fix enableOTP handling to match docs: prioritize store, then extension config

add a nix package
the nix output includes a .xpi file which can be manually linked into the Firefox addon directory. this .xpi file lacks a META-INF directory. i don't know what that is yet, so hopefully firefox won't care.
2022-11-05 21:30:49 -07:00 · 2022-10-27 05:43:58 -07:00
5 changed files with 121 additions and 26 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,42 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1666767323,
+        "narHash": "sha256-drbsgF8iLzQQ6umzOU/idYkI+UoifQdpH+mwohB3J7c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e6e675cafe6a1d1b0eeb9ac3fe046091244b714e",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.05",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,54 @@
+{
+  description = "TODO";
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-22.05";
+    flake-utils.url = github:numtide/flake-utils;
+  };
+
+  outputs = { self, nixpkgs, flake-utils  }:
+  with flake-utils.lib; eachSystem allSystems (system:
+    let
+      pkgs = import nixpkgs { inherit system; };
+      lib = pkgs.lib;
+      nativeBuildInputs = with pkgs; [ ];
+    in rec {
+      packages = let
+        pname = "browserpass-extension";
+        version = "3.7.2-next-20221026";
+      in rec {
+        browserpass-extension-yarn-modules = pkgs.mkYarnModules {
+          inherit pname version;
+          packageJSON = ./src/package.json;
+          yarnLock = ./src/yarn.lock;
+        };
+        browserpass-extension = pkgs.stdenv.mkDerivation {
+          inherit pname version;
+          src = ./.;
+
+          patchPhase = ''
+            # dependencies are built externally: skip the yarn install
+            ${pkgs.gnused}/bin/sed -i /yarn\ install/d src/Makefile
+          '';
+
+          preBuild = ''
+            ln -s ${browserpass-extension-yarn-modules}/node_modules src/node_modules
+          '';
+          installPhase = ''
+            BASE=$out/share/mozilla/extensions/\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}
+            mkdir -p $BASE
+            pushd firefox
+            ${pkgs.zip}/bin/zip -r $BASE/browserpass@maximbaz.com.xpi ./*
+            popd
+          '';
+        };
+      };
+      defaultPackage = packages.browserpass-extension;
+
+      devShells.default = with pkgs; mkShell {
+        buildInputs = nativeBuildInputs ++ [ nodejs yarn ];
+      };
+    }
+  );
+}
+
+
--- a/src/background.js
+++ b/src/background.js
@@ -450,7 +450,7 @@ async function fillFields(settings, login, fields) {
    // build focus or submit request
    let focusOrSubmitRequest = {
        origin: new BrowserpassURL(settings.tab.url).origin,
-        autoSubmit: helpers.getSetting("autoSubmit", login, settings),
+        autoSubmit: getSetting("autoSubmit", login, settings),
        filledFields: filledFields,
    };

@@ -561,6 +561,25 @@ async function getFullSettings() {
    return settings;
 }

+/**
+ * Get most relevant setting value
+ *
+ * @param string key      Setting key
+ * @param object login    Login object (or null)
+ * @param object settings Settings object
+ * @return object Setting value
+ */
+function getSetting(key, login, settings) {
+    if (login !== null && typeof login.settings[key] !== "undefined") {
+        return login.settings[key];
+    }
+    if (typeof settings.stores[login.store.id].settings[key] !== "undefined") {
+        return settings.stores[login.store.id].settings[key];
+    }
+
+    return settings[key];
+}
+
 /**
 * Deep copy an object
 *
@@ -724,7 +743,7 @@ async function handleMessage(settings, message, sendResponse) {
            }
            break;
        case "copyOTP":
-            if (helpers.getSetting("enableOTP", message.login, settings)) {
+            if (getSetting("enableOTP", null, settings)) {
                try {
                    if (!message.login.fields.otp) {
                        throw new Exception("No OTP seed available");
@@ -796,8 +815,8 @@ async function handleMessage(settings, message, sendResponse) {

                // copy OTP token after fill
                if (
+                    getSetting("enableOTP", null, settings) &&
                    typeof message.login !== "undefined" &&
-                    helpers.getSetting("enableOTP", message.login, settings) &&
                    message.login.fields.hasOwnProperty("otp")
                ) {
                    copyToClipboard(helpers.makeTOTP(message.login.fields.otp.params));
@@ -949,7 +968,7 @@ async function parseFields(settings, login) {
            if (key === "secret" && lines.length) {
                login.fields.secret = lines[0];
            } else if (key === "login") {
-                const defaultUsername = helpers.getSetting("username", login, settings);
+                const defaultUsername = getSetting("username", login, settings);
                login.fields[key] = defaultUsername || login.login.match(/([^\/]+)$/)[1];
            } else {
                delete login.fields[key];
@@ -963,7 +982,7 @@ async function parseFields(settings, login) {
    }

    // preprocess otp
-    if (helpers.getSetting("enableOTP", login, settings) && login.fields.hasOwnProperty("otp")) {
+    if (getSetting("enableOTP", null, settings) && login.fields.hasOwnProperty("otp")) {
        if (login.fields.otp.match(/^otpauth:\/\/.+/i)) {
            // attempt to parse otp data as URI
            try {
--- a/src/helpers.js
+++ b/src/helpers.js
@@ -11,32 +11,12 @@ const BrowserpassURL = require("@browserpass/url");
 module.exports = {
    prepareLogins,
    filterSortLogins,
-    getSetting,
    ignoreFiles,
    makeTOTP,
 };

 //----------------------------------- Function definitions ----------------------------------//

-/**
- * Get most relevant setting value
- *
- * @param string key      Setting key
- * @param object login    Login object
- * @param object settings Settings object
- * @return object Setting value
- */
-function getSetting(key, login, settings) {
-    if (typeof login.settings[key] !== "undefined") {
-        return login.settings[key];
-    }
-    if (typeof settings.stores[login.store.id].settings[key] !== "undefined") {
-        return settings.stores[login.store.id].settings[key];
-    }
-
-    return settings[key];
-}
-
 /**
 * Get the deepest available domain component of a path
 *
--- a/src/popup/detailsInterface.js
+++ b/src/popup/detailsInterface.js
@@ -103,7 +103,7 @@ function view(ctl, params) {
            ]),
            (() => {
                if (
-                    helpers.getSetting("enableOTP", login, this.settings) &&
+                    this.settings.enableOTP &&
                    login.fields.otp &&
                    login.fields.otp.params.type === "totp"
                ) {