fix: shorten email otp length (#513)

* fix: add migrations to hash email

* add email otp length to config

* remove email hash migration

* send email hash & otp in email link

* verify post should check for token hash

* fix verify tests

* fix tests

* update generate_link endpoint

* remove magic number

* use sum224 instead of md5

Author: kangmingtay

api/external.go

@@ -235,7 +235,7 @@ func (a *API) internalExternalProviderCallback(w http.ResponseWriter, r *http.Re
 				if !emailData.Verified && !config.Mailer.Autoconfirm {
 					mailer := a.Mailer(ctx)
 					referrer := a.getReferrer(r)
-					if terr = sendConfirmation(tx, user, mailer, config.SMTP.MaxFrequency, referrer); terr != nil {
+					if terr = sendConfirmation(tx, user, mailer, config.SMTP.MaxFrequency, referrer, config.Mailer.OtpLength); terr != nil {
 						if errors.Is(terr, MaxFrequencyLimitError) {
 							return tooManyRequestsError("For security purposes, you can only request this once every minute")
 						}

api/invite.go

@@ -17,6 +17,7 @@ type InviteParams struct {
 // Invite is the endpoint for inviting a new user
 func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
 	ctx := r.Context()
+	config := a.getConfig(ctx)
 	instanceID := getInstanceID(ctx)
 	adminUser := getAdminUser(ctx)
 	params := &InviteParams{}
@@ -64,7 +65,7 @@ func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
 
 		mailer := a.Mailer(ctx)
 		referrer := a.getReferrer(r)
-		if err := sendInvite(tx, user, mailer, referrer); err != nil {
+		if err := sendInvite(tx, user, mailer, referrer, config.Mailer.OtpLength); err != nil {
 			return internalServerError("Error inviting user").WithInternalError(err)
 		}
 		return nil

api/invite_test.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -126,6 +127,7 @@ func (ts *InviteTestSuite) TestVerifyInvite() {
 			"Verify invite with password",
 			"[email protected]",
 			map[string]interface{}{
+				"email":    "[email protected]",
 				"type":     "invite",
 				"token":    "asdf",
 				"password": "testing",
@@ -136,6 +138,7 @@ func (ts *InviteTestSuite) TestVerifyInvite() {
 			"Verify invite with no password",
 			"[email protected]",
 			map[string]interface{}{
+				"email": "[email protected]",
 				"type":  "invite",
 				"token": "asdf",
 			},
@@ -150,7 +153,7 @@ func (ts *InviteTestSuite) TestVerifyInvite() {
 			user.InvitedAt = &now
 			user.ConfirmationSentAt = &now
 			user.EncryptedPassword = ""
-			user.ConfirmationToken = c.requestBody["token"].(string)
+			user.ConfirmationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(c.email+c.requestBody["token"].(string))))
 			require.NoError(ts.T(), err)
 			require.NoError(ts.T(), ts.API.db.Create(user))
 

api/magic_link.go

@@ -82,7 +82,7 @@ func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error {
 
 		mailer := a.Mailer(ctx)
 		referrer := a.getReferrer(r)
-		return a.sendMagicLink(tx, user, mailer, config.SMTP.MaxFrequency, referrer)
+		return a.sendMagicLink(tx, user, mailer, config.SMTP.MaxFrequency, referrer, config.Mailer.OtpLength)
 	})
 	if err != nil {
 		if errors.Is(err, MaxFrequencyLimitError) {

api/mail.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"context"
+	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -14,7 +15,6 @@ import (
 	"github.com/netlify/gotrue/storage"
 	"github.com/pkg/errors"
 	"github.com/sethvargo/go-password/password"
-	"github.com/sirupsen/logrus"
 )
 
 var (
@@ -69,14 +69,18 @@ func (a *API) GenerateLink(w http.ResponseWriter, r *http.Request) error {
 	var url string
 	referrer := a.getRedirectURLOrReferrer(r, params.RedirectTo)
 	now := time.Now()
+	otp, err := crypto.GenerateOtp(config.Mailer.OtpLength)
+	if err != nil {
+		return err
+	}
 	err = a.db.Transaction(func(tx *storage.Connection) error {
 		var terr error
 		switch params.Type {
 		case "magiclink", "recovery":
 			if terr = models.NewAuditLogEntry(tx, instanceID, user, models.UserRecoveryRequestedAction, "", nil); terr != nil {
 				return terr
 			}
-			user.RecoveryToken = crypto.SecureToken()
+			user.RecoveryToken = fmt.Sprintf("%x", sha256.Sum224([]byte(user.GetEmail()+otp)))
 			user.RecoverySentAt = &now
 			terr = errors.Wrap(tx.UpdateOnly(user, "recovery_token", "recovery_sent_at"), "Database error updating user for recovery")
 		case "invite":
@@ -102,7 +106,7 @@ func (a *API) GenerateLink(w http.ResponseWriter, r *http.Request) error {
 			}); terr != nil {
 				return terr
 			}
-			user.ConfirmationToken = crypto.SecureToken()
+			user.ConfirmationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(user.GetEmail()+otp)))
 			user.ConfirmationSentAt = &now
 			user.InvitedAt = &now
 			terr = errors.Wrap(tx.UpdateOnly(user, "confirmation_token", "confirmation_sent_at", "invited_at"), "Database error updating user for invite")
@@ -133,7 +137,7 @@ func (a *API) GenerateLink(w http.ResponseWriter, r *http.Request) error {
 					return terr
 				}
 			}
-			user.ConfirmationToken = crypto.SecureToken()
+			user.ConfirmationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(user.GetEmail()+otp)))
 			user.ConfirmationSentAt = &now
 			terr = errors.Wrap(tx.UpdateOnly(user, "confirmation_token", "confirmation_sent_at"), "Database error updating user for confirmation")
 		default:
@@ -168,34 +172,36 @@ func (a *API) GenerateLink(w http.ResponseWriter, r *http.Request) error {
 	return sendJSON(w, http.StatusOK, resp)
 }
 
-func sendConfirmation(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string) error {
+func sendConfirmation(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string, otpLength int) error {
 	var err error
 	if u.ConfirmationSentAt != nil && !u.ConfirmationSentAt.Add(maxFrequency).Before(time.Now()) {
 		return MaxFrequencyLimitError
 	}
 	oldToken := u.ConfirmationToken
-	u.ConfirmationToken, err = generateUniqueEmailOtp(tx, confirmationToken)
+	otp, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		return err
 	}
+	u.ConfirmationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otp)))
 	now := time.Now()
-	if err := mailer.ConfirmationMail(u, referrerURL); err != nil {
+	if err := mailer.ConfirmationMail(u, otp, referrerURL); err != nil {
 		u.ConfirmationToken = oldToken
 		return errors.Wrap(err, "Error sending confirmation email")
 	}
 	u.ConfirmationSentAt = &now
 	return errors.Wrap(tx.UpdateOnly(u, "confirmation_token", "confirmation_sent_at"), "Database error updating user for confirmation")
 }
 
-func sendInvite(tx *storage.Connection, u *models.User, mailer mailer.Mailer, referrerURL string) error {
+func sendInvite(tx *storage.Connection, u *models.User, mailer mailer.Mailer, referrerURL string, otpLength int) error {
 	var err error
 	oldToken := u.ConfirmationToken
-	u.ConfirmationToken, err = generateUniqueEmailOtp(tx, confirmationToken)
+	otp, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		return err
 	}
+	u.ConfirmationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otp)))
 	now := time.Now()
-	if err := mailer.InviteMail(u, referrerURL); err != nil {
+	if err := mailer.InviteMail(u, otp, referrerURL); err != nil {
 		u.ConfirmationToken = oldToken
 		return errors.Wrap(err, "Error sending invite email")
 	}
@@ -204,60 +210,66 @@ func sendInvite(tx *storage.Connection, u *models.User, mailer mailer.Mailer, re
 	return errors.Wrap(tx.UpdateOnly(u, "confirmation_token", "confirmation_sent_at", "invited_at"), "Database error updating user for invite")
 }
 
-func (a *API) sendPasswordRecovery(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string) error {
+func (a *API) sendPasswordRecovery(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string, otpLength int) error {
 	var err error
 	if u.RecoverySentAt != nil && !u.RecoverySentAt.Add(maxFrequency).Before(time.Now()) {
 		return MaxFrequencyLimitError
 	}
 
 	oldToken := u.RecoveryToken
-	u.RecoveryToken, err = generateUniqueEmailOtp(tx, recoveryToken)
+	otp, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		return err
 	}
+	u.RecoveryToken = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otp)))
 	now := time.Now()
-	if err := mailer.RecoveryMail(u, referrerURL); err != nil {
+	if err := mailer.RecoveryMail(u, otp, referrerURL); err != nil {
 		u.RecoveryToken = oldToken
 		return errors.Wrap(err, "Error sending recovery email")
 	}
 	u.RecoverySentAt = &now
 	return errors.Wrap(tx.UpdateOnly(u, "recovery_token", "recovery_sent_at"), "Database error updating user for recovery")
 }
 
-func (a *API) sendReauthenticationOtp(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration) error {
+func (a *API) sendReauthenticationOtp(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, otpLength int) error {
 	var err error
 	if u.ReauthenticationSentAt != nil && !u.ReauthenticationSentAt.Add(maxFrequency).Before(time.Now()) {
 		return MaxFrequencyLimitError
 	}
 
 	oldToken := u.ReauthenticationToken
-	u.ReauthenticationToken, err = generateUniqueEmailOtp(tx, reauthenticationToken)
+	otp, err := crypto.GenerateOtp(otpLength)
+	if err != nil {
+		return err
+	}
+	u.ReauthenticationToken = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otp)))
 	if err != nil {
 		return err
 	}
 	now := time.Now()
-	if err := mailer.ReauthenticateMail(u); err != nil {
+	if err := mailer.ReauthenticateMail(u, otp); err != nil {
 		u.ReauthenticationToken = oldToken
 		return errors.Wrap(err, "Error sending reauthentication email")
 	}
 	u.ReauthenticationSentAt = &now
 	return errors.Wrap(tx.UpdateOnly(u, "reauthentication_token", "reauthentication_sent_at"), "Database error updating user for reauthentication")
 }
 
-func (a *API) sendMagicLink(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string) error {
+func (a *API) sendMagicLink(tx *storage.Connection, u *models.User, mailer mailer.Mailer, maxFrequency time.Duration, referrerURL string, otpLength int) error {
 	var err error
 	// since Magic Link is just a recovery with a different template and behaviour
 	// around new users we will reuse the recovery db timer to prevent potential abuse
 	if u.RecoverySentAt != nil && !u.RecoverySentAt.Add(maxFrequency).Before(time.Now()) {
 		return MaxFrequencyLimitError
 	}
 	oldToken := u.RecoveryToken
-	u.RecoveryToken, err = generateUniqueEmailOtp(tx, recoveryToken)
+	otp, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		return err
 	}
+	u.RecoveryToken = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otp)))
 	now := time.Now()
-	if err := mailer.MagicLinkMail(u, referrerURL); err != nil {
+	if err := mailer.MagicLinkMail(u, otp, referrerURL); err != nil {
 		u.RecoveryToken = oldToken
 		return errors.Wrap(err, "Error sending magic link email")
 	}
@@ -266,22 +278,29 @@ func (a *API) sendMagicLink(tx *storage.Connection, u *models.User, mailer maile
 }
 
 // sendEmailChange sends out an email change token to the new email.
-func (a *API) sendEmailChange(tx *storage.Connection, config *conf.Configuration, u *models.User, mailer mailer.Mailer, email string, referrerURL string) error {
+func (a *API) sendEmailChange(tx *storage.Connection, config *conf.Configuration, u *models.User, mailer mailer.Mailer, email string, referrerURL string, otpLength int) error {
 	var err error
-	u.EmailChangeTokenNew, err = generateUniqueEmailOtp(tx, emailChangeTokenNew)
+	otpNew, err := crypto.GenerateOtp(otpLength)
 	if err != nil {
 		return err
 	}
+	u.EmailChangeTokenNew = fmt.Sprintf("%x", sha256.Sum224([]byte(u.EmailChange+otpNew)))
+
+	otpCurrent := ""
 	if config.Mailer.SecureEmailChangeEnabled && u.GetEmail() != "" {
-		u.EmailChangeTokenCurrent, err = generateUniqueEmailOtp(tx, emailChangeTokenCurrent)
+		otpCurrent, err = crypto.GenerateOtp(otpLength)
+		if err != nil {
+			return err
+		}
+		u.EmailChangeTokenCurrent = fmt.Sprintf("%x", sha256.Sum224([]byte(u.GetEmail()+otpCurrent)))
 		if err != nil {
 			return err
 		}
 	}
 	u.EmailChange = email
 	u.EmailChangeConfirmStatus = zeroConfirmation
 	now := time.Now()
-	if err := mailer.EmailChangeMail(u, referrerURL); err != nil {
+	if err := mailer.EmailChangeMail(u, otpNew, otpCurrent, referrerURL); err != nil {
 		return err
 	}
 
@@ -306,30 +325,3 @@ func (a *API) validateEmail(ctx context.Context, email string) error {
 	}
 	return nil
 }
-
-// generateUniqueEmailOtp returns a unique otp
-func generateUniqueEmailOtp(tx *storage.Connection, tokenType tokenType) (string, error) {
-	maxRetries := 5
-	otpLength := 20
-	var otp string
-	var err error
-	for i := 0; i < maxRetries; i++ {
-		otp, err = crypto.GenerateEmailOtp(otpLength)
-		if err != nil {
-			return "", err
-		}
-		_, err = models.FindUserByTokenAndTokenType(tx, otp, string(tokenType))
-		if err != nil {
-			if models.IsNotFoundError(err) {
-				return otp, nil
-			}
-			return "", err
-		}
-		logrus.Warn("otp generated is not unique, retrying.")
-		err = errors.New("Could not generate a unique email otp")
-	}
-	if err != nil {
-		return "", err
-	}
-	return "", errors.New("Could not generate a unique email otp")
-}

api/phone.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"context"
+	"crypto/sha256"
 	"fmt"
 	"regexp"
 	"strings"
@@ -77,13 +78,13 @@ func (a *API) sendPhoneConfirmation(ctx context.Context, tx *storage.Connection,
 	if err != nil {
 		return internalServerError("error generating otp").WithInternalError(err)
 	}
-	*token = otp
+	*token = fmt.Sprintf("%x", sha256.Sum224([]byte(phone+otp)))
 
 	var message string
 	if config.Sms.Template == "" {
-		message = fmt.Sprintf(defaultSmsMessage, *token)
+		message = fmt.Sprintf(defaultSmsMessage, otp)
 	} else {
-		message = strings.Replace(config.Sms.Template, "{{ .Code }}", *token, -1)
+		message = strings.Replace(config.Sms.Template, "{{ .Code }}", otp, -1)
 	}
 
 	if serr := smsProvider.SendSms(phone, message); serr != nil {

api/reauthenticate.go

@@ -1,7 +1,9 @@
 package api
 
 import (
+	"crypto/sha256"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"github.com/gofrs/uuid"
@@ -54,7 +56,7 @@ func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error {
 		}
 		if email != "" {
 			mailer := a.Mailer(ctx)
-			return a.sendReauthenticationOtp(tx, user, mailer, config.SMTP.MaxFrequency)
+			return a.sendReauthenticationOtp(tx, user, mailer, config.SMTP.MaxFrequency, config.Mailer.OtpLength)
 		} else if phone != "" {
 			smsProvider, terr := sms_provider.GetSmsProvider(*config)
 			if terr != nil {
@@ -81,9 +83,11 @@ func (a *API) verifyReauthentication(nonce string, tx *storage.Connection, confi
 	}
 	var isValid bool
 	if user.GetEmail() != "" {
-		isValid = isOtpValid(nonce, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Mailer.OtpExp)
+		tokenHash := fmt.Sprintf("%x", sha256.Sum224([]byte(user.GetEmail()+nonce)))
+		isValid = isOtpValid(tokenHash, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Mailer.OtpExp)
 	} else if user.GetPhone() != "" {
-		isValid = isOtpValid(nonce, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Sms.OtpExp)
+		tokenHash := fmt.Sprintf("%x", sha256.Sum224([]byte(user.GetPhone()+nonce)))
+		isValid = isOtpValid(tokenHash, user.ReauthenticationToken, user.ReauthenticationSentAt, config.Sms.OtpExp)
 	} else {
 		return unprocessableEntityError("Reauthentication requires an email or a phone number")
 	}

api/recover.go

@@ -51,7 +51,7 @@ func (a *API) Recover(w http.ResponseWriter, r *http.Request) error {
 		}
 		mailer := a.Mailer(ctx)
 		referrer := a.getReferrer(r)
-		return a.sendPasswordRecovery(tx, user, mailer, config.SMTP.MaxFrequency, referrer)
+		return a.sendPasswordRecovery(tx, user, mailer, config.SMTP.MaxFrequency, referrer, config.Mailer.OtpLength)
 	})
 	if err != nil {
 		if errors.Is(err, MaxFrequencyLimitError) {

api/signup.go

@@ -132,7 +132,7 @@ func (a *API) Signup(w http.ResponseWriter, r *http.Request) error {
 				}); terr != nil {
 					return terr
 				}
-				if terr = sendConfirmation(tx, user, mailer, config.SMTP.MaxFrequency, referrer); terr != nil {
+				if terr = sendConfirmation(tx, user, mailer, config.SMTP.MaxFrequency, referrer, config.Mailer.OtpLength); terr != nil {
 					if errors.Is(terr, MaxFrequencyLimitError) {
 						now := time.Now()
 						left := user.ConfirmationSentAt.Add(config.SMTP.MaxFrequency).Sub(now) / time.Second