From 60c270aef5c89f612d72d20502b6508f1c649ea3 Mon Sep 17 00:00:00 2001 From: Anmol Sethi Date: Fri, 18 Dec 2020 12:20:38 -0500 Subject: [PATCH] cli: hashedPassword -> hashed-password (#2454) Capital letters in the CLI are evil. cc @code-asher --- doc/FAQ.md | 2 +- doc/guide.md | 4 ++-- src/node/cli.ts | 10 +++++----- src/node/entry.ts | 2 +- src/node/http.ts | 4 ++-- src/node/routes/login.ts | 4 ++-- test/cli.test.ts | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/FAQ.md b/doc/FAQ.md index edd337a9..d3d4ec7d 100644 --- a/doc/FAQ.md +++ b/doc/FAQ.md @@ -163,7 +163,7 @@ Again, please follow [./guide.md](./guide.md) for our recommendations on setting ## Can I store my password hashed? -Yes you can! Use `hashedPassword` instead of `password`. Generate the hash with: +Yes you can! Use `hashed-password` instead of `password`. Generate the hash with: ``` echo "thisismypassword" | sha256sum | cut -d' ' -f1 diff --git a/doc/guide.md b/doc/guide.md index 46abd083..3c255f0f 100644 --- a/doc/guide.md +++ b/doc/guide.md @@ -297,8 +297,8 @@ and then restart `code-server` with: sudo systemctl restart code-server@$USER ``` -Alternatively, you can specify the SHA-256 of your password at the `hashedPassword` field in the config file. -The `hashedPassword` field takes precedence over `password`. +Alternatively, you can specify the SHA-256 of your password at the `hashed-password` field in the config file. +The `hashed-password` field takes precedence over `password`. ### How do I securely access development web services? diff --git a/src/node/cli.ts b/src/node/cli.ts index 12f4bd93..1653e87a 100644 --- a/src/node/cli.ts +++ b/src/node/cli.ts @@ -29,7 +29,7 @@ export interface Args extends VsArgs { config?: string auth?: AuthType password?: string - hashedPassword?: string + "hashed-password"?: string cert?: OptionalString "cert-host"?: string "cert-key"?: string @@ -106,7 +106,7 @@ const options: Options> = { type: "string", description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).", }, - hashedPassword: { + "hashed-password": { type: "string", description: "The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" + @@ -285,8 +285,8 @@ export const parse = ( throw new Error("--password can only be set in the config file or passed in via $PASSWORD") } - if (key === "hashedPassword" && !opts?.configFile) { - throw new Error("--hashedPassword can only be set in the config file or passed in via $HASHED_PASSWORD") + if (key === "hashed-password" && !opts?.configFile) { + throw new Error("--hashed-password can only be set in the config file or passed in via $HASHED_PASSWORD") } const option = options[key] @@ -466,7 +466,7 @@ export async function setDefaults(cliArgs: Args, configArgs?: ConfigArgs): Promi const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD if (process.env.HASHED_PASSWORD) { - args.hashedPassword = process.env.HASHED_PASSWORD + args["hashed-password"] = process.env.HASHED_PASSWORD usingEnvPassword = false } diff --git a/src/node/entry.ts b/src/node/entry.ts index ac615da6..2f569b4e 100644 --- a/src/node/entry.ts +++ b/src/node/entry.ts @@ -99,7 +99,7 @@ const main = async (args: DefaultedArgs): Promise => { logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`) logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`) - if (args.auth === AuthType.Password && !args.password && !args.hashedPassword) { + if (args.auth === AuthType.Password && !args.password && !args["hashed-password"]) { throw new Error( "Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)", ) diff --git a/src/node/http.ts b/src/node/http.ts index 72d6d391..18fee9f8 100644 --- a/src/node/http.ts +++ b/src/node/http.ts @@ -54,8 +54,8 @@ export const authenticated = (req: express.Request): boolean => { // The password is stored in the cookie after being hashed. return !!( req.cookies.key && - (req.args.hashedPassword - ? safeCompare(req.cookies.key, req.args.hashedPassword) + (req.args["hashed-password"] + ? safeCompare(req.cookies.key, req.args["hashed-password"]) : req.args.password && safeCompare(req.cookies.key, hash(req.args.password))) ) default: diff --git a/src/node/routes/login.ts b/src/node/routes/login.ts index 4db7fd82..c3ad12ad 100644 --- a/src/node/routes/login.ts +++ b/src/node/routes/login.ts @@ -68,8 +68,8 @@ router.post("/", async (req, res) => { } if ( - req.args.hashedPassword - ? safeCompare(hash(req.body.password), req.args.hashedPassword) + req.args["hashed-password"] + ? safeCompare(hash(req.body.password), req.args["hashed-password"]) : req.args.password && safeCompare(req.body.password, req.args.password) ) { // The hash does not add any actual security but we do it for diff --git a/test/cli.test.ts b/test/cli.test.ts index dd0c97a8..678f17c9 100644 --- a/test/cli.test.ts +++ b/test/cli.test.ts @@ -303,7 +303,7 @@ describe("parser", () => { assert.deepEqual(await setDefaults(args), { ...defaults, _: [], - hashedPassword: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", + "hashed-password": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", usingEnvHashedPassword: true, }) })