cubetiq/code-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cli: hashedPassword -> hashed-password (#2454)

Browse Source 
Capital letters in the CLI are evil.

cc @code-asher
This commit is contained in:
Anmol Sethi 2020-12-18 12:20:38 -05:00 committed by GitHub
parent 386af14a77
commit 60c270aef5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/FAQ.md
View File

@ -163,7 +163,7 @@ Again, please follow [./guide.md](./guide.md) for our recommendations on setting
## Can I store my password hashed? ## Can I store my password hashed?
Yes you can! Use `hashedPassword` instead of `password`. Generate the hash with: Yes you can! Use `hashed-password` instead of `password`. Generate the hash with:
``` ```
echo "thisismypassword" | sha256sum | cut -d' ' -f1 echo "thisismypassword" | sha256sum | cut -d' ' -f1

4
doc/guide.md
View File

@ -297,8 +297,8 @@ and then restart `code-server` with:
sudo systemctl restart code-server@$USER sudo systemctl restart code-server@$USER
``` ```
Alternatively, you can specify the SHA-256 of your password at the `hashedPassword` field in the config file. Alternatively, you can specify the SHA-256 of your password at the `hashed-password` field in the config file.
The `hashedPassword` field takes precedence over `password`. The `hashed-password` field takes precedence over `password`.
### How do I securely access development web services? ### How do I securely access development web services?

10
src/node/cli.ts
View File

@ -29,7 +29,7 @@ export interface Args extends VsArgs {
config?: string config?: string
auth?: AuthType auth?: AuthType
password?: string password?: string
hashedPassword?: string "hashed-password"?: string
cert?: OptionalString cert?: OptionalString
"cert-host"?: string "cert-host"?: string
"cert-key"?: string "cert-key"?: string
@ -106,7 +106,7 @@ const options: Options<Required<Args>> = {
type: "string", type: "string",
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).", description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
}, },
hashedPassword: { "hashed-password": {
type: "string", type: "string",
description: description:
"The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" + "The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" +
@ -285,8 +285,8 @@ export const parse = (
throw new Error("--password can only be set in the config file or passed in via $PASSWORD") throw new Error("--password can only be set in the config file or passed in via $PASSWORD")
} }
if (key === "hashedPassword" && !opts?.configFile) { if (key === "hashed-password" && !opts?.configFile) {
throw new Error("--hashedPassword can only be set in the config file or passed in via $HASHED_PASSWORD") throw new Error("--hashed-password can only be set in the config file or passed in via $HASHED_PASSWORD")
} }
const option = options[key] const option = options[key]
@ -466,7 +466,7 @@ export async function setDefaults(cliArgs: Args, configArgs?: ConfigArgs): Promi
const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD
if (process.env.HASHED_PASSWORD) { if (process.env.HASHED_PASSWORD) {
args.hashedPassword = process.env.HASHED_PASSWORD args["hashed-password"] = process.env.HASHED_PASSWORD
usingEnvPassword = false usingEnvPassword = false
} }

2
src/node/entry.ts
View File

@ -99,7 +99,7 @@ const main = async (args: DefaultedArgs): Promise<void> => {
logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`) logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`)
logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`) logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`)
if (args.auth === AuthType.Password && !args.password && !args.hashedPassword) { if (args.auth === AuthType.Password && !args.password && !args["hashed-password"]) {
throw new Error( throw new Error(
"Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)", "Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)",
) )

4
src/node/http.ts
View File

@ -54,8 +54,8 @@ export const authenticated = (req: express.Request): boolean => {
// The password is stored in the cookie after being hashed. // The password is stored in the cookie after being hashed.
return !!( return !!(
req.cookies.key && req.cookies.key &&
(req.args.hashedPassword (req.args["hashed-password"]
? safeCompare(req.cookies.key, req.args.hashedPassword) ? safeCompare(req.cookies.key, req.args["hashed-password"])
: req.args.password && safeCompare(req.cookies.key, hash(req.args.password))) : req.args.password && safeCompare(req.cookies.key, hash(req.args.password)))
) )
default: default:

4
src/node/routes/login.ts
View File

@ -68,8 +68,8 @@ router.post("/", async (req, res) => {
} }
if ( if (
req.args.hashedPassword req.args["hashed-password"]
? safeCompare(hash(req.body.password), req.args.hashedPassword) ? safeCompare(hash(req.body.password), req.args["hashed-password"])
: req.args.password && safeCompare(req.body.password, req.args.password) : req.args.password && safeCompare(req.body.password, req.args.password)
) { ) {
// The hash does not add any actual security but we do it for // The hash does not add any actual security but we do it for

2
test/cli.test.ts
View File

@ -303,7 +303,7 @@ describe("parser", () => {
assert.deepEqual(await setDefaults(args), { assert.deepEqual(await setDefaults(args), {
...defaults, ...defaults,
_: [], _: [],
hashedPassword: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", "hashed-password": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
usingEnvHashedPassword: true, usingEnvHashedPassword: true,
}) })
}) })