mirror of https://github.com/coder/code-server.git
feat: check for empty str in isHashMatch
This commit is contained in:
parent
3b50bfc17d
commit
1e55a648a5
|
@ -263,6 +263,7 @@ export const parse = (
|
||||||
if (opts?.configFile) {
|
if (opts?.configFile) {
|
||||||
msg = `error reading ${opts.configFile}: ${msg}`
|
msg = `error reading ${opts.configFile}: ${msg}`
|
||||||
}
|
}
|
||||||
|
|
||||||
return new Error(msg)
|
return new Error(msg)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -286,6 +287,13 @@ export const parse = (
|
||||||
const split = splitOnFirstEquals(arg.replace(/^--/, ""))
|
const split = splitOnFirstEquals(arg.replace(/^--/, ""))
|
||||||
key = split[0] as keyof Args
|
key = split[0] as keyof Args
|
||||||
value = split[1]
|
value = split[1]
|
||||||
|
} else {
|
||||||
|
const short = arg.replace(/^-/, "")
|
||||||
|
const pair = Object.entries(options).find(([, v]) => v.short === short)
|
||||||
|
if (pair) {
|
||||||
|
key = pair[0] as keyof Args
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!key || !options[key]) {
|
if (!key || !options[key]) {
|
||||||
throw error(`Unknown option ${arg}`)
|
throw error(`Unknown option ${arg}`)
|
||||||
|
|
|
@ -134,6 +134,9 @@ export const hash = async (password: string): Promise<string> => {
|
||||||
* Used to verify if the password matches the hash
|
* Used to verify if the password matches the hash
|
||||||
*/
|
*/
|
||||||
export const isHashMatch = async (password: string, hash: string) => {
|
export const isHashMatch = async (password: string, hash: string) => {
|
||||||
|
if (password === "" || hash === "") {
|
||||||
|
return false
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
return await argon2.verify(hash, password)
|
return await argon2.verify(hash, password)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
|
@ -209,11 +212,12 @@ type HandlePasswordValidationArgs = {
|
||||||
* Checks if a password is valid and also returns the hash
|
* Checks if a password is valid and also returns the hash
|
||||||
* using the PasswordMethod
|
* using the PasswordMethod
|
||||||
*/
|
*/
|
||||||
export async function handlePasswordValidation(
|
export async function handlePasswordValidation({
|
||||||
passwordValidationArgs: HandlePasswordValidationArgs,
|
passwordMethod,
|
||||||
): Promise<PasswordValidation> {
|
passwordFromArgs,
|
||||||
const { passwordMethod, passwordFromArgs, passwordFromRequestBody, hashedPasswordFromArgs } = passwordValidationArgs
|
passwordFromRequestBody,
|
||||||
// TODO implement
|
hashedPasswordFromArgs,
|
||||||
|
}: HandlePasswordValidationArgs): Promise<PasswordValidation> {
|
||||||
const passwordValidation = <PasswordValidation>{
|
const passwordValidation = <PasswordValidation>{
|
||||||
isPasswordValid: false,
|
isPasswordValid: false,
|
||||||
hashedPassword: "",
|
hashedPassword: "",
|
||||||
|
@ -257,10 +261,14 @@ export type IsCookieValidArgs = {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Checks if a req.cookies.key is valid using the PasswordMethod */
|
/** Checks if a req.cookies.key is valid using the PasswordMethod */
|
||||||
export async function isCookieValid(isCookieValidArgs: IsCookieValidArgs): Promise<boolean> {
|
export async function isCookieValid({
|
||||||
|
passwordFromArgs = "",
|
||||||
|
cookieKey,
|
||||||
|
hashedPasswordFromArgs = "",
|
||||||
|
passwordMethod,
|
||||||
|
}: IsCookieValidArgs): Promise<boolean> {
|
||||||
let isValid = false
|
let isValid = false
|
||||||
const { passwordFromArgs = "", cookieKey, hashedPasswordFromArgs = "" } = isCookieValidArgs
|
switch (passwordMethod) {
|
||||||
switch (isCookieValidArgs.passwordMethod) {
|
|
||||||
case "PLAIN_TEXT":
|
case "PLAIN_TEXT":
|
||||||
isValid = await isHashMatch(passwordFromArgs, cookieKey)
|
isValid = await isHashMatch(passwordFromArgs, cookieKey)
|
||||||
break
|
break
|
||||||
|
|
|
@ -185,6 +185,18 @@ describe("isHashMatch", () => {
|
||||||
const actual = await isHashMatch(password, _hash)
|
const actual = await isHashMatch(password, _hash)
|
||||||
expect(actual).toBe(true)
|
expect(actual).toBe(true)
|
||||||
})
|
})
|
||||||
|
it("should return false if the password is empty", async () => {
|
||||||
|
const password = ""
|
||||||
|
const _hash = "$argon2i$v=19$m=4096,t=3,p=1$EAoczTxVki21JDfIZpTUxg$rkXgyrW4RDGoDYrxBFD4H2DlSMEhP4h+Api1hXnGnFY"
|
||||||
|
const actual = await isHashMatch(password, _hash)
|
||||||
|
expect(actual).toBe(false)
|
||||||
|
})
|
||||||
|
it("should return false if the hash is empty", async () => {
|
||||||
|
const password = "hellowpasssword"
|
||||||
|
const _hash = ""
|
||||||
|
const actual = await isHashMatch(password, _hash)
|
||||||
|
expect(actual).toBe(false)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe("hashLegacy", () => {
|
describe("hashLegacy", () => {
|
||||||
|
@ -325,7 +337,7 @@ describe("handlePasswordValidation", () => {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe.only("isCookieValid", () => {
|
describe("isCookieValid", () => {
|
||||||
it("should be valid if hashed-password for SHA256 matches cookie.key", async () => {
|
it("should be valid if hashed-password for SHA256 matches cookie.key", async () => {
|
||||||
const isValid = await isCookieValid({
|
const isValid = await isCookieValid({
|
||||||
passwordMethod: "SHA256",
|
passwordMethod: "SHA256",
|
||||||
|
@ -384,7 +396,7 @@ describe.only("isCookieValid", () => {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe.only("sanitizeString", () => {
|
describe("sanitizeString", () => {
|
||||||
it("should return an empty string if passed a type other than a string", () => {
|
it("should return an empty string if passed a type other than a string", () => {
|
||||||
expect(sanitizeString({} as string)).toBe("")
|
expect(sanitizeString({} as string)).toBe("")
|
||||||
})
|
})
|
||||||
|
|
22
yarn.lock
22
yarn.lock
|
@ -896,7 +896,7 @@
|
||||||
resolved "https://registry.yarnpkg.com/@iarna/toml/-/toml-2.2.5.tgz#b32366c89b43c6f8cefbdefac778b9c828e3ba8c"
|
resolved "https://registry.yarnpkg.com/@iarna/toml/-/toml-2.2.5.tgz#b32366c89b43c6f8cefbdefac778b9c828e3ba8c"
|
||||||
integrity sha512-trnsAYxU3xnS1gPHPyU961coFyLkh4gAD/0zQ5mymY4yOZ+CYvsPqUbOFSw0aDM4y0tV7tiFxL/1XfXPNC6IPg==
|
integrity sha512-trnsAYxU3xnS1gPHPyU961coFyLkh4gAD/0zQ5mymY4yOZ+CYvsPqUbOFSw0aDM4y0tV7tiFxL/1XfXPNC6IPg==
|
||||||
|
|
||||||
"@mapbox/node-pre-gyp@^1.0.0", "@mapbox/node-pre-gyp@^1.0.1":
|
"@mapbox/node-pre-gyp@^1.0.1":
|
||||||
version "1.0.5"
|
version "1.0.5"
|
||||||
resolved "https://registry.yarnpkg.com/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.5.tgz#2a0b32fcb416fb3f2250fd24cb2a81421a4f5950"
|
resolved "https://registry.yarnpkg.com/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.5.tgz#2a0b32fcb416fb3f2250fd24cb2a81421a4f5950"
|
||||||
integrity sha512-4srsKPXWlIxp5Vbqz5uLfBN+du2fJChBoYn/f2h991WLdk7jUvcSk/McVLSv/X+xQIPI8eGD5GjrnygdyHnhPA==
|
integrity sha512-4srsKPXWlIxp5Vbqz5uLfBN+du2fJChBoYn/f2h991WLdk7jUvcSk/McVLSv/X+xQIPI8eGD5GjrnygdyHnhPA==
|
||||||
|
@ -1059,13 +1059,6 @@
|
||||||
resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.1.tgz#a6ca6a9a0ff366af433f42f5f0e124794ff6b8f1"
|
resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.1.tgz#a6ca6a9a0ff366af433f42f5f0e124794ff6b8f1"
|
||||||
integrity sha512-FTgBI767POY/lKNDNbIzgAX6miIDBs6NTCbdlDb8TrWovHsSvaVIZDlTqym29C6UqhzwcJx4CYr+AlrMywA0cA==
|
integrity sha512-FTgBI767POY/lKNDNbIzgAX6miIDBs6NTCbdlDb8TrWovHsSvaVIZDlTqym29C6UqhzwcJx4CYr+AlrMywA0cA==
|
||||||
|
|
||||||
"@types/bcrypt@^5.0.0":
|
|
||||||
version "5.0.0"
|
|
||||||
resolved "https://registry.yarnpkg.com/@types/bcrypt/-/bcrypt-5.0.0.tgz#a835afa2882d165aff5690893db314eaa98b9f20"
|
|
||||||
integrity sha512-agtcFKaruL8TmcvqbndlqHPSJgsolhf/qPWchFlgnW1gECTN/nKbFcoFnvKAQRFfKbh+BO6A3SWdJu9t+xF3Lw==
|
|
||||||
dependencies:
|
|
||||||
"@types/node" "*"
|
|
||||||
|
|
||||||
"@types/body-parser@*", "@types/body-parser@^1.19.0":
|
"@types/body-parser@*", "@types/body-parser@^1.19.0":
|
||||||
version "1.19.0"
|
version "1.19.0"
|
||||||
resolved "https://registry.yarnpkg.com/@types/body-parser/-/body-parser-1.19.0.tgz#0685b3c47eb3006ffed117cdd55164b61f80538f"
|
resolved "https://registry.yarnpkg.com/@types/body-parser/-/body-parser-1.19.0.tgz#0685b3c47eb3006ffed117cdd55164b61f80538f"
|
||||||
|
@ -1773,14 +1766,6 @@ bcrypt-pbkdf@^1.0.0:
|
||||||
dependencies:
|
dependencies:
|
||||||
tweetnacl "^0.14.3"
|
tweetnacl "^0.14.3"
|
||||||
|
|
||||||
bcrypt@^5.0.1:
|
|
||||||
version "5.0.1"
|
|
||||||
resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-5.0.1.tgz#f1a2c20f208e2ccdceea4433df0c8b2c54ecdf71"
|
|
||||||
integrity sha512-9BTgmrhZM2t1bNuDtrtIMVSmmxZBrJ71n8Wg+YgdjHuIWYF7SjjmCPZFB+/5i/o/PIeRpwVJR3P+NrpIItUjqw==
|
|
||||||
dependencies:
|
|
||||||
"@mapbox/node-pre-gyp" "^1.0.0"
|
|
||||||
node-addon-api "^3.1.0"
|
|
||||||
|
|
||||||
binary-extensions@^1.0.0:
|
binary-extensions@^1.0.0:
|
||||||
version "1.13.1"
|
version "1.13.1"
|
||||||
resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65"
|
resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65"
|
||||||
|
@ -5432,11 +5417,6 @@ node-addon-api@^3.0.2:
|
||||||
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.2.1.tgz#81325e0a2117789c0128dab65e7e38f07ceba161"
|
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.2.1.tgz#81325e0a2117789c0128dab65e7e38f07ceba161"
|
||||||
integrity sha512-mmcei9JghVNDYydghQmeDX8KoAm0FAiYyIcUt/N4nhyAipB17pllZQDOJD2fotxABnt4Mdz+dKTO7eftLg4d0A==
|
integrity sha512-mmcei9JghVNDYydghQmeDX8KoAm0FAiYyIcUt/N4nhyAipB17pllZQDOJD2fotxABnt4Mdz+dKTO7eftLg4d0A==
|
||||||
|
|
||||||
node-addon-api@^3.1.0:
|
|
||||||
version "3.2.0"
|
|
||||||
resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.2.0.tgz#7028b56a7eb572b73873aed731a7f9c9365f5ee4"
|
|
||||||
integrity sha512-kcwSAWhPi4+QzAtsL2+2s/awvDo2GKLsvMCwNRxb5BUshteXU8U97NCyvQDsGKs/m0He9WcG4YWew/BnuLx++w==
|
|
||||||
|
|
||||||
node-fetch@^2.6.1:
|
node-fetch@^2.6.1:
|
||||||
version "2.6.1"
|
version "2.6.1"
|
||||||
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
|
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
|
||||||
|
|
Loading…
Reference in New Issue