Commit Graph

2664 Commits

Author SHA1 Message Date
Joe Previte 2c818e3855
Merge pull request #3589 from cdr/dependabot/npm_and_yarn/argon2-0.28.2
chore(deps): bump argon2 from 0.28.0 to 0.28.2
2021-06-10 09:36:45 -07:00
dependabot[bot] fda44240c9
chore(deps): bump argon2 from 0.28.0 to 0.28.2
Bumps [argon2](https://github.com/ranisalt/node-argon2) from 0.28.0 to 0.28.2.
- [Release notes](https://github.com/ranisalt/node-argon2/releases)
- [Commits](https://github.com/ranisalt/node-argon2/compare/v0.28.0...v0.28.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-10 11:01:38 +00:00
Joe Previte 9fc9c041ad
Merge pull request #3588 from cdr/dependabot/npm_and_yarn/lib/vscode/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
2021-06-09 15:06:08 -07:00
Joe Previte a802a920ac
Merge pull request #3587 from cdr/dependabot/npm_and_yarn/lib/vscode/build/normalize-url-4.5.1
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
2021-06-09 15:05:54 -07:00
dependabot[bot] 54684c0ad2
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:56 +00:00
dependabot[bot] 2594aa3e41
chore(deps): bump normalize-url from 4.5.0 to 4.5.1 in /lib/vscode/build
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

---
updated-dependencies:
- dependency-name: normalize-url
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-09 21:32:42 +00:00
Joe Previte 717eaa6470
Merge pull request #3422 from cdr/jsjoeio/fix-password-hash
fix: use sufficient computational effort for password hash
2021-06-09 14:32:05 -07:00
Joe Previte 1e55a648a5
feat: check for empty str in isHashMatch 2021-06-08 15:10:59 -07:00
Joe Previte 3b50bfc17d
fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte deaa2242ca
feat: add npm_config_build_from_source to build scripts
This is necessary due to argon2 being added and an upstream issue where it uses
a Linux build that is too new for CentOS 7.
2021-06-08 14:33:17 -07:00
Joe Previte 8c2bb61af9
refactor: parse options with multiple = in cli
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte 531b7c0c25
feat: add splitOnFirstEquals function 2021-06-08 14:33:16 -07:00
Joe Previte 517aaf71c5
docs: update FAQ with new hashing instructions 2021-06-08 14:33:16 -07:00
Joe Previte 923761cd78
refactor: password logic in http w/ isCookieValid 2021-06-08 14:33:16 -07:00
Joe Previte 6020480b30
feat: add isCookieValid function and tests 2021-06-08 14:33:16 -07:00
Joe Previte 409b473c82
refactor: rewrite password logic at /login 2021-06-08 14:33:15 -07:00
Joe Previte a14ea39c4a
feat: add handlePasswordValidation + tests 2021-06-08 14:33:15 -07:00
Joe Previte 7ff4117531
feat: add getPasswordMethod & test for it 2021-06-08 14:33:15 -07:00
Joe Previte ffa5c16e51
feat: update cli and test for hashed-password 2021-06-08 14:33:15 -07:00
Joe Previte 788b958e20
refactor: update hash fn in test config 2021-06-08 14:33:14 -07:00
Joe Previte 1134780b8b
refactor: make wsProxy async 2021-06-08 14:33:14 -07:00
Joe Previte 91303d4e40
refactor: make ensureAuthenticated async 2021-06-08 14:33:14 -07:00
Joe Previte 0cdbd33b46
refactor: make authenticated async everywhere
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte fcc3f0d951
refactor: update login logic with new async hashing
This adds the proper await logic for the hashing of passwords.
2021-06-08 14:33:13 -07:00
Joe Previte fd3cb6cfa0
refactor: update unit tests for hash fns
Since the hash and isHashMatch are now async, I had to update the tests
accordingly. Now everything is working.
2021-06-08 14:33:13 -07:00
Joe Previte 70197bb2a5
refactor: use argon2 instead of bcrypt
This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte 51f8341959
chore: update to argon2 in test 2021-06-08 14:33:13 -07:00
Joe Previte dc2db5c62d
chore: add argon2 package 2021-06-08 14:33:13 -07:00
Joe Previte fc3326f1f2
feat: add tests using real hashes 2021-06-08 14:33:12 -07:00
Joe Previte aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Joe Previte f35120c0a3
feat: add unit test for hash function 2021-06-08 14:33:12 -07:00
Joe Previte 17be8c5cd3
refactor: use bcrypt in e2e setup 2021-06-08 14:33:12 -07:00
Joe Previte cac667317e
refactor: use bcrypt in hash function 2021-06-08 14:33:11 -07:00
Joe Previte dd2cb1649a
chore: update CHANGELOG 2021-06-08 14:32:16 -07:00
dependabot[bot] d8c3ba6a17
chore(deps): bump glob-parent in /lib/vscode/build/lib/watch (#3570)
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 00:25:30 +05:30
dependabot[bot] 4cd0456103
chore(deps-dev): bump @typescript-eslint/parser from 4.26.0 to 4.26.1 (#3567)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.26.0 to 4.26.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.26.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 00:23:42 +05:30
dependabot[bot] 38647836bb
chore(deps-dev): bump doctoc from 2.0.0 to 2.0.1 (#3568)
Bumps [doctoc](https://github.com/thlorenz/doctoc) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/thlorenz/doctoc/releases)
- [Commits](https://github.com/thlorenz/doctoc/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: doctoc
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 00:23:11 +05:30
dependabot[bot] 9288b02f0a
chore(deps): bump trim-newlines from 3.0.0 to 3.0.1 (#3571)
Bumps [trim-newlines](https://github.com/sindresorhus/trim-newlines) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/sindresorhus/trim-newlines/releases)
- [Commits](https://github.com/sindresorhus/trim-newlines/commits)

---
updated-dependencies:
- dependency-name: trim-newlines
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 00:22:16 +05:30
Joe Previte 9052a1364a
Merge pull request #3557 from cuining/main
chore: update .gitignore
2021-06-08 10:54:56 -07:00
dependabot[bot] 3edbd09ddb
chore(deps-dev): bump @typescript-eslint/eslint-plugin (#3569)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.26.0 to 4.26.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.26.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-08 21:55:01 +05:30
cuining eadd194677
Update CHANGELOG.md 2021-06-08 10:46:30 +08:00
cuining 1cd736db81
Update CHANGELOG.md 2021-06-08 10:46:14 +08:00
cuining 8252e4460b Merge branch 'cdr:main' into main 2021-06-08 10:33:14 +08:00
Joe Previte ecbef27981
Merge pull request #3559 from cdr/dependabot/npm_and_yarn/prettier-2.3.1
chore(deps-dev): bump prettier from 2.3.0 to 2.3.1
2021-06-07 11:13:19 -07:00
dependabot[bot] 635170c7ed
chore(deps-dev): bump prettier from 2.3.0 to 2.3.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.3.0...2.3.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-07 18:08:25 +00:00
Joe Previte 0659a2ea73
Merge pull request #3558 from cdr/dependabot/npm_and_yarn/eslint-7.28.0
chore(deps-dev): bump eslint from 7.27.0 to 7.28.0
2021-06-07 11:05:12 -07:00
dependabot[bot] f37c748471
chore(deps-dev): bump eslint from 7.27.0 to 7.28.0
Bumps [eslint](https://github.com/eslint/eslint) from 7.27.0 to 7.28.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.27.0...v7.28.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-07 11:02:40 +00:00
cuining 0400a891f7 Merge branch 'cdr:main' into main 2021-06-07 14:26:55 +08:00
cuining c3dfb90eda
Update .gitignore 2021-06-07 14:26:39 +08:00
Joe Previte 7b6df50553
Merge pull request #3545 from cdr/dependabot/npm_and_yarn/lib/vscode/ws-7.4.6
chore(deps): bump ws from 7.4.5 to 7.4.6 in /lib/vscode
2021-06-04 14:46:53 -07:00