From e7945bea94b5c35f2c3475a9344212c900d4adb1 Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Thu, 24 Oct 2019 12:35:26 -0500
Subject: [PATCH] Enable password authentication by default

Fixes #1062.
---
 README.md          |  6 +++---
 src/node/cli.ts    | 15 +++++++++------
 src/node/server.ts | 10 +++++-----
 src/node/util.ts   |  3 ++-
 4 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 8ff6f88a..20a8e00e 100644
--- a/README.md
+++ b/README.md
@@ -73,9 +73,9 @@ yarn binary ${vscodeVersion} ${codeServerVersion} # Or you can package it into a
 ## Security
 
 ### Authentication
-To enable built-in password authentication use `code-server --auth password`. By
-default it will use a randomly generated password but you can set the
-`$PASSWORD` environment variable to use your own.
+By default `code-server` enables password authentication using a randomly
+generated password. You can set the `PASSWORD` environment variable to use your
+own instead or use `--auth none` to disable password authentication.
 
 Do not expose `code-server` to the open internet without some form of
 authentication.
diff --git a/src/node/cli.ts b/src/node/cli.ts
index bd3c1da6..d65397f5 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -86,7 +86,7 @@ const startVscode = async (): Promise<void | void[]> => {
 	const args = getArgs();
 	const extra = args["_"] || [];
 	const options = {
-		auth: args.auth,
+		auth: args.auth || AuthType.Password,
 		basePath: args["base-path"],
 		cert: args.cert,
 		certKey: args["cert-key"],
@@ -95,9 +95,9 @@ const startVscode = async (): Promise<void | void[]> => {
 		password: process.env.PASSWORD,
 	};
 
-	if (options.auth && enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
+	if (enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
 		throw new Error(`'${options.auth}' is not a valid authentication type.`);
-	} else if (options.auth && !options.password) {
+	} else if (options.auth === "password" && !options.password) {
 		options.password = await generatePassword();
 	}
 
@@ -125,10 +125,13 @@ const startVscode = async (): Promise<void | void[]> => {
 	]);
 	logger.info(`Server listening on ${serverAddress}`);
 
-	if (options.auth && !process.env.PASSWORD) {
+	if (options.auth === "password" && !process.env.PASSWORD) {
 		logger.info(`  - Password is ${options.password}`);
-		logger.info("  - To use your own password, set the PASSWORD environment variable");
-	} else if (options.auth) {
+		logger.info("    - To use your own password, set the PASSWORD environment variable");
+		if (!args.auth) {
+			logger.info("    - To disable use `--auth none`");
+		}
+	} else if (options.auth === "password") {
 		logger.info("  - Using custom password for authentication");
 	} else {
 		logger.info("  - No authentication");
diff --git a/src/node/server.ts b/src/node/server.ts
index 21384580..0e96556d 100644
--- a/src/node/server.ts
+++ b/src/node/server.ts
@@ -110,7 +110,7 @@ export class HttpError extends Error {
 }
 
 export interface ServerOptions {
-	readonly auth?: AuthType;
+	readonly auth: AuthType;
 	readonly basePath?: string;
 	readonly connectionToken?: string;
 	readonly cert?: string;
@@ -133,7 +133,7 @@ export abstract class Server {
 
 	public constructor(options: ServerOptions) {
 		this.options = {
-			host: options.auth && options.cert ? "0.0.0.0" : "localhost",
+			host: options.auth === "password" && options.cert ? "0.0.0.0" : "localhost",
 			...options,
 			basePath: options.basePath ? options.basePath.replace(/\/+$/, "") : "",
 		};
@@ -269,7 +269,7 @@ export abstract class Server {
 		base = path.normalize(base);
 		requestPath = path.normalize(requestPath || "/index.html");
 
-		if (base !== "/login" || !this.options.auth || requestPath !== "/index.html") {
+		if (base !== "/login" || this.options.auth !== "password" || requestPath !== "/index.html") {
 			this.ensureGet(request);
 		}
 
@@ -300,7 +300,7 @@ export abstract class Server {
 				response.cache = true;
 				return response;
 			case "/login":
-				if (!this.options.auth || requestPath !== "/index.html") {
+				if (this.options.auth !== "password" || requestPath !== "/index.html") {
 					throw new HttpError("Not found", HttpCode.NotFound);
 				}
 				return this.tryLogin(request);
@@ -421,7 +421,7 @@ export abstract class Server {
 	}
 
 	private authenticate(request: http.IncomingMessage, payload?: LoginPayload): boolean {
-		if (!this.options.auth) {
+		if (this.options.auth !== "password") {
 			return true;
 		}
 		const safeCompare = localRequire<typeof import("safe-compare")>("safe-compare/index");
diff --git a/src/node/util.ts b/src/node/util.ts
index f4a8cb14..078fe0ef 100644
--- a/src/node/util.ts
+++ b/src/node/util.ts
@@ -14,6 +14,7 @@ import { mkdirp } from "vs/base/node/pfs";
 
 export enum AuthType {
 	Password = "password",
+	None = "none",
 }
 
 export enum FormatType {
@@ -127,7 +128,7 @@ export const enumToArray = (t: any): string[] => {
 
 export const buildAllowedMessage = (t: any): string => {
 	const values = enumToArray(t);
-	return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(",")}`;
+	return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(", ")}`;
 };
 
 /**
-- 
GitLab