coder · nhooyr · Dec 18, 2020 · Dec 14, 2020
diff --git a/doc/FAQ.md b/doc/FAQ.md
@@ -163,7 +163,7 @@ Again, please follow [./guide.md](./guide.md) for our recommendations on setting
 
 ## Can I store my password hashed?
 
-Yes you can! Use `hashedPassword` instead of `password`. Generate the hash with:
+Yes you can! Use `hashed-password` instead of `password`. Generate the hash with:
 
 ```
 echo "thisismypassword" | sha256sum | cut -d' ' -f1

diff --git a/doc/guide.md b/doc/guide.md
@@ -297,8 +297,8 @@ and then restart `code-server` with:
 sudo systemctl restart code-server@$USER
 ```
 
-Alternatively, you can specify the SHA-256 of your password at the `hashedPassword` field in the config file.
-The `hashedPassword` field takes precedence over `password`.
+Alternatively, you can specify the SHA-256 of your password at the `hashed-password` field in the config file.
+The `hashed-password` field takes precedence over `password`.
 
 ### How do I securely access development web services?
 

diff --git a/src/node/cli.ts b/src/node/cli.ts
@@ -29,7 +29,7 @@ export interface Args extends VsArgs {
   config?: string
   auth?: AuthType
   password?: string
-  hashedPassword?: string
+  "hashed-password"?: string
   cert?: OptionalString
   "cert-host"?: string
   "cert-key"?: string
@@ -106,7 +106,7 @@ const options: Options<Required<Args>> = {
     type: "string",
     description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
   },
-  hashedPassword: {
+  "hashed-password": {
     type: "string",
     description:
       "The password hashed with SHA-256 for password authentication (can only be passed in via $HASHED_PASSWORD or the config file). \n" +
@@ -285,8 +285,8 @@ export const parse = (
         throw new Error("--password can only be set in the config file or passed in via $PASSWORD")
       }
 
-      if (key === "hashedPassword" && !opts?.configFile) {
-        throw new Error("--hashedPassword can only be set in the config file or passed in via $HASHED_PASSWORD")
+      if (key === "hashed-password" && !opts?.configFile) {
+        throw new Error("--hashed-password can only be set in the config file or passed in via $HASHED_PASSWORD")
       }
 
       const option = options[key]
@@ -466,7 +466,7 @@ export async function setDefaults(cliArgs: Args, configArgs?: ConfigArgs): Promi
 
   const usingEnvHashedPassword = !!process.env.HASHED_PASSWORD
   if (process.env.HASHED_PASSWORD) {
-    args.hashedPassword = process.env.HASHED_PASSWORD
+    args["hashed-password"] = process.env.HASHED_PASSWORD
     usingEnvPassword = false
   }
 

diff --git a/src/node/entry.ts b/src/node/entry.ts
@@ -99,7 +99,7 @@ const main = async (args: DefaultedArgs): Promise<void> => {
   logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`)
   logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`)
 
-  if (args.auth === AuthType.Password && !args.password && !args.hashedPassword) {
+  if (args.auth === AuthType.Password && !args.password && !args["hashed-password"]) {
     throw new Error(
       "Please pass in a password via the config file or environment variable ($PASSWORD or $HASHED_PASSWORD)",
     )

diff --git a/src/node/http.ts b/src/node/http.ts
@@ -54,8 +54,8 @@ export const authenticated = (req: express.Request): boolean => {
       // The password is stored in the cookie after being hashed.
       return !!(
         req.cookies.key &&
-        (req.args.hashedPassword
-          ? safeCompare(req.cookies.key, req.args.hashedPassword)
+        (req.args["hashed-password"]
+          ? safeCompare(req.cookies.key, req.args["hashed-password"])
           : req.args.password && safeCompare(req.cookies.key, hash(req.args.password)))
       )
     default:

diff --git a/src/node/routes/login.ts b/src/node/routes/login.ts
@@ -68,8 +68,8 @@ router.post("/", async (req, res) => {
     }
 
     if (
-      req.args.hashedPassword
-        ? safeCompare(hash(req.body.password), req.args.hashedPassword)
+      req.args["hashed-password"]
+        ? safeCompare(hash(req.body.password), req.args["hashed-password"])
         : req.args.password && safeCompare(req.body.password, req.args.password)
     ) {
       // The hash does not add any actual security but we do it for

diff --git a/test/cli.test.ts b/test/cli.test.ts
@@ -303,7 +303,7 @@ describe("parser", () => {
     assert.deepEqual(await setDefaults(args), {
       ...defaults,
       _: [],
-      hashedPassword: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
+      "hashed-password": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
       usingEnvHashedPassword: true,
     })
   })