OCram85/code-server
Archived
1
0
Fork 0
Code Pull Requests 2 Activity

Add hashedPassword config (#2409)

Browse Source 
Resolve #2225.
This commit is contained in:
SPGoding
2020-12-08 14:54:17 -06:00
committed by GitHub
parent ff1da17496
commit 1dd7e4b4e1
6 changed files with 60 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/node/routes/login.ts
View File

@ -30,6 +30,8 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
let passwordMsg = `Check the config file at ${humanPath(req.args.config)} for the password.`
if (req.args.usingEnvPassword) {
passwordMsg = "Password was set from $PASSWORD."
} else if (req.args.usingEnvHashedPassword) {
passwordMsg = "Password was set from $HASHED_PASSWORD."
}
return replaceTemplates(
req,
@ -65,7 +67,11 @@ router.post("/", async (req, res) => {
throw new Error("Missing password")
}
if (req.args.password && safeCompare(req.body.password, req.args.password)) {
if (
req.args.hashedPassword
? safeCompare(hash(req.body.password), req.args.hashedPassword)
: req.args.password && safeCompare(req.body.password, req.args.password)
) {
// The hash does not add any actual security but we do it for
// obfuscation purposes (and as a side effect it handles escaping).
res.cookie(Cookie.Key, hash(req.body.password), {