There's a chance this function can be called with a path that is not a string.
To catch that, we check if path is of a different type and throw an error if it
is.
This also adds a couple tests for this function.
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
Previously, we used argon2 to verify the hash with the password.
If the hash didn't start with a $, then it would enter the catch block.
Now we check the hash before trying to verify it and we also throw an Error if
the verify fails.
This makes the isHashMatch function more robust.
This PR refactors part of vscode.ts and adds a function to get the NLS
Configuration.
This makes the code more readable and easier to test.
And it adds multiple tests for this part of the codebase.
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
It errors that jest is not defined so put it behind a function instead
of immediately creating the mock (this is probably a better pattern
anyway).
The constant tests had to be reworked a little. Since the logger mock is
hoisted it runs before createLoggerMock is imported. I moved it into a
beforeAll which means the require call also needed to be moved
there (since we need to mock the logger before requiring the constants
or it'll pull the non-mocked logger).
This means getPackageJson needs to be a let and assigned afterward. To
avoid having to define a type for getPackageJson I just added a let var
set to the type of the imported constants file and modified the other
areas to use the same paradigm.
I also replaced some hardcoded strings with the mocked package.json
object.
We were accidentally ignoring `node/routes` because we had "out"
instead of "/out" in `coveragePathIgnorePatterns` which caused
us to not collect coverage for those files. Now we do.
Inside registerServiceWorker, we were originally using the nullash coalescing
operator to check if options.base was null or undefined. However, I realized
this check is not necessary.
If you look at getOptions' return value, we return an object with a key "base"
which is of type "string". We get that value by calling resolveBase which always
returns a string.
As a result, we didn't need to check if options.base was null or undefined
because it never can be.
Remove the Mac directory copy instead of refactoring it since we've had
this for a long time now and I think it's safe to assume that users
running code-server on Mac don't have the old directory anymore.