GitHub/code-server
1
0
Fork 0
mirror of https://github.com/coder/code-server.git synced 2026-05-27 15:39:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,734 Commits 22 Branches 243 Tags
22a22a8f7a2f2d5fd74d5763d4a18875bcd13452
Commit Graph

20 Commits

Author SHA1 Message Date
Joe Previte
22a22a8f7a fix: escape error.message on login failure 2021-07-01 10:43:37 -07:00
Joe Previte
c505fc45a8 feat: add escapeHtml function 
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
 2021-07-01 10:43:36 -07:00
Joe Previte
3b50bfc17d fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte
531b7c0c25 feat: add splitOnFirstEquals function 2021-06-08 14:33:16 -07:00
Joe Previte
409b473c82 refactor: rewrite password logic at /login 2021-06-08 14:33:15 -07:00
Joe Previte
ffa5c16e51 feat: update cli and test for hashed-password 2021-06-08 14:33:15 -07:00
Joe Previte
0cdbd33b46 refactor: make authenticated async everywhere 
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
 2021-06-08 14:33:14 -07:00
Joe Previte
fcc3f0d951 refactor: update login logic with new async hashing 
This adds the proper await logic for the hashing of passwords.
 2021-06-08 14:33:13 -07:00
Joe Previte
aaf044728f refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Joe Previte
f80d5c3764 refactor: rateLimiter.canTry logic to check >= 1 2021-04-19 13:14:19 -07:00
Joe Previte
7a5042176e fix: update logic for removing token from limiter 2021-04-19 11:12:43 -07:00
Joe Previte
a3f18d6158 refactor: change limiter.Try() to .removeToken() 2021-04-19 10:57:50 -07:00
Joe Previte
d8e45057c7 refactor: update rateLimiter to check try 
This changes adds a new method called `.canTry` to the rate limiter to check if
there are tokens remaining in the bucket.

It also adds suggestions from @oxy to make sure the user can brute force past
the rate limiter.
 2021-04-19 10:40:59 -07:00
Joe Previte
08521077f0 refactor(login): move rate limiter after successful login 
Before, we weren't checking if a login was successful before counting it
against the rate limiter.

With this change, we only count unsuccessful logins against the rate limiter.

We did this because this was a bug but also because it caused problems with our
e2e tests hitting the rate limit.
 2021-04-19 10:40:59 -07:00
Joe Previte
4683d8a077 fix: update comment and export rateLimiter 2021-04-19 10:40:58 -07:00
Joe Previte
b02d2fb3cc feat: add cookie utils for e2e tests 2021-02-22 13:41:10 -07:00
Anmol Sethi
60c270aef5 cli: hashedPassword -> hashed-password (#2454) 
Capital letters in the CLI are evil.

cc @code-asher
 2020-12-18 12:20:38 -05:00
SPGoding
1dd7e4b4e1 Add hashedPassword config (#2409) 
Resolve #2225.
 2020-12-08 14:54:17 -06:00
Asher
112eda4605 Convert routes to Express 2020-10-26 17:56:13 -05:00
Asher
9f25cc6d5d Move providers from app to routes 2020-10-20 16:18:27 -05:00