How to add argon2 gem to Open OnDemand

Hi,

I am new Open OnDemand user and I am building new environment that will use it as frontend. I am trying to build tools for our researchers and one is the bc_osc_codeserver (GitHub - OSC/bc_osc_codeserver: BETA - Batch Connect - OSC Code Server) and I noticed that it uses code-server (GitHub - coder/code-server: VS Code in the browser) that did change the password hashing algorithm from SHA256 to argon2.

I made change to view.html.erb and now it uses argon2 gem and they did also change the cookie name from key to code-server-session.

require("argon2")
...
Argon2::Password.create(password)
...
let cookie = `code-server-session=<%= cookieValue %>;${expires};${cookiePath};secure`;

Because I am new to ruby programming language and how it work. I made change to /var/www/ood/apps/sys/dashboard/Gemfile that did add gem ‘argon2’ to it and after that I ran

cd /var/www/ood/apps/sys/dashboard
bin/bundle install --path vendor/bundle

Everything is working now but I am thinking what is the right way to do this kind of change?

Hi and welcome!

You should use securerandom to generate passwords or random strings. Next time you upgrade, the RPM is going to wipe that local vendor/bundle directory so, it’s better to just use standard Ruby libraries that will continue to work.

irb(main):008:0> require 'securerandom'
=> true
irb(main):009:0> SecureRandom.hex(8)
=> "ffd3e6df25e0512e"
irb(main):010:0> SecureRandom.hex(12)
=> "f1afd7403c77f59e7501b87d"