alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/backend
History
goose cdbf6f4523 feat(backend): Implement password recovery with zero-knowledge phrases 
Phase 2.4 - Password Recovery Feature

Features implemented:
- Zero-knowledge password recovery using recovery phrases
- Recovery phrases hashed with PBKDF2 (same as passwords)
- Setup recovery phrase endpoint (protected)
- Verify recovery phrase endpoint (public)
- Reset password with recovery phrase endpoint (public)
- Token invalidation on password reset
- Email verification stub fields added to User model

New API endpoints:
- POST /api/auth/recovery/setup (protected)
- POST /api/auth/recovery/verify (public)
- POST /api/auth/recovery/reset-password (public)

User model updates:
- recovery_phrase_hash field
- recovery_enabled field
- email_verified field (stub)
- verification_token field (stub)
- verification_expires field (stub)

Security features:
- Zero-knowledge proof (server never sees plaintext)
- Current password required to set/update phrase
- All tokens invalidated on password reset
- Token version incremented on password change

Files modified:
- backend/src/models/user.rs
- backend/src/handlers/auth.rs
- backend/src/main.rs
- backend/src/auth/jwt.rs

Documentation:
- backend/PASSWORD-RECOVERY-IMPLEMENTED.md
- backend/test-password-recovery.sh
- backend/PHASE-2.4-TODO.md (updated progress)
2026-02-15 18:12:10 -03:00
..
config Phase 2.1: Backend project initialized with Docker configuration 2026-02-14 15:30:06 -03:00
docker chore: Clean up temporary docs and start Phase 2.4 2026-02-15 16:33:36 -03:00
scripts chore: Clean up temporary docs and start Phase 2.4 2026-02-15 16:33:36 -03:00
src feat(backend): Implement password recovery with zero-knowledge phrases 2026-02-15 18:12:10 -03:00
tests Phase 2.3: JWT Authentication implementation 2026-02-14 20:03:11 -03:00
.dockerignore Config: Change server port to 6800 and remove Cargo.lock dependency 2026-02-15 09:48:11 -03:00
.env.example Phase 2.1: Backend project initialized with Docker configuration 2026-02-14 15:30:06 -03:00
API-TEST-GUIDE.md feat(api): Add API testing script and quick test guide 2026-02-15 15:28:04 -03:00
Cargo.toml Phase 2.3: Complete JWT Authentication with token rotation and revocation 2026-02-15 09:05:34 -03:00
defaults.env Phase 2.1: Backend project initialized with Docker configuration 2026-02-14 15:30:06 -03:00
docker-compose.dev.yml chore: Clean up temporary docs and start Phase 2.4 2026-02-15 16:33:36 -03:00
docker-compose.yml Config: Change server port to 6800 and remove Cargo.lock dependency 2026-02-15 09:48:11 -03:00
PASSWORD-RECOVERY-IMPLEMENTED.md feat(backend): Implement password recovery with zero-knowledge phrases 2026-02-15 18:12:10 -03:00
PHASE-2.4-TODO.md docs: Add Phase 2.4 TODO list with implementation plan 2026-02-15 16:33:36 -03:00
test-password-recovery.sh feat(backend): Implement password recovery with zero-knowledge phrases 2026-02-15 18:12:10 -03:00