Merge 2afac57e29 into d4132c756b

2025-05-11 10:18:22 +00:00 · 2025-03-13 17:45:49 +01:00 · 2025-03-13 17:45:49 +01:00 · 25a480fcc6
commit 25a480fcc6
parent d4132c756b 2afac57e29
5 changed files with 197 additions and 12 deletions
--- a/api/foreign_model.go
+++ b/api/foreign_model.go
@ -0,0 +1,19 @@
+package api
+
+type ForeignModelTypes string
+
+const (
+	ForeignModelTypesResource ForeignModelTypes = "Resource"
+	ForeignModelTypesSecret   ForeignModelTypes = "Secret"
+	ForeignModelTypesFolder                     = "Folder"
+	ForeignModelTypesComment                    = "Comment"
+	ForeignModelTypesTag                        = "Tag"
+)
+
+func (s ForeignModelTypes) IsValid() bool {
+	switch s {
+	case ForeignModelTypesResource, ForeignModelTypesSecret, ForeignModelTypesFolder, ForeignModelTypesComment, ForeignModelTypesTag:
+		return true
+	}
+	return false
+}
--- a/api/metadata_sessionkey.go
+++ b/api/metadata_sessionkey.go
@ -0,0 +1,61 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+// MetadataSessionKey is a MetadataSessionKey
+type MetadataSessionKey struct {
+	ID       string `json:"id,omitempty"`
+	UserID   string `json:"user_id,omitempty"`
+	Data     string `json:"data,omitempty"`
+	Created  Time   `json:"created,omitempty"`
+	Modified Time   `json:"modified,omitempty"`
+}
+
+// MetadataSessionKeyData is a MetadataSessionKeyData
+type MetadataSessionKeyData struct {
+	// ObjectType Must always be PASSBOLT_SESSION_KEYS
+	ObjectType  string                          `json:"object_type,omitempty"`
+	SessionKeys []MetadataSessionKeyDataElement `json:"session_keys,omitempty"`
+}
+
+// MetadataSessionKeyData is a MetadataSessionKeyData
+type MetadataSessionKeyDataElement struct {
+	ForeignModel ForeignModelTypes `json:"foreign_model"`
+	ForeignID    string            `json:"foreign_id"`
+	SessionKey   string            `json:"session_key"`
+	Modified     Time              `json:"modified"`
+}
+
+// GetMetadataTypeSettings gets the Servers Settings about which Types to use
+func (c *Client) GetMetadataSessionKeys(ctx context.Context) ([]MetadataSessionKey, error) {
+	msg, err := c.DoCustomRequest(ctx, "GET", "/metadata/session-keys.json", "v2", nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var metadataSessionKeys []MetadataSessionKey
+	err = json.Unmarshal(msg.Body, &metadataSessionKeys)
+	if err != nil {
+		return nil, err
+	}
+	return metadataSessionKeys, nil
+}
+
+// TODO add Create and Update
+
+// DeleteSessionKey Deletes a Passbolt SessionKey
+func (c *Client) DeleteSessionKey(ctx context.Context, sessionKeyID string) error {
+	err := checkUUIDFormat(sessionKeyID)
+	if err != nil {
+		return fmt.Errorf("Checking ID format: %w", err)
+	}
+	_, err = c.DoCustomRequest(ctx, "DELETE", "/metadata/session-keys/"+sessionKeyID+".json", "v2", nil, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/api/metadatakey.go
+++ b/api/metadatakey.go
@ -0,0 +1,86 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+)
+
+type MetadataKeyType string
+
+const (
+	MetadataKeyTypeUserKey   MetadataKeyType = "user_key"
+	MetadataKeyTypeSharedKey                 = "shared_key"
+)
+
+func (s MetadataKeyType) IsValid() bool {
+	switch s {
+	case MetadataKeyTypeUserKey, MetadataKeyTypeSharedKey:
+		return true
+	}
+	return false
+}
+
+// MetadataKey is a MetadataKey
+type MetadataKey struct {
+	ID          string `json:"id,omitempty"`
+	Fingerprint string `json:"fingerprint,omitempty"`
+	ArmoredKey  string `json:"armored_key,omitempty"`
+	Created     Time   `json:"created,omitempty"`
+	Modified    Time   `json:"modified,omitempty"`
+
+	// These are always null? Used for Key Rotation?
+	//"expired": null,
+	//"deleted": null,
+
+	CreatedBy  *string `json:"created_by,omitempty"`
+	ModifiedBy *string `json:"modified_by,omitempty"`
+
+	MetadataPrivateKeys []MetadataPrivateKey `json:"metadata_private_keys,omitempty"`
+}
+
+// MetadataPrivateKey is a MetadataPrivateKey
+type MetadataPrivateKey struct {
+	ID            string  `json:"id,omitempty"`
+	MetadataKeyID string  `json:"metadata_key_id,omitempty"`
+	UserID        *string `json:"user_id,omitempty"` // TODO, is this nullable. The Docs says yes and no
+	Data          string  `json:"data,omitempty"`
+	Created       Time    `json:"created,omitempty"`
+	Modified      Time    `json:"modified,omitempty"`
+	CreatedBy     *string `json:"created_by,omitempty"`
+	ModifiedBy    *string `json:"modified_by,omitempty"`
+}
+
+// MetadataPrivateKeyData is a MetadataPrivateKeyData
+type MetadataPrivateKeyData struct {
+	// ObjectType Must always be PASSBOLT_METADATA_PRIVATE_KEY
+	ObjectType string `json:"object_type,omitempty"`
+	// Domain Must be the Passbolt Server URL
+	Domain      string `json:"domain,omitempty"`
+	Fingerprint string `json:"fingerprint,omitempty"`
+	ArmoredKey  string `json:"armored_key,omitempty"`
+	// Passphrase must be Empty for Server Keys
+	Passphrase string `json:"passphrase,omitempty"`
+}
+
+// GetMetadataKeysOptions are all available query parameters
+type GetMetadataKeysOptions struct {
+	FilterDeleted bool `url:"filter[deleted],omitempty"`
+	FilterExpired bool `url:"filter[expired],omitempty"`
+
+	ContainMetadataPrivateKeys bool `url:"contain[metadata_private_keys],omitempty"`
+}
+
+// GetMetadataKeys gets all Passbolt GetMetadataKeys
+func (c *Client) GetMetadataKeys(ctx context.Context, opts *GetMetadataKeysOptions) ([]MetadataKey, error) {
+	msg, err := c.DoCustomRequest(ctx, "GET", "/metadata/keys.json", "v2", nil, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	var metadataKeys []MetadataKey
+	err = json.Unmarshal(msg.Body, &metadataKeys)
+	if err != nil {
+		return nil, err
+	}
+	return metadataKeys, nil
+}
--- a/api/resources.go
+++ b/api/resources.go
@ -9,6 +9,7 @@ import (
 // Resource is a Resource.
 // Warning: Since Passbolt v3 some fields here may not be populated as they may be in the Secret depending on the ResourceType,
 // for now the only Field like that is the Description.
+// With Passbolt v5 it is now Possible that all Unencrypted User Supplied Fields are empty, and need to be decrypted from the Metadata Message
 type Resource struct {
 	ID             string       `json:"id,omitempty"`
 	Created        *Time        `json:"created,omitempty"`
@ -27,8 +28,13 @@ type Resource struct {
 	FolderParentID string       `json:"folder_parent_id,omitempty"`
 	ResourceTypeID string       `json:"resource_type_id,omitempty"`
 	ResourceType   ResourceType `json:"resource_type,omitempty"`
-	Secrets        []Secret     `json:"secrets,omitempty"`
-	Tags           []Tag        `json:"tags,omitempty"`
+
+	MetadataKeyID   string          `json:"metadata_key_id,omitempty"`
+	MetadataKeyType MetadataKeyType `json:"metadata_key_type,omitempty"`
+	Metadata        string          `json:"metadata,omitempty"`
+
+	Secrets []Secret `json:"secrets,omitempty"`
+	Tags    []Tag    `json:"tags,omitempty"`
 }

 // Tag is a Passbolt Password Tag
@ -48,6 +54,8 @@ type GetResourcesOptions struct {
 	// Parent Folder id
 	FilterHasParent []string `url:"filter[has-parent][],omitempty"`
 	FilterHasTag    string   `url:"filter[has-tag],omitempty"`
+	// TODO Are undescores correct heare?
+	MetadataKeyType MetadataKeyType `url:"filter[metadata_key_type],omitempty"`

 	ContainCreator                bool `url:"contain[creator],omitempty"`
 	ContainFavorites              bool `url:"contain[favorite],omitempty"`
--- a/api/users.go
+++ b/api/users.go
@ -24,6 +24,9 @@ type User struct {
 	GPGKey       *GPGKey   `json:"gpgKey,omitempty"`
 	LastLoggedIn string    `json:"last_logged_in,omitempty"`
 	Locale       string    `json:"locale,omitempty"`
+
+	// Admin only, needs contains
+	MissingMetadataKeyIDs []string `json:"missing_metadata_key_ids,omitempty"`
 }

 // Profile is a Profile
@ -42,6 +45,8 @@ type GetUsersOptions struct {
 	FilterHasGroup  []string `url:"filter[has-group][],omitempty"`
 	FilterHasAccess []string `url:"filter[has-access][],omitempty"`
 	FilterIsAdmin   bool     `url:"filter[is-admin],omitempty"`
+	// Admin only, TODO are underscores correct?
+	MissingMetadataKeyIDs bool `url:"filter[missing_metadata_key_ids],omitempty"`

 	ContainLastLoggedIn bool `url:"contain[LastLoggedIn],omitempty"`
 }
@ -82,9 +87,11 @@ func (c *Client) GetMe(ctx context.Context) (*User, error) {

 // GetUser gets a Passbolt User
 func (c *Client) GetUser(ctx context.Context, userID string) (*User, error) {
-	err := checkUUIDFormat(userID)
-	if err != nil {
-		return nil, fmt.Errorf("Checking ID format: %w", err)
+	if userID != "me" {
+		err := checkUUIDFormat(userID)
+		if err != nil {
+			return nil, fmt.Errorf("Checking ID format: %w", err)
+		}
 	}
 	msg, err := c.DoCustomRequest(ctx, "GET", "/users/"+userID+".json", "v2", nil, nil)
 	if err != nil {
@ -101,9 +108,11 @@ func (c *Client) GetUser(ctx context.Context, userID string) (*User, error) {

 // UpdateUser Updates a existing Passbolt User
 func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*User, error) {
-	err := checkUUIDFormat(userID)
-	if err != nil {
-		return nil, fmt.Errorf("Checking ID format: %w", err)
+	if userID != "me" {
+		err := checkUUIDFormat(userID)
+		if err != nil {
+			return nil, fmt.Errorf("Checking ID format: %w", err)
+		}
 	}
 	msg, err := c.DoCustomRequest(ctx, "PUT", "/users/"+userID+".json", "v2", user, nil)
 	if err != nil {
@ -119,11 +128,13 @@ func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*Use

 // DeleteUser Deletes a Passbolt User
 func (c *Client) DeleteUser(ctx context.Context, userID string) error {
-	err := checkUUIDFormat(userID)
-	if err != nil {
-		return fmt.Errorf("Checking ID format: %w", err)
+	if userID != "me" {
+		err := checkUUIDFormat(userID)
+		if err != nil {
+			return fmt.Errorf("Checking ID format: %w", err)
+		}
 	}
-	_, err = c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+".json", "v2", nil, nil)
+	_, err := c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+".json", "v2", nil, nil)
 	if err != nil {
 		return err
 	}