code-server
code-server copied to clipboard
coder
[Bug]: Password prompt appearing, despite setting $PASSWORD
Is there an existing issue for this?
- [X] I have searched the existing issues
OS/Web Information
- Web Browser: Opera/Safari
- Local OS: macOS
- Remote OS: RHEL8
- Remote Architecture: amd64
-
code-server --version: 4.21.0, 4.21.1
Steps to Reproduce
- Install code-server 4.21.0, 4.21.1
- Set
$PASSWORDto a 16 char alphanumeric string - Open code-server
- You should now see the password prompt
Expected
code-server should automatically read the password from $PASSWORD. It works in code-server 4.18, but does not work in code-server 4.21/code-server 4.20.
Actual
You are greeted with the password prompt, asking your to enter the password set in $PASSWORD...
Logs
Thu Feb 29 16:32:17 CST 2024: Started code-server
[2024-02-29T22:33:12.255Z] debug parent:748210 spawned child process 749216
[2024-02-29T22:33:13.238Z] debug child:749216 initiating handshake
[2024-02-29T22:33:13.241Z] debug parent:748210 got message [38;2;140;140;140m{"message":{"type":"handshake"}}[0m
[2024-02-29T22:33:13.242Z] debug child:749216 got message [38;2;140;140;140m{"message":{"type":"handshake","args":{"bind-addr":"0.0.0.0:35112","auth":"password","password":"<redacted>","config":"/home/wabuala/.config/code-server/config.yaml","disable-telemetry":true,"ignore-last-opened":true,"user-data-dir":"/home/wabuala/.local/share/code-server","verbose":true,"log":"trace","_":["/home/wabuala"],"extensions-dir":"/home/wabuala/.local/share/code-server/extensions","session-socket":"/home/wabuala/.local/share/code-server/code-server-ipc.sock","host":"0.0.0.0","port":35112,"proxy-domain":[],"usingEnvPassword":true,"usingEnvHashedPassword":false}}}[0m
[2024-02-29T22:33:13.242Z] info code-server 4.21.0 84ca27278b68150e22d25ec9183a4835239b6e44
[2024-02-29T22:33:13.242Z] info Using user-data-dir /home/wabuala/.local/share/code-server
[2024-02-29T22:33:13.242Z] debug Using extensions-dir /home/wabuala/.local/share/code-server/extensions
[2024-02-29T22:33:13.255Z] info Using config file /home/wabuala/.config/code-server/config.yaml
[2024-02-29T22:33:13.255Z] info HTTP server listening on http://0.0.0.0:35112/
[2024-02-29T22:33:13.255Z] info - Authentication is enabled
[2024-02-29T22:33:13.255Z] info - Using password from $PASSWORD
[2024-02-29T22:33:13.255Z] info - Not serving HTTPS
[2024-02-29T22:33:13.255Z] info Session server listening on /home/wabuala/.local/share/code-server/code-server-ipc.sock
Thu Feb 29 16:33:13 CST 2024: Discovered code-server listening on port 35112!
Generating connection YAML file...
Screenshot/Video
No response
Does this issue happen in VS Code or GitHub Codespaces?
- [ ] I tested this in native VS Code.
- [ ] This does not happen in native VS Code.
- [ ] I tested this in GitHub Codespaces.
- [ ] This does not happen in GitHub Codespaces.
Are you accessing code-server over a secure context?
- [X] I am using a secure context.
Notes
The password gets automatically read from $PASSWORD in code-server 4.18.0.
I tested code-server 4.21.0 and code-server 4.21.1, but both seem not to authenticate me properly.
Are you saying the expectation is that there should be no password prompt at all? The PASSWORD environment variable only tells code-server what password the user needs to send in order to be authenticated, it does not disable the password prompt. To do that you can use --auth none.
If there was no password prompt in 4.18 then that was a major security bug. Maybe you were already authenticated? Once you log in, the token is stored in a cookie in your browser so you do not need to log in again.
Or, are you saying the problem is that the same cookie for 4.18 is not working for 4.21? That does seem odd. I do not think we made any changes around authentication. :thinking: If you log in again, does it keep showing the prompt?