Joe Previte
c0e123a801
fix(http): escape req.query.to in replaceTemplates
2021-07-01 10:43:37 -07:00
Joe Previte
2ba03c3424
docs: clarify redirect function in http.ts usage
2021-07-01 10:43:37 -07:00
Joe Previte
2092f82270
fixup! fix: escape error.message on login failure
2021-07-01 10:43:37 -07:00
Joe Previte
22a22a8f7a
fix: escape error.message on login failure
2021-07-01 10:43:37 -07:00
Joe Previte
c505fc45a8
feat: add escapeHtml function
...
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
2021-07-01 10:43:36 -07:00
Joe Previte
7f12fab3ca
fix(isHashMatch): check that hash starts with $
...
Previously, we used argon2 to verify the hash with the password.
If the hash didn't start with a $, then it would enter the catch block.
Now we check the hash before trying to verify it and we also throw an Error if
the verify fails.
This makes the isHashMatch function more robust.
2021-06-30 15:00:21 -07:00
Asher
49c44818d9
Move onLine to utilities
...
This way it can be used by the tests when spawning code-server on a
random port to look for the address.
2021-06-29 12:04:31 -05:00
Joe Previte
be7ea8f3f7
refactor: migrate parcel to browserify
...
This also refactors a couple CSS stylesheets to be referenced directly in the
HTML files.
And it removes any CSS imports from src/browser files.
2021-06-28 11:41:45 -07:00
Joe Previte
02b9489489
refactor: add func getNlsConfiguration & tests
...
This PR refactors part of vscode.ts and adds a function to get the NLS
Configuration.
This makes the code more readable and easier to test.
And it adds multiple tests for this part of the codebase.
2021-06-23 13:42:06 -07:00
Asher
b59b3936d0
Fix incorrect logout base ( #3611 )
...
Fixes #3608 .
2021-06-15 15:11:01 -05:00
Max Schmitt
dbb34ad710
chore: upgrade to Playwright 1.12 with its new test-runner
2021-06-10 15:09:38 +02:00
Joe Previte
1e55a648a5
feat: check for empty str in isHashMatch
2021-06-08 15:10:59 -07:00
Joe Previte
3b50bfc17d
fix: sanitize password and cookie key
2021-06-08 14:33:17 -07:00
Joe Previte
8c2bb61af9
refactor: parse options with multiple = in cli
...
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte
531b7c0c25
feat: add splitOnFirstEquals function
2021-06-08 14:33:16 -07:00
Joe Previte
517aaf71c5
docs: update FAQ with new hashing instructions
2021-06-08 14:33:16 -07:00
Joe Previte
923761cd78
refactor: password logic in http w/ isCookieValid
2021-06-08 14:33:16 -07:00
Joe Previte
6020480b30
feat: add isCookieValid function and tests
2021-06-08 14:33:16 -07:00
Joe Previte
409b473c82
refactor: rewrite password logic at /login
2021-06-08 14:33:15 -07:00
Joe Previte
a14ea39c4a
feat: add handlePasswordValidation + tests
2021-06-08 14:33:15 -07:00
Joe Previte
7ff4117531
feat: add getPasswordMethod & test for it
2021-06-08 14:33:15 -07:00
Joe Previte
ffa5c16e51
feat: update cli and test for hashed-password
2021-06-08 14:33:15 -07:00
Joe Previte
1134780b8b
refactor: make wsProxy async
2021-06-08 14:33:14 -07:00
Joe Previte
91303d4e40
refactor: make ensureAuthenticated async
2021-06-08 14:33:14 -07:00
Joe Previte
0cdbd33b46
refactor: make authenticated async everywhere
...
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte
fcc3f0d951
refactor: update login logic with new async hashing
...
This adds the proper await logic for the hashing of passwords.
2021-06-08 14:33:13 -07:00
Joe Previte
70197bb2a5
refactor: use argon2 instead of bcrypt
...
This uses argon2 instead of bcrypt.
Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte
aaf044728f
refactor: add functions to check hash password
2021-06-08 14:33:12 -07:00
Joe Previte
cac667317e
refactor: use bcrypt in hash function
2021-06-08 14:33:11 -07:00
Joe Previte
46fe77d464
chore: update CHANGELOG
2021-05-13 12:10:22 -07:00
Joe Previte
d7f1415290
refactor: use paths.runtime in socket proxyPipe
2021-05-13 12:10:21 -07:00
Joe Previte
a57ee69822
feat: add runtime to getEnvPaths
2021-05-13 12:10:21 -07:00
Asher
a882be5748
Refactor integration tests to use main entry point
2021-05-05 12:24:41 -05:00
Asher
20e70cfa05
Remove try from main
...
All it does is log and exit which is what the caller will be doing on an
error anyway (see entry).
2021-05-05 12:24:36 -05:00
Asher
c96fb65308
Split some entry methods into main
...
This is so they can be unit tested.
2021-05-05 12:24:35 -05:00
Asher
083400b50a
Add flag to enable permessage-deflate
2021-05-05 12:24:34 -05:00
Asher
92bf2c9760
Add dev mode constant
2021-05-05 10:16:01 -05:00
Asher
8b2c78c4a4
Re-enable update tests
2021-05-04 13:29:42 -05:00
Asher
10babb4a0c
Replace console with logger in sw register
2021-05-04 13:29:41 -05:00
Asher
a48ac5080b
Share common util code with VS Code
...
This lets us re-use the normalized base path so when we expire/clear the
cookie we use the same base path.
2021-05-04 13:29:40 -05:00
Asher
49c26f70f7
Add logout route
2021-05-04 13:29:39 -05:00
Asher
e7a527514a
Add authed context key
2021-05-03 15:00:54 -05:00
Joe Previte
07d682392e
Merge pull request #3169 from cdr/jsjoeio/add-terminal-e2e-test
...
feat(testing): add e2e tests for code-server and terminal
2021-04-26 15:16:06 -07:00
Joe Previte
83746c8a1f
refactor: remove null check in register.ts options.base
...
Inside registerServiceWorker, we were originally using the nullash coalescing
operator to check if options.base was null or undefined. However, I realized
this check is not necessary.
If you look at getOptions' return value, we return an object with a key "base"
which is of type "string". We get that value by calling resolveBase which always
returns a string.
As a result, we didn't need to check if options.base was null or undefined
because it never can be.
2021-04-23 17:09:03 -07:00
Joe Previte
cb65590b98
refactor: move tmpdir into src/node/constants
2021-04-23 14:35:32 -07:00
Asher
b9c80b8520
Merge pull request #3178 from code-asher/connections
...
Minor connections refactor
2021-04-21 12:22:45 -05:00
Asher
f0bafa387f
Move connection logic into connection class
...
- Moved everything I could into the class itself.
- Improve the logging situation a bit.
- Switch some trace logs to debug.
- Get debug port from message arguments.
2021-04-21 11:48:45 -05:00
Joe Previte
f80d5c3764
refactor: rateLimiter.canTry logic to check >= 1
2021-04-19 13:14:19 -07:00
Joe Previte
7a5042176e
fix: update logic for removing token from limiter
2021-04-19 11:12:43 -07:00
Joe Previte
a3f18d6158
refactor: change limiter.Try() to .removeToken()
2021-04-19 10:57:50 -07:00