feat: make Argon2 parameters configurable for faster test execution#239
Merged
Conversation
This change makes Argon2 password hashing parameters (memory, iterations, parallelism) configurable through PasswordConfig, with weak defaults in test environments for dramatically faster test execution. ## Changes - Added `argon2_memory_kib`, `argon2_iterations`, and `argon2_parallelism` to `PasswordConfig` (defaults: 19MB, 2 iterations, 1 thread for production) - Test config uses weak params (128KB, 1 iteration) for fast execution - Updated all password hashing calls to use configurable parameters - Added `hash_string_with_params()` function to accept custom Argon2 params ## Performance Impact Auth test suite with coverage: - Before (19MB, 2 iter): 15.38s - After (128KB, 1 iter): 0.67s - **23x faster** test execution with coverage This resolves the issue where `cargo llvm-cov` was significantly slower than `cargo test` due to instrumenting Argon2's internal hashing loops. Tests now run faster even with coverage enabled. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
|
🚅 Environment control-layer-pr-239 in industrious-light has no services deployed. |
railway-app
Bot
temporarily deployed
to
control-layer (industrious-light / control-layer-pr-239)
fergusfinn
commented
Nov 26, 2025
Contributor
|
@fergusfinn I've opened a new pull request, #240, to work on those changes. Once the pull request is ready, I'll request review from you. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces configurable Argon2 password hashing parameters to dramatically improve test execution speed while maintaining secure defaults for production. The test suite now runs in 0.67s (down from 15.38s) by using weak hashing parameters (128KB memory, 1 iteration) instead of production defaults (19MB, 2 iterations).
Key changes:
- Added three configurable Argon2 parameters to
PasswordConfig:argon2_memory_kib,argon2_iterations, andargon2_parallelism - Introduced
Argon2Paramsstruct andhash_string_with_paramsfunction for explicit parameter control - Updated all password hashing call sites to pass configuration-based parameters
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
dwctl/src/auth/password.rs |
Adds Argon2Params struct and parameterized hashing functions, maintaining backward compatibility with hash_string() |
dwctl/src/config.rs |
Extends PasswordConfig with Argon2 parameters using secure production defaults (19MB, 2 iterations) |
dwctl/src/test_utils.rs |
Configures weak Argon2 parameters (128KB, 1 iteration) for fast test execution |
dwctl/src/lib.rs |
Updates create_initial_admin_user to accept Argon2Params and use config values; updates test calls with weak params |
dwctl/src/api/handlers/auth.rs |
Extracts Argon2 params from config in registration, password reset, and password change handlers; updates all test fixtures with weak params |
dwctl/src/db/models/password_reset_tokens.rs |
Adds argon2_params field to PasswordResetTokenCreateRequest for token hashing |
dwctl/src/db/handlers/password_reset_tokens.rs |
Passes Argon2 params from config when creating password reset tokens |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
Contributor
|
@fergusfinn I've opened a new pull request, #241, to work on those changes. Once the pull request is ready, I'll request review from you. |
* Initial plan * refactor: remove unnecessary verify_string_with_params wrapper Co-authored-by: fergusfinn <6034059+fergusfinn@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: fergusfinn <6034059+fergusfinn@users.noreply.github.com>
railway-app
Bot
temporarily deployed
to
control-layer (industrious-light / control-layer-pr-239)
railway-app
Bot
temporarily deployed
to
control-layer (industrious-light / control-layer-pr-239)
hachall
pushed a commit
that referenced
this pull request
Jan 23, 2026
…239) * feat: make Argon2 parameters configurable for faster test execution This change makes Argon2 password hashing parameters (memory, iterations, parallelism) configurable through PasswordConfig, with weak defaults in test environments for dramatically faster test execution. ## Changes - Added `argon2_memory_kib`, `argon2_iterations`, and `argon2_parallelism` to `PasswordConfig` (defaults: 19MB, 2 iterations, 1 thread for production) - Test config uses weak params (128KB, 1 iteration) for fast execution - Updated all password hashing calls to use configurable parameters - Added `hash_string_with_params()` function to accept custom Argon2 params ## Performance Impact Auth test suite with coverage: - Before (19MB, 2 iter): 15.38s - After (128KB, 1 iter): 0.67s - **23x faster** test execution with coverage This resolves the issue where `cargo llvm-cov` was significantly slower than `cargo test` due to instrumenting Argon2's internal hashing loops. Tests now run faster even with coverage enabled. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Remove unnecessary verify_string_with_params wrapper (#240) * Initial plan * refactor: remove unnecessary verify_string_with_params wrapper Co-authored-by: fergusfinn <6034059+fergusfinn@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: fergusfinn <6034059+fergusfinn@users.noreply.github.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: fergusfinn <6034059+fergusfinn@users.noreply.github.com>
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change makes Argon2 password hashing parameters (memory, iterations, parallelism) configurable through PasswordConfig, with weak defaults in test environments for dramatically faster test execution.
Performance Impact
Auth test suite with coverage:
This resolves the issue where
cargo llvm-covwas significantly slower thancargo test(i think?) due to instrumenting Argon2's internal hashing loops.