Password hash

[LVerneyPEReN]

Hi,

As far as I understand, the current password setup stores the password as plaintext in the user config file. It would probably be safer to have it stored as a hash and do a hash comparison upon login.

Is this feature already available? Else, would you accept a PR adding this behavior?

Thanks,
Best,

[code-asher]

PRs are definitely welcome. I think the best path forward would be to add a `hashedPassword` option that will take precedence over `password` if it exists.

[nhooyr]

I don't believe #2409 fully closes this. We need to automatically hash the existing password.

[JammSpread]

Like you type hashedPassword in plaintext and code-server in runtime hashes it?

[nhooyr]

That could be one way to do it but I was confused when I wrote my above comment. This issue is definitely closed. I was thinking we could automatically always convert password in config.yaml to hashedPassword and rewrite the file. However, users need to see the default generated password when they login for the first time. Perhaps we should add something to the CLI to allow specifying the new password, hashing it and then storing it in config.yaml as hashedPassword.

I'm opening a new issue.

edit: nvm, decided against automation here for now. sha256sum is soo easy to use. perhaps we should add an example somewhere in the docs.