Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gzupanda
code-server
提交
ffa5c16e
C
code-server
项目概览
gzupanda
/
code-server
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
code-server
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
ffa5c16e
编写于
6月 02, 2021
作者:
J
Joe Previte
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: update cli and test for hashed-password
上级
788b958e
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
16 addition
and
5 deletion
+16
-5
src/node/cli.ts
src/node/cli.ts
+1
-1
src/node/routes/login.ts
src/node/routes/login.ts
+10
-1
test/unit/cli.test.ts
test/unit/cli.test.ts
+5
-3
未找到文件。
src/node/cli.ts
浏览文件 @
ffa5c16e
...
@@ -114,7 +114,7 @@ const options: Options<Required<Args>> = {
...
@@ -114,7 +114,7 @@ const options: Options<Required<Args>> = {
"
hashed-password
"
:
{
"
hashed-password
"
:
{
type
:
"
string
"
,
type
:
"
string
"
,
description
:
description
:
"
The password hashed with
SHA-256
for password authentication (can only be passed in via $HASHED_PASSWORD or the config file).
\n
"
+
"
The password hashed with
argon2
for password authentication (can only be passed in via $HASHED_PASSWORD or the config file).
\n
"
+
"
Takes precedence over 'password'.
"
,
"
Takes precedence over 'password'.
"
,
},
},
cert
:
{
cert
:
{
...
...
src/node/routes/login.ts
浏览文件 @
ffa5c16e
...
@@ -5,7 +5,7 @@ import * as path from "path"
...
@@ -5,7 +5,7 @@ import * as path from "path"
import
safeCompare
from
"
safe-compare
"
import
safeCompare
from
"
safe-compare
"
import
{
rootPath
}
from
"
../constants
"
import
{
rootPath
}
from
"
../constants
"
import
{
authenticated
,
getCookieDomain
,
redirect
,
replaceTemplates
}
from
"
../http
"
import
{
authenticated
,
getCookieDomain
,
redirect
,
replaceTemplates
}
from
"
../http
"
import
{
hash
,
hashLegacy
,
humanPath
,
isHashLegacyMatch
}
from
"
../util
"
import
{
hash
,
hashLegacy
,
humanPath
,
isHashLegacyMatch
,
isHashMatch
}
from
"
../util
"
export
enum
Cookie
{
export
enum
Cookie
{
Key
=
"
key
"
,
Key
=
"
key
"
,
...
@@ -72,6 +72,14 @@ router.post("/", async (req, res) => {
...
@@ -72,6 +72,14 @@ router.post("/", async (req, res) => {
throw
new
Error
(
"
Missing password
"
)
throw
new
Error
(
"
Missing password
"
)
}
}
// this logic below is flawed
const
theHash
=
await
hash
(
req
.
body
.
password
)
const
hashedPassword
=
req
.
args
[
"
hashed-password
"
]
||
""
const
match
=
await
isHashMatch
(
req
.
body
.
password
,
hashedPassword
)
// console.log(`The actual hash: ${theHash}`)
// console.log(`hashed-password from config: ${hashedPassword}`)
// console.log(theHash, hashedPassword)
console
.
log
(
`is it a match???
${
match
}
`
)
if
(
if
(
req
.
args
[
"
hashed-password
"
]
req
.
args
[
"
hashed-password
"
]
?
isHashLegacyMatch
(
req
.
body
.
password
,
req
.
args
[
"
hashed-password
"
])
?
isHashLegacyMatch
(
req
.
body
.
password
,
req
.
args
[
"
hashed-password
"
])
...
@@ -82,6 +90,7 @@ router.post("/", async (req, res) => {
...
@@ -82,6 +90,7 @@ router.post("/", async (req, res) => {
// using sha256 (the original hashing algorithm), we need to check the hashed-password in the req.args
// using sha256 (the original hashing algorithm), we need to check the hashed-password in the req.args
// TODO all of this logic should be cleaned up honestly. The current implementation only checks for a hashed-password
// TODO all of this logic should be cleaned up honestly. The current implementation only checks for a hashed-password
// but doesn't check which algorithm they are using.
// but doesn't check which algorithm they are using.
console
.
log
(
`What is this?
${
req
.
args
[
"
hashed-password
"
]}
`
,
Boolean
(
req
.
args
[
"
hashed-password
"
]))
const
hashedPassword
=
req
.
args
[
"
hashed-password
"
]
?
hashLegacy
(
req
.
body
.
password
)
:
await
hash
(
req
.
body
.
password
)
const
hashedPassword
=
req
.
args
[
"
hashed-password
"
]
?
hashLegacy
(
req
.
body
.
password
)
:
await
hash
(
req
.
body
.
password
)
// The hash does not add any actual security but we do it for
// The hash does not add any actual security but we do it for
// obfuscation purposes (and as a side effect it handles escaping).
// obfuscation purposes (and as a side effect it handles escaping).
...
...
test/unit/cli.test.ts
浏览文件 @
ffa5c16e
...
@@ -305,8 +305,9 @@ describe("parser", () => {
...
@@ -305,8 +305,9 @@ describe("parser", () => {
})
})
})
})
it
(
"
should use env var hashed password
"
,
async
()
=>
{
it
.
only
(
"
should use env var hashed password
"
,
async
()
=>
{
process
.
env
.
HASHED_PASSWORD
=
"
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
"
// test
process
.
env
.
HASHED_PASSWORD
=
"
$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY
"
// test
const
args
=
parse
([])
const
args
=
parse
([])
expect
(
args
).
toEqual
({
expect
(
args
).
toEqual
({
_
:
[],
_
:
[],
...
@@ -316,7 +317,8 @@ describe("parser", () => {
...
@@ -316,7 +317,8 @@ describe("parser", () => {
expect
(
defaultArgs
).
toEqual
({
expect
(
defaultArgs
).
toEqual
({
...
defaults
,
...
defaults
,
_
:
[],
_
:
[],
"
hashed-password
"
:
"
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
"
,
"
hashed-password
"
:
"
$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY
"
,
usingEnvHashedPassword
:
true
,
usingEnvHashedPassword
:
true
,
})
})
})
})
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录