Commit Graph

3279 Commits

Author SHA1 Message Date
jan iversen ece5de699a Update CONTRIBUTING.md
Node needs be v14.x not greater. If installing the standard version ‘brew install node’, both ‘yarn’ and ‘code-server’ (release version) complains.

Newest version is v16.x so we are pretty far behind.
2021-06-17 20:57:00 +02:00
dependabot[bot] bf45e7ca15
chore(deps-dev): bump @types/ws from 7.4.4 to 7.4.5 (#3627)
Bumps [@types/ws](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ws) from 7.4.4 to 7.4.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ws)

---
updated-dependencies:
- dependency-name: "@types/ws"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-17 23:49:14 +05:30
dependabot[bot] 9dae4fec25
chore(deps): bump ws from 7.4.6 to 7.5.0 (#3625)
Bumps [ws](https://github.com/websockets/ws) from 7.4.6 to 7.5.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.6...7.5.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-17 23:49:03 +05:30
Joe Previte 83701f9f6d
Merge pull request #3626 from cdr/dependabot/npm_and_yarn/wtfnode-0.9.0
chore(deps-dev): bump wtfnode from 0.8.4 to 0.9.0
2021-06-17 10:49:40 -07:00
jan iversen 4e14c11fa4
Allow development on any architecture (#3598) 2021-06-17 12:28:54 -05:00
dependabot[bot] 79f372c1a0
chore(deps-dev): bump wtfnode from 0.8.4 to 0.9.0
Bumps [wtfnode](https://github.com/myndzi/wtfnode) from 0.8.4 to 0.9.0.
- [Release notes](https://github.com/myndzi/wtfnode/releases)
- [Commits](https://github.com/myndzi/wtfnode/commits)

---
updated-dependencies:
- dependency-name: wtfnode
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-17 11:04:04 +00:00
Joe Previte cbe3192971
Merge pull request #3617 from cdr/dependabot/npm_and_yarn/audit-ci-4.1.0
chore(deps-dev): bump audit-ci from 4.0.0 to 4.1.0
2021-06-16 10:03:35 -07:00
Joe Previte ddbff58eec
Merge pull request #3602 from patrickcylai/patrickcylai/fix-docs-hashed-password
fix: placeholder password in hashed password example
2021-06-16 09:49:53 -07:00
dependabot[bot] 18c0f32c24
chore(deps-dev): bump audit-ci from 4.0.0 to 4.1.0
Bumps [audit-ci](https://github.com/IBM/audit-ci) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/IBM/audit-ci/releases)
- [Commits](https://github.com/IBM/audit-ci/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: audit-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-16 11:02:59 +00:00
Asher b59b3936d0
Fix incorrect logout base (#3611)
Fixes #3608.
2021-06-15 15:11:01 -05:00
dependabot[bot] 3241a4f521
chore(deps-dev): bump @typescript-eslint/parser from 4.26.1 to 4.27.0 (#3609)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.26.1 to 4.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.27.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-15 21:46:00 +05:30
dependabot[bot] 5c9b625acb
chore(deps-dev): bump @typescript-eslint/eslint-plugin (#3610)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.26.1 to 4.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.27.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-15 21:34:56 +05:30
Patrick Lai 5fae520ebe fix: placeholder password in hashed password example 2021-06-13 01:25:05 +10:00
Joe Previte 4bb7a8ddb9
Merge pull request #3590 from mxschmitt/chore/upgrade-to-latest-playwright
chore: upgrade to Playwright 1.12 with its new test-runner
2021-06-10 11:15:41 -07:00
Joe Previte 2c818e3855
Merge pull request #3589 from cdr/dependabot/npm_and_yarn/argon2-0.28.2
chore(deps): bump argon2 from 0.28.0 to 0.28.2
2021-06-10 09:36:45 -07:00
Max Schmitt dbb34ad710 chore: upgrade to Playwright 1.12 with its new test-runner 2021-06-10 15:09:38 +02:00
dependabot[bot] fda44240c9
chore(deps): bump argon2 from 0.28.0 to 0.28.2
Bumps [argon2](https://github.com/ranisalt/node-argon2) from 0.28.0 to 0.28.2.
- [Release notes](https://github.com/ranisalt/node-argon2/releases)
- [Commits](https://github.com/ranisalt/node-argon2/compare/v0.28.0...v0.28.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-10 11:01:38 +00:00
Joe Previte 9fc9c041ad
Merge pull request #3588 from cdr/dependabot/npm_and_yarn/lib/vscode/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
2021-06-09 15:06:08 -07:00
Joe Previte a802a920ac
Merge pull request #3587 from cdr/dependabot/npm_and_yarn/lib/vscode/build/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
2021-06-09 15:05:54 -07:00
dependabot[bot] 54684c0ad2
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:56 +00:00
dependabot[bot] 2594aa3e41
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:42 +00:00
Joe Previte 717eaa6470
Merge pull request #3422 from cdr/jsjoeio/fix-password-hash
fix: use sufficient computational effort for password hash
2021-06-09 14:32:05 -07:00
Joe Previte 1e55a648a5
feat: check for empty str in isHashMatch 2021-06-08 15:10:59 -07:00
Joe Previte 3b50bfc17d
fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte deaa2242ca
feat: add npm_config_build_from_source to build scripts
This is necessary due to argon2 being added and an upstream issue where it uses
a Linux build that is too new for CentOS 7.
2021-06-08 14:33:17 -07:00
Joe Previte 8c2bb61af9
refactor: parse options with multiple = in cli
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte 531b7c0c25
feat: add splitOnFirstEquals function 2021-06-08 14:33:16 -07:00
Joe Previte 517aaf71c5
docs: update FAQ with new hashing instructions 2021-06-08 14:33:16 -07:00
Joe Previte 923761cd78
refactor: password logic in http w/ isCookieValid 2021-06-08 14:33:16 -07:00
Joe Previte 6020480b30
feat: add isCookieValid function and tests 2021-06-08 14:33:16 -07:00
Joe Previte 409b473c82
refactor: rewrite password logic at /login 2021-06-08 14:33:15 -07:00
Joe Previte a14ea39c4a
feat: add handlePasswordValidation + tests 2021-06-08 14:33:15 -07:00
Joe Previte 7ff4117531
feat: add getPasswordMethod & test for it 2021-06-08 14:33:15 -07:00
Joe Previte ffa5c16e51
feat: update cli and test for hashed-password 2021-06-08 14:33:15 -07:00
Joe Previte 788b958e20
refactor: update hash fn in test config 2021-06-08 14:33:14 -07:00
Joe Previte 1134780b8b
refactor: make wsProxy async 2021-06-08 14:33:14 -07:00
Joe Previte 91303d4e40
refactor: make ensureAuthenticated async 2021-06-08 14:33:14 -07:00
Joe Previte 0cdbd33b46
refactor: make authenticated async everywhere
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte fcc3f0d951
refactor: update login logic with new async hashing
This adds the proper await logic for the hashing of passwords.
2021-06-08 14:33:13 -07:00
Joe Previte fd3cb6cfa0
refactor: update unit tests for hash fns
Since the hash and isHashMatch are now async, I had to update the tests
accordingly. Now everything is working.
2021-06-08 14:33:13 -07:00
Joe Previte 70197bb2a5
refactor: use argon2 instead of bcrypt
This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte 51f8341959
chore: update to argon2 in test 2021-06-08 14:33:13 -07:00
Joe Previte dc2db5c62d
chore: add argon2 package 2021-06-08 14:33:13 -07:00
Joe Previte fc3326f1f2
feat: add tests using real hashes 2021-06-08 14:33:12 -07:00
Joe Previte aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Joe Previte f35120c0a3
feat: add unit test for hash function 2021-06-08 14:33:12 -07:00
Joe Previte 17be8c5cd3
refactor: use bcrypt in e2e setup 2021-06-08 14:33:12 -07:00
Joe Previte cac667317e
refactor: use bcrypt in hash function 2021-06-08 14:33:11 -07:00
Joe Previte dd2cb1649a
chore: update CHANGELOG 2021-06-08 14:32:16 -07:00
dependabot[bot] d8c3ba6a17
chore(deps): bump glob-parent in /lib/vscode/build/lib/watch (#3570)
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 00:25:30 +05:30