Skip to content

Commit

Permalink
feat: Add support for Password Check through the private_password_lea…
Browse files Browse the repository at this point in the history
…k_verification field in the reCAPTCHA Assessment (#376)

* feat: Add support for Password Check through the private_password_leak_verification field in the reCAPTCHA Assessment

PiperOrigin-RevId: 449202953

Source-Link: googleapis/googleapis@e2ed48f

Source-Link: googleapis/googleapis-gen@82f55ea
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiODJmNTVlYTE0MzVkYTZkNjljOGNlYjBhMzNmODYzZDFmZDZhNDg0ZSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
gcf-owl-bot[bot] and gcf-owl-bot[bot] authored May 18, 2022
1 parent 24b1643 commit 12099ca
Show file tree
Hide file tree
Showing 11 changed files with 662 additions and 154 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1";
// Service to determine the likelihood an event is legitimate.
service RecaptchaEnterpriseService {
option (google.api.default_host) = "recaptchaenterprise.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";

// Creates an Assessment of the likelihood an event is legitimate.
rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) {
Expand All @@ -49,7 +50,8 @@ service RecaptchaEnterpriseService {

// Annotates a previously created Assessment to provide additional information
// on whether the event turned out to be authentic or fraudulent.
rpc AnnotateAssessment(AnnotateAssessmentRequest) returns (AnnotateAssessmentResponse) {
rpc AnnotateAssessment(AnnotateAssessmentRequest)
returns (AnnotateAssessmentResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/assessments/*}:annotate"
body: "*"
Expand Down Expand Up @@ -117,23 +119,28 @@ service RecaptchaEnterpriseService {
}

// List groups of related accounts.
rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest) returns (ListRelatedAccountGroupsResponse) {
rpc ListRelatedAccountGroups(ListRelatedAccountGroupsRequest)
returns (ListRelatedAccountGroupsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*}/relatedaccountgroups"
};
option (google.api.method_signature) = "parent";
}

// Get the memberships in a group of related accounts.
rpc ListRelatedAccountGroupMemberships(ListRelatedAccountGroupMembershipsRequest) returns (ListRelatedAccountGroupMembershipsResponse) {
rpc ListRelatedAccountGroupMemberships(
ListRelatedAccountGroupMembershipsRequest)
returns (ListRelatedAccountGroupMembershipsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/relatedaccountgroups/*}/memberships"
};
option (google.api.method_signature) = "parent";
}

// Search group memberships related to a given account.
rpc SearchRelatedAccountGroupMemberships(SearchRelatedAccountGroupMembershipsRequest) returns (SearchRelatedAccountGroupMembershipsResponse) {
rpc SearchRelatedAccountGroupMemberships(
SearchRelatedAccountGroupMembershipsRequest)
returns (SearchRelatedAccountGroupMembershipsResponse) {
option (google.api.http) = {
post: "/v1/{project=projects/*}/relatedaccountgroupmemberships:search"
body: "*"
Expand Down Expand Up @@ -234,26 +241,25 @@ message AnnotateAssessmentRequest {
}
];

// Optional. The annotation that will be assigned to the Event. This field can be left
// empty to provide reasons that apply to an event without concluding whether
// the event is legitimate or fraudulent.
// Optional. The annotation that will be assigned to the Event. This field can
// be left empty to provide reasons that apply to an event without concluding
// whether the event is legitimate or fraudulent.
Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional reasons for the annotation that will be assigned to the Event.
// Optional. Optional reasons for the annotation that will be assigned to the
// Event.
repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional unique stable hashed user identifier to apply to the assessment.
// This is an alternative to setting the hashed_account_id in
// Optional. Optional unique stable hashed user identifier to apply to the
// assessment. This is an alternative to setting the hashed_account_id in
// CreateAssessment, for example when the account identifier is not yet known
// in the initial request. It is recommended that the identifier is hashed
// using hmac-sha256 with stable secret.
bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL];
}

// Empty response for AnnotateAssessment.
message AnnotateAssessmentResponse {

}
message AnnotateAssessmentResponse {}

// A recaptcha assessment resource.
message Assessment {
Expand All @@ -273,36 +279,41 @@ message Assessment {
RiskAnalysis risk_analysis = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. Properties of the provided event token.
TokenProperties token_properties = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
TokenProperties token_properties = 4
[(google.api.field_behavior) = OUTPUT_ONLY];

// Assessment returned by Account Defender when a hashed_account_id is
// provided.
AccountDefenderAssessment account_defender_assessment = 6;

// Password leak verification info.
PrivatePasswordLeakVerification private_password_leak_verification = 7;
}

message Event {
// Optional. The user response token provided by the reCAPTCHA client-side integration
// on your site.
// Optional. The user response token provided by the reCAPTCHA client-side
// integration on your site.
string token = 1 [(google.api.field_behavior) = OPTIONAL];

// Optional. The site key that was used to invoke reCAPTCHA on your site and generate
// the token.
// Optional. The site key that was used to invoke reCAPTCHA on your site and
// generate the token.
string site_key = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. The user agent present in the request from the user's device related to
// this event.
// Optional. The user agent present in the request from the user's device
// related to this event.
string user_agent = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. The IP address in the request from the user's device related to this event.
// Optional. The IP address in the request from the user's device related to
// this event.
string user_ip_address = 4 [(google.api.field_behavior) = OPTIONAL];

// Optional. The expected action for this type of event. This should be the same action
// provided at token generation time on client-side platforms already
// integrated with recaptcha enterprise.
// Optional. The expected action for this type of event. This should be the
// same action provided at token generation time on client-side platforms
// already integrated with recaptcha enterprise.
string expected_action = 5 [(google.api.field_behavior) = OPTIONAL];

// Optional. Optional unique stable hashed user identifier for the request. The
// identifier should ideally be hashed using sha256 with stable secret.
// Optional. Optional unique stable hashed user identifier for the request.
// The identifier should ideally be hashed using sha256 with stable secret.
bytes hashed_account_id = 6 [(google.api.field_behavior) = OPTIONAL];
}

Expand Down Expand Up @@ -414,6 +425,31 @@ message AccountDefenderAssessment {
repeated AccountDefenderLabel labels = 1;
}

// Private password leak verification info.
message PrivatePasswordLeakVerification {
// Exactly 26-bit prefix of the SHA-256 hash of the canonicalized username. It
// is used to look up password leaks associated with that hash prefix.
bytes lookup_hash_prefix = 1 [(google.api.field_behavior) = OPTIONAL];

// Encrypted Scrypt hash of the canonicalized username+password. It is
// re-encrypted by the server and returned through
// `reencrypted_user_credentials_hash`.
bytes encrypted_user_credentials_hash = 2
[(google.api.field_behavior) = OPTIONAL];

// List of prefixes of the encrypted potential password leaks that matched the
// given parameters. They should be compared with the client-side decryption
// prefix of `reencrypted_user_credentials_hash`
repeated bytes encrypted_leak_match_prefixes = 3
[(google.api.field_behavior) = OUTPUT_ONLY];

// Corresponds to the re-encryption of the `encrypted_user_credentials_hash`
// field. Used to match potential password leaks within
// `encrypted_leak_match_prefixes`.
bytes reencrypted_user_credentials_hash = 4
[(google.api.field_behavior) = OUTPUT_ONLY];
}

// The create key request message.
message CreateKeyRequest {
// Required. The name of the project in which the key will be created, in the
Expand Down Expand Up @@ -476,9 +512,10 @@ message UpdateKeyRequest {
// Required. The key to update.
Key key = 1 [(google.api.field_behavior) = REQUIRED];

// Optional. The mask to control which fields of the key get updated. If the mask is not
// present, all fields will be updated.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The mask to control which fields of the key get updated. If the
// mask is not present, all fields will be updated.
google.protobuf.FieldMask update_mask = 2
[(google.api.field_behavior) = OPTIONAL];
}

// The delete key request message.
Expand Down Expand Up @@ -740,14 +777,14 @@ message ListRelatedAccountGroupMembershipsRequest {
}
];

// Optional. The maximum number of accounts to return. The service may return fewer than
// this value.
// If unspecified, at most 50 accounts will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
// Optional. The maximum number of accounts to return. The service may return
// fewer than this value. If unspecified, at most 50 accounts will be
// returned. The maximum value is 1000; values above 1000 will be coerced to
// 1000.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. A page token, received from a previous `ListRelatedAccountGroupMemberships`
// call.
// Optional. A page token, received from a previous
// `ListRelatedAccountGroupMemberships` call.
//
// When paginating, all other parameters provided to
// `ListRelatedAccountGroupMemberships` must match the call that provided the
Expand All @@ -767,23 +804,22 @@ message ListRelatedAccountGroupMembershipsResponse {

// The request message to list related account groups.
message ListRelatedAccountGroupsRequest {
// Required. The name of the project to list related account groups from, in the format
// "projects/{project}".
// Required. The name of the project to list related account groups from, in
// the format "projects/{project}".
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroup"
}
];

// Optional. The maximum number of groups to return. The service may return fewer than
// this value.
// If unspecified, at most 50 groups will be returned.
// Optional. The maximum number of groups to return. The service may return
// fewer than this value. If unspecified, at most 50 groups will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. A page token, received from a previous `ListRelatedAccountGroups` call.
// Provide this to retrieve the subsequent page.
// Optional. A page token, received from a previous `ListRelatedAccountGroups`
// call. Provide this to retrieve the subsequent page.
//
// When paginating, all other parameters provided to
// `ListRelatedAccountGroups` must match the call that provided the page
Expand All @@ -803,23 +839,22 @@ message ListRelatedAccountGroupsResponse {

// The request message to search related account group memberships.
message SearchRelatedAccountGroupMembershipsRequest {
// Required. The name of the project to search related account group memberships from,
// in the format "projects/{project}".
// Required. The name of the project to search related account group
// memberships from, in the format "projects/{project}".
string project = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "recaptchaenterprise.googleapis.com/RelatedAccountGroupMembership"
}
];

// Optional. The unique stable hashed user identifier we should search connections to.
// The identifier should correspond to a `hashed_account_id` provided in a
// previous CreateAssessment or AnnotateAssessment call.
// Optional. The unique stable hashed user identifier we should search
// connections to. The identifier should correspond to a `hashed_account_id`
// provided in a previous CreateAssessment or AnnotateAssessment call.
bytes hashed_account_id = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. The maximum number of groups to return. The service may return fewer than
// this value.
// If unspecified, at most 50 groups will be returned.
// Optional. The maximum number of groups to return. The service may return
// fewer than this value. If unspecified, at most 50 groups will be returned.
// The maximum value is 1000; values above 1000 will be coerced to 1000.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];

Expand Down
Loading

0 comments on commit 12099ca

Please sign in to comment.