Commit Graph

2681 Commits

Author SHA1 Message Date
Joe Previte
d9bb1a36eb
docs(contr): add section on testing 2021-06-17 16:25:25 -07:00
Joe Previte
5f7e9b7361
Merge pull request #3630 from janiversen/patch-1
docs: Update CONTRIBUTING.md
2021-06-17 16:05:27 -07:00
jan iversen
ece5de699a Update CONTRIBUTING.md
Node needs be v14.x not greater. If installing the standard version ‘brew install node’, both ‘yarn’ and ‘code-server’ (release version) complains.

Newest version is v16.x so we are pretty far behind.
2021-06-17 20:57:00 +02:00
dependabot[bot]
bf45e7ca15
chore(deps-dev): bump @types/ws from 7.4.4 to 7.4.5 (#3627)
Bumps [@types/ws](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ws) from 7.4.4 to 7.4.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ws)

---
updated-dependencies:
- dependency-name: "@types/ws"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-17 23:49:14 +05:30
dependabot[bot]
9dae4fec25
chore(deps): bump ws from 7.4.6 to 7.5.0 (#3625)
Bumps [ws](https://github.com/websockets/ws) from 7.4.6 to 7.5.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.6...7.5.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-17 23:49:03 +05:30
Joe Previte
83701f9f6d
Merge pull request #3626 from cdr/dependabot/npm_and_yarn/wtfnode-0.9.0
chore(deps-dev): bump wtfnode from 0.8.4 to 0.9.0
2021-06-17 10:49:40 -07:00
jan iversen
4e14c11fa4
Allow development on any architecture (#3598) 2021-06-17 12:28:54 -05:00
dependabot[bot]
79f372c1a0
chore(deps-dev): bump wtfnode from 0.8.4 to 0.9.0
Bumps [wtfnode](https://github.com/myndzi/wtfnode) from 0.8.4 to 0.9.0.
- [Release notes](https://github.com/myndzi/wtfnode/releases)
- [Commits](https://github.com/myndzi/wtfnode/commits)

---
updated-dependencies:
- dependency-name: wtfnode
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-17 11:04:04 +00:00
Joe Previte
cbe3192971
Merge pull request #3617 from cdr/dependabot/npm_and_yarn/audit-ci-4.1.0
chore(deps-dev): bump audit-ci from 4.0.0 to 4.1.0
2021-06-16 10:03:35 -07:00
Joe Previte
ddbff58eec
Merge pull request #3602 from patrickcylai/patrickcylai/fix-docs-hashed-password
fix: placeholder password in hashed password example
2021-06-16 09:49:53 -07:00
dependabot[bot]
18c0f32c24
chore(deps-dev): bump audit-ci from 4.0.0 to 4.1.0
Bumps [audit-ci](https://github.com/IBM/audit-ci) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/IBM/audit-ci/releases)
- [Commits](https://github.com/IBM/audit-ci/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: audit-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-16 11:02:59 +00:00
Asher
b59b3936d0
Fix incorrect logout base (#3611)
Fixes #3608.
2021-06-15 15:11:01 -05:00
dependabot[bot]
3241a4f521
chore(deps-dev): bump @typescript-eslint/parser from 4.26.1 to 4.27.0 (#3609)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.26.1 to 4.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.27.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-15 21:46:00 +05:30
dependabot[bot]
5c9b625acb
chore(deps-dev): bump @typescript-eslint/eslint-plugin (#3610)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.26.1 to 4.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.27.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-15 21:34:56 +05:30
Patrick Lai
5fae520ebe fix: placeholder password in hashed password example 2021-06-13 01:25:05 +10:00
Joe Previte
4bb7a8ddb9
Merge pull request #3590 from mxschmitt/chore/upgrade-to-latest-playwright
chore: upgrade to Playwright 1.12 with its new test-runner
2021-06-10 11:15:41 -07:00
Joe Previte
2c818e3855
Merge pull request #3589 from cdr/dependabot/npm_and_yarn/argon2-0.28.2
chore(deps): bump argon2 from 0.28.0 to 0.28.2
2021-06-10 09:36:45 -07:00
Max Schmitt
dbb34ad710 chore: upgrade to Playwright 1.12 with its new test-runner 2021-06-10 15:09:38 +02:00
dependabot[bot]
fda44240c9
chore(deps): bump argon2 from 0.28.0 to 0.28.2
Bumps [argon2](https://github.com/ranisalt/node-argon2) from 0.28.0 to 0.28.2.
- [Release notes](https://github.com/ranisalt/node-argon2/releases)
- [Commits](https://github.com/ranisalt/node-argon2/compare/v0.28.0...v0.28.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-10 11:01:38 +00:00
Joe Previte
9fc9c041ad
Merge pull request #3588 from cdr/dependabot/npm_and_yarn/lib/vscode/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
2021-06-09 15:06:08 -07:00
Joe Previte
a802a920ac
Merge pull request #3587 from cdr/dependabot/npm_and_yarn/lib/vscode/build/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
2021-06-09 15:05:54 -07:00
dependabot[bot]
54684c0ad2
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:56 +00:00
dependabot[bot]
2594aa3e41
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:42 +00:00
Joe Previte
717eaa6470
Merge pull request #3422 from cdr/jsjoeio/fix-password-hash
fix: use sufficient computational effort for password hash
2021-06-09 14:32:05 -07:00
Joe Previte
1e55a648a5
feat: check for empty str in isHashMatch 2021-06-08 15:10:59 -07:00
Joe Previte
3b50bfc17d
fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte
deaa2242ca
feat: add npm_config_build_from_source to build scripts
This is necessary due to argon2 being added and an upstream issue where it uses
a Linux build that is too new for CentOS 7.
2021-06-08 14:33:17 -07:00
Joe Previte
8c2bb61af9
refactor: parse options with multiple = in cli
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte
531b7c0c25
feat: add splitOnFirstEquals function 2021-06-08 14:33:16 -07:00
Joe Previte
517aaf71c5
docs: update FAQ with new hashing instructions 2021-06-08 14:33:16 -07:00
Joe Previte
923761cd78
refactor: password logic in http w/ isCookieValid 2021-06-08 14:33:16 -07:00
Joe Previte
6020480b30
feat: add isCookieValid function and tests 2021-06-08 14:33:16 -07:00
Joe Previte
409b473c82
refactor: rewrite password logic at /login 2021-06-08 14:33:15 -07:00
Joe Previte
a14ea39c4a
feat: add handlePasswordValidation + tests 2021-06-08 14:33:15 -07:00
Joe Previte
7ff4117531
feat: add getPasswordMethod & test for it 2021-06-08 14:33:15 -07:00
Joe Previte
ffa5c16e51
feat: update cli and test for hashed-password 2021-06-08 14:33:15 -07:00
Joe Previte
788b958e20
refactor: update hash fn in test config 2021-06-08 14:33:14 -07:00
Joe Previte
1134780b8b
refactor: make wsProxy async 2021-06-08 14:33:14 -07:00
Joe Previte
91303d4e40
refactor: make ensureAuthenticated async 2021-06-08 14:33:14 -07:00
Joe Previte
0cdbd33b46
refactor: make authenticated async everywhere
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte
fcc3f0d951
refactor: update login logic with new async hashing
This adds the proper await logic for the hashing of passwords.
2021-06-08 14:33:13 -07:00
Joe Previte
fd3cb6cfa0
refactor: update unit tests for hash fns
Since the hash and isHashMatch are now async, I had to update the tests
accordingly. Now everything is working.
2021-06-08 14:33:13 -07:00
Joe Previte
70197bb2a5
refactor: use argon2 instead of bcrypt
This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte
51f8341959
chore: update to argon2 in test 2021-06-08 14:33:13 -07:00
Joe Previte
dc2db5c62d
chore: add argon2 package 2021-06-08 14:33:13 -07:00
Joe Previte
fc3326f1f2
feat: add tests using real hashes 2021-06-08 14:33:12 -07:00
Joe Previte
aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Joe Previte
f35120c0a3
feat: add unit test for hash function 2021-06-08 14:33:12 -07:00
Joe Previte
17be8c5cd3
refactor: use bcrypt in e2e setup 2021-06-08 14:33:12 -07:00
Joe Previte
cac667317e
refactor: use bcrypt in hash function 2021-06-08 14:33:11 -07:00