diff --git a/cmd/verify.go b/cmd/verify.go new file mode 100644 index 0000000..3d5d38a --- /dev/null +++ b/cmd/verify.go @@ -0,0 +1,79 @@ +package cmd + +import ( + "fmt" + "syscall" + + "github.com/speatzle/go-passbolt-cli/util" + "github.com/speatzle/go-passbolt/api" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "golang.org/x/term" +) + +// verifyCMD represents the verify command +var verifyCMD = &cobra.Command{ + Use: "verify", + Short: "Verify Setup the Server Verification", + Long: `Verify Setup the Server Verification. You need to run this once after that the Server will always be verified if the same config is used`, + RunE: func(cmd *cobra.Command, args []string) error { + ctx := util.GetContext() + + viper.Set("serverVerifyToken", "") + viper.Set("serverVerifyEncToken", "") + + serverAddress := viper.GetString("serverAddress") + if serverAddress == "" { + return fmt.Errorf("serverAddress is not defined") + } + + userPrivateKey := viper.GetString("userPrivateKey") + if userPrivateKey == "" { + return fmt.Errorf("userPrivateKey is not defined") + } + + userPassword := viper.GetString("userPassword") + if userPassword == "" { + fmt.Print("Enter Password:") + bytepw, err := term.ReadPassword(int(syscall.Stdin)) + if err != nil { + fmt.Println() + return fmt.Errorf("Reading Password: %w", err) + } + userPassword = string(bytepw) + fmt.Println() + } + + client, err := api.NewClient(nil, "", serverAddress, userPrivateKey, userPassword) + if err != nil { + return fmt.Errorf("Creating Client: %w", err) + } + + client.Debug = viper.GetBool("debug") + + token, enctoken, err := client.SetupServerVerification(ctx) + if err != nil { + return fmt.Errorf("Setup Verification: %w", err) + } + viper.Set("serverVerifyToken", token) + viper.Set("serverVerifyEncToken", enctoken) + + if viper.ConfigFileUsed() == "" { + err := viper.SafeWriteConfig() + if err != nil { + return fmt.Errorf("Writing Config: %w", err) + } + } else { + err := viper.WriteConfig() + if err != nil { + return fmt.Errorf("Writing Config: %w", err) + } + } + fmt.Println("Verification Enabled") + return nil + }, +} + +func init() { + rootCmd.AddCommand(verifyCMD) +} diff --git a/util/client.go b/util/client.go index dce6e36..893c18e 100644 --- a/util/client.go +++ b/util/client.go @@ -31,11 +31,11 @@ func GetClient(ctx context.Context) (*api.Client, error) { fmt.Print("Enter Password:") bytepw, err := term.ReadPassword(int(syscall.Stdin)) if err != nil { - fmt.Println("\n") + fmt.Println() return nil, fmt.Errorf("Reading Password: %w", err) } userPassword = string(bytepw) - fmt.Println("\n") + fmt.Println() } client, err := api.NewClient(nil, "", serverAddress, userPrivateKey, userPassword) @@ -45,6 +45,16 @@ func GetClient(ctx context.Context) (*api.Client, error) { client.Debug = viper.GetBool("debug") + token := viper.GetString("serverVerifyToken") + encToken := viper.GetString("serverVerifyEncToken") + + if token != "" { + err = client.VerifyServer(ctx, token, encToken) + if err != nil { + return nil, fmt.Errorf("Verifing Server: %w", err) + } + } + switch viper.GetString("mfaMode") { case "interactive-totp": client.MFACallback = func(ctx context.Context, c *api.Client, res *api.APIResponse) (http.Cookie, error) {