codeserver 3.11.0 broken

OSC / bc_osc_codeserver

BETA - Batch Connect - OSC Code Server

https://osc.github.io/Open-OnDemand/

GNU General Public License v3.0

18 stars 21 forks source link

codeserver 3.11.0 broken #26

Open johrstrom opened 2 years ago

johrstrom commented 2 years ago

It appears that the problem described in in https://github.com/OSC/bc_osc_codeserver/pull/2#issuecomment-623518310 is again occurring with bc_osc_codeserver 0.4.0 and code-server >= 3.11.0 (but 3.10.2 works OK)

_Originally posted by @nathanweeks in https://github.com/OSC/bc_osc_codeserver/issues/2#issuecomment-1061009373_

orbsmiv commented 2 years ago

Further to this I'm attempting to update our OnDemand Code Server app to use version 4.2.0, which has undergone a fairly substantial refactoring to bring it inline with some upstream VS Code changes. They've also changed some of the Cookie handling, as outlined in the following issue:

https://github.com/coder/code-server/issues/4691#issuecomment-1008429061

I've not looked in detail but the following PR may be significant: https://github.com/coder/code-server/pull/4548

johrstrom commented 2 years ago

I also just patched OnDemand with the PR below for an entirely separate reason. But it may catch relative URLs better.

https://github.com/OSC/ondemand/pull/1934

Another route would be to set the app up as /node instead of /rnode, though I don't know if it's possible.

dgtim commented 2 years ago

The auth problem persists while trying the server version 4.7.0. Launching like code-server --auth="password" ... with the PASSWORD set brings us to the login screen with

"Welcome to code-server Please log in below. Password was set from $PASSWORD."

and a password submit field.

CALMorACT commented 1 year ago

This problem can be solved by changing the method of mocking cookie.

code-server has changed the hash algorism of cookie from the 3.11.0. The new algorism is argon2, so the additional ruby package ruby-argon2 need to added in dashboard. (I don' t know how to add the additional package for interactive apps, but add it in dashboard app, it runs well)

jaguillette commented 10 months ago

The previous comment is correct in that it's necessary to change the hashing method for the cookie created in view.html.erb, but there's an alternative auth mechanism in view.html.erb. The auth mechanism that's conditionally used for code-server 4.8.3 works for >= 3.11 with the argon2 hashing algorithm. In our case I was able to change the 4.8.3 in view.html.erb to match the default version of code-server we set in our form.yml and auth in without a password prompt. If you can add the Ruby package for argon2 as the previous post suggests, you can make the cookie option work, but in our case the hidden form input alternative worked.

KasperSkytte commented 4 months ago

My solution was to use this form:

<form id="<%= form_id %>" action="/rnode/<%= host %>/<%= port %>/login?to=" method="post" target="_blank">
  <input type="hidden" name="password" value="<%= password %>">
  <button class="btn btn-primary" type="submit">
    <i class="fa fa-cogs"></i> Connect to Code Server
  </button>
</form>

Works with code-server version 4.23.1