speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-11 02:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add v5 Resource Metadata and Secret Structs, impl Handle Resource Get

Browse source 
for v5 Resources
This commit is contained in:
Samuel Lorch 2025-04-07 16:04:27 +02:00
parent 2197d9e0f7
commit d5f79a943f
3 changed files with 168 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
api/metadata.go
View file

@ -6,8 +6,8 @@ import (
"github.com/ProtonMail/gopenpgp/v3/crypto" "github.com/ProtonMail/gopenpgp/v3/crypto"
) )
// ResourceMetadataTypePasswordAndDescription // ResourceMetadataTypeV5Default
type ResourceMetadataTypePasswordAndDescription struct { type ResourceMetadataTypeV5Default struct {
ObjectType string `json:"object_type"` ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"` ResourceTypeID string `json:"resource_type_id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
@ -16,6 +16,35 @@ type ResourceMetadataTypePasswordAndDescription struct {
Description string `json:"description,omitempty"` Description string `json:"description,omitempty"`
} }
// ResourceMetadataTypeV5DefaultWithTOTP
type ResourceMetadataTypeV5DefaultWithTOTP struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Name string `json:"name,omitempty"`
Username string `json:"username,omitempty"`
URIs []string `json:"uris,omitempty"`
Description string `json:"description,omitempty"`
}
// ResourceMetadataTypeV5PasswordString
type ResourceMetadataTypeV5PasswordString struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Name string `json:"name,omitempty"`
Username string `json:"username,omitempty"`
URIs []string `json:"uris,omitempty"`
Description string `json:"description,omitempty"`
}
// ResourceMetadataTypeV5TOTPStandalone
type ResourceMetadataTypeV5TOTPStandalone struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Name string `json:"name,omitempty"`
URIs []string `json:"uris,omitempty"`
Description string `json:"description,omitempty"`
}
func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error) { func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error) {
// TODO Get SessionKey from Cache // TODO Get SessionKey from Cache
var sessionKey *crypto.SessionKey = nil var sessionKey *crypto.SessionKey = nil

27
api/secrets.go
View file

@ -41,6 +41,33 @@ type SecretDataTypePasswordDescriptionTOTP struct {
TOTP SecretDataTOTP `json:"totp"` TOTP SecretDataTOTP `json:"totp"`
} }
// SecretDataTypeV5Default
type SecretDataTypeV5Default struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Password string `json:"password,omitempty"`
Description string `json:"description,omitempty"`
}
// SecretDataTypeV5DefaultWithTOTP
type SecretDataTypeV5DefaultWithTOTP struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
Password string `json:"password,omitempty"`
Description string `json:"description,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
// SecretDataTypeV5PasswordString, is just the Password directly
type SecretDataTypeV5PasswordString string
// SecretDataTypeV5TOTPStandalone
type SecretDataTypeV5TOTPStandalone struct {
ObjectType string `json:"object_type"`
ResourceTypeID string `json:"resource_type_id,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
// GetSecret gets a Passbolt Secret // GetSecret gets a Passbolt Secret
func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) { func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) {
err := checkUUIDFormat(resourceID) err := checkUUIDFormat(resourceID)

112
helper/resources.go
View file

@ -104,16 +104,26 @@ func GetResource(ctx context.Context, c *api.Client, resourceID string) (folderP
} }
// GetResourceFromData Decrypts Resources using only local data, the Resource object must inlude the secret // GetResourceFromData Decrypts Resources using only local data, the Resource object must inlude the secret
func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (folderParentID, name, username, uri, password, description string, err error) { // With v5 This needs network calls for Metadata of v5 Resources
func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (string, string, string, string, string, string, error) {
var name string
var username string
var uri string
var pw string var pw string
var desc string var desc string
ctx := context.TODO()
switch rType.Slug { switch rType.Slug {
case "password-string": case "password-string":
var err error
pw, err = c.DecryptMessage(secret.Data) pw, err = c.DecryptMessage(secret.Data)
if err != nil { if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err) return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
} }
name = resource.Name
username = resource.Username
uri = resource.URI
desc = resource.Description desc = resource.Description
case "password-and-description": case "password-and-description":
rawSecretData, err := c.DecryptMessage(secret.Data) rawSecretData, err := c.DecryptMessage(secret.Data)
@ -126,6 +136,9 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
if err != nil { if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err) return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
} }
name = resource.Name
username = resource.Username
uri = resource.URI
pw = secretData.Password pw = secretData.Password
desc = secretData.Description desc = secretData.Description
case "password-description-totp": case "password-description-totp":
@ -139,14 +152,109 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
if err != nil { if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err) return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
} }
name = resource.Name
username = resource.Username
uri = resource.URI
pw = secretData.Password pw = secretData.Password
desc = secretData.Description desc = secretData.Description
case "totp": case "totp":
name = resource.Name
username = resource.Username
uri = resource.URI
// nothing fits into the interface in this case
case "v5-default":
rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
}
var metadata api.ResourceMetadataTypeV5Default
err = json.Unmarshal([]byte(rawMetadata), &metadata)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
}
name = metadata.Name
username = metadata.Username
if len(metadata.URIs) != 0 {
uri = metadata.URIs[0]
}
rawSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
}
var secretData api.SecretDataTypeV5Default
err = json.Unmarshal([]byte(rawSecretData), &secretData)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
pw = secretData.Password
desc = secretData.Description
case "v5-default-with-totp":
rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
}
var metadata api.ResourceMetadataTypeV5DefaultWithTOTP
err = json.Unmarshal([]byte(rawMetadata), &metadata)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
}
name = metadata.Name
username = metadata.Username
if len(metadata.URIs) != 0 {
uri = metadata.URIs[0]
}
rawSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
}
var secretData api.SecretDataTypeV5DefaultWithTOTP
err = json.Unmarshal([]byte(rawSecretData), &secretData)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
pw = secretData.Password
desc = secretData.Description
case "v5-password-string":
rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
}
var metadata api.ResourceMetadataTypeV5PasswordString
err = json.Unmarshal([]byte(rawMetadata), &metadata)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
}
name = metadata.Name
username = metadata.Username
if len(metadata.URIs) != 0 {
uri = metadata.URIs[0]
}
// Not available in the Secret
desc = metadata.Description
rawSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
}
pw = rawSecretData
case "v5-totp-standalone":
// nothing fits into the interface in this case // nothing fits into the interface in this case
default: default:
return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug) return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
} }
return resource.FolderParentID, resource.Name, resource.Username, resource.URI, pw, desc, nil return resource.FolderParentID, name, username, uri, pw, desc, nil
} }
// UpdateResource Updates all Fields. // UpdateResource Updates all Fields.