cli: hashedPassword -> hashed-password (#2454)
Capital letters in the CLI are evil. cc @code-asher
This commit is contained in:
parent
386af14a77
commit
60c270aef5
@ -163,7 +163,7 @@ Again, please follow [./guide.md](./guide.md) for our recommendations on setting
|
|||||||
|
|
||||||
## Can I store my password hashed?
|
## Can I store my password hashed?
|
||||||
|
|
||||||
Yes you can! Use `hashedPassword` instead of `password`. Generate the hash with:
|
Yes you can! Use `hashed-password` instead of `password`. Generate the hash with:
|
||||||
|
|
||||||
```
|
```
|
||||||
echo "thisismypassword" | sha256sum | cut -d' ' -f1
|
echo "thisismypassword" | sha256sum | cut -d' ' -f1
|
||||||
|
@ -297,8 +297,8 @@ and then restart `code-server` with:
|
|||||||
sudo systemctl restart code-server@$USER
|
sudo systemctl restart code-server@$USER
|
||||||
```
|
```
|
||||||
|
|
||||||
Alternatively, you can specify the SHA-256 of your password at the `hashedPassword` field in the config file.
|
Alternatively, you can specify the SHA-256 of your password at the `hashed-password` field in the config file.
|
||||||
The `hashedPassword` field takes precedence over `password`.
|
The `hashed-password` field takes precedence over `password`.
|
||||||
|
|
||||||
### How do I securely access development web services?
|
### How do I securely access development web services?
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ export interface Args extends VsArgs {
|
|||||||
config?: string
|
config?: string
|
||||||
auth?: AuthType
|
auth?: AuthType
|
||||||
password?: string
|
password?: string
|
||||||
hashedPassword?: string
|
"hashed-password"?: string
|
||||||
cert?: OptionalString
|
cert?: OptionalString
|
||||||
"cert-host"?: string
|
"cert-host"?: string
|
||||||
"cert-key"?: string
|
"cert-key"?: string
|
||||||
@ -106,7 +106,7 @@ const options: Options<Required<Args>> = {
|
|||||||
type: "string",
|
type: "string",
|
||||||
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
|
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
|
||||||
},
|
},
|
||||||
hashedPassword: {
|
"hashed-password": {
|
||||||
type: "string",
|
type: "string",
|
||||||
description:
|
description:
|
||||||
"The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" +
|
"The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" +
|
||||||
@ -285,8 +285,8 @@ export const parse = (
|
|||||||
throw new Error("--password can only be set in the config file or passed in via $PASSWORD")
|
throw new Error("--password can only be set in the config file or passed in via $PASSWORD")
|
||||||
}
|
}
|
||||||
|
|
||||||
if (key === "hashedPassword" && !opts?.configFile) {
|
if (key === "hashed-password" && !opts?.configFile) {
|
||||||
throw new Error("--hashedPassword can only be set in the config file or passed in via $HASHED_PASSWORD")
|
throw new Error("--hashed-password can only be set in the config file or passed in via $HASHED_PASSWORD")
|
||||||
}
|
}
|
||||||
|
|
||||||
const option = options[key]
|
const option = options[key]
|
||||||
@ -466,7 +466,7 @@ export async function setDefaults(cliArgs: Args, configArgs?: ConfigArgs): Promi
|
|||||||
|
|
||||||
const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD
|
const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD
|
||||||
if (process.env.HASHED_PASSWORD) {
|
if (process.env.HASHED_PASSWORD) {
|
||||||
args.hashedPassword = process.env.HASHED_PASSWORD
|
args["hashed-password"] = process.env.HASHED_PASSWORD
|
||||||
usingEnvPassword = false
|
usingEnvPassword = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ const main = async (args: DefaultedArgs): Promise<void> => {
|
|||||||
logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`)
|
logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`)
|
||||||
logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`)
|
logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`)
|
||||||
|
|
||||||
if (args.auth === AuthType.Password && !args.password && !args.hashedPassword) {
|
if (args.auth === AuthType.Password && !args.password && !args["hashed-password"]) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
"Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)",
|
"Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)",
|
||||||
)
|
)
|
||||||
|
@ -54,8 +54,8 @@ export const authenticated = (req: express.Request): boolean => {
|
|||||||
// The password is stored in the cookie after being hashed.
|
// The password is stored in the cookie after being hashed.
|
||||||
return !!(
|
return !!(
|
||||||
req.cookies.key &&
|
req.cookies.key &&
|
||||||
(req.args.hashedPassword
|
(req.args["hashed-password"]
|
||||||
? safeCompare(req.cookies.key, req.args.hashedPassword)
|
? safeCompare(req.cookies.key, req.args["hashed-password"])
|
||||||
: req.args.password && safeCompare(req.cookies.key, hash(req.args.password)))
|
: req.args.password && safeCompare(req.cookies.key, hash(req.args.password)))
|
||||||
)
|
)
|
||||||
default:
|
default:
|
||||||
|
@ -68,8 +68,8 @@ router.post("/", async (req, res) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
req.args.hashedPassword
|
req.args["hashed-password"]
|
||||||
? safeCompare(hash(req.body.password), req.args.hashedPassword)
|
? safeCompare(hash(req.body.password), req.args["hashed-password"])
|
||||||
: req.args.password && safeCompare(req.body.password, req.args.password)
|
: req.args.password && safeCompare(req.body.password, req.args.password)
|
||||||
) {
|
) {
|
||||||
// The hash does not add any actual security but we do it for
|
// The hash does not add any actual security but we do it for
|
||||||
|
@ -303,7 +303,7 @@ describe("parser", () => {
|
|||||||
assert.deepEqual(await setDefaults(args), {
|
assert.deepEqual(await setDefaults(args), {
|
||||||
...defaults,
|
...defaults,
|
||||||
_: [],
|
_: [],
|
||||||
hashedPassword: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
|
"hashed-password": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
|
||||||
usingEnvHashedPassword: true,
|
usingEnvHashedPassword: true,
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
Reference in New Issue
Block a user