Implement fetch action, normalize error response params (#13)
This commit is contained in:
Maxim Baz
@@ -23,12 +23,16 @@ func configure(request request) {
|
||||
"The password store '%v' is not accessible at the location '%v': %+v",
|
||||
store.Name, store.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInaccessiblePasswordStore,
|
||||
"The password store is not accessible",
|
||||
&map[string]string{"error": err.Error(), "name": store.Name, "path": store.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The password store is not accessible",
|
||||
errors.FieldAction: "configure",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeInaccessiblePasswordStore)
|
||||
}
|
||||
|
||||
store.Path = normalizedStorePath
|
||||
@@ -39,12 +43,16 @@ func configure(request request) {
|
||||
"Unable to read the default settings of the user-configured password store '%v' in '%v': %+v",
|
||||
store.Name, store.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnreadablePasswordStoreDefaultSettings,
|
||||
"Unable to read the default settings of the password store",
|
||||
&map[string]string{"error": err.Error(), "name": store.Name, "path": store.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to read the default settings of the password store",
|
||||
errors.FieldAction: "configure",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeUnreadablePasswordStoreDefaultSettings)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -55,12 +63,14 @@ func configure(request request) {
|
||||
if err != nil {
|
||||
if len(request.Settings.Stores) == 0 {
|
||||
log.Error("Unable to determine the location of the default password store: ", err)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnknownDefaultPasswordStoreLocation,
|
||||
"Unable to determine the location of the default password store",
|
||||
&map[string]string{"error": err.Error()},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to determine the location of the default password store",
|
||||
errors.FieldAction: "configure",
|
||||
errors.FieldError: err.Error(),
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeUnknownDefaultPasswordStoreLocation)
|
||||
}
|
||||
} else {
|
||||
responseData.DefaultStore.Path, err = normalizePasswordStorePath(possibleDefaultStorePath)
|
||||
@@ -70,12 +80,15 @@ func configure(request request) {
|
||||
"The default password store is not accessible at the location '%v': %+v",
|
||||
possibleDefaultStorePath, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInaccessibleDefaultPasswordStore,
|
||||
"The default password store is not accessible",
|
||||
&map[string]string{"error": err.Error(), "path": possibleDefaultStorePath},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The default password store is not accessible",
|
||||
errors.FieldAction: "configure",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStorePath: possibleDefaultStorePath,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeInaccessibleDefaultPasswordStore)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -87,12 +100,15 @@ func configure(request request) {
|
||||
"Unable to read the default settings of the default password store in '%v': %+v",
|
||||
responseData.DefaultStore.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnreadableDefaultPasswordStoreDefaultSettings,
|
||||
"Unable to read the default settings of the default password store",
|
||||
&map[string]string{"error": err.Error(), "path": responseData.DefaultStore.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to read the default settings of the default password store",
|
||||
errors.FieldAction: "configure",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStorePath: responseData.DefaultStore.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeUnreadableDefaultPasswordStoreDefaultSettings)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
164
request/fetch.go
Normal file
164
request/fetch.go
Normal file
@@ -0,0 +1,164 @@
|
||||
package request
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
goerrors "errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/browserpass/browserpass-native/errors"
|
||||
"github.com/browserpass/browserpass-native/response"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func fetchDecryptedContents(request request) {
|
||||
responseData := response.MakeFetchResponse()
|
||||
|
||||
if !strings.HasSuffix(request.File, ".gpg") {
|
||||
log.Errorf("The requested password file '%v' does not have the expected '.gpg' extension", request.File)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInvalidPasswordFileExtension,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The requested password file does not have the expected '.gpg' extension",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldFile: request.File,
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
store, ok := request.Settings.Stores[request.Store]
|
||||
if !ok {
|
||||
log.Errorf(
|
||||
"The password store '%v' is not present in the list of stores '%v'",
|
||||
request.Store, request.Settings.Stores,
|
||||
)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInvalidPasswordStore,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The password store is not present in the list of stores",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldStoreName: request.Store,
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
normalizedStorePath, err := normalizePasswordStorePath(store.Path)
|
||||
if err != nil {
|
||||
log.Errorf(
|
||||
"The password store '%v' is not accessible at the location '%v': %+v",
|
||||
store.Name, store.Path, err,
|
||||
)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInaccessiblePasswordStore,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The password store is not accessible",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
}
|
||||
store.Path = normalizedStorePath
|
||||
|
||||
gpgPath := request.Settings.GpgPath
|
||||
if gpgPath != "" {
|
||||
err = validateGpgBinary(gpgPath)
|
||||
if err != nil {
|
||||
log.Errorf(
|
||||
"The provided gpg binary path '%v' is invalid: %+v",
|
||||
gpgPath, err,
|
||||
)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInvalidGpgPath,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The provided gpg binary path is invalid",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldGpgPath: gpgPath,
|
||||
},
|
||||
)
|
||||
}
|
||||
} else {
|
||||
gpgPath, err = detectGpgBinary()
|
||||
if err != nil {
|
||||
log.Error("Unable to detect the location of the gpg binary: ", err)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnableToDetectGpgPath,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to detect the location of the gpg binary",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldError: err.Error(),
|
||||
},
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
responseData.Contents, err = decryptFile(store, request.File, gpgPath)
|
||||
if err != nil {
|
||||
log.Errorf(
|
||||
"Unable to decrypt the password file '%v' in the password store '%v' located in '%v': %+v",
|
||||
request.File, store.Name, store.Path, err,
|
||||
)
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnableToDecryptPasswordFile,
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to decrypt the password file",
|
||||
errors.FieldAction: "fetch",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldFile: request.File,
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
response.SendOk(responseData)
|
||||
}
|
||||
|
||||
func detectGpgBinary() (string, error) {
|
||||
// Look in $PATH first, then check common locations - the first successful result wins
|
||||
gpgBinaryPriorityList := []string{
|
||||
"gpg2", "gpg",
|
||||
"/bin/gpg2", "/usr/bin/gpg2", "/usr/local/bin/gpg2",
|
||||
"/bin/gpg", "/usr/bin/gpg", "/usr/local/bin/gpg",
|
||||
}
|
||||
|
||||
for _, binary := range gpgBinaryPriorityList {
|
||||
err := validateGpgBinary(binary)
|
||||
if err == nil {
|
||||
return binary, nil
|
||||
}
|
||||
}
|
||||
|
||||
return "", goerrors.New("Unable to detect the location of the gpg binary to use")
|
||||
}
|
||||
|
||||
func validateGpgBinary(gpgPath string) error {
|
||||
return exec.Command(gpgPath, "--version").Run()
|
||||
}
|
||||
|
||||
func decryptFile(store store, file string, gpgPath string) (string, error) {
|
||||
passwordFilePath := filepath.Join(store.Path, file)
|
||||
passwordFile, err := os.Open(passwordFilePath)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
var stdout, stderr bytes.Buffer
|
||||
gpgOptions := []string{"--decrypt", "--yes", "--quiet", "--batch", "-"}
|
||||
|
||||
cmd := exec.Command(gpgPath, gpgOptions...)
|
||||
cmd.Stdin = passwordFile
|
||||
cmd.Stdout = &stdout
|
||||
cmd.Stderr = &stderr
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
return "", goerrors.New(fmt.Sprintf("Error: %s, Stderr: %s", err.Error(), stderr.String()))
|
||||
}
|
||||
|
||||
return stdout.String(), nil
|
||||
}
|
||||
@@ -20,12 +20,16 @@ func listFiles(request request) {
|
||||
"The password store '%v' is not accessible at the location '%v': %+v",
|
||||
store.Name, store.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInaccessiblePasswordStore,
|
||||
"The password store is not accessible",
|
||||
&map[string]string{"error": err.Error(), "name": store.Name, "path": store.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "The password store is not accessible",
|
||||
errors.FieldAction: "list",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeInaccessiblePasswordStore)
|
||||
}
|
||||
|
||||
store.Path = normalizedStorePath
|
||||
@@ -36,12 +40,16 @@ func listFiles(request request) {
|
||||
"Unable to list the files in the password store '%v' at the location '%v': %+v",
|
||||
store.Name, store.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnableToListFilesInPasswordStore,
|
||||
"Unable to list the files in the password store",
|
||||
&map[string]string{"error": err.Error(), "name": store.Name, "path": store.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to list the files in the password store",
|
||||
errors.FieldAction: "list",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeUnableToListFilesInPasswordStore)
|
||||
}
|
||||
|
||||
for i, file := range files {
|
||||
@@ -51,12 +59,17 @@ func listFiles(request request) {
|
||||
"Unable to determine the relative path for a file '%v' in the password store '%v' at the location '%v': %+v",
|
||||
file, store.Name, store.Path, err,
|
||||
)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeUnableToDetermineRelativeFilePathInPasswordStore,
|
||||
"Unable to determine the relative path for a file in the password store",
|
||||
&map[string]string{"error": err.Error(), "file": file, "name": store.Name, "path": store.Path},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to determine the relative path for a file in the password store",
|
||||
errors.FieldAction: "list",
|
||||
errors.FieldError: err.Error(),
|
||||
errors.FieldFile: file,
|
||||
errors.FieldStoreName: store.Name,
|
||||
errors.FieldStorePath: store.Path,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeUnableToDetermineRelativeFilePathInPasswordStore)
|
||||
}
|
||||
files[i] = relativePath
|
||||
}
|
||||
|
||||
@@ -11,15 +11,21 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type store struct {
|
||||
Name string `json:"name"`
|
||||
Path string `json:"path"`
|
||||
}
|
||||
|
||||
type settings struct {
|
||||
GpgPath string `json:"gpgPath"`
|
||||
Stores map[string]store `json:"stores"`
|
||||
}
|
||||
|
||||
type request struct {
|
||||
Action string `json:"action"`
|
||||
Settings struct {
|
||||
GpgPath string `json:"gpgPath"`
|
||||
Stores map[string]struct {
|
||||
Name string `json:"name"`
|
||||
Path string `json:"path"`
|
||||
}
|
||||
} `json:"settings"`
|
||||
Action string `json:"action"`
|
||||
Settings settings `json:"settings"`
|
||||
File string `json:"file"`
|
||||
Store string `json:"store"`
|
||||
}
|
||||
|
||||
// Process handles browser request
|
||||
@@ -33,15 +39,16 @@ func Process() {
|
||||
case "list":
|
||||
listFiles(request)
|
||||
case "fetch":
|
||||
break
|
||||
fetchDecryptedContents(request)
|
||||
default:
|
||||
log.Errorf("Received a browser request with an unknown action: %+v", request)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeInvalidRequestAction,
|
||||
"Invalid request action",
|
||||
&map[string]string{"action": request.Action},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Invalid request action",
|
||||
errors.FieldAction: request.Action,
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeInvalidRequestAction)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -49,17 +56,14 @@ func Process() {
|
||||
func parseRequestLength() uint32 {
|
||||
var length uint32
|
||||
if err := binary.Read(os.Stdin, binary.LittleEndian, &length); err != nil {
|
||||
// TODO: Original browserpass ignores EOF as if it is expected, is it true?
|
||||
// if err == io.EOF {
|
||||
// return
|
||||
// }
|
||||
log.Error("Unable to parse the length of the browser request: ", err)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeParseRequestLength,
|
||||
"Unable to parse the length of the browser request",
|
||||
&map[string]string{"error": err.Error()},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to parse the length of the browser request",
|
||||
errors.FieldError: err.Error(),
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeParseRequestLength)
|
||||
}
|
||||
return length
|
||||
}
|
||||
@@ -70,12 +74,13 @@ func parseRequest(messageLength uint32) request {
|
||||
reader := &io.LimitedReader{R: os.Stdin, N: int64(messageLength)}
|
||||
if err := json.NewDecoder(reader).Decode(&parsed); err != nil {
|
||||
log.Error("Unable to parse the browser request: ", err)
|
||||
response.SendError(
|
||||
response.SendErrorAndExit(
|
||||
errors.CodeParseRequest,
|
||||
"Unable to parse the browser request",
|
||||
&map[string]string{"error": err.Error()},
|
||||
&map[errors.Field]string{
|
||||
errors.FieldMessage: "Unable to parse the browser request",
|
||||
errors.FieldError: err.Error(),
|
||||
},
|
||||
)
|
||||
errors.ExitWithCode(errors.CodeParseRequest)
|
||||
}
|
||||
return parsed
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user