[Bug]: Password prompt appearing, despite setting $PASSWORD

[walidabualafia]

Is there an existing issue for this?

• I have searched the existing issues

OS/Web Information

• Web Browser: Opera/Safari
• Local OS: macOS
• Remote OS: RHEL8
• Remote Architecture: amd64
• code-server --version: 4.21.0, 4.21.1

Steps to Reproduce

1. Install code-server 4.21.0, 4.21.1
2. Set $PASSWORD to a 16 char alphanumeric string
3. Open code-server
4. You should now see the password prompt

Expected

code-server should automatically read the password from $PASSWORD. It works in code-server 4.18, but does not work in code-server 4.21/code-server 4.20.

Actual

You are greeted with the password prompt, asking your to enter the password set in $PASSWORD...

Logs

Thu Feb 29 16:32:17 CST 2024: Started code-server

[2024-02-29T22:33:12.255Z] debug parent:748210 spawned child process 749216
[2024-02-29T22:33:13.238Z] debug child:749216 initiating handshake
[2024-02-29T22:33:13.241Z] debug parent:748210 got message �[38;2;140;140;140m{"message":{"type":"handshake"}}�[0m
[2024-02-29T22:33:13.242Z] debug child:749216 got message �[38;2;140;140;140m{"message":{"type":"handshake","args":{"bind-addr":"0.0.0.0:35112","auth":"password","password":"<redacted>","config":"/home/wabuala/.config/code-server/config.yaml","disable-telemetry":true,"ignore-last-opened":true,"user-data-dir":"/home/wabuala/.local/share/code-server","verbose":true,"log":"trace","_":["/home/wabuala"],"extensions-dir":"/home/wabuala/.local/share/code-server/extensions","session-socket":"/home/wabuala/.local/share/code-server/code-server-ipc.sock","host":"0.0.0.0","port":35112,"proxy-domain":[],"usingEnvPassword":true,"usingEnvHashedPassword":false}}}�[0m
[2024-02-29T22:33:13.242Z] info  code-server 4.21.0 84ca27278b68150e22d25ec9183a4835239b6e44
[2024-02-29T22:33:13.242Z] info  Using user-data-dir /home/wabuala/.local/share/code-server
[2024-02-29T22:33:13.242Z] debug Using extensions-dir /home/wabuala/.local/share/code-server/extensions
[2024-02-29T22:33:13.255Z] info  Using config file /home/wabuala/.config/code-server/config.yaml
[2024-02-29T22:33:13.255Z] info  HTTP server listening on http://0.0.0.0:35112/
[2024-02-29T22:33:13.255Z] info    - Authentication is enabled
[2024-02-29T22:33:13.255Z] info      - Using password from $PASSWORD
[2024-02-29T22:33:13.255Z] info    - Not serving HTTPS
[2024-02-29T22:33:13.255Z] info  Session server listening on /home/wabuala/.local/share/code-server/code-server-ipc.sock
Thu Feb 29 16:33:13 CST 2024: Discovered code-server listening on port 35112!
Generating connection YAML file...

Screenshot/Video

No response

Does this issue happen in VS Code or GitHub Codespaces?

• I tested this in native VS Code.
• This does not happen in native VS Code.
• I tested this in GitHub Codespaces.
• This does not happen in GitHub Codespaces.

Are you accessing code-server over a secure context?

• I am using a secure context.

Notes

The password gets automatically read from $PASSWORD in code-server 4.18.0.

I tested code-server 4.21.0 and code-server 4.21.1, but both seem not to authenticate me properly.

[code-asher]

Are you saying the expectation is that there should be no password prompt at all? The PASSWORD environment variable only tells code-server what password the user needs to send in order to be authenticated, it does not disable the password prompt. To do that you can use --auth none.

If there was no password prompt in 4.18 then that was a major security bug. Maybe you were already authenticated? Once you log in, the token is stored in a cookie in your browser so you do not need to log in again.

[code-asher]

Or, are you saying the problem is that the same cookie for 4.18 is not working for 4.21? That does seem odd. I do not think we made any changes around authentication. 🤔 If you log in again, does it keep showing the prompt?