Updated bitwarden client

Author: djthorpe

cmd/api/bitwarden.go

@@ -1,13 +1,15 @@
 package main
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 
 	"github.com/djthorpe/go-tablewriter"
 	"github.com/mutablelogic/go-client"
 	"github.com/mutablelogic/go-client/pkg/bitwarden"
 	"github.com/mutablelogic/go-client/pkg/bitwarden/schema"
+	"golang.org/x/term"
 
 	// Namespace import
 	. "github.com/djthorpe/go-errors"
@@ -24,7 +26,8 @@ const (
 var (
 	bwClient                   *bitwarden.Client
 	bwClientId, bwClientSecret string
-	bwConfigDir, bwCacheDir    string
+	bwPassword                 string
+	bwConfigDir                string
 	bwForce                    bool
 )
 
@@ -35,9 +38,8 @@ func bwRegister(flags *Flags) {
 	// Register flags required
 	flags.String(bwName, "bitwarden-client-id", "${BW_CLIENTID}", "Client ID")
 	flags.String(bwName, "bitwarden-client-secret", "${BW_CLIENTSECRET}", "Client Secret")
+	flags.String(bwName, "bitwarden-password", "${BW_PASSWORD}", "Master password")
 	flags.Bool(bwName, "force", false, "Force login or sync to Bitwarden, even if existing token or data is valid")
-	//	flags.String(bwName, "bitwarden-device-id", "${BW_DEVICEID}", "Device Identifier")
-	//	flags.String(bwName, "bitwarden-password", "${BW_PASSWORD}", "Master Password")
 
 	// Register commands
 	flags.Register(Cmd{
@@ -68,25 +70,15 @@ func bwParse(flags *Flags, opts ...client.ClientOpt) error {
 			return err
 		}
 	}
-	// Get cache directory
-	if cache, err := os.UserCacheDir(); err != nil {
-		return err
-	} else {
-		bwCacheDir = filepath.Join(cache, bwName)
-		if err := os.MkdirAll(bwCacheDir, bwDirPerm); err != nil {
-			return err
-		}
-	}
 
-	// Set client ID and secret
+	// Set defaults
 	bwClientId = flags.GetString("bitwarden-client-id")
 	bwClientSecret = flags.GetString("bitwarden-client-secret")
 	if bwClientId == "" || bwClientSecret == "" {
 		return ErrBadParameter.With("Missing -bitwarden-client-id or -bitwarden-client-secret argument")
 	}
-
-	// Get the force flag
 	bwForce = flags.GetBool("force")
+	bwPassword = flags.GetString("bitwarden-password")
 
 	// Return success
 	return nil
@@ -103,11 +95,11 @@ func bwLogin(w *tablewriter.TableWriter) error {
 	}
 
 	// Login options
-	opts := []bitwarden.SessionOpt{
+	opts := []bitwarden.LoginOpt{
 		bitwarden.OptCredentials(bwClientId, bwClientSecret),
 	}
 	if session.Device == nil {
-		opts = append(opts, bitwarden.OptDevice(bitwarden.Device{
+		opts = append(opts, bitwarden.OptDevice(schema.Device{
 			Name: bwName,
 		}))
 	}
@@ -164,15 +156,37 @@ func bwSync(w *tablewriter.TableWriter) error {
 }
 
 func bwFolders(w *tablewriter.TableWriter) error {
+	// Load the profile
+	profile, err := bwReadProfile()
+	if err != nil {
+		return err
+	}
+
 	// Load session or create a new one
 	session, err := bwReadSession()
 	if err != nil {
 		return err
 	}
 
-	// If the session is not valid, then return an error
-	if !session.IsValid() {
-		return ErrOutOfOrder.With("Session is not valid, login first")
+	// If no password is set, then read it
+	password := bwPassword
+	if password == "" {
+		stdin := int(os.Stdin.Fd())
+		if !term.IsTerminal(stdin) {
+			return ErrBadParameter.With("No password set and not running in terminal")
+		}
+		fmt.Fprintf(os.Stdout, "Enter password: ")
+		if value, err := term.ReadPassword(stdin); err != nil {
+			return err
+		} else {
+			password = string(value)
+		}
+		fmt.Fprintf(os.Stdout, "\n")
+	}
+
+	// Make the decryption key
+	if err := session.CacheKey(profile.Key, profile.Email, password); err != nil {
+		return err
 	}
 
 	// Read the folders
@@ -186,7 +200,7 @@ func bwFolders(w *tablewriter.TableWriter) error {
 		if decrypted, err := folder.Decrypt(session); err != nil {
 			return err
 		} else {
-			folders[i] = decrypted
+			folders[i] = decrypted.(*schema.Folder)
 		}
 	}
 
@@ -200,12 +214,35 @@ func bwFolders(w *tablewriter.TableWriter) error {
 ///////////////////////////////////////////////////////////////////////////////
 // OTHER
 
-func bwReadSession() (*bitwarden.Session, error) {
-	result := new(bitwarden.Session)
+func bwReadProfile() (*schema.Profile, error) {
+	result := schema.NewProfile()
+	filename := filepath.Join(bwConfigDir, "profile.json")
+	if _, err := os.Stat(filename); os.IsNotExist(err) {
+		// Return an error
+		return nil, ErrNotFound.With("Profile not found")
+	} else if err != nil {
+		return nil, err
+	}
+
+	// Open the file
+	file, err := os.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	// Read and return the session
+	return result, result.Read(file)
+}
+
+func bwReadSession() (*schema.Session, error) {
+	result := schema.NewSession()
 	filename := filepath.Join(bwConfigDir, "session.json")
 	if _, err := os.Stat(filename); os.IsNotExist(err) {
 		// Return a new, empty session
 		return result, nil
+	} else if err != nil {
+		return nil, err
 	}
 
 	// Open the file
@@ -219,7 +256,7 @@ func bwReadSession() (*bitwarden.Session, error) {
 	return result, result.Read(file)
 }
 
-func bwWriteSession(session *bitwarden.Session) error {
+func bwWriteSession(session *schema.Session) error {
 	return bwWrite("session.json", session)
 }
 

pkg/bitwarden/client.go

@@ -21,13 +21,15 @@ type Client struct {
 	*client.Client
 }
 
-type reqToken struct {
+type Login struct {
 	GrantType    string `json:"grant_type"`
 	Scope        string `json:"scope"`
 	ClientId     string `json:"client_id"`
 	ClientSecret string `json:"client_secret"`
+}
 
-	// Device
+type reqToken struct {
+	Login
 	*schema.Device
 
 	// Two-factor authentication
@@ -77,21 +79,13 @@ func New(opts ...client.ClientOpt) (*Client, error) {
 	return &Client{client}, nil
 }
 
-// Create a new empty session
-func NewSession() *schema.Session {
-	session := new(schema.Session)
-	session.grantType = defaultGrantType
-	session.scope = defaultScope
-	return session
-}
-
 ///////////////////////////////////////////////////////////////////////////////
 // PUBLIC METHODS
 
 // Login updates a session with a token. To create a new, empty session
 // then pass an empty session to this method. Use OptCredentials  option
 // to pass a client_id and client_secret to the session.
-func (c *Client) Login(session *schema.Session, opts ...SessionOpt) error {
+func (c *Client) Login(session *schema.Session, opts ...LoginOpt) error {
 	var request reqToken
 	var response respToken
 
@@ -100,18 +94,21 @@ func (c *Client) Login(session *schema.Session, opts ...SessionOpt) error {
 		return ErrBadParameter.With("session")
 	}
 
+	// Set defaults
+	request.GrantType = defaultGrantType
+	request.Scope = defaultScope
+
 	// Apply options
 	for _, opt := range opts {
-		if err := opt(session); err != nil {
+		if err := opt(session, &request); err != nil {
 			return err
 		}
 	}
 
-	// Check
-	if session.clientId == "" || session.clientSecret == "" {
+	// Check request parameters
+	if request.ClientId == "" || request.ClientSecret == "" {
 		return ErrBadParameter.With("missing credentials")
-	}
-	if session.Device == nil {
+	} else if session.Device == nil {
 		return ErrBadParameter.With("missing device")
 	} else {
 		// Populate missing device fields
@@ -132,14 +129,8 @@ func (c *Client) Login(session *schema.Session, opts ...SessionOpt) error {
 		return nil
 	}
 
-	// Set up the request
-	request.GrantType = session.grantType
-	request.Scope = session.scope
-	request.ClientId = session.clientId
-	request.ClientSecret = session.clientSecret
-	request.Device = session.Device
-
 	// Request -> Response
+	request.Device = session.Device
 	if payload, err := client.NewFormRequest(request, client.ContentTypeJson); err != nil {
 		return err
 	} else if err := c.Do(payload, &response, client.OptReqEndpoint(identityUrl), client.OptPath("connect/token")); err != nil {

pkg/bitwarden/opt.go

@@ -11,14 +11,14 @@ import (
 ///////////////////////////////////////////////////////////////////////////////
 // TYPES
 
-type SessionOpt func(*schema.Session) error
+type LoginOpt func(*schema.Session, *reqToken) error
 
 ///////////////////////////////////////////////////////////////////////////////
 // SESSION OPTIONS
 
 // Set the device, populating missing fields
-func OptDevice(device schema.Device) SessionOpt {
-	return func(s *schema.Session) error {
+func OptDevice(device schema.Device) LoginOpt {
+	return func(s *schema.Session, r *reqToken) error {
 		if device.Name == "" {
 			return ErrBadParameter.With("OptDevice")
 		} else {
@@ -36,19 +36,20 @@ func OptDevice(device schema.Device) SessionOpt {
 }
 
 // Set the client_id and client_secret
-func OptCredentials(clientId, secret string) SessionOpt {
-	return func(s *schema.Session) error {
+func OptCredentials(clientId, secret string) LoginOpt {
+	return func(s *schema.Session, r *reqToken) error {
 		if clientId == "" || secret == "" {
 			return ErrBadParameter.With("OptCredentials")
 		}
-		s.SetCredentials(clientId, secret)
+		r.ClientId = clientId
+		r.ClientSecret = secret
 		return nil
 	}
 }
 
 // Force login by clearing the token
-func OptForce() SessionOpt {
-	return func(s *schema.Session) error {
+func OptForce() LoginOpt {
+	return func(s *schema.Session, r *reqToken) error {
 		s.Token = nil
 		return nil
 	}

pkg/bitwarden/schema/folder.go

@@ -2,7 +2,6 @@ package schema
 
 import (
 	"encoding/json"
-	"fmt"
 	"io"
 	"time"
 )
@@ -14,7 +13,7 @@ type Folders []*Folder
 
 type Folder struct {
 	Id           string    `json:"id"`
-	Name         string    `json:"name"`
+	Name         string    `json:"name"` // Encrypted
 	RevisionDate time.Time `json:"revisionDate"`
 	Object       string    `json:"object"`
 }
@@ -34,8 +33,13 @@ func (f *Folders) Write(w io.Writer) error {
 
 // Decrypt a folder
 func (f Folder) Decrypt(s *Session) (Crypter, error) {
-	fmt.Println("TODO: Decrypt")
-	return f, nil
+	result := &f
+	if value, err := s.DecryptStr(result.Name); err != nil {
+		return nil, err
+	} else {
+		result.Name = value
+	}
+	return &f, nil
 }
 
 ///////////////////////////////////////////////////////////////////////////////

pkg/bitwarden/schema/profile.go

@@ -17,16 +17,25 @@ type Profile struct {
 	Premium                 bool            `json:"premium"`
 	PremiumFromOrganization bool            `json:"premiumFromOrganization"`
 	MasterPasswordHash      string          `json:"masterPasswordHash"`
-	MasterPasswordHint      *string         `json:"masterPasswordHint"`
+	MasterPasswordHint      *string         `json:"masterPasswordHint,omitempty"`
 	Culture                 string          `json:"culture"`
 	TwoFactorEnabled        bool            `json:"twoFactorEnabled"`
-	SecurityStamp           *string         `json:"securityStamp"`
+	SecurityStamp           *string         `json:"securityStamp,omitempty"`
 	ForcePasswordReset      bool            `json:"forcePasswordReset"`
 	UsesKeyConnector        bool            `json:"usesKeyConnector"`
-	Organizations           []*Organization `json:"organizations"`
+	Organizations           []*Organization `json:"organizations,omitempty"`
 	Object                  string          `json:"object"`
 }
 
+///////////////////////////////////////////////////////////////////////////////
+// LIFECYCLE
+
+func NewProfile() *Profile {
+	return &Profile{
+		Object: "profile",
+	}
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // STRINGIFY