speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-14 03:18:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: speatzle:main
Branches Tags
speatzle:main
speatzle:v5-fix-metadatakey
speatzle:v5
speatzle:v5-resource-share
speatzle:v5-metadata-creation
speatzle:v5-metadata-decryption
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1
..
compare: speatzle:v0.1.0
Branches Tags
speatzle:v5-fix-metadatakey
speatzle:v5
speatzle:v5-resource-share
speatzle:v5-metadata-creation
speatzle:v5-metadata-decryption
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:main
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1

No commits in common. "main" and "v0.1.0" have entirely different histories.
main ... v0.1.0

36 changed files with 350 additions and 1513 deletions
Show stats Expand all files Collapse all files

34
.github/workflows/.go.yml vendored
View file

@ -1,34 +0,0 @@
name: Go
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.23
- name: "Setup Passbolt"
run: |
git clone https://github.com/passbolt/passbolt_docker.git ../passbolt_docker
cd ../passbolt_docker
docker compose -f docker-compose/docker-compose-ce.yaml up -d
docker ps -a
- name: "Test"
run: |
docker exec docker-compose-passbolt-1 sh -c '/usr/bin/wait-for.sh -t 30 localhost:443'
output=$(docker exec docker-compose-passbolt-1 sh -c 'su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u your@email.com \
-f yourname \
-l surname \
-r admin" -s /bin/sh www-data')
export REG_URL=$(echo ${output##* your mailbox or here: } | tr -d '\n')
echo "Register with $REG_URL"
go test -v ./...

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2021 Samuel Lorch Copyright (c) 2021 speatzle
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

222
README.md
View file

@ -1,34 +1,23 @@
# go-passbolt # go-passbolt
[![Go Reference](https://pkg.go.dev/badge/github.com/speatzle/go-passbolt.svg)](https://pkg.go.dev/github.com/speatzle/go-passbolt)
[![Go Reference](https://pkg.go.dev/badge/github.com/passbolt/go-passbolt.svg)](https://pkg.go.dev/github.com/passbolt/go-passbolt) A Go Module to interact with [Passbolt](https://www.passbolt.com/), a Open source Password Manager for Teams
A Go module to interact with [Passbolt](https://www.passbolt.com/), an open-source password manager for teams This Module tries to Support the Latest Passbolt Community/PRO Server Release, PRO Features Such as Folders are Supported.
Older Versions of Passbolt such as v2 are unsupported (it's a Password Manager, please update it)
There also is a CLI Tool to interact with Passbolt using this module [here](https://github.com/passbolt/go-passbolt-cli). This Module is split into 2 packages: api and helper, in the api package you will find everything to directly interact with the API. The helper Package has simplified functions that use the api package to perform common but complicated tasks such as Sharing a Password. To use the API Package please read the Passbolt API [Docs](https://help.passbolt.com/api).
Sadly the Docs aren't Complete so many Things here have been found by looking at the source of Passbolt or through trial and error, if you have a Question just ask.
This module tries to support the latest Passbolt Community/PRO server release, PRO Features such as folders are supported. Older versions of Passbolt such as v2 are unsupported (it's a password manager, please update it) PR's are Welcome, if it's something bigger / fundamental: Please make a Issue and ask first.
This module is divided into two packages: API and helper.
In the API package, you will find everything to directly interact with the API.
The helper package has simplified functions that use the API package to perform common but complicated tasks such as sharing a password.
To use the API package, please read the [Passbolt API docs](https://help.passbolt.com/api). Sadly the docs aren't complete so many things here have been found by looking at the source of Passbolt or through trial and error. If you have a question just ask.
PR's are welcome. But be gentle: if it's something bigger or fundamental: please [create an issue](https://github.com/passbolt/go-passbolt/issues/new) and ask first.
Disclaimer: This project is community driven and not associated with Passbolt SA
# Install # Install
`go get github.com/passbolt/go-passbolt` `go get github.com/speatzle/go-passbolt`
# Examples # Examples
## Login ## Login
First you will need to Create a Client, and then Login on the Server using the Client
First, you will need to create a client and then log in on the server using the client:
```go ```go
package main package main
@ -37,7 +26,7 @@ import (
"context" "context"
"fmt" "fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
) )
const address = "https://passbolt.example.com" const address = "https://passbolt.example.com"
@ -65,14 +54,11 @@ func main() {
} }
``` ```
Note: if you want to use the client for a long time then you'll have to make sure it is still logged in. Note: if you want to use the client for some time then you'll have to make sure it is still logged in.
You can do this using the `client.CheckSession()` function. You can do this using the `client.CheckSession()` function.
## Create a Resource ## Create a Resource
Creating a Resource using the helper package is simple, first add `"github.com/speatzle/go-passbolt/helper"` to your imports.
Creating a resource using the helper package is simple. First, add `"github.com/passbolt/go-passbolt/helper"` to your imports.
Then you can simply: Then you can simply:
```go ```go
@ -84,11 +70,11 @@ resourceID, err := helper.CreateResource(
"user123", // Username "user123", // Username
"https://test.example.com", // URI "https://test.example.com", // URI
"securePassword123", // Password "securePassword123", // Password
"This is an Account for the example test portal", // Description "This is a Account for the example test portal", // Description
) )
``` ```
Creating a (legacy) resource without the helper package would look like this: Creating a (Legacy) Resource Without the helper package would look like this:
```go ```go
enc, err := client.EncryptMessage("securePassword123") enc, err := client.EncryptMessage("securePassword123")
@ -100,7 +86,7 @@ res := api.Resource{
Name: "Example Account", Name: "Example Account",
Username: "user123", Username: "user123",
URI: "https://test.example.com", URI: "https://test.example.com",
Description: "This is an Account for the example test portal", Description: "This is a Account for the example test portal",
Secrets: []api.Secret{ Secrets: []api.Secret{
{Data: enc}, {Data: enc},
}, },
@ -112,15 +98,13 @@ if err != nil {
} }
``` ```
Note: Since Passbolt v3 there are resource types. This manual example creates a "password-string" type password where the description is unencrypted. Read more [here](https://help.passbolt.com/api/resource-types). Note: Since Passbolt v3 There are Resource Types, this Manual Example just creates a "password-string" Type Password where the Description is Unencrypted, Read More [Here](https://help.passbolt.com/api/resource-types).
## Getting ## Getting
Generally API Get Calls will have options (opts) that allow for specifing filters and contains, if you dont want to specify options just pass nil.
Filters just filter by whatever is given, contains on the otherhand specify what to include in the response. Many Filters And Contains are undocumented in the Passbolt Docs.
Generally, API GET calls will have parameters that allow specifying `filters` and `contains`, if you don't want to define those parameters just pass nil. Here We Specify that we want to Filter by Favorites and that the Response Should Contain the Permissions for each Resource:
`Filters` just filter by whatever is given, `contains` on the other hand specify what information you want to include in the response. Many `filters` and `contains` are undocumented in the Passbolt docs.
Here we specify that we want to filter by favorites and that the response should contain the permissions for each resource:
```go ```go
favorites, err := client.GetResources(ctx, &api.GetResourcesOptions{ favorites, err := client.GetResources(ctx, &api.GetResourcesOptions{
@ -129,7 +113,7 @@ favorites, err := client.GetResources(ctx, &api.GetResourcesOptions{
}) })
``` ```
We can do the same for users: We Can do the Same for Users:
```go ```go
users, err := client.GetUsers(ctx, &api.GetUsersOptions{ users, err := client.GetUsers(ctx, &api.GetUsersOptions{
@ -147,7 +131,7 @@ groups, err := client.GetGroups(ctx, &api.GetGroupsOptions{
}) })
``` ```
And also for folders (PRO only): And also for Folders (PRO Only):
```go ```go
folders, err := client.GetFolders(ctx, &api.GetFolderOptions{ folders, err := client.GetFolders(ctx, &api.GetFolderOptions{
@ -156,120 +140,78 @@ folders, err := client.GetFolders(ctx, &api.GetFolderOptions{
}) })
``` ```
Getting by ID is also supported using the singular form: Getting by ID is also Supported Using the Singular Form:
```go ```go
resource, err := client.GetResource(ctx, "resource ID") resource, err := client.GetResource(ctx, "resource ID")
``` ```
Since the password is encrypted (and sometimes the description too) the helper package has a function to decrypt all encrypted fields automatically: Since the Password is Encrypted (and sometimes the description too) the helper package has a function to decrypt all encrypted fields Automatically:
```go ```go
folderParentID, name, username, uri, password, description, err := helper.GetResource(ctx, client, "resource id") folderParentID, name, username, uri, password, description, err := helper.GetResource(ctx, client, "resource id")
``` ```
## Updating ## Updating
The Helper Package has a function to save you needing to deal with Resource Types When Updating a Resource:
The helper package has a function to save you from dealing with resource types when updating a resource:
```go ```go
err = helper.UpdateResource( err := helper.UpdateResource(ctx, client,"resource id", "name", "username", "https://test.example.com", "pass123", "very descriptive")
ctx, // Context
client, // API Client
"id", // Resource ID
"name", // Name
"username", // Username
"url", // URI
"strong", // Password
"very strong", // Description
)
``` ```
The same goes for Groups: Note: As Groups are also Complicated to Update there will be a helper function for them in the future.
For other less Complicated Updates you can Simply use the Client directly:
```go ```go
err = helper.UpdateGroup( client.UpdateUser(ctx, "user id", api.User{
ctx, // Context Profile: &api.Profile{
client, // API Client FirstName: "Test",
"id", // Group ID LastName: "User",
"name", // Group Name
[]helper.GroupMembershipOperation{
{
UserID: "id", // ID of User to Add/Modify/Delete
IsGroupManager: true, // Should User be a Group Manager
Delete: false, // Should this User be Remove from the Group
}, },
} })
)
``` ```
And for Users:
```go
err = helper.UpdateUser(
ctx, // Context
client, // API Client
"id", // User ID
"user", // Role (user or admin)
"firstname", // FirstName
"lastname", // LastName
)
```
Note: These helpers will only update fields that are not "".
Helper update functions also exists for Folders.
## Sharing ## Sharing
As Sharing Resources is very Complicated there are multipe helper Functions. During Sharing you will encounter the permissionType.
As sharing resources is very complicated there are multiple helper functions. The permissionType can be 1 for Read only, 7 for Can Update, 15 for Owner or -1 if you want to delete Existing Permissions.
During sharing you will encounter the [permission type](https://github.com/passbolt/passbolt_api/blob/858971516c5e61e1f1be37b007693f0869a70486/src/Model/Entity/Permission.php#L43-L45). The ShareResourceWithUsersAndGroups function Shares the Resource With all Provided Users and Groups with the Given permissionType.
The `permissionType` can be:
| Code | Meaning |
| ---- | -------------------------- |
| `1` | "Read-only" |
| `7` | "Can update" |
| `15` | "Owner" |
| `-1` | Delete existing permission |
The `ShareResourceWithUsersAndGroups` function shares the resource with all provided users and groups with the given `permissionType`.
```go ```go
err := helper.ShareResourceWithUsersAndGroups(ctx, client, "resource id", []string{"user 1 id"}, []string{"group 1 id"}, 7) err := helper.ShareResourceWithUsersAndGroups(ctx, client, "resource id", []string{"user 1 id"}, []string{"group 1 id"}, 7)
``` ```
Note: Existing permission of users and groups will be adjusted to be of the provided `permissionType`. Note: Existing Permission of Users and Groups will be adjusted to be of the Provided permissionType.
If you need to do something more complicated like setting users/groups to different types then you can use `ShareResource` directly: If you need to do something more Complicated like setting Users/Groups to different Type then you can Use ShareResource directly:
```go ```go
changes := []helper.ShareOperation{} changes := []helper.ShareOperation{}
// Make this user Owner // Make this User Owner
changes = append(changes, ShareOperation{ changes = append(changes, ShareOperation{
Type: 15, Type: 15,
ARO: "User", ARO: "User",
AROID: "user 1 id", AROID: "user 1 id",
}) })
// Make this user "Can Update" // Make this User Can Update
changes = append(changes, ShareOperation{ changes = append(changes, ShareOperation{
Type: 5, Type: 5,
ARO: "User", ARO: "User",
AROID: "user 2 id", AROID: "user 2 id",
}) })
// Delete this users current permission // Delete This Users Current Permission
changes = append(changes, ShareOperation{ changes = append(changes, ShareOperation{
Type: -1, Type: -1,
ARO: "User", ARO: "User",
AROID: "user 3 id", AROID: "user 3 id",
}) })
// Make this group "Read-only" // Make this Group Read Only
changes = append(changes, ShareOperation{ changes = append(changes, ShareOperation{
Type: 1, Type: 1,
ARO: "Group", ARO: "Group",
@ -279,71 +221,34 @@ changes = append(changes, ShareOperation{
err := helper.ShareResource(ctx, c, resourceID, changes) err := helper.ShareResource(ctx, c, resourceID, changes)
``` ```
Note: These functions are also available for folders (PRO) Note: These Functions are Also Availabe for Folders (PRO)
## Moving (PRO) ## Moveing (PRO)
In Passbolt PRO there are Folders, during Creation of Resources and Folders you can Specify in which Folder you want to create the Resource / Folder inside of. But if you want to change which Folder the Resource / Folder is in then you can't use the Update function (it is / was possible to update the parent Folder using the Update function but that breaks things). Instead you use the Move function.
In Passbolt PRO there are folders, during the creation of resources and folders you can specify in which folder you want to create the resource/folder inside. But if you want to change which folder the resource/folder is in then you can't use the `Update` function (it is/was possible to update the parent folder using the `Update` function but that breaks things). Instead, you use the `Move` function. ```
```go
err := client.MoveResource(ctx, "resource id", "parent folder id") err := client.MoveResource(ctx, "resource id", "parent folder id")
``` ```
```
```go
err := client.MoveFolder(ctx, "folder id", "parent folder id") err := client.MoveFolder(ctx, "folder id", "parent folder id")
``` ```
## Setup ## Groups
Groups are extra complicated, it doesen't help that the Passbolt Documentation is wrong and missing important details.
You can setup a Account using a Invite Link like this: Since helper functions for Groups were added you can now create, get, update and delete Groups easily:
```go ```go
// Get the UserID and Token from the Invite Link err := helper.UpdateGroup(ctx, client, "group id", "group name", []helper.GroupMembershipOperation{
userID, token, err := ParseInviteUrl(url) {
UserID: "user id",
// Make a Client for Registration IsGroupManager: true,
rClient, err := api.NewClient(nil, "", "https://localhost", "", "") },
})
// Complete Account Setup
privkey, err := SetupAccount(ctx, rClient, userID, token, "password123")
``` ```
## Verification
You can Verify that the Server hasen't changed, for that you need to initially setup the Verification and save the returned values. Then you can Verify that the serverkey hasen't changed since you setup the Verification. Note this Only Works if the client is not logged in.
```go
// Setup the Verification
token, encToken, err := client.SetupServerVerification(ctx)
if err != nil {
panic(err)
}
// You Need to save these
fmt.Println("Token: ", token)
fmt.Println("enc Token: ", encToken)
// Now you can Verify the Server
err = client.VerifyServer(ctx, token, encToken)
if err != nil {
panic(err)
}
```
## MFA
go-passbolt now supports MFA! You can set it up using the Client's `MFACallback` function, it will provide everything you need to complete any MFA challenges. When your done you just need to return the new MFA Cookie (usually called passbolt_mfa). The helper package has a example implementation for a noninteractive TOTP Setup under helper/mfa.go in the function `AddMFACallbackTOTP`.
## Other ## Other
These Examples are just the main Usecases of this Modules, there are many more API calls that are supported. Look at the [Reference](https://pkg.go.dev/github.com/speatzle/go-passbolt) for more information.
These examples are just the main use cases of these Modules, many more API calls are supported. Look at the [reference](https://pkg.go.dev/github.com/passbolt/go-passbolt) for more information.
## Full Example ## Full Example
This Example Creates a Resource, Searches for a User Named Test User, Checks that its Not itself and Shares the Password with the Test User if Nessesary:
This example:
1. Creates a resource;
2. Searches for a user named "Test User";
3. Checks that it's not itself; and,
4. Shares the password with the "Test User" if necessary:
```go ```go
package main package main
@ -352,8 +257,8 @@ import (
"context" "context"
"fmt" "fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
"github.com/passbolt/go-passbolt/helper" "github.com/speatzle/go-passbolt/helper"
) )
const address = "https://passbolt.example.com" const address = "https://passbolt.example.com"
@ -387,7 +292,7 @@ func main() {
"user123", // Username "user123", // Username
"https://test.example.com", // URI "https://test.example.com", // URI
"securePassword123", // Password "securePassword123", // Password
"This is an Account for the example test portal", // Description "This is a Account for the example test portal", // Description
) )
if err != nil { if err != nil {
panic(err) panic(err)
@ -421,3 +326,8 @@ func main() {
client.Logout(ctx) client.Logout(ctx)
} }
``` ```
# TODO
- get a Passbolt Instance to Work in Github Actions
- write Integration Tests
- add ability to verify Server

33
api/api.go
View file

@ -5,7 +5,6 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"strings"
) )
// APIResponse is the Struct representation of a Json Response // APIResponse is the Struct representation of a Json Response
@ -33,11 +32,9 @@ func (c *Client) DoCustomRequest(ctx context.Context, method, path, version stri
// DoCustomRequestAndReturnRawResponse Executes a Custom Request and returns a APIResponse and the Raw HTTP Response // DoCustomRequestAndReturnRawResponse Executes a Custom Request and returns a APIResponse and the Raw HTTP Response
func (c *Client) DoCustomRequestAndReturnRawResponse(ctx context.Context, method, path, version string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error) { func (c *Client) DoCustomRequestAndReturnRawResponse(ctx context.Context, method, path, version string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error) {
firstTime := true u, err := addOptions(path, version, opts)
start:
u, err := generateURL(*c.baseURL, path, version, opts)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("Generating Path: %w", err) return nil, nil, fmt.Errorf("Adding Request Options: %w", err)
} }
req, err := c.newRequest(method, u, body) req, err := c.newRequest(method, u, body)
@ -51,35 +48,9 @@ start:
return r, &res, fmt.Errorf("Doing Request: %w", err) return r, &res, fmt.Errorf("Doing Request: %w", err)
} }
// Because of MFA i need to do the csrf token stuff here
if c.csrfToken.Name == "" {
for _, cookie := range r.Cookies() {
if cookie.Name == "csrfToken" {
c.csrfToken = *cookie
}
}
}
if res.Header.Status == "success" { if res.Header.Status == "success" {
return r, &res, nil return r, &res, nil
} else if res.Header.Status == "error" { } else if res.Header.Status == "error" {
if res.Header.Code == 403 && strings.HasSuffix(res.Header.URL, "/mfa/verify/error.json") {
if !firstTime {
// if we are here this probably means that the MFA callback is broken, to prevent a infinite loop lets error here
return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:")
}
if c.MFACallback != nil {
c.mfaToken, err = c.MFACallback(ctx, c, &res)
if err != nil {
return r, &res, fmt.Errorf("MFA Callback: %w", err)
}
// ok, we got the MFA challenge and the callback presumably handled it so we can retry the original request
firstTime = false
goto start
} else {
return r, &res, fmt.Errorf("Got MFA Challenge but the MFA callback is not defined")
}
}
return r, &res, fmt.Errorf("%w: Message: %v, Body: %v", ErrAPIResponseErrorStatusCode, res.Header.Message, string(res.Body)) return r, &res, fmt.Errorf("%w: Message: %v, Body: %v", ErrAPIResponseErrorStatusCode, res.Header.Message, string(res.Body))
} else { } else {
return r, &res, fmt.Errorf("%w: Message: %v, Body: %v", ErrAPIResponseUnknownStatusCode, res.Header.Message, string(res.Body)) return r, &res, fmt.Errorf("%w: Message: %v, Body: %v", ErrAPIResponseUnknownStatusCode, res.Header.Message, string(res.Body))

85
api/auth.go
View file

@ -6,12 +6,19 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"strconv"
"strings" "strings"
"github.com/ProtonMail/gopenpgp/v2/crypto" "github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/ProtonMail/gopenpgp/v2/helper" "github.com/ProtonMail/gopenpgp/v2/helper"
) )
// PublicKeyReponse the Body of a Public Key Api Request
type PublicKeyReponse struct {
Fingerprint string `json:"fingerprint"`
Keydata string `json:"keydata"`
}
// Login is used for login // Login is used for login
type Login struct { type Login struct {
Auth *GPGAuth `json:"gpg_auth"` Auth *GPGAuth `json:"gpg_auth"`
@ -23,6 +30,24 @@ type GPGAuth struct {
Token string `json:"user_token_result,omitempty"` Token string `json:"user_token_result,omitempty"`
} }
// TODO add Server Verification Function
// GetPublicKey gets the Public Key and Fingerprint of the Passbolt instance
func (c *Client) GetPublicKey(ctx context.Context) (string, string, error) {
msg, err := c.DoCustomRequest(ctx, "GET", "auth/verify.json", "v2", nil, nil)
if err != nil {
return "", "", fmt.Errorf("Doing Request: %w", err)
}
var body PublicKeyReponse
err = json.Unmarshal(msg.Body, &body)
if err != nil {
return "", "", fmt.Errorf("Parsing JSON: %w", err)
}
// TODO check if that Fingerpirnt is actually from the Publickey
return body.Keydata, body.Fingerprint, nil
}
// CheckSession Check to see if you have a Valid Session // CheckSession Check to see if you have a Valid Session
func (c *Client) CheckSession(ctx context.Context) bool { func (c *Client) CheckSession(ctx context.Context) bool {
_, err := c.DoCustomRequest(ctx, "GET", "auth/is-authenticated.json", "v2", nil, nil) _, err := c.DoCustomRequest(ctx, "GET", "auth/is-authenticated.json", "v2", nil, nil)
@ -31,11 +56,6 @@ func (c *Client) CheckSession(ctx context.Context) bool {
// Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar // Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar
func (c *Client) Login(ctx context.Context) error { func (c *Client) Login(ctx context.Context) error {
c.csrfToken = http.Cookie{}
if c.userPrivateKey == "" {
return fmt.Errorf("Client has no Private Key")
}
privateKeyObj, err := crypto.NewKeyFromArmored(c.userPrivateKey) privateKeyObj, err := crypto.NewKeyFromArmored(c.userPrivateKey)
if err != nil { if err != nil {
@ -89,21 +109,31 @@ func (c *Client) Login(ctx context.Context) error {
// Session Cookie in older Passbolt Versions // Session Cookie in older Passbolt Versions
} else if cookie.Name == "CAKEPHP" { } else if cookie.Name == "CAKEPHP" {
c.sessionToken = *cookie c.sessionToken = *cookie
// Session Cookie in Cloud version?
} else if cookie.Name == "PHPSESSID" {
c.sessionToken = *cookie
} }
} }
if c.sessionToken.Name == "" { if c.sessionToken.Name == "" {
return fmt.Errorf("Cannot Find Session Cookie!") return fmt.Errorf("Cannot Find Session Cookie!")
} }
// Because of MFA, the custom Request Function now Fetches the CSRF token, we still need the user for his public key // Do Mfa Here if ever
apiMsg, err := c.DoCustomRequest(ctx, "GET", "/users/me.json", "v2", nil, nil)
// You have to get a make GET Request to get the CSRF Token which is Required for Write Operations
msg, apiMsg, err := c.DoCustomRequestAndReturnRawResponse(ctx, "GET", "/users/me.json", "v2", nil, nil)
if err != nil { if err != nil {
c.log("is MFA Enabled? That is not yet Supported!")
return fmt.Errorf("Getting CSRF Token: %w", err) return fmt.Errorf("Getting CSRF Token: %w", err)
} }
for _, cookie := range msg.Cookies() {
if cookie.Name == "csrfToken" {
c.csrfToken = *cookie
}
}
if c.csrfToken.Name == "" {
return fmt.Errorf("Cannot Find csrfToken Cookie!")
}
// Get Users Own Public Key from Server // Get Users Own Public Key from Server
var user User var user User
err = json.Unmarshal(apiMsg.Body, &user) err = json.Unmarshal(apiMsg.Body, &user)
@ -112,7 +142,10 @@ func (c *Client) Login(ctx context.Context) error {
} }
// Validate that this Publickey that the Server gave us actually Matches our Privatekey // Validate that this Publickey that the Server gave us actually Matches our Privatekey
randomString := randStringBytesRmndr(50) randomString, err := randStringBytesRmndr(50)
if err != nil {
return fmt.Errorf("Generating Random String as PublicKey Validation Message: %w", err)
}
armor, err := helper.EncryptMessageArmored(user.GPGKey.ArmoredKey, randomString) armor, err := helper.EncryptMessageArmored(user.GPGKey.ArmoredKey, randomString)
if err != nil { if err != nil {
return fmt.Errorf("Encryping PublicKey Validation Message: %w", err) return fmt.Errorf("Encryping PublicKey Validation Message: %w", err)
@ -142,3 +175,33 @@ func (c *Client) Logout(ctx context.Context) error {
c.csrfToken = http.Cookie{} c.csrfToken = http.Cookie{}
return nil return nil
} }
// GetUserID Gets the ID of the Current User
func (c *Client) GetUserID() string {
return c.userID
}
func checkAuthTokenFormat(authToken string) error {
splitAuthToken := strings.Split(authToken, "|")
if len(splitAuthToken) != 4 {
return fmt.Errorf("Auth Token Has Wrong amount of Fields")
}
if splitAuthToken[0] != splitAuthToken[3] {
return fmt.Errorf("Auth Token Version Fields Don't match")
}
if !strings.HasPrefix(splitAuthToken[0], "gpgauth") {
return fmt.Errorf("Auth Token Version does not start with 'gpgauth'")
}
length, err := strconv.Atoi(splitAuthToken[1])
if err != nil {
return fmt.Errorf("Cannot Convert Auth Token Length Field to int: %w", err)
}
if len(splitAuthToken[2]) != length {
return fmt.Errorf("Auth Token Data Length does not Match Length Field")
}
return nil
}

73
api/client.go
View file

@ -9,7 +9,6 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/url" "net/url"
"path"
"github.com/ProtonMail/gopenpgp/v2/crypto" "github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/google/go-querystring/query" "github.com/google/go-querystring/query"
@ -23,7 +22,6 @@ type Client struct {
sessionToken http.Cookie sessionToken http.Cookie
csrfToken http.Cookie csrfToken http.Cookie
mfaToken http.Cookie
// for some reason []byte is used for Passwords in gopenpgp instead of string like they do for keys... // for some reason []byte is used for Passwords in gopenpgp instead of string like they do for keys...
userPassword []byte userPassword []byte
@ -31,26 +29,13 @@ type Client struct {
userPublicKey string userPublicKey string
userID string userID string
// used for solving MFA challenges. You can block this to for example wait for user input.
// You shouden't run any unrelated API Calls while you are in this callback.
// You need to Return the Cookie that Passbolt expects to verify you MFA, usually it is called passbolt_mfa
MFACallback func(ctx context.Context, c *Client, res *APIResponse) (http.Cookie, error)
// Enable Debug Logging // Enable Debug Logging
Debug bool Debug bool
} }
// PublicKeyReponse the Body of a Public Key Api Request
type PublicKeyReponse struct {
Fingerprint string `json:"fingerprint"`
Keydata string `json:"keydata"`
}
// NewClient Returns a new Passbolt Client. // NewClient Returns a new Passbolt Client.
// if httpClient is nil http.DefaultClient will be used. // if httpClient is nil http.DefaultClient will be used.
// if UserAgent is "" "goPassboltClient/1.0" will be used. // if UserAgent is "" "goPassboltClient/1.0" will be used.
// if UserPrivateKey is "" Key Setup is Skipped to Enable using the Client for User Registration, Most other function will be broken.
// After Registration a new Client Should be Created.
func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, UserPassword string) (*Client, error) { func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, UserPassword string) (*Client, error) {
if httpClient == nil { if httpClient == nil {
httpClient = http.DefaultClient httpClient = http.DefaultClient
@ -64,8 +49,7 @@ func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, User
return nil, fmt.Errorf("Parsing Base URL: %w", err) return nil, fmt.Errorf("Parsing Base URL: %w", err)
} }
// Verify that the Given Privatekey and Password are valid and work Together if we were provieded one // Verify that the Given Privatekey and Password are valid and work Together
if UserPrivateKey != "" {
privateKeyObj, err := crypto.NewKeyFromArmored(UserPrivateKey) privateKeyObj, err := crypto.NewKeyFromArmored(UserPrivateKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("Unable to Create Key From UserPrivateKey string: %w", err) return nil, fmt.Errorf("Unable to Create Key From UserPrivateKey string: %w", err)
@ -81,7 +65,6 @@ func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, User
// Cleanup Secrets // Cleanup Secrets
privateKeyRing.ClearPrivateParams() privateKeyRing.ClearPrivateParams()
}
// Create Client Object // Create Client Object
c := &Client{ c := &Client{
@ -94,7 +77,13 @@ func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, User
return c, err return c, err
} }
func (c *Client) newRequest(method, url string, body interface{}) (*http.Request, error) { func (c *Client) newRequest(method, path string, body interface{}) (*http.Request, error) {
rel, err := url.Parse(path)
if err != nil {
return nil, fmt.Errorf("Parsing URL: %w", err)
}
u := c.baseURL.ResolveReference(rel)
var buf io.ReadWriter var buf io.ReadWriter
if body != nil { if body != nil {
buf = new(bytes.Buffer) buf = new(bytes.Buffer)
@ -103,8 +92,7 @@ func (c *Client) newRequest(method, url string, body interface{}) (*http.Request
return nil, fmt.Errorf("JSON Encoding Request: %w", err) return nil, fmt.Errorf("JSON Encoding Request: %w", err)
} }
} }
req, err := http.NewRequest(method, u.String(), buf)
req, err := http.NewRequest(method, url, buf)
if err != nil { if err != nil {
return nil, fmt.Errorf("Creating HTTP Request: %w", err) return nil, fmt.Errorf("Creating HTTP Request: %w", err)
} }
@ -116,9 +104,6 @@ func (c *Client) newRequest(method, url string, body interface{}) (*http.Request
req.Header.Set("X-CSRF-Token", c.csrfToken.Value) req.Header.Set("X-CSRF-Token", c.csrfToken.Value)
req.AddCookie(&c.sessionToken) req.AddCookie(&c.sessionToken)
req.AddCookie(&c.csrfToken) req.AddCookie(&c.csrfToken)
if c.mfaToken.Name != "" {
req.AddCookie(&c.mfaToken)
}
// Debugging // Debugging
c.log("Request URL: %v", req.URL.String()) c.log("Request URL: %v", req.URL.String())
@ -158,7 +143,6 @@ func (c *Client) do(ctx context.Context, req *http.Request, v *APIResponse) (*ht
if err != nil { if err != nil {
return resp, fmt.Errorf("Unable to Parse JSON API Response with HTTP Status Code %v: %w", resp.StatusCode, err) return resp, fmt.Errorf("Unable to Parse JSON API Response with HTTP Status Code %v: %w", resp.StatusCode, err)
} }
return resp, nil return resp, nil
} }
@ -169,42 +153,19 @@ func (c *Client) log(msg string, args ...interface{}) {
fmt.Printf("[go-passbolt] "+msg+"\n", args...) fmt.Printf("[go-passbolt] "+msg+"\n", args...)
} }
func generateURL(base url.URL, p, version string, opt interface{}) (string, error) { func addOptions(s, version string, opt interface{}) (string, error) {
base.Path = path.Join(base.Path, p) u, err := url.Parse(s)
if err != nil {
return s, fmt.Errorf("Parsing URL: %w", err)
}
vs, err := query.Values(opt) vs, err := query.Values(opt)
if err != nil { if err != nil {
return "", fmt.Errorf("Getting URL Query Values: %w", err) return s, fmt.Errorf("Getting URL Query Values: %w", err)
} }
if version != "" { if version != "" {
vs.Add("api-version", version) vs.Add("api-version", version)
} }
base.RawQuery = vs.Encode() u.RawQuery = vs.Encode()
return base.String(), nil return u.String(), nil
}
// GetUserID Gets the ID of the Current User
func (c *Client) GetUserID() string {
return c.userID
}
// GetPublicKey gets the Public Key and Fingerprint of the Passbolt instance
func (c *Client) GetPublicKey(ctx context.Context) (string, string, error) {
msg, err := c.DoCustomRequest(ctx, "GET", "/auth/verify.json", "v2", nil, nil)
if err != nil {
return "", "", fmt.Errorf("Doing Request: %w", err)
}
var body PublicKeyReponse
err = json.Unmarshal(msg.Body, &body)
if err != nil {
return "", "", fmt.Errorf("Parsing JSON: %w", err)
}
// Lets get the actual Fingerprint instead of trusting the Server
privateKeyObj, err := crypto.NewKeyFromArmored(c.userPrivateKey)
if err != nil {
return "", "", fmt.Errorf("Parsing Server Key: %w", err)
}
return body.Keydata, privateKeyObj.GetFingerprint(), nil
} }

19
api/comments.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Comment is a Comment // Comment is a Comment
@ -30,10 +29,6 @@ type GetCommentsOptions struct {
// GetComments gets all Passbolt Comments an The Specified Resource // GetComments gets all Passbolt Comments an The Specified Resource
func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCommentsOptions) ([]Comment, error) { func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCommentsOptions) ([]Comment, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/comments/resource/"+resourceID+".json", "v2", nil, opts) msg, err := c.DoCustomRequest(ctx, "GET", "/comments/resource/"+resourceID+".json", "v2", nil, opts)
if err != nil { if err != nil {
return nil, err return nil, err
@ -49,10 +44,6 @@ func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCo
// CreateComment Creates a new Passbolt Comment // CreateComment Creates a new Passbolt Comment
func (c *Client) CreateComment(ctx context.Context, resourceID string, comment Comment) (*Comment, error) { func (c *Client) CreateComment(ctx context.Context, resourceID string, comment Comment) (*Comment, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "POST", "/comments/resource/"+resourceID+".json", "v2", comment, nil) msg, err := c.DoCustomRequest(ctx, "POST", "/comments/resource/"+resourceID+".json", "v2", comment, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -67,10 +58,6 @@ func (c *Client) CreateComment(ctx context.Context, resourceID string, comment C
// UpdateComment Updates a existing Passbolt Comment // UpdateComment Updates a existing Passbolt Comment
func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Comment) (*Comment, error) { func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Comment) (*Comment, error) {
err := checkUUIDFormat(commentID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/comments/"+commentID+".json", "v2", comment, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/comments/"+commentID+".json", "v2", comment, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -85,11 +72,7 @@ func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Co
// DeleteComment Deletes a Passbolt Comment // DeleteComment Deletes a Passbolt Comment
func (c *Client) DeleteComment(ctx context.Context, commentID string) error { func (c *Client) DeleteComment(ctx context.Context, commentID string) error {
err := checkUUIDFormat(commentID) _, err := c.DoCustomRequest(ctx, "DELETE", "/comments/"+commentID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/comments/"+commentID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }

19
api/encryption.go
View file

@ -1,34 +1,19 @@
package api package api
import ( import "github.com/ProtonMail/gopenpgp/v2/helper"
"fmt"
"github.com/ProtonMail/gopenpgp/v2/helper"
)
// EncryptMessage encrypts a message using the users public key and then signes the message using the users private key // EncryptMessage encrypts a message using the users public key and then signes the message using the users private key
func (c *Client) EncryptMessage(message string) (string, error) { func (c *Client) EncryptMessage(message string) (string, error) {
if c.userPrivateKey == "" {
return "", fmt.Errorf("Client has no Private Key")
} else if c.userPublicKey == "" {
return "", fmt.Errorf("Client has no Public Key")
}
return helper.EncryptSignMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message) return helper.EncryptSignMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message)
} }
// EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key // EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key
func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) { func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) {
if c.userPrivateKey == "" {
return "", fmt.Errorf("Client has no Private Key")
}
return helper.EncryptSignMessageArmored(publickey, c.userPrivateKey, c.userPassword, message) return helper.EncryptSignMessageArmored(publickey, c.userPrivateKey, c.userPassword, message)
} }
// DecryptMessage decrypts a message using the users Private Key // DecryptMessage decrypts a message using the users Private Key and Validates its Signature using the users public key
func (c *Client) DecryptMessage(message string) (string, error) { func (c *Client) DecryptMessage(message string) (string, error) {
if c.userPrivateKey == "" {
return "", fmt.Errorf("Client has no Private Key")
}
// We cant Verify the signature as we don't store other users public keys locally and don't know which user did encrypt it // We cant Verify the signature as we don't store other users public keys locally and don't know which user did encrypt it
//return helper.DecryptVerifyMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message) //return helper.DecryptVerifyMessageArmored(c.userPublicKey, c.userPrivateKey, c.userPassword, message)
return helper.DecryptMessageArmored(c.userPrivateKey, c.userPassword, message) return helper.DecryptMessageArmored(c.userPrivateKey, c.userPassword, message)

11
api/favorites.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Favorite is a Favorite // Favorite is a Favorite
@ -17,10 +16,6 @@ type Favorite struct {
// CreateFavorite Creates a new Passbolt Favorite for the given Resource ID // CreateFavorite Creates a new Passbolt Favorite for the given Resource ID
func (c *Client) CreateFavorite(ctx context.Context, resourceID string) (*Favorite, error) { func (c *Client) CreateFavorite(ctx context.Context, resourceID string) (*Favorite, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "POST", "/favorites/resource/"+resourceID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "POST", "/favorites/resource/"+resourceID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -36,11 +31,7 @@ func (c *Client) CreateFavorite(ctx context.Context, resourceID string) (*Favori
// DeleteFavorite Deletes a Passbolt Favorite // DeleteFavorite Deletes a Passbolt Favorite
func (c *Client) DeleteFavorite(ctx context.Context, favoriteID string) error { func (c *Client) DeleteFavorite(ctx context.Context, favoriteID string) error {
err := checkUUIDFormat(favoriteID) _, err := c.DoCustomRequest(ctx, "DELETE", "/favorites/"+favoriteID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/favorites/"+favoriteID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }

49
api/folders.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Folder is a Folder // Folder is a Folder
@ -21,24 +20,6 @@ type Folder struct {
ChildrenFolders []Folder `json:"children_folders,omitempty"` ChildrenFolders []Folder `json:"children_folders,omitempty"`
} }
// GetFoldersOptions are all available query parameters
type GetFoldersOptions struct {
ContainChildrenResources bool `url:"contain[children_resources],omitempty"`
ContainChildrenFolders bool `url:"contain[children_folders],omitempty"`
ContainCreator bool `url:"contain[creator],omitempty"`
ContainCreatorProfile bool `url:"contain[creator.profile],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"`
ContainModiferProfile bool `url:"contain[modifier.profile],omitempty"`
ContainPermission bool `url:"contain[permission],omitempty"`
ContainPermissions bool `url:"contain[permissions],omitempty"`
ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionGroup bool `url:"contain[permissions.group],omitempty"`
FilterHasID []string `url:"filter[has-id][],omitempty"`
FilterHasParent []string `url:"filter[has-parent][],omitempty"`
FilterSearch string `url:"filter[search],omitempty"`
}
// GetFolderOptions are all available query parameters // GetFolderOptions are all available query parameters
type GetFolderOptions struct { type GetFolderOptions struct {
ContainChildrenResources bool `url:"contain[children_resources],omitempty"` ContainChildrenResources bool `url:"contain[children_resources],omitempty"`
@ -51,10 +32,14 @@ type GetFolderOptions struct {
ContainPermissions bool `url:"contain[permissions],omitempty"` ContainPermissions bool `url:"contain[permissions],omitempty"`
ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"` ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionGroup bool `url:"contain[permissions.group],omitempty"` ContainPermissionGroup bool `url:"contain[permissions.group],omitempty"`
FilterHasID string `url:"filter[has-id][],omitempty"`
FilterHasParent string `url:"filter[has-parent][],omitempty"`
FilterSearch string `url:"filter[search],omitempty"`
} }
// GetFolders gets all Folders from the Passboltserver // GetFolders gets all Folders from the Passboltserver
func (c *Client) GetFolders(ctx context.Context, opts *GetFoldersOptions) ([]Folder, error) { func (c *Client) GetFolders(ctx context.Context, opts *GetFolderOptions) ([]Folder, error) {
msg, err := c.DoCustomRequest(ctx, "GET", "/folders.json", "v2", nil, opts) msg, err := c.DoCustomRequest(ctx, "GET", "/folders.json", "v2", nil, opts)
if err != nil { if err != nil {
return nil, err return nil, err
@ -83,12 +68,8 @@ func (c *Client) CreateFolder(ctx context.Context, folder Folder) (*Folder, erro
} }
// GetFolder gets a Passbolt Folder // GetFolder gets a Passbolt Folder
func (c *Client) GetFolder(ctx context.Context, folderID string, opts *GetFolderOptions) (*Folder, error) { func (c *Client) GetFolder(ctx context.Context, folderID string) (*Folder, error) {
err := checkUUIDFormat(folderID) msg, err := c.DoCustomRequest(ctx, "GET", "/folders/"+folderID+".json", "v2", nil, nil)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/folders/"+folderID+".json", "v2", nil, opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -103,10 +84,6 @@ func (c *Client) GetFolder(ctx context.Context, folderID string, opts *GetFolder
// UpdateFolder Updates a existing Passbolt Folder // UpdateFolder Updates a existing Passbolt Folder
func (c *Client) UpdateFolder(ctx context.Context, folderID string, folder Folder) (*Folder, error) { func (c *Client) UpdateFolder(ctx context.Context, folderID string, folder Folder) (*Folder, error) {
err := checkUUIDFormat(folderID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/folders/"+folderID+".json", "v2", folder, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/folders/"+folderID+".json", "v2", folder, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -121,11 +98,7 @@ func (c *Client) UpdateFolder(ctx context.Context, folderID string, folder Folde
// DeleteFolder Deletes a Passbolt Folder // DeleteFolder Deletes a Passbolt Folder
func (c *Client) DeleteFolder(ctx context.Context, folderID string) error { func (c *Client) DeleteFolder(ctx context.Context, folderID string) error {
err := checkUUIDFormat(folderID) _, err := c.DoCustomRequest(ctx, "DELETE", "/folders/"+folderID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/folders/"+folderID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }
@ -134,11 +107,7 @@ func (c *Client) DeleteFolder(ctx context.Context, folderID string) error {
// MoveFolder Moves a Passbolt Folder // MoveFolder Moves a Passbolt Folder
func (c *Client) MoveFolder(ctx context.Context, folderID, folderParentID string) error { func (c *Client) MoveFolder(ctx context.Context, folderID, folderParentID string) error {
err := checkUUIDFormat(folderID) _, err := c.DoCustomRequest(ctx, "PUT", "/move/folder/"+folderID+".json", "v2", Folder{
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "PUT", "/move/folder/"+folderID+".json", "v2", Folder{
FolderParentID: folderParentID, FolderParentID: folderParentID,
}, nil) }, nil)
if err != nil { if err != nil {

5
api/gpgkey.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// GPGKey is a GPGKey // GPGKey is a GPGKey
@ -44,10 +43,6 @@ func (c *Client) GetGPGKeys(ctx context.Context, opts *GetGPGKeysOptions) ([]GPG
// GetGPGKey gets a Passbolt GPGKey // GetGPGKey gets a Passbolt GPGKey
func (c *Client) GetGPGKey(ctx context.Context, gpgkeyID string) (*GPGKey, error) { func (c *Client) GetGPGKey(ctx context.Context, gpgkeyID string) (*GPGKey, error) {
err := checkUUIDFormat(gpgkeyID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/gpgkeys/"+gpgkeyID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/gpgkeys/"+gpgkeyID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err

42
api/groups.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
//Group is a Group //Group is a Group
@ -15,23 +14,7 @@ type Group struct {
Deleted bool `json:"deleted,omitempty"` Deleted bool `json:"deleted,omitempty"`
Modified *Time `json:"modified,omitempty"` Modified *Time `json:"modified,omitempty"`
ModifiedBy string `json:"modified_by,omitempty"` ModifiedBy string `json:"modified_by,omitempty"`
// This does not Contain Profile for Users Anymore...
GroupUsers []GroupMembership `json:"groups_users,omitempty"` GroupUsers []GroupMembership `json:"groups_users,omitempty"`
// This is new and undocumented but as all the data
Users []GroupUser `json:"users,omitempty"`
}
type GroupUser struct {
User
JoinData GroupJoinData `json:"_join_data,omitempty"`
}
type GroupJoinData struct {
ID string `json:"id,omitempty"`
GroupID string `json:"group_id,omitempty"`
UserID string `json:"user_id,omitempty"`
IsAdmin bool `json:"is_admin,omitempty"`
Created *Time `json:"created,omitempty"`
} }
type GroupMembership struct { type GroupMembership struct {
@ -57,12 +40,9 @@ type GetGroupsOptions struct {
ContainModifier bool `url:"contain[modifier],omitempty"` ContainModifier bool `url:"contain[modifier],omitempty"`
ContainModifierProfile bool `url:"contain[modifier.profile],omitempty"` ContainModifierProfile bool `url:"contain[modifier.profile],omitempty"`
ContainUser bool `url:"contain[user],omitempty"`
ContainGroupUser bool `url:"contain[group_user],omitempty"`
ContainMyGroupUser bool `url:"contain[my_group_user],omitempty"` ContainMyGroupUser bool `url:"contain[my_group_user],omitempty"`
ContainUsers bool `url:"contain[users],omitempty"`
ContainGroupsUsers bool `url:"contain[groups_users],omitempty"`
ContainGroupsUsersUser bool `url:"contain[groups_users.user],omitempty"`
ContainGroupsUsersUserProfile bool `url:"contain[groups_users.user.profile],omitempty"`
ContainGroupsUsersUserGPGKey bool `url:"contain[groups_users.user.gpgkey],omitempty"`
} }
// UpdateGroupDryRunResult is the Result of a Update Group DryRun // UpdateGroupDryRunResult is the Result of a Update Group DryRun
@ -125,10 +105,6 @@ func (c *Client) CreateGroup(ctx context.Context, group Group) (*Group, error) {
// GetGroup gets a Passbolt Group // GetGroup gets a Passbolt Group
func (c *Client) GetGroup(ctx context.Context, groupID string) (*Group, error) { func (c *Client) GetGroup(ctx context.Context, groupID string) (*Group, error) {
err := checkUUIDFormat(groupID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/groups/"+groupID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/groups/"+groupID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -144,10 +120,6 @@ func (c *Client) GetGroup(ctx context.Context, groupID string) (*Group, error) {
// UpdateGroup Updates a existing Passbolt Group // UpdateGroup Updates a existing Passbolt Group
func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUpdate) (*Group, error) { func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUpdate) (*Group, error) {
err := checkUUIDFormat(groupID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/groups/"+groupID+".json", "v2", update, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/groups/"+groupID+".json", "v2", update, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -162,10 +134,6 @@ func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUp
// UpdateGroupDryRun Checks that a Passbolt Group update passes validation // UpdateGroupDryRun Checks that a Passbolt Group update passes validation
func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update GroupUpdate) (*UpdateGroupDryRunResult, error) { func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update GroupUpdate) (*UpdateGroupDryRunResult, error) {
err := checkUUIDFormat(groupID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/groups/"+groupID+"/dry-run.json", "v2", update, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/groups/"+groupID+"/dry-run.json", "v2", update, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -180,11 +148,7 @@ func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update G
// DeleteGroup Deletes a Passbolt Group // DeleteGroup Deletes a Passbolt Group
func (c *Client) DeleteGroup(ctx context.Context, groupID string) error { func (c *Client) DeleteGroup(ctx context.Context, groupID string) error {
err := checkUUIDFormat(groupID) _, err := c.DoCustomRequest(ctx, "DELETE", "/groups/"+groupID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/groups/"+groupID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }

13
api/mfa.go
View file

@ -1,13 +0,0 @@
package api
type MFAChallenge struct {
Provider MFAProviders `json:"providers,omitempty"`
}
type MFAProviders struct {
TOTP string `json:"totp,omitempty"`
}
type MFAChallengeResponse struct {
TOTP string `json:"totp,omitempty"`
}

56
api/misc.go
View file

@ -1,53 +1,25 @@
package api package api
import ( import (
"fmt" "crypto/rand"
"math/rand" "math/big"
"regexp"
"strconv"
"strings"
) )
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" func randStringBytesRmndr(length int) (string, error) {
result := ""
var isUUID = regexp.MustCompile("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$") for {
if len(result) >= length {
func randStringBytesRmndr(length int) string { return result, nil
b := make([]byte, length)
for i := range b {
b[i] = letterBytes[rand.Intn(len(letterBytes))]
} }
return string(b) num, err := rand.Int(rand.Reader, big.NewInt(int64(127)))
}
func checkAuthTokenFormat(authToken string) error {
splitAuthToken := strings.Split(authToken, "|")
if len(splitAuthToken) != 4 {
return fmt.Errorf("Auth Token Has Wrong amount of Fields")
}
if splitAuthToken[0] != splitAuthToken[3] {
return fmt.Errorf("Auth Token Version Fields Don't match")
}
if !strings.HasPrefix(splitAuthToken[0], "gpgauth") {
return fmt.Errorf("Auth Token Version does not start with 'gpgauth'")
}
length, err := strconv.Atoi(splitAuthToken[1])
if err != nil { if err != nil {
return fmt.Errorf("Cannot Convert Auth Token Length Field to int: %w", err) return "", err
} }
n := num.Int64()
if len(splitAuthToken[2]) != length { // Make sure that the number/byte/letter is inside
return fmt.Errorf("Auth Token Data Length does not Match Length Field") // the range of printable ASCII characters (excluding space and DEL)
if n > 32 && n < 127 {
result += string(n)
} }
return nil
} }
func checkUUIDFormat(data string) error {
if !isUUID.MatchString(data) {
return fmt.Errorf("UUID is not in the valid format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
}
return nil
} }

20
api/permissions.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Permission is a Permission // Permission is a Permission
@ -22,10 +21,6 @@ type Permission struct {
// GetResourcePermissions gets a Resources Permissions // GetResourcePermissions gets a Resources Permissions
func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string) ([]Permission, error) { func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string) ([]Permission, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/permissions/resource/"+resourceID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/permissions/resource/"+resourceID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -38,3 +33,18 @@ func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string)
} }
return permissions, nil return permissions, nil
} }
// GetFolderPermissions gets a Folders Permissions
func (c *Client) GetFolderPermissions(ctx context.Context, folderID string) ([]Permission, error) {
msg, err := c.DoCustomRequest(ctx, "GET", "/permissions/folder/"+folderID+".json", "v2", nil, nil)
if err != nil {
return nil, err
}
var permissions []Permission
err = json.Unmarshal(msg.Body, &permissions)
if err != nil {
return nil, err
}
return permissions, nil
}

10
api/resource_types.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
//ResourceType is the Type of a Resource //ResourceType is the Type of a Resource
@ -16,11 +15,6 @@ type ResourceType struct {
Modified *Time `json:"modified,omitempty"` Modified *Time `json:"modified,omitempty"`
} }
type ResourceTypeSchema struct {
Resource json.RawMessage `json:"resource"`
Secret json.RawMessage `json:"secret"`
}
// GetResourceTypesOptions is a placeholder for future options // GetResourceTypesOptions is a placeholder for future options
type GetResourceTypesOptions struct { type GetResourceTypesOptions struct {
} }
@ -42,10 +36,6 @@ func (c *Client) GetResourceTypes(ctx context.Context, opts *GetResourceTypesOpt
// GetResourceType gets a Passbolt Type // GetResourceType gets a Passbolt Type
func (c *Client) GetResourceType(ctx context.Context, typeID string) (*ResourceType, error) { func (c *Client) GetResourceType(ctx context.Context, typeID string) (*ResourceType, error) {
err := checkUUIDFormat(typeID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/resource-types/"+typeID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/resource-types/"+typeID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err

34
api/resources.go
View file

@ -3,12 +3,11 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Resource is a Resource. // Resource is a Resource.
// Warning: Since Passbolt v3 some fields here may not be populated as they may be in the Secret depending on the ResourceType, // Warning: Since Passbolt v3 some fields here may not be populated as they may be in the Secret depending on the ResourceType,
// for now the only Field like that is the Description. // for now the only Field like that is the Decription.
type Resource struct { type Resource struct {
ID string `json:"id,omitempty"` ID string `json:"id,omitempty"`
Created *Time `json:"created,omitempty"` Created *Time `json:"created,omitempty"`
@ -26,7 +25,6 @@ type Resource struct {
Username string `json:"username,omitempty"` Username string `json:"username,omitempty"`
FolderParentID string `json:"folder_parent_id,omitempty"` FolderParentID string `json:"folder_parent_id,omitempty"`
ResourceTypeID string `json:"resource_type_id,omitempty"` ResourceTypeID string `json:"resource_type_id,omitempty"`
ResourceType ResourceType `json:"resource_type,omitempty"`
Secrets []Secret `json:"secrets,omitempty"` Secrets []Secret `json:"secrets,omitempty"`
Tags []Tag `json:"tags,omitempty"` Tags []Tag `json:"tags,omitempty"`
} }
@ -41,22 +39,20 @@ type Tag struct {
// GetResourcesOptions are all available query parameters // GetResourcesOptions are all available query parameters
type GetResourcesOptions struct { type GetResourcesOptions struct {
FilterIsFavorite bool `url:"filter[is-favorite],omitempty"` FilterIsFavorite bool `url:"filter[is-favorite],omitempty"`
FilterIsSharedWithGroup string `url:"filter[is-shared-with-group],omitempty"`
FilterIsOwnedByMe bool `url:"filter[is-owned-by-me],omitempty"`
FilterIsSharedWithMe bool `url:"filter[is-shared-with-me],omitempty"` FilterIsSharedWithMe bool `url:"filter[is-shared-with-me],omitempty"`
FilterHasID []string `url:"filter[has-id][],omitempty"` FilterIsSharedWithGroup string `url:"filter[is-shared-with-group],omitempty"`
FilterHasID string `url:"filter[has-id],omitempty"`
// Parent Folder id // Parent Folder id
FilterHasParent []string `url:"filter[has-parent][],omitempty"` FilterHasParent string `url:"filter[has-parent],omitempty"`
FilterHasTag string `url:"filter[has-tag],omitempty"` FilterHasTag string `url:"filter[has-tag],omitempty"`
ContainCreator bool `url:"contain[creator],omitempty"` ContainCreator bool `url:"contain[creator],omitempty"`
ContainFavorites bool `url:"contain[favorite],omitempty"` ContainFavorites bool `url:"contain[favorite],omitempty"`
ContainModifier bool `url:"contain[modifier],omitempty"` ContainModifier bool `url:"contain[modifier],omitempty"`
ContainSecret bool `url:"contain[secret],omitempty"`
ContainResourceType bool `url:"contain[resource-type],omitempty"`
ContainPermissions bool `url:"contain[permission],omitempty"` ContainPermissions bool `url:"contain[permission],omitempty"`
ContainPermissionsUserProfile bool `url:"contain[permissions.user.profile],omitempty"` ContainPermissionsUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
ContainPermissionsGroup bool `url:"contain[permissions.group],omitempty"` ContainPermissionsGroup bool `url:"contain[permissions.group],omitempty"`
ContainSecret bool `url:"contain[secret],omitempty"`
ContainTags bool `url:"contain[tag],omitempty"` ContainTags bool `url:"contain[tag],omitempty"`
} }
@ -91,10 +87,6 @@ func (c *Client) CreateResource(ctx context.Context, resource Resource) (*Resour
// GetResource gets a Passbolt Resource // GetResource gets a Passbolt Resource
func (c *Client) GetResource(ctx context.Context, resourceID string) (*Resource, error) { func (c *Client) GetResource(ctx context.Context, resourceID string) (*Resource, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/resources/"+resourceID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/resources/"+resourceID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -110,10 +102,6 @@ func (c *Client) GetResource(ctx context.Context, resourceID string) (*Resource,
// UpdateResource Updates a existing Passbolt Resource // UpdateResource Updates a existing Passbolt Resource
func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource Resource) (*Resource, error) { func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource Resource) (*Resource, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/resources/"+resourceID+".json", "v2", resource, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/resources/"+resourceID+".json", "v2", resource, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -128,11 +116,7 @@ func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource
// DeleteResource Deletes a Passbolt Resource // DeleteResource Deletes a Passbolt Resource
func (c *Client) DeleteResource(ctx context.Context, resourceID string) error { func (c *Client) DeleteResource(ctx context.Context, resourceID string) error {
err := checkUUIDFormat(resourceID) _, err := c.DoCustomRequest(ctx, "DELETE", "/resources/"+resourceID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/resources/"+resourceID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }
@ -141,11 +125,7 @@ func (c *Client) DeleteResource(ctx context.Context, resourceID string) error {
// MoveResource Moves a Passbolt Resource // MoveResource Moves a Passbolt Resource
func (c *Client) MoveResource(ctx context.Context, resourceID, folderParentID string) error { func (c *Client) MoveResource(ctx context.Context, resourceID, folderParentID string) error {
err := checkUUIDFormat(resourceID) _, err := c.DoCustomRequest(ctx, "PUT", "/move/resource/"+resourceID+".json", "v2", Resource{
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "PUT", "/move/resource/"+resourceID+".json", "v2", Resource{
FolderParentID: folderParentID, FolderParentID: folderParentID,
}, nil) }, nil)
if err != nil { if err != nil {

24
api/secrets.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// Secret is a Secret // Secret is a Secret
@ -22,31 +21,8 @@ type SecretDataTypePasswordAndDescription struct {
Description string `json:"description,omitempty"` Description string `json:"description,omitempty"`
} }
type SecretDataTOTP struct {
Algorithm string `json:"algorithm"`
SecretKey string `json:"secret_key"`
Digits int `json:"digits"`
Period int `json:"period"`
}
// SecretDataTypeTOTP is the format a secret of resource type "totp" is stored in
type SecretDataTypeTOTP struct {
TOTP SecretDataTOTP `json:"totp"`
}
// SecretDataTypePasswordDescriptionTOTP is the format a secret of resource type "password-description-totp" is stored in
type SecretDataTypePasswordDescriptionTOTP struct {
Password string `json:"password"`
Description string `json:"description,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
// GetSecret gets a Passbolt Secret // GetSecret gets a Passbolt Secret
func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) { func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/secrets/resource/"+resourceID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/secrets/resource/"+resourceID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err

57
api/setup.go
View file

@ -1,57 +0,0 @@
package api
import (
"context"
"encoding/json"
"fmt"
)
type SetupInstallResponse struct {
User `json:"user,omitempty"`
}
type AuthenticationToken struct {
Token string `json:"token,omitempty"`
}
type SetupCompleteRequest struct {
AuthenticationToken AuthenticationToken `json:"authenticationtoken,omitempty"`
GPGKey GPGKey `json:"gpgkey,omitempty"`
User User `json:"user,omitempty"`
}
// SetupInstall validates the userid and token used for Account setup, gives back the User Information
func (c *Client) SetupInstall(ctx context.Context, userID, token string) (*SetupInstallResponse, error) {
err := checkUUIDFormat(userID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
err = checkUUIDFormat(token)
if err != nil {
return nil, fmt.Errorf("Checking Token format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/setup/install/"+userID+"/"+token+".json", "v2", nil, nil)
if err != nil {
return nil, err
}
var install SetupInstallResponse
err = json.Unmarshal(msg.Body, &install)
if err != nil {
return nil, err
}
return &install, nil
}
// SetupComplete Completes setup of a Passbolt Account
func (c *Client) SetupComplete(ctx context.Context, userID string, request SetupCompleteRequest) error {
err := checkUUIDFormat(userID)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "POST", "/setup/complete/"+userID+".json", "v2", request, nil)
if err != nil {
return err
}
return nil
}

17
api/share.go
View file

@ -3,7 +3,6 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
// ResourceShareRequest is a ResourceShareRequest // ResourceShareRequest is a ResourceShareRequest
@ -62,11 +61,7 @@ func (c *Client) SearchAROs(ctx context.Context, opts SearchAROsOptions) ([]ARO,
// ShareResource Shares a Resource with AROs // ShareResource Shares a Resource with AROs
func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) error { func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) error {
err := checkUUIDFormat(resourceID) _, err := c.DoCustomRequest(ctx, "PUT", "/share/resource/"+resourceID+".json", "v2", shareRequest, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "PUT", "/share/resource/"+resourceID+".json", "v2", shareRequest, nil)
if err != nil { if err != nil {
return err return err
} }
@ -76,12 +71,8 @@ func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequ
// ShareFolder Shares a Folder with AROs // ShareFolder Shares a Folder with AROs
func (c *Client) ShareFolder(ctx context.Context, folderID string, permissions []Permission) error { func (c *Client) ShareFolder(ctx context.Context, folderID string, permissions []Permission) error {
err := checkUUIDFormat(folderID)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
f := Folder{Permissions: permissions} f := Folder{Permissions: permissions}
_, err = c.DoCustomRequest(ctx, "PUT", "/share/folder/"+folderID+".json", "v2", f, nil) _, err := c.DoCustomRequest(ctx, "PUT", "/share/folder/"+folderID+".json", "v2", f, nil)
if err != nil { if err != nil {
return err return err
} }
@ -91,10 +82,6 @@ func (c *Client) ShareFolder(ctx context.Context, folderID string, permissions [
// SimulateShareResource Simulates Shareing a Resource with AROs // SimulateShareResource Simulates Shareing a Resource with AROs
func (c *Client) SimulateShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) (*ResourceShareSimulationResult, error) { func (c *Client) SimulateShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) (*ResourceShareSimulationResult, error) {
err := checkUUIDFormat(resourceID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "POST", "/share/simulate/resource/"+resourceID+".json", "v2", shareRequest, nil) msg, err := c.DoCustomRequest(ctx, "POST", "/share/simulate/resource/"+resourceID+".json", "v2", shareRequest, nil)
if err != nil { if err != nil {
return nil, err return nil, err

28
api/users.go
View file

@ -3,11 +3,8 @@ package api
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"fmt"
) )
const UserLocaleENUK = "en-UK"
// User contains information about a passbolt User // User contains information about a passbolt User
type User struct { type User struct {
ID string `json:"id,omitempty"` ID string `json:"id,omitempty"`
@ -23,7 +20,6 @@ type User struct {
Role *Role `json:"role,omitempty"` Role *Role `json:"role,omitempty"`
GPGKey *GPGKey `json:"gpgKey,omitempty"` GPGKey *GPGKey `json:"gpgKey,omitempty"`
LastLoggedIn string `json:"last_logged_in,omitempty"` LastLoggedIn string `json:"last_logged_in,omitempty"`
Locale string `json:"locale,omitempty"`
} }
// Profile is a Profile // Profile is a Profile
@ -39,8 +35,8 @@ type Profile struct {
// GetUsersOptions are all available query parameters // GetUsersOptions are all available query parameters
type GetUsersOptions struct { type GetUsersOptions struct {
FilterSearch string `url:"filter[search],omitempty"` FilterSearch string `url:"filter[search],omitempty"`
FilterHasGroup []string `url:"filter[has-group][],omitempty"` FilterHasGroup string `url:"filter[has-group],omitempty"`
FilterHasAccess []string `url:"filter[has-access][],omitempty"` FilterHasAccess string `url:"filter[has-access],omitempty"`
FilterIsAdmin bool `url:"filter[is-admin],omitempty"` FilterIsAdmin bool `url:"filter[is-admin],omitempty"`
ContainLastLoggedIn bool `url:"contain[LastLoggedIn],omitempty"` ContainLastLoggedIn bool `url:"contain[LastLoggedIn],omitempty"`
@ -82,10 +78,6 @@ func (c *Client) GetMe(ctx context.Context) (*User, error) {
// GetUser gets a Passbolt User // GetUser gets a Passbolt User
func (c *Client) GetUser(ctx context.Context, userID string) (*User, error) { func (c *Client) GetUser(ctx context.Context, userID string) (*User, error) {
err := checkUUIDFormat(userID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "GET", "/users/"+userID+".json", "v2", nil, nil) msg, err := c.DoCustomRequest(ctx, "GET", "/users/"+userID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -101,10 +93,6 @@ func (c *Client) GetUser(ctx context.Context, userID string) (*User, error) {
// UpdateUser Updates a existing Passbolt User // UpdateUser Updates a existing Passbolt User
func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*User, error) { func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*User, error) {
err := checkUUIDFormat(userID)
if err != nil {
return nil, fmt.Errorf("Checking ID format: %w", err)
}
msg, err := c.DoCustomRequest(ctx, "PUT", "/users/"+userID+".json", "v2", user, nil) msg, err := c.DoCustomRequest(ctx, "PUT", "/users/"+userID+".json", "v2", user, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -119,11 +107,7 @@ func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*Use
// DeleteUser Deletes a Passbolt User // DeleteUser Deletes a Passbolt User
func (c *Client) DeleteUser(ctx context.Context, userID string) error { func (c *Client) DeleteUser(ctx context.Context, userID string) error {
err := checkUUIDFormat(userID) _, err := c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+".json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+".json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }
@ -132,11 +116,7 @@ func (c *Client) DeleteUser(ctx context.Context, userID string) error {
// DeleteUserDryrun Check if a Passbolt User is Deleteable // DeleteUserDryrun Check if a Passbolt User is Deleteable
func (c *Client) DeleteUserDryrun(ctx context.Context, userID string) error { func (c *Client) DeleteUserDryrun(ctx context.Context, userID string) error {
err := checkUUIDFormat(userID) _, err := c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+"/dry-run.json", "v2", nil, nil)
if err != nil {
return fmt.Errorf("Checking ID format: %w", err)
}
_, err = c.DoCustomRequest(ctx, "DELETE", "/users/"+userID+"/dry-run.json", "v2", nil, nil)
if err != nil { if err != nil {
return err return err
} }

67
api/verify.go
View file

@ -1,67 +0,0 @@
package api
import (
"context"
"fmt"
"strings"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/google/uuid"
)
// GPGVerifyContainer is used for verification
type GPGVerifyContainer struct {
Req GPGVerify `json:"gpg_auth"`
}
// GPGVerify is used for verification
type GPGVerify struct {
KeyID string `json:"keyid"`
Token string `json:"server_verify_token,omitempty"`
}
// SetupServerVerification sets up Server Verification, Only works before login
func (c *Client) SetupServerVerification(ctx context.Context) (string, string, error) {
serverKey, _, err := c.GetPublicKey(ctx)
if err != nil {
return "", "", fmt.Errorf("Getting Server Key: %w", err)
}
uuid, err := uuid.NewRandom()
if err != nil {
return "", "", fmt.Errorf("Generating UUID: %w", err)
}
token := "gpgauthv1.3.0|36|" + uuid.String() + "|gpgauthv1.3.0"
encToken, err := c.EncryptMessageWithPublicKey(serverKey, token)
if err != nil {
return "", "", fmt.Errorf("Encrypting Challenge: %w", err)
}
err = c.VerifyServer(ctx, token, encToken)
if err != nil {
return "", "", fmt.Errorf("Initial Verification: %w", err)
}
return token, encToken, err
}
// VerifyServer verifys that the Server is still the same one as during the Setup, Only works before login
func (c *Client) VerifyServer(ctx context.Context, token, encToken string) error {
privateKeyObj, err := crypto.NewKeyFromArmored(c.userPrivateKey)
if err != nil {
return fmt.Errorf("Parsing User Private Key: %w", err)
}
data := GPGVerifyContainer{
Req: GPGVerify{
Token: encToken,
KeyID: privateKeyObj.GetFingerprint(),
},
}
raw, _, err := c.DoCustomRequestAndReturnRawResponse(ctx, "POST", "/auth/verify.json", "v2", data, nil)
if err != nil && !strings.Contains(err.Error(), "The authentication failed.") {
return fmt.Errorf("Sending Verification Challenge: %w", err)
}
if raw.Header.Get("X-GPGAuth-Verify-Response") != token {
return fmt.Errorf("Server Response did not Match Saved Token")
}
return nil
}

23
go.mod
View file

@ -1,20 +1,13 @@
module github.com/passbolt/go-passbolt module github.com/speatzle/go-passbolt
go 1.23.0 go 1.16
require ( require (
github.com/ProtonMail/gopenpgp/v2 v2.8.3 github.com/ProtonMail/go-crypto v0.0.0-20210707164159-52430bf6b52c // indirect
github.com/ProtonMail/gopenpgp/v2 v2.2.2
github.com/google/go-querystring v1.1.0 github.com/google/go-querystring v1.1.0
github.com/google/uuid v1.6.0 github.com/sirupsen/logrus v1.8.1 // indirect
github.com/santhosh-tekuri/jsonschema v1.2.4 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
) golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf // indirect
golang.org/x/text v0.3.7 // indirect
require (
github.com/ProtonMail/go-crypto v1.1.6 // indirect
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
github.com/cloudflare/circl v1.6.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
golang.org/x/crypto v0.35.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/text v0.22.0 // indirect
) )

108
go.sum
View file

@ -1,21 +1,11 @@
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= github.com/ProtonMail/go-crypto v0.0.0-20210512092938-c05353c2d58c/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/ProtonMail/go-crypto v0.0.0-20210707164159-52430bf6b52c h1:FP7mMdsXy0ybzar1sJeIcZtaJka0U/ZmLTW4wRpolYk=
github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= github.com/ProtonMail/go-crypto v0.0.0-20210707164159-52430bf6b52c/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a h1:W6RrgN/sTxg1msqzFFb+G80MFmpjMw61IU+slm+wln4=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.2.2 h1:u2m7xt+CZWj88qK1UUNBoXeJCFJwJCZ/Ff4ymGoxEXs=
github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= github.com/ProtonMail/gopenpgp/v2 v2.2.2/go.mod h1:ajUlBGvxMH1UBZnaYO3d1FSVzjiC6kK9XlZYGiDCvpM=
github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/ProtonMail/gopenpgp/v2 v2.8.3 h1:1jHlELwCR00qovx2B50DkL/FjYwt/P91RnlsqeOp2Hs=
github.com/ProtonMail/gopenpgp/v2 v2.8.3/go.mod h1:LiuOTbnJit8w9ZzOoLscj0kmdALY7hfoCVh5Qlb0bcg=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -23,71 +13,59 @@ github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mobile v0.0.0-20200801112145-973feb4309de/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

30
helper/folder.go
View file

@ -2,9 +2,8 @@ package helper
import ( import (
"context" "context"
"fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
) )
// CreateFolder Creates a new Folder // CreateFolder Creates a new Folder
@ -13,44 +12,27 @@ func CreateFolder(ctx context.Context, c *api.Client, folderParentID, name strin
Name: name, Name: name,
FolderParentID: folderParentID, FolderParentID: folderParentID,
}) })
if err != nil { return f.ID, err
return "", fmt.Errorf("Creating Folder: %w", err)
}
return f.ID, nil
} }
// GetFolder Gets a Folder // GetFolder Gets a Folder
func GetFolder(ctx context.Context, c *api.Client, folderID string) (string, string, error) { func GetFolder(ctx context.Context, c *api.Client, folderID string) (string, string, error) {
f, err := c.GetFolder(ctx, folderID, nil) f, err := c.GetFolder(ctx, folderID)
if err != nil { return f.FolderParentID, f.Name, err
return "", "", fmt.Errorf("Getting Folder: %w", err)
}
return f.FolderParentID, f.Name, nil
} }
// UpdateFolder Updates a Folder // UpdateFolder Updates a Folder
func UpdateFolder(ctx context.Context, c *api.Client, folderID, name string) error { func UpdateFolder(ctx context.Context, c *api.Client, folderID, name string) error {
_, err := c.UpdateFolder(ctx, folderID, api.Folder{Name: name}) _, err := c.UpdateFolder(ctx, folderID, api.Folder{Name: name})
if err != nil {
return fmt.Errorf("Updating Folder: %w", err)
}
return err return err
} }
// DeleteFolder Deletes a Folder // DeleteFolder Deletes a Folder
func DeleteFolder(ctx context.Context, c *api.Client, folderID string) error { func DeleteFolder(ctx context.Context, c *api.Client, folderID string) error {
err := c.DeleteFolder(ctx, folderID) return c.DeleteFolder(ctx, folderID)
if err != nil {
return fmt.Errorf("Deleting Folder: %w", err)
}
return nil
} }
// MoveFolder Moves a Folder into a Folder // MoveFolder Moves a Folder into a Folder
func MoveFolder(ctx context.Context, c *api.Client, folderID, folderParentID string) error { func MoveFolder(ctx context.Context, c *api.Client, folderID, folderParentID string) error {
err := c.MoveFolder(ctx, folderID, folderParentID) return c.MoveFolder(ctx, folderID, folderParentID)
if err != nil {
return fmt.Errorf("Moving Folder: %w", err)
}
return nil
} }

28
helper/group.go
View file

@ -4,22 +4,18 @@ import (
"context" "context"
"fmt" "fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
) )
// GroupMembershipOperation creates/modifies/deletes a group membership // GroupMembershipOperation creates/modifies/deletes a group membership
type GroupMembershipOperation struct { type GroupMembershipOperation struct {
UserID string GroupMembership
IsGroupManager bool
Delete bool Delete bool
} }
// GroupMembership contains who and what kind of membership they have with a group // GroupMembership containes who and what kind of membership they have with a group
type GroupMembership struct { type GroupMembership struct {
UserID string UserID string
Username string
UserFirstName string
UserLastName string
IsGroupManager bool IsGroupManager bool
} }
@ -49,9 +45,7 @@ func CreateGroup(ctx context.Context, c *api.Client, name string, operations []G
func GetGroup(ctx context.Context, c *api.Client, groupID string) (string, []GroupMembership, error) { func GetGroup(ctx context.Context, c *api.Client, groupID string) (string, []GroupMembership, error) {
// for some reason the groups index api call does not give back the groups_users even though it is supposed to, so i have to do this... // for some reason the groups index api call does not give back the groups_users even though it is supposed to, so i have to do this...
groups, err := c.GetGroups(ctx, &api.GetGroupsOptions{ groups, err := c.GetGroups(ctx, &api.GetGroupsOptions{
ContainGroupsUsers: true, ContainGroupUser: true,
ContainGroupsUsersUser: true,
ContainGroupsUsersUserProfile: true,
}) })
if err != nil { if err != nil {
return "", nil, fmt.Errorf("Getting Groups: %w", err) return "", nil, fmt.Errorf("Getting Groups: %w", err)
@ -63,9 +57,6 @@ func GetGroup(ctx context.Context, c *api.Client, groupID string) (string, []Gro
for _, m := range g.GroupUsers { for _, m := range g.GroupUsers {
memberships = append(memberships, GroupMembership{ memberships = append(memberships, GroupMembership{
UserID: m.UserID, UserID: m.UserID,
Username: m.User.Username,
UserFirstName: m.User.Profile.FirstName,
UserLastName: m.User.Profile.LastName,
IsGroupManager: m.IsAdmin, IsGroupManager: m.IsAdmin,
}) })
} }
@ -79,18 +70,16 @@ func GetGroup(ctx context.Context, c *api.Client, groupID string) (string, []Gro
func UpdateGroup(ctx context.Context, c *api.Client, groupID, name string, operations []GroupMembershipOperation) error { func UpdateGroup(ctx context.Context, c *api.Client, groupID, name string, operations []GroupMembershipOperation) error {
// for some reason the groups index api call does not give back the groups_users even though it is supposed to, so i have to do this... // for some reason the groups index api call does not give back the groups_users even though it is supposed to, so i have to do this...
groups, err := c.GetGroups(ctx, &api.GetGroupsOptions{ groups, err := c.GetGroups(ctx, &api.GetGroupsOptions{
ContainGroupsUsers: true, ContainGroupUser: true,
}) })
if err != nil { if err != nil {
return fmt.Errorf("Getting Groups: %w", err) return fmt.Errorf("Getting Groups: %w", err)
} }
var currentMemberships []api.GroupMembership var currentMemberships []api.GroupMembership
var currentName string
for _, g := range groups { for _, g := range groups {
if g.ID == groupID { if g.ID == groupID {
currentMemberships = g.GroupUsers currentMemberships = g.GroupUsers
currentName = g.Name
break break
} }
} }
@ -104,10 +93,6 @@ func UpdateGroup(ctx context.Context, c *api.Client, groupID, name string, opera
Secrets: []api.Secret{}, Secrets: []api.Secret{},
} }
if name == "" {
request.Name = currentName
}
// Generate Group Membership changes based on current Group Memberships // Generate Group Membership changes based on current Group Memberships
for _, operation := range operations { for _, operation := range operations {
membership, err := getMembershipByUserID(currentMemberships, operation.UserID) membership, err := getMembershipByUserID(currentMemberships, operation.UserID)
@ -122,9 +107,6 @@ func UpdateGroup(ctx context.Context, c *api.Client, groupID, name string, opera
}) })
} else { } else {
// Membership Exists so we can modify or delete it // Membership Exists so we can modify or delete it
if !operation.Delete && membership.IsAdmin == operation.IsGroupManager {
return fmt.Errorf("Membership for User %v already Exists with Same Role", operation.UserID)
}
request.GroupChanges = append(request.GroupChanges, api.GroupMembership{ request.GroupChanges = append(request.GroupChanges, api.GroupMembership{
ID: membership.ID, ID: membership.ID,
IsAdmin: operation.IsGroupManager, IsAdmin: operation.IsGroupManager,

54
helper/mfa.go
View file

@ -1,54 +0,0 @@
package helper
import (
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
"time"
"github.com/passbolt/go-passbolt/api"
)
// AddMFACallbackTOTP adds a MFA callback to the client that generates OTP Codes on demand using a Token with configurable retries and delay
func AddMFACallbackTOTP(c *api.Client, retrys uint, retryDelay, offset time.Duration, token string) {
c.MFACallback = func(ctx context.Context, c *api.Client, res *api.APIResponse) (http.Cookie, error) {
challenge := api.MFAChallenge{}
err := json.Unmarshal(res.Body, &challenge)
if err != nil {
return http.Cookie{}, fmt.Errorf("Parsing MFA Challenge")
}
if challenge.Provider.TOTP == "" {
return http.Cookie{}, fmt.Errorf("Server Provided no TOTP Provider")
}
for i := uint(0); i < retrys+1; i++ {
var code string
code, err = GenerateOTPCode(token, time.Now().Add(offset))
if err != nil {
return http.Cookie{}, fmt.Errorf("Error Generating MFA Code: %w", err)
}
req := api.MFAChallengeResponse{
TOTP: code,
}
var raw *http.Response
raw, _, err = c.DoCustomRequestAndReturnRawResponse(ctx, "POST", "mfa/verify/totp.json", "v2", req, nil)
if err != nil {
if errors.Unwrap(err) != api.ErrAPIResponseErrorStatusCode {
return http.Cookie{}, fmt.Errorf("Doing MFA Challenge Response: %w", err)
}
// MFA failed, so lets wait just let the loop try again
time.Sleep(retryDelay)
} else {
// MFA worked so lets find the cookie and return it
for _, cookie := range raw.Cookies() {
if cookie.Name == "passbolt_mfa" {
return *cookie, nil
}
}
return http.Cookie{}, fmt.Errorf("Unable to find Passbolt MFA Cookie")
}
}
return http.Cookie{}, fmt.Errorf("Failed MFA Challenge 3 times: %w", err)
}
}

30
helper/resource_test.go
View file

@ -1,30 +0,0 @@
package helper
import (
"context"
"testing"
)
func TestResourceCreate(t *testing.T) {
id, err := CreateResource(context.TODO(), client, "", "name", "username", "https://url.lan", "password123", "a password description")
if err != nil {
t.Fatalf("Creating Resource %v", err)
}
_, name, username, uri, password, description, err := GetResource(context.TODO(), client, id)
if err != nil {
t.Fatalf("Getting Resource %v", err)
}
equal(t, "Name", name, "name")
equal(t, "Username", username, "username")
equal(t, "URI", uri, "https://url.lan")
equal(t, "Password", password, "password123")
equal(t, "Description", description, "a password description")
}
func equal(t *testing.T, name, a, b string) {
if a != b {
t.Fatalf("Value %v is %v instead of %v", name, a, b)
}
}

146
helper/resources.go
View file

@ -5,7 +5,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
) )
// CreateResource Creates a Resource where the Password and Description are Encrypted and Returns the Resources ID // CreateResource Creates a Resource where the Password and Description are Encrypted and Returns the Resources ID
@ -18,7 +18,6 @@ func CreateResource(ctx context.Context, c *api.Client, folderParentID, name, us
for _, tmp := range types { for _, tmp := range types {
if tmp.Slug == "password-and-description" { if tmp.Slug == "password-and-description" {
rType = &tmp rType = &tmp
break
} }
} }
if rType == nil { if rType == nil {
@ -42,11 +41,6 @@ func CreateResource(ctx context.Context, c *api.Client, folderParentID, name, us
return "", fmt.Errorf("Marshalling Secret Data: %w", err) return "", fmt.Errorf("Marshalling Secret Data: %w", err)
} }
err = validateSecretData(rType, string(secretData))
if err != nil {
return "", fmt.Errorf("Validating Secret Data: %w", err)
}
encSecretData, err := c.EncryptMessage(string(secretData)) encSecretData, err := c.EncryptMessage(string(secretData))
if err != nil { if err != nil {
return "", fmt.Errorf("Encrypting Secret Data for User me: %w", err) return "", fmt.Errorf("Encrypting Secret Data for User me: %w", err)
@ -100,14 +94,8 @@ func GetResource(ctx context.Context, c *api.Client, resourceID string) (folderP
if err != nil { if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Getting Resource Secret: %w", err) return "", "", "", "", "", "", fmt.Errorf("Getting Resource Secret: %w", err)
} }
return GetResourceFromData(c, *resource, *secret, *rType)
}
// GetResourceFromData Decrypts Resources using only local data, the Resource object must inlude the secret
func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (folderParentID, name, username, uri, password, description string, err error) {
var pw string var pw string
var desc string var desc string
switch rType.Slug { switch rType.Slug {
case "password-string": case "password-string":
pw, err = c.DecryptMessage(secret.Data) pw, err = c.DecryptMessage(secret.Data)
@ -128,21 +116,6 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
} }
pw = secretData.Password pw = secretData.Password
desc = secretData.Description desc = secretData.Description
case "password-description-totp":
rawSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
}
var secretData api.SecretDataTypePasswordDescriptionTOTP
err = json.Unmarshal([]byte(rawSecretData), &secretData)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
pw = secretData.Password
desc = secretData.Description
case "totp":
// nothing fits into the interface in this case
default: default:
return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug) return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
} }
@ -163,7 +136,7 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
} }
opts := &api.GetUsersOptions{ opts := &api.GetUsersOptions{
FilterHasAccess: []string{resourceID}, FilterHasAccess: resourceID,
} }
users, err := c.GetUsers(ctx, opts) users, err := c.GetUsers(ctx, opts)
if err != nil { if err != nil {
@ -174,127 +147,30 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
ID: resourceID, ID: resourceID,
// This needs to be specified or it will revert to a legacy password // This needs to be specified or it will revert to a legacy password
ResourceTypeID: resource.ResourceTypeID, ResourceTypeID: resource.ResourceTypeID,
Name: resource.Name, Name: name,
Username: resource.Username, Username: username,
URI: resource.URI, URI: uri,
}
if name != "" {
newResource.Name = name
}
if username != "" {
newResource.Username = username
}
if uri != "" {
newResource.URI = uri
} }
var secretData string var secretData string
switch rType.Slug { switch rType.Slug {
case "password-string": case "password-string":
newResource.Description = resource.Description
if description != "" {
newResource.Description = description newResource.Description = description
}
if password != "" {
secretData = password secretData = password
} else {
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
secretData, err = c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
}
case "password-and-description": case "password-and-description":
tmp := api.SecretDataTypePasswordAndDescription{ tmp := api.SecretDataTypePasswordAndDescription{
Password: password, Password: password,
Description: description, Description: description,
} }
if password != "" || description != "" {
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
oldSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
var oldSecret api.SecretDataTypePasswordAndDescription
err = json.Unmarshal([]byte(oldSecretData), &oldSecret)
if err != nil {
return fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
if password == "" {
tmp.Password = oldSecret.Password
}
if description == "" {
tmp.Description = oldSecret.Description
}
}
res, err := json.Marshal(&tmp) res, err := json.Marshal(&tmp)
if err != nil { if err != nil {
return fmt.Errorf("Marshalling Secret Data: %w", err) return fmt.Errorf("Marshalling Secret Data: %w", err)
} }
secretData = string(res) secretData = string(res)
case "password-description-totp":
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
oldSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
var oldSecret api.SecretDataTypePasswordDescriptionTOTP
err = json.Unmarshal([]byte(oldSecretData), &secretData)
if err != nil {
return fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
if password != "" {
oldSecret.Password = password
}
if description != "" {
oldSecret.Description = description
}
res, err := json.Marshal(&oldSecret)
if err != nil {
return fmt.Errorf("Marshalling Secret Data: %w", err)
}
secretData = string(res)
case "totp":
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
oldSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
var oldSecret api.SecretDataTypeTOTP
err = json.Unmarshal([]byte(oldSecretData), &secretData)
if err != nil {
return fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
// since we don't have totp parameters we don't do anything
res, err := json.Marshal(&oldSecret)
if err != nil {
return fmt.Errorf("Marshalling Secret Data: %w", err)
}
secretData = string(res)
default: default:
return fmt.Errorf("Unknown ResourceType: %v", rType.Slug) return fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
} }
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
newResource.Secrets = []api.Secret{} newResource.Secrets = []api.Secret{}
for _, user := range users { for _, user := range users {
var encSecretData string var encSecretData string
@ -325,18 +201,10 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
// DeleteResource Deletes a Resource // DeleteResource Deletes a Resource
func DeleteResource(ctx context.Context, c *api.Client, resourceID string) error { func DeleteResource(ctx context.Context, c *api.Client, resourceID string) error {
err := c.DeleteResource(ctx, resourceID) return c.DeleteResource(ctx, resourceID)
if err != nil {
return fmt.Errorf("Deleting Resource: %w", err)
}
return nil
} }
// MoveResource Moves a Resource into a Folder // MoveResource Moves a Resource into a Folder
func MoveResource(ctx context.Context, c *api.Client, resourceID, folderParentID string) error { func MoveResource(ctx context.Context, c *api.Client, resourceID, folderParentID string) error {
err := c.MoveResource(ctx, resourceID, folderParentID) return c.MoveResource(ctx, resourceID, folderParentID)
if err != nil {
return fmt.Errorf("Moveing Resource: %w", err)
}
return err
} }

66
helper/setup.go
View file

@ -1,66 +0,0 @@
package helper
import (
"context"
"fmt"
"strings"
"github.com/passbolt/go-passbolt/api"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/ProtonMail/gopenpgp/v2/helper"
)
// ParseInviteUrl Parses a Passbolt Invite URL into a user id and token
func ParseInviteUrl(url string) (string, string, error) {
split := strings.Split(url, "/")
if len(split) < 4 {
return "", "", fmt.Errorf("Invite URL does not have enough slashes")
}
return split[len(split)-2], strings.TrimSuffix(split[len(split)-1], ".json"), nil
}
// SetupAccount Setup a Account for a Invited User.
// (Use ParseInviteUrl to get the userid and token from a Invite URL)
func SetupAccount(ctx context.Context, c *api.Client, userID, token, password string) (string, error) {
install, err := c.SetupInstall(ctx, userID, token)
if err != nil {
return "", fmt.Errorf("Get Setup Install Data: %w", err)
}
keyName := install.Profile.FirstName + " " + install.Profile.LastName + " " + install.Username
privateKey, err := helper.GenerateKey(keyName, install.Username, []byte(password), "rsa", 4096)
if err != nil {
return "", fmt.Errorf("Generating Private Key: %w", err)
}
key, err := crypto.NewKeyFromArmoredReader(strings.NewReader(privateKey))
if err != nil {
return "", fmt.Errorf("Reading Private Key: %w", err)
}
publicKey, err := key.GetArmoredPublicKey()
if err != nil {
return "", fmt.Errorf("Get Public Key: %w", err)
}
request := api.SetupCompleteRequest{
AuthenticationToken: api.AuthenticationToken{
Token: token,
},
User: api.User{
Locale: api.UserLocaleENUK,
},
GPGKey: api.GPGKey{
ArmoredKey: publicKey,
},
}
err = c.SetupComplete(ctx, userID, request)
if err != nil {
return "", fmt.Errorf("Setup Completion Failed: %w", err)
}
return privateKey, nil
}

60
helper/setup_test.go
View file

@ -1,60 +0,0 @@
package helper
import (
"context"
"crypto/tls"
"fmt"
"net/http"
"os"
"testing"
"github.com/passbolt/go-passbolt/api"
)
var client *api.Client
func TestMain(m *testing.M) {
url := os.Getenv("REG_URL")
fmt.Printf("Registering with url: %v\n", url)
userID, token, err := ParseInviteUrl(url)
if err != nil {
panic(fmt.Errorf("Unable to Parse Invite URL: %w", err))
}
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
hc := &http.Client{Transport: tr}
rc, err := api.NewClient(hc, "", "https://localhost", "", "")
if err != nil {
panic(fmt.Errorf("Creating Registration Client: %w", err))
}
// Debug Output
rc.Debug = true
ctx := context.TODO()
privkey, err := SetupAccount(ctx, rc, userID, token, "password123")
if err != nil {
panic(fmt.Errorf("Setup Account: %w", err))
}
c, err := api.NewClient(hc, "", "https://localhost", privkey, "password123")
if err != nil {
panic(fmt.Errorf("Setup Client: %w", err))
}
// Debug Output
c.Debug = true
c.Login(ctx)
if err != nil {
panic(fmt.Errorf("Login Client: %w", err))
}
client = c
os.Exit(m.Run())
}

25
helper/share.go
View file

@ -4,7 +4,7 @@ import (
"context" "context"
"fmt" "fmt"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
) )
// ShareOperation defines how Resources are to be Shared With Users/Groups // ShareOperation defines how Resources are to be Shared With Users/Groups
@ -63,22 +63,6 @@ func ShareResource(ctx context.Context, c *api.Client, resourceID string, change
return fmt.Errorf("Decrypting Resource Secret: %w", err) return fmt.Errorf("Decrypting Resource Secret: %w", err)
} }
// Secret Validation
resource, err := c.GetResource(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Resource: %w", err)
}
rType, err := c.GetResourceType(ctx, resource.ResourceTypeID)
if err != nil {
return fmt.Errorf("Getting ResourceType: %w", err)
}
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
simulationResult, err := c.SimulateShareResource(ctx, resourceID, shareRequest) simulationResult, err := c.SimulateShareResource(ctx, resourceID, shareRequest)
if err != nil { if err != nil {
return fmt.Errorf("Simulate Share Resource: %w", err) return fmt.Errorf("Simulate Share Resource: %w", err)
@ -142,14 +126,12 @@ func ShareFolderWithUsersAndGroups(ctx context.Context, c *api.Client, folderID
// ShareFolder Shares a Folder as Specified in the Passed ShareOperation Struct Slice. // ShareFolder Shares a Folder as Specified in the Passed ShareOperation Struct Slice.
// Note Resources Permissions in the Folder are not Adjusted // Note Resources Permissions in the Folder are not Adjusted
func ShareFolder(ctx context.Context, c *api.Client, folderID string, changes []ShareOperation) error { func ShareFolder(ctx context.Context, c *api.Client, folderID string, changes []ShareOperation) error {
oldFolder, err := c.GetFolder(ctx, folderID, &api.GetFolderOptions{ oldPermissions, err := c.GetFolderPermissions(ctx, folderID)
ContainPermissions: true,
})
if err != nil { if err != nil {
return fmt.Errorf("Getting Folder Permissions: %w", err) return fmt.Errorf("Getting Folder Permissions: %w", err)
} }
permissionChanges, err := GeneratePermissionChanges(oldFolder.Permissions, changes) permissionChanges, err := GeneratePermissionChanges(oldPermissions, changes)
if err != nil { if err != nil {
return fmt.Errorf("Generating Folder Permission Changes: %w", err) return fmt.Errorf("Generating Folder Permission Changes: %w", err)
} }
@ -186,7 +168,6 @@ func GeneratePermissionChanges(oldPermissions []api.Permission, changes []ShareO
for _, oldPerm := range oldPermissions { for _, oldPerm := range oldPermissions {
if oldPerm.ARO == change.ARO && oldPerm.AROForeignKey == change.AROID { if oldPerm.ARO == change.ARO && oldPerm.AROForeignKey == change.AROID {
oldPermission = &oldPerm oldPermission = &oldPerm
break
} }
} }
// Check Whether Matching Permission Already Exists and needs to be adjusted or is a new one can be created // Check Whether Matching Permission Already Exists and needs to be adjusted or is a new one can be created

63
helper/totp.go
View file

@ -1,63 +0,0 @@
package helper
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base32"
"encoding/binary"
"fmt"
"math"
"strings"
"time"
)
const (
mask1 = 0xf
mask2 = 0x7f
mask3 = 0xff
timeSplitInSeconds = 30
shift24 = 24
shift16 = 16
shift8 = 8
codeLength = 6
)
// GenerateOTPCode generates a 6 digit TOTP from the secret Token.
func GenerateOTPCode(token string, when time.Time) (string, error) {
timer := uint64(math.Floor(float64(when.Unix()) / float64(timeSplitInSeconds)))
// Remove spaces, some providers are giving us in a readable format
// so they add spaces in there. If it's not removed while pasting in,
// remove it now.
token = strings.Replace(token, " ", "", -1)
// It should be uppercase always
token = strings.ToUpper(token)
// Remove all the extra "=" padding at the end
token = strings.TrimRight(token, "=")
secretBytes, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(token)
if err != nil {
return "", fmt.Errorf("Decoding token string: %w", err)
}
buf := make([]byte, 8)
mac := hmac.New(sha1.New, secretBytes)
binary.BigEndian.PutUint64(buf, timer)
_, _ = mac.Write(buf)
sum := mac.Sum(nil)
// http://tools.ietf.org/html/rfc4226#section-5.4
offset := sum[len(sum)-1] & mask1
value := int64(((int(sum[offset]) & mask2) << shift24) |
((int(sum[offset+1] & mask3)) << shift16) |
((int(sum[offset+2] & mask3)) << shift8) |
(int(sum[offset+3]) & mask3))
modulo := int32(value % int64(math.Pow10(codeLength)))
format := fmt.Sprintf("%%0%dd", codeLength)
return fmt.Sprintf(format, modulo), nil
}

36
helper/totp_test.go
View file

@ -1,36 +0,0 @@
package helper
import (
"testing"
"time"
)
var testCases = []struct {
description string
token string
expectErr bool
}{
{"generates otpcode from token with padding", "PGWXXL7B66MMSRBAWSKEKIYD3P675KRJ===", false},
{"generates otpcode from token without padding", "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP", false},
{"invalid token format", "INVALIDTOKEN123", true},
}
func TestGenerateOTPCode(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
code, err := GenerateOTPCode(tc.token, time.Now())
if tc.expectErr {
if err == nil {
t.Errorf("Expected error for input '%s', but got none", tc.token)
}
} else {
if err != nil {
t.Errorf("GenerateOTPCode returned an error: %s", err.Error())
} else if len(code) != 6 {
t.Errorf("Expected 6-digit OTP, got: %s", code)
}
}
})
}
}

109
helper/user.go
View file

@ -1,109 +0,0 @@
package helper
import (
"context"
"fmt"
"github.com/passbolt/go-passbolt/api"
)
// CreateUser Creates a new User
func CreateUser(ctx context.Context, c *api.Client, role, username, firstname, lastname string) (string, error) {
roles, err := c.GetRoles(ctx)
if err != nil {
return "", fmt.Errorf("Get Role: %w", err)
}
roleID := ""
for _, r := range roles {
if r.Name == role {
roleID = r.ID
break
}
}
if roleID == "" {
return "", fmt.Errorf("Cannot Find Role: %v", role)
}
u, err := c.CreateUser(ctx, api.User{
Username: username,
Profile: &api.Profile{
FirstName: firstname,
LastName: lastname,
},
RoleID: roleID,
})
if err != nil {
return "", fmt.Errorf("Creating User: %w", err)
}
return u.ID, nil
}
// GetUser Gets a User
func GetUser(ctx context.Context, c *api.Client, userID string) (string, string, string, string, error) {
u, err := c.GetUser(ctx, userID)
if err != nil {
return "", "", "", "", fmt.Errorf("Getting User: %w", err)
}
return u.Role.Name, u.Username, u.Profile.FirstName, u.Profile.LastName, nil
}
// UpdateUser Updates a User
func UpdateUser(ctx context.Context, c *api.Client, userID, role, firstname, lastname string) error {
user, err := c.GetUser(ctx, userID)
if err != nil {
return fmt.Errorf("Getting User: %w", err)
}
new := api.User{
Profile: &api.Profile{
FirstName: user.Profile.FirstName,
LastName: user.Profile.LastName,
},
}
if role != "" {
roles, err := c.GetRoles(ctx)
if err != nil {
return fmt.Errorf("Get Role: %w", err)
}
roleID := ""
for _, r := range roles {
if r.Name == role {
roleID = r.ID
break
}
}
if roleID == "" {
return fmt.Errorf("Cannot Find Role %v", role)
}
new.RoleID = roleID
}
if firstname != "" {
new.Profile.FirstName = firstname
}
if lastname != "" {
new.Profile.LastName = lastname
}
_, err = c.UpdateUser(ctx, userID, new)
if err != nil {
return fmt.Errorf("Updating User: %w", err)
}
return nil
}
// DeleteUser Deletes a User
func DeleteUser(ctx context.Context, c *api.Client, userID string) error {
err := c.DeleteUser(ctx, userID)
if err != nil {
return fmt.Errorf("Deleting User: %w", err)
}
return nil
}

47
helper/util.go
View file

@ -1,13 +1,9 @@
package helper package helper
import ( import (
"bytes"
"encoding/json"
"fmt" "fmt"
"strings"
"github.com/passbolt/go-passbolt/api" "github.com/speatzle/go-passbolt/api"
"github.com/santhosh-tekuri/jsonschema"
) )
func getPublicKeyByUserID(userID string, Users []api.User) (string, error) { func getPublicKeyByUserID(userID string, Users []api.User) (string, error) {
@ -36,44 +32,3 @@ func getSecretByResourceID(secrets []api.Secret, resourceID string) (*api.Secret
} }
return nil, fmt.Errorf("Cannot Find Secret for id %v", resourceID) return nil, fmt.Errorf("Cannot Find Secret for id %v", resourceID)
} }
func validateSecretData(rType *api.ResourceType, secretData string) error {
var schemaDefinition api.ResourceTypeSchema
err := json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
if err != nil {
// Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string
if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" {
var tmp string
err = json.Unmarshal([]byte(rType.Definition), &tmp)
if err != nil {
return fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
}
err = json.Unmarshal([]byte(tmp), &schemaDefinition)
if err != nil {
return fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
}
} else {
return fmt.Errorf("Unmarshal Json Schema: %w", err)
}
}
comp := jsonschema.NewCompiler()
err = comp.AddResource("secret.json", bytes.NewReader(schemaDefinition.Secret))
if err != nil {
return fmt.Errorf("Adding Json Schema: %w", err)
}
schema, err := comp.Compile("secret.json")
if err != nil {
return fmt.Errorf("Compiling Json Schema: %w", err)
}
err = schema.Validate(strings.NewReader(secretData))
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
return nil
}