2092f82270
fixup! fix: escape error.message on login failure
2021-07-01 10:43:37 -07:00
c505fc45a8
feat: add escapeHtml function
...
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
2021-07-01 10:43:36 -07:00
7f12fab3ca
fix(isHashMatch): check that hash starts with $
...
Previously, we used argon2 to verify the hash with the password.
If the hash didn't start with a $, then it would enter the catch block.
Now we check the hash before trying to verify it and we also throw an Error if
the verify fails.
This makes the isHashMatch function more robust.
2021-06-30 15:00:21 -07:00
49c44818d9
Move onLine to utilities
...
This way it can be used by the tests when spawning code-server on a
random port to look for the address.
2021-06-29 12:04:31 -05:00
add55ecd62
Import utils as a group in tests
...
This should simplify testing new utils a bit.
2021-06-29 12:03:38 -05:00
1e55a648a5
feat: check for empty str in isHashMatch
2021-06-08 15:10:59 -07:00
3b50bfc17d
fix: sanitize password and cookie key
2021-06-08 14:33:17 -07:00
6020480b30
feat: add isCookieValid function and tests
2021-06-08 14:33:16 -07:00
a14ea39c4a
feat: add handlePasswordValidation + tests
2021-06-08 14:33:15 -07:00
7ff4117531
feat: add getPasswordMethod & test for it
2021-06-08 14:33:15 -07:00
fd3cb6cfa0
refactor: update unit tests for hash fns
...
Since the hash and isHashMatch are now async, I had to update the tests
accordingly. Now everything is working.
2021-06-08 14:33:13 -07:00
fc3326f1f2
feat: add tests using real hashes
2021-06-08 14:33:12 -07:00
aaf044728f
refactor: add functions to check hash password
2021-06-08 14:33:12 -07:00
f35120c0a3
feat: add unit test for hash function
2021-06-08 14:33:12 -07:00
46fe77d464
chore: update CHANGELOG
2021-05-13 12:10:22 -07:00
2a657ab930
feat: add tests for getEnvPaths
2021-05-13 12:10:21 -07:00
