserRole) (User, error) {
 
 	return User{
 		Email:          email,
-		HashedPassword: pwd,
+		HashedPassword: *config.NewSecretString(pwd),
 		Role:           role,
 	}, nil
 }

core/web/resolver/api_token_test.go

@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
+	"github.com/smartcontractkit/chainlink-common/pkg/config"
 	"github.com/smartcontractkit/chainlink/v2/core/auth"
 	"github.com/smartcontractkit/chainlink/v2/core/utils"
 	webauth "github.com/smartcontractkit/chainlink/v2/core/web/auth"
@@ -61,7 +62,7 @@ func TestResolver_CreateAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("TestPassword", mock.Anything, session.User.Email, defaultPassword).Return(nil)
@@ -119,7 +120,7 @@ func TestResolver_CreateAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, gError)
 				f.App.On("AuthenticationProvider").Return(f.Mocks.authProvider)
@@ -147,7 +148,7 @@ func TestResolver_CreateAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("TestPassword", mock.Anything, session.User.Email, defaultPassword).Return(nil)
@@ -217,7 +218,7 @@ func TestResolver_DeleteAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 				err = session.User.TokenKey.UnmarshalText([]byte("new-access-key"))
 				require.NoError(t, err)
 
@@ -273,7 +274,7 @@ func TestResolver_DeleteAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, gError)
 				f.App.On("AuthenticationProvider").Return(f.Mocks.authProvider)
@@ -301,7 +302,7 @@ func TestResolver_DeleteAPIToken(t *testing.T) {
 				pwd, err := utils.HashPassword(defaultPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("TestPassword", mock.Anything, session.User.Email, defaultPassword).Return(nil)

core/web/resolver/mutation.go

@@ -950,7 +950,7 @@ func (r *Resolver) UpdateUserPassword(ctx context.Context, args struct {
 		return nil, err
 	}
 
-	if !utils.CheckPasswordHash(args.Input.OldPassword, dbUser.HashedPassword) {
+	if !utils.CheckPasswordHash(args.Input.OldPassword, string(dbUser.HashedPassword)) {
 		r.App.GetAuditLogger().Audit(audit.PasswordResetAttemptFailedMismatch, map[string]any{"user": dbUser.Email})
 
 		return NewUpdatePasswordPayload(nil, map[string]string{

core/web/resolver/user_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
+	"github.com/smartcontractkit/chainlink-common/pkg/config"
 	"github.com/smartcontractkit/chainlink/v2/core/utils"
 	"github.com/smartcontractkit/chainlink/v2/core/web/auth"
 )
@@ -53,7 +54,7 @@ func TestResolver_UpdateUserPassword(t *testing.T) {
 				pwd, err := utils.HashPassword(oldPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("SetPassword", mock.Anything, session.User, "new").Return(nil)
@@ -108,7 +109,7 @@ func TestResolver_UpdateUserPassword(t *testing.T) {
 				pwd, err := utils.HashPassword(oldPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("ClearNonCurrentSessions", mock.Anything, session.SessionID).Return(
@@ -139,7 +140,7 @@ func TestResolver_UpdateUserPassword(t *testing.T) {
 				pwd, err := utils.HashPassword(oldPassword)
 				require.NoError(t, err)
 
-				session.User.HashedPassword = pwd
+				session.User.HashedPassword = *config.NewSecretString(pwd)
 
 				f.Mocks.authProvider.On("FindUser", mock.Anything, session.User.Email).Return(*session.User, nil)
 				f.Mocks.authProvider.On("ClearNonCurrentSessions", mock.Anything, session.SessionID).Return(nil)

core/web/user_controller.go

@@ -222,7 +222,7 @@ func (u *UserController) UpdatePassword(c *gin.Context) {
 		jsonAPIError(c, http.StatusInternalServerError, errors.New("unable to update password"))
 		return
 	}
-	if !utils.CheckPasswordHash(request.OldPassword, user.HashedPassword) {
+	if !utils.CheckPasswordHash(request.OldPassword, string(user.HashedPassword)) {
 		u.App.GetAuditLogger().Audit(audit.PasswordResetAttemptFailedMismatch, map[string]any{"user": user.Email})
 		jsonAPIError(c, http.StatusConflict, errors.New("old password does not match"))
 		return