speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-11 18:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: speatzle:v0.6.1
Branches Tags
speatzle:main
speatzle:v5-metadata-decryption
speatzle:v5
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1
...
compare: speatzle:main
Branches Tags
speatzle:v5-metadata-decryption
speatzle:v5
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:main
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1

18 commits
v0.6.1 ... main

Author SHA1 Message Date
Samuel Lorch
b919c3e09d
Merge pull request #25 from passbolt/update-dep
Some checks failed
Go / test (push) Has been cancelled
Details 
update deps
 2025-03-04 16:55:47 +01:00
Samuel Lorch
3762c5e278 update deps 2025-03-02 22:59:35 +01:00
Samuel Lorch
26942f22d1
Merge pull request #24 from Nelwhix/extra-padding-fix
Some checks failed
Go / test (push) Has been cancelled
Details 
fix: correctly generates otp code from token with extra padding
 2025-03-02 22:45:28 +01:00
Nelson Isioma
c1904ca20a fix: correctly generates otp code from token with extra padding 2025-02-23 13:47:41 +01:00
Samuel Lorch
ddaa090bc7
Merge pull request #22 from passbolt/fix-deps
Some checks failed
Go / test (push) Has been cancelled
Details 
update deps
 2024-08-13 11:58:48 +02:00
Samuel Lorch
c86afac97c go mod tidy 2024-08-13 11:47:33 +02:00
Samuel Lorch
2b3bb48385 update deps 2024-08-13 11:34:35 +02:00
Samuel Lorch
83ba14250b
Merge pull request #20 from passbolt/fix_mfa_detection 
Fix MFA detection with custom APP_BASE
 2024-08-13 11:27:43 +02:00
Samuel Lorch
390b7be866 Fix MFA detection with custom APP_BASE 2024-08-13 11:25:34 +02:00
Samuel Lorch
aaf7213315
Merge pull request #21 from passbolt/fix-ci-docker 
Fix ci docker compose command
 2024-08-13 11:18:37 +02:00
Samuel Lorch
1bbe7dc952 Update Docker Container Name 2024-08-13 11:16:30 +02:00
Samuel Lorch
1499a80625 Update docker compose command 2024-08-13 11:11:42 +02:00
Samuel Lorch
e13f484bcb Add Workaround for inconsistent API Response 2023-11-24 13:32:47 +01:00
Samuel Lorch
360cc3748e Enable Debug Output for tests 2023-11-24 11:28:38 +01:00
Samuel Lorch
a6a98a6887 fix ci 2023-11-24 11:18:19 +01:00
Samuel Lorch
8dbb07720d Add totp and password-description-totp Support 2023-11-24 11:08:49 +01:00
Samuel Lorch
605db2b047 Add Secret Json Schema Validation 2023-11-24 11:07:38 +01:00
Samuel Lorch
adaffbce7e update deps 2023-11-24 11:03:35 +01:00
12 changed files with 247 additions and 56 deletions
Show stats Expand all files Collapse all files

8
.github/workflows/.go.yml vendored
View file

@ -13,17 +13,17 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.17
go-version: 1.23
- name: "Setup Passbolt"
run: |
git clone https://github.com/passbolt/passbolt_docker.git ../passbolt_docker
cd ../passbolt_docker
docker-compose -f docker-compose/docker-compose-ce.yaml up -d
docker compose -f docker-compose/docker-compose-ce.yaml up -d
docker ps -a
- name: "Test"
run: |
docker exec docker-compose_passbolt_1 sh -c '/usr/bin/wait-for.sh -t 30 localhost:443'
output=$(docker exec docker-compose_passbolt_1 sh -c 'su -m -c "/usr/share/php/passbolt/bin/cake \
docker exec docker-compose-passbolt-1 sh -c '/usr/bin/wait-for.sh -t 30 localhost:443'
output=$(docker exec docker-compose-passbolt-1 sh -c 'su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u your@email.com \
-f yourname \

3
api/api.go
View file

@ -5,6 +5,7 @@ import (
"encoding/json"
"fmt"
"net/http"
"strings"
)
// APIResponse is the Struct representation of a Json Response
@ -62,7 +63,7 @@ start:
if res.Header.Status == "success" {
return r, &res, nil
} else if res.Header.Status == "error" {
if res.Header.Code == 403 && res.Header.URL == "/mfa/verify/error.json" {
if res.Header.Code == 403 && strings.HasSuffix(res.Header.URL, "/mfa/verify/error.json") {
if !firstTime {
// if we are here this probably means that the MFA callback is broken, to prevent a infinite loop lets error here
return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:")

7
api/resource_types.go
View file

@ -6,7 +6,7 @@ import (
"fmt"
)
//ResourceType is the Type of a Resource
// ResourceType is the Type of a Resource
type ResourceType struct {
ID string `json:"id,omitempty"`
Slug string `json:"slug,omitempty"`
@ -16,6 +16,11 @@ type ResourceType struct {
Modified *Time `json:"modified,omitempty"`
}
type ResourceTypeSchema struct {
Resource json.RawMessage `json:"resource"`
Secret json.RawMessage `json:"secret"`
}
// GetResourceTypesOptions is a placeholder for future options
type GetResourceTypesOptions struct {
}

19
api/secrets.go
View file

@ -22,6 +22,25 @@ type SecretDataTypePasswordAndDescription struct {
Description string `json:"description,omitempty"`
}
type SecretDataTOTP struct {
Algorithm string `json:"algorithm"`
SecretKey string `json:"secret_key"`
Digits int `json:"digits"`
Period int `json:"period"`
}
// SecretDataTypeTOTP is the format a secret of resource type "totp" is stored in
type SecretDataTypeTOTP struct {
TOTP SecretDataTOTP `json:"totp"`
}
// SecretDataTypePasswordDescriptionTOTP is the format a secret of resource type "password-description-totp" is stored in
type SecretDataTypePasswordDescriptionTOTP struct {
Password string `json:"password"`
Description string `json:"description,omitempty"`
TOTP SecretDataTOTP `json:"totp"`
}
// GetSecret gets a Passbolt Secret
func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) {
err := checkUUIDFormat(resourceID)

18
go.mod
View file

@ -1,20 +1,20 @@
module github.com/passbolt/go-passbolt
go 1.18
go 1.23.0
require (
github.com/ProtonMail/gopenpgp/v2 v2.7.2
github.com/ProtonMail/gopenpgp/v2 v2.8.3
github.com/google/go-querystring v1.1.0
github.com/google/uuid v1.3.0
github.com/google/uuid v1.6.0
github.com/santhosh-tekuri/jsonschema v1.2.4
)
require (
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ProtonMail/go-crypto v1.1.6 // indirect
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/cloudflare/circl v1.6.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/stretchr/testify v1.7.0 // indirect
golang.org/x/crypto v0.12.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/text v0.12.0 // indirect
golang.org/x/crypto v0.35.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/text v0.22.0 // indirect
)

70
go.sum
View file

@ -1,23 +1,21 @@
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/ProtonMail/go-mime v0.0.0-20221031134845-8fd9bc37cf08 h1:dS7r5z4iGS0qCjM7UwWdsEMzQesUQbGcXdSm2/tWboA=
github.com/ProtonMail/go-mime v0.0.0-20221031134845-8fd9bc37cf08/go.mod h1:qRZgbeASl2a9OwmsV85aWwRqic0NHPh+9ewGAzb4cgM=
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
github.com/ProtonMail/gopenpgp/v2 v2.5.0 h1:L+98m3xj/YerdWqpWNkZmwNjg1Bs0lKRGQyuONjOImw=
github.com/ProtonMail/gopenpgp/v2 v2.5.0/go.mod h1:N+W/oc/o6yqdevBw8vpgZ3JMyaMA/IwQIdnaGLCoA+w=
github.com/ProtonMail/gopenpgp/v2 v2.7.2 h1:mIwxSUPezxNYq0RA5106VPWyKC+Ly3FvBUnBJh/7GWw=
github.com/ProtonMail/gopenpgp/v2 v2.7.2/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA=
github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/ProtonMail/gopenpgp/v2 v2.8.3 h1:1jHlELwCR00qovx2B50DkL/FjYwt/P91RnlsqeOp2Hs=
github.com/ProtonMail/gopenpgp/v2 v2.8.3/go.mod h1:LiuOTbnJit8w9ZzOoLscj0kmdALY7hfoCVh5Qlb0bcg=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
github.com/cloudflare/circl v1.3.1 h1:4OVCZRL62ijwEwxnF6I7hLwxvIYi3VaZt8TflkqtrtA=
github.com/cloudflare/circl v1.3.1/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -25,34 +23,28 @@ github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis=
github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@ -63,43 +55,39 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

72
helper/resources.go
View file

@ -42,6 +42,11 @@ func CreateResource(ctx context.Context, c *api.Client, folderParentID, name, us
return "", fmt.Errorf("Marshalling Secret Data: %w", err)
}
err = validateSecretData(rType, string(secretData))
if err != nil {
return "", fmt.Errorf("Validating Secret Data: %w", err)
}
encSecretData, err := c.EncryptMessage(string(secretData))
if err != nil {
return "", fmt.Errorf("Encrypting Secret Data for User me: %w", err)
@ -123,6 +128,21 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
}
pw = secretData.Password
desc = secretData.Description
case "password-description-totp":
rawSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
}
var secretData api.SecretDataTypePasswordDescriptionTOTP
err = json.Unmarshal([]byte(rawSecretData), &secretData)
if err != nil {
return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
pw = secretData.Password
desc = secretData.Description
case "totp":
// nothing fits into the interface in this case
default:
return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
}
@ -219,10 +239,62 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
return fmt.Errorf("Marshalling Secret Data: %w", err)
}
secretData = string(res)
case "password-description-totp":
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
oldSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
var oldSecret api.SecretDataTypePasswordDescriptionTOTP
err = json.Unmarshal([]byte(oldSecretData), &secretData)
if err != nil {
return fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
if password != "" {
oldSecret.Password = password
}
if description != "" {
oldSecret.Description = description
}
res, err := json.Marshal(&oldSecret)
if err != nil {
return fmt.Errorf("Marshalling Secret Data: %w", err)
}
secretData = string(res)
case "totp":
secret, err := c.GetSecret(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Secret: %w", err)
}
oldSecretData, err := c.DecryptMessage(secret.Data)
if err != nil {
return fmt.Errorf("Decrypting Secret: %w", err)
}
var oldSecret api.SecretDataTypeTOTP
err = json.Unmarshal([]byte(oldSecretData), &secretData)
if err != nil {
return fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
}
// since we don't have totp parameters we don't do anything
res, err := json.Marshal(&oldSecret)
if err != nil {
return fmt.Errorf("Marshalling Secret Data: %w", err)
}
secretData = string(res)
default:
return fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
}
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
newResource.Secrets = []api.Secret{}
for _, user := range users {
var encSecretData string

6
helper/setup_test.go
View file

@ -31,6 +31,9 @@ func TestMain(m *testing.M) {
panic(fmt.Errorf("Creating Registration Client: %w", err))
}
// Debug Output
rc.Debug = true
ctx := context.TODO()
privkey, err := SetupAccount(ctx, rc, userID, token, "password123")
@ -43,6 +46,9 @@ func TestMain(m *testing.M) {
panic(fmt.Errorf("Setup Client: %w", err))
}
// Debug Output
c.Debug = true
c.Login(ctx)
if err != nil {
panic(fmt.Errorf("Login Client: %w", err))

16
helper/share.go
View file

@ -63,6 +63,22 @@ func ShareResource(ctx context.Context, c *api.Client, resourceID string, change
return fmt.Errorf("Decrypting Resource Secret: %w", err)
}
// Secret Validation
resource, err := c.GetResource(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Resource: %w", err)
}
rType, err := c.GetResourceType(ctx, resource.ResourceTypeID)
if err != nil {
return fmt.Errorf("Getting ResourceType: %w", err)
}
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
simulationResult, err := c.SimulateShareResource(ctx, resourceID, shareRequest)
if err != nil {
return fmt.Errorf("Simulate Share Resource: %w", err)

3
helper/totp.go
View file

@ -33,6 +33,9 @@ func GenerateOTPCode(token string, when time.Time) (string, error) {
// It should be uppercase always
token = strings.ToUpper(token)
// Remove all the extra "=" padding at the end
token = strings.TrimRight(token, "=")
secretBytes, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(token)
if err != nil {
return "", fmt.Errorf("Decoding token string: %w", err)

36
helper/totp_test.go Normal file
View file

@ -0,0 +1,36 @@
package helper
import (
"testing"
"time"
)
var testCases = []struct {
description string
token string
expectErr bool
}{
{"generates otpcode from token with padding", "PGWXXL7B66MMSRBAWSKEKIYD3P675KRJ===", false},
{"generates otpcode from token without padding", "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP", false},
{"invalid token format", "INVALIDTOKEN123", true},
}
func TestGenerateOTPCode(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
code, err := GenerateOTPCode(tc.token, time.Now())
if tc.expectErr {
if err == nil {
t.Errorf("Expected error for input '%s', but got none", tc.token)
}
} else {
if err != nil {
t.Errorf("GenerateOTPCode returned an error: %s", err.Error())
} else if len(code) != 6 {
t.Errorf("Expected 6-digit OTP, got: %s", code)
}
}
})
}
}

45
helper/util.go
View file

@ -1,9 +1,13 @@
package helper
import (
"bytes"
"encoding/json"
"fmt"
"strings"
"github.com/passbolt/go-passbolt/api"
"github.com/santhosh-tekuri/jsonschema"
)
func getPublicKeyByUserID(userID string, Users []api.User) (string, error) {
@ -32,3 +36,44 @@ func getSecretByResourceID(secrets []api.Secret, resourceID string) (*api.Secret
}
return nil, fmt.Errorf("Cannot Find Secret for id %v", resourceID)
}
func validateSecretData(rType *api.ResourceType, secretData string) error {
var schemaDefinition api.ResourceTypeSchema
err := json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
if err != nil {
// Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string
if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" {
var tmp string
err = json.Unmarshal([]byte(rType.Definition), &tmp)
if err != nil {
return fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
}
err = json.Unmarshal([]byte(tmp), &schemaDefinition)
if err != nil {
return fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
}
} else {
return fmt.Errorf("Unmarshal Json Schema: %w", err)
}
}
comp := jsonschema.NewCompiler()
err = comp.AddResource("secret.json", bytes.NewReader(schemaDefinition.Secret))
if err != nil {
return fmt.Errorf("Adding Json Schema: %w", err)
}
schema, err := comp.Compile("secret.json")
if err != nil {
return fmt.Errorf("Compiling Json Schema: %w", err)
}
err = schema.Validate(strings.NewReader(secretData))
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
return nil
}