Skip to content

Commit

Permalink
feat: Add support for Password Check through the private_password_lea…
Browse files Browse the repository at this point in the history
…k_verification field in the reCAPTCHA Assessment (googleapis#376)

* feat: Add support for Password Check through the private_password_leak_verification field in the reCAPTCHA Assessment

PiperOrigin-RevId: 449202953

Source-Link: googleapis/googleapis@e2ed48f

Source-Link: https://github.com/googleapis/googleapis-gen/commit/82f55ea1435da6d69c8ceb0a33f863d1fd6a484e
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiODJmNTVlYTE0MzVkYTZkNjljOGNlYjBhMzNmODYzZDFmZDZhNDg0ZSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
gcf-owl-bot[bot] and gcf-owl-bot[bot] authored May 18, 2022
1 parent 4042ae2 commit 7c1583c
Show file tree
Hide file tree
Showing 11 changed files with 662 additions and 154 deletions.
137 changes: 86 additions & 51 deletions protos/google/cloud/recaptchaenterprise/v1/recaptchaenterprise.proto
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1";
// Service to determine the likelihood an event is legitimate.
service RecaptchaEnterpriseService {
option (google.api.default_host) = "recaptchaenterprise.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";

// Creates an Assessment of the likelihood an event is legitimate.
rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) {
Expand All @@ -49,7 +50,8 @@ service RecaptchaEnterpriseService {

// Annotates a previously created Assessment to provide additional information
// on whether the event turned out to be authentic or fraudulent.
rpc AnnotateAssessment(AnnotateAssessmentRequest) returns (AnnotateAssessmentResponse) {
rpc AnnotateAssessment(AnnotateAssessmentRequest)
returns (AnnotateAssessmentResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/assessments/*}:annotate"
body: "*"
Expand Down Expand Up @@ -117,23 +119,28 @@ service RecaptchaEnterpriseService {
}

// List groups of related accounts.
rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest) returns (ListRelatedAccountGroupsResponse) {
rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest)
returns (ListRelatedAccountGroupsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*}/relatedaccountgroups"
};
option (google.api.method_signature) = "parent";
}

// Get the memberships in a group of related accounts.
rpc ListRelatedAccountGroupMemberships(ListRelatedAccountGroupMembershipsRequest) returns (ListRelatedAccountGroupMembershipsResponse) {
rpc ListRelatedAccountGroupMemberships(
ListRelatedAccountGroupMembershipsRequest)
returns (ListRelatedAccountGroupMembershipsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/relatedaccountgroups/*}/memberships"
};
option (google.api.method_signature) = "parent";
}

// Search group memberships related to a given account.
rpc SearchRelatedAccountGroupMemberships(SearchRelatedAccountGroupMembershipsRequest) returns (SearchRelatedAccountGroupMembershipsResponse) {
rpc SearchRelatedAccountGroupMemberships(
SearchRelatedAccountGroupMembershipsRequest)
returns (SearchRelatedAccountGroupMembershipsResponse) {
option (google.api.http) = {
post: "/v1/{project=projects/*}/relatedaccountgroupmemberships:search"
body: "*"
Expand Down Expand Up @@ -234,26 +241,25 @@ message AnnotateAssessmentRequest {
}
];

// Optional. The annotation that will be assigned to the Event. This field can be left
// empty to provide reasons that apply to an event without concluding whether
// the event is legitimate or fraudulent.
// Optional. The annotation that will be assigned to the Event. This field can
// be left empty to provide reasons that apply to an event without concluding
// whether the event is legitimate or fraudulent.
Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional reasons for the annotation that will be assigned to the Event.
// Optional. Optional reasons for the annotation that will be assigned to the
// Event.
repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional unique stable hashed user identifier to apply to the assessment.
// This is an alternative to setting the hashed_account_id in
// Optional. Optional unique stable hashed user identifier to apply to the
// assessment. This is an alternative to setting the hashed_account_id in
// CreateAssessment, for example when the account identifier is not yet known
// in the initial request. It is recommended that the identifier is hashed
// using hmac-sha256 with stable secret.
bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL];
}

// Empty response for AnnotateAssessment.
message AnnotateAssessmentResponse {

}
message AnnotateAssessmentResponse {}

// A recaptcha assessment resource.
message Assessment {
Expand All @@ -273,36 +279,41 @@ message Assessment {
RiskAnalysis risk_analysis = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. Properties of the provided event token.
TokenProperties token_properties = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
TokenProperties token_properties = 4
[(google.api.field_behavior) = OUTPUT_ONLY];

// Assessment returned by Account Defender when a hashed_account_id is
// provided.
AccountDefenderAssessment account_defender_assessment = 6;

// Password leak verification info.
PrivatePasswordLeakVerification private_password_leak_verification = 7;
}

message Event {
// Optional. The user response token provided by the reCAPTCHA client-side integration
// on your site.
// Optional. The user response token provided by the reCAPTCHA client-side
// integration on your site.
string token = 1 [(google.api.field_behavior) = OPTIONAL];

// Optional. The site key that was used to invoke reCAPTCHA on your site and generate
// the token.
// Optional. The site key that was used to invoke reCAPTCHA on your site and
// generate the token.
string site_key = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. The user agent present in the request from the user's device related to
// this event.
// Optional. The user agent present in the request from the user's device
// related to this event.
string user_agent = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. The IP address in the request from the user's device related to this event.
// Optional. The IP address in the request from the user's device related to
// this event.
string user_ip_address = 4 [(google.api.field_behavior) = OPTIONAL];

// Optional. The expected action for this type of event. This should be the same action
// provided at token generation time on client-side platforms already
// integrated with recaptcha enterprise.
// Optional. The expected action for this type of event. This should be the
// same action provided at token generation time on client-side platforms
// already integrated with recaptcha enterprise.
string expected_action = 5 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional unique stable hashed user identifier for the request. The
// identifier should ideally be hashed using sha256 with stable secret.
// Optional. Optional unique stable hashed user identifier for the request.
// The identifier should ideally be hashed using sha256 with stable secret.
bytes hashed_account_id = 6 [(google.api.field_behavior) = OPTIONAL];
}

Expand Down Expand Up @@ -414,6 +425,31 @@ message AccountDefenderAssessment {
repeated AccountDefenderLabel labels = 1;
}

// Private password leak verification info.
message PrivatePasswordLeakVerification {
// Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It
// is used to look up password leaks associated with that hash prefix.
bytes lookup_hash_prefix = 1 [(google.api.field_behavior) = OPTIONAL];

// Encrypted Scrypt hash of the canonicalized username+password. It is
// re-encrypted by the server and returned through
// `reencrypted_user_credentials_hash`.
bytes encrypted_user_credentials_hash = 2
[(google.api.field_behavior) = OPTIONAL];

// List of prefixes of the encrypted potential password leaks that matched the
// given parameters. They should be compared with the client-side decryption
// prefix of `reencrypted_user_credentials_hash`
repeated bytes encrypted_leak_match_prefixes = 3
[(google.api.field_behavior) = OUTPUT_ONLY];

// Corresponds to the re-encryption of the `encrypted_user_credentials_hash`
// field. Used to match potential password leaks within
// `encrypted_leak_match_prefixes`.
bytes reencrypted_user_credentials_hash = 4
[(google.api.field_behavior) = OUTPUT_ONLY];
}

// The create key request message.
message CreateKeyRequest {
// Required. The name of the project in which the key will be created, in the
Expand Down Expand Up @@ -476,9 +512,10 @@ message UpdateKeyRequest {
// Required. The key to update.
Key key = 1 [(google.api.field_behavior) = REQUIRED];

// Optional. The mask to control which fields of the key get updated. If the mask is not
// present, all fields will be updated.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The mask to control which fields of the key get updated. If the
// mask is not present, all fields will be updated.
google.protobuf.FieldMask update_mask = 2
[(google.api.field_behavior) = OPTIONAL];
}

// The delete key request message.
Expand Down Expand Up @@ -740,14 +777,14 @@ message ListRelatedAccountGroupMembershipsRequest {
}
];

// Optional. The maximum number of accounts to return. The service may return fewer than
// this value.
// If unspecified, at most 50 accounts will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
// Optional. The maximum number of accounts to return. The service may return
// fewer than this value. If unspecified, at most 50 accounts will be
// returned. The maximum value is 1000; values above 1000 will be coerced to
// 1000.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. A page token, received from a previous `ListRelatedAccountGroupMemberships`
// call.
// Optional. A page token, received from a previous
// `ListRelatedAccountGroupMemberships` call.
//
// When paginating, all other parameters provided to
// `ListRelatedAccountGroupMemberships` must match the call that provided the
Expand All @@ -767,23 +804,22 @@ message ListRelatedAccountGroupMembershipsResponse {

// The request message to list related account groups.
message ListRelatedAccountGroupsRequest {
// Required. The name of the project to list related account groups from, in the format
// "projects/{project}".
// Required. The name of the project to list related account groups from, in
// the format "projects/{project}".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup"
}
];

// Optional. The maximum number of groups to return. The service may return fewer than
// this value.
// If unspecified, at most 50 groups will be returned.
// Optional. The maximum number of groups to return. The service may return
// fewer than this value. If unspecified, at most 50 groups will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. A page token, received from a previous `ListRelatedAccountGroups` call.
// Provide this to retrieve the subsequent page.
// Optional. A page token, received from a previous `ListRelatedAccountGroups`
// call. Provide this to retrieve the subsequent page.
//
// When paginating, all other parameters provided to
// `ListRelatedAccountGroups` must match the call that provided the page
Expand All @@ -803,23 +839,22 @@ message ListRelatedAccountGroupsResponse {

// The request message to search related account group memberships.
message SearchRelatedAccountGroupMembershipsRequest {
// Required. The name of the project to search related account group memberships from,
// in the format "projects/{project}".
// Required. The name of the project to search related account group
// memberships from, in the format "projects/{project}".
string project = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership"
}
];

// Optional. The unique stable hashed user identifier we should search connections to.
// The identifier should correspond to a `hashed_account_id` provided in a
// previous CreateAssessment or AnnotateAssessment call.
// Optional. The unique stable hashed user identifier we should search
// connections to. The identifier should correspond to a `hashed_account_id`
// provided in a previous CreateAssessment or AnnotateAssessment call.
bytes hashed_account_id = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. The maximum number of groups to return. The service may return fewer than
// this value.
// If unspecified, at most 50 groups will be returned.
// Optional. The maximum number of groups to return. The service may return
// fewer than this value. If unspecified, at most 50 groups will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];

Expand Down
Loading

0 comments on commit 7c1583c

Please sign in to comment.