Improve support for YK5
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
IamTheFij 2021-01-18 21:00:56 -08:00
parent fc3e8a356b
commit f164b3a0af
3 changed files with 455 additions and 106 deletions

View File

@ -6,11 +6,11 @@
<string>com.iamthefij.alfred-yubico-auth</string>
<key>connections</key>
<dict>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<key>0149DE47-0232-434D-BB9E-B2C0B419A2E3</key>
<array>
<dict>
<key>destinationuid</key>
<string>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</string>
<string>55DFD4B6-922A-4259-8625-EC14889FBACD</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
@ -18,6 +18,22 @@
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</key>
<array>
<dict>
<key>destinationuid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<array>
<dict>
<key>destinationuid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
@ -30,19 +46,44 @@
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<array>
<dict>
<key>destinationuid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<string>0149DE47-0232-434D-BB9E-B2C0B419A2E3</string>
<key>modifiers</key>
<integer>1048576</integer>
<integer>0</integer>
<key>modifiersubtext</key>
<string>Paste token</string>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>55DFD4B6-922A-4259-8625-EC14889FBACD</key>
<array>
<dict>
<key>destinationuid</key>
<string>AD82ED59-033E-4860-B371-8128574E2FBC</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<array>
<dict>
<key>destinationuid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
@ -53,6 +94,16 @@
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</string>
<key>modifiers</key>
<integer>1048576</integer>
<key>modifiersubtext</key>
<string>Paste code</string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</key>
<array>
@ -71,7 +122,32 @@
<array>
<dict>
<key>destinationuid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<string>DA99BA2E-7234-491D-BD0F-044151FA98E2</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>AD82ED59-033E-4860-B371-8128574E2FBC</key>
<array>
<dict>
<key>destinationuid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
@ -106,6 +182,31 @@
<false/>
</dict>
</array>
<key>DA99BA2E-7234-491D-BD0F-044151FA98E2</key>
<array>
<dict>
<key>destinationuid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>E86DC7C1-35C1-4BA9-8B33-A95DE7082F7E</key>
<array>
<dict>
@ -146,21 +247,46 @@
<dict>
<key>config</key>
<dict>
<key>autopaste</key>
<true/>
<key>clipboardtext</key>
<string>{query}</string>
<key>ignoredynamicplaceholders</key>
<key>lastpathcomponent</key>
<false/>
<key>transient</key>
<true/>
<key>onlyshowifquerypopulated</key>
<false/>
<key>removeextension</key>
<false/>
<key>text</key>
<string>Password key is now stored in your keychain</string>
<key>title</key>
<string>Password saved</string>
</dict>
<key>type</key>
<string>alfred.workflow.output.clipboard</string>
<string>alfred.workflow.output.notification</string>
<key>uid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<key>version</key>
<integer>3</integer>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>./alfred-yubico-auth -run-script set-password</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
@ -190,7 +316,7 @@
<key>runningsubtext</key>
<string></string>
<key>script</key>
<string>./alfred-yubico-auth</string>
<string>./alfred-yubico-auth list</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
@ -211,6 +337,105 @@
<key>version</key>
<integer>3</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:result}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>success</string>
<key>outputlabel</key>
<string>success</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>else</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>DA99BA2E-7234-491D-BD0F-044151FA98E2</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:action}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>set-password</string>
<key>outputlabel</key>
<string>Set password</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>else</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>argument</key>
<string>{query}</string>
<key>passthroughargument</key>
<false/>
<key>variables</key>
<dict>
<key>result_action</key>
<string>paste</string>
</dict>
</dict>
<key>type</key>
<string>alfred.workflow.utility.argument</string>
<key>uid</key>
<string>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>autopaste</key>
<true/>
<key>clipboardtext</key>
<string>{query}</string>
<key>ignoredynamicplaceholders</key>
<false/>
<key>transient</key>
<true/>
</dict>
<key>type</key>
<string>alfred.workflow.output.clipboard</string>
<key>uid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<key>version</key>
<integer>3</integer>
</dict>
<dict>
<key>config</key>
<dict>
@ -264,6 +489,61 @@
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:result_action}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>paste</string>
<key>outputlabel</key>
<string>paste</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>copy</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>AD82ED59-033E-4860-B371-8128574E2FBC</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>query=$1
./alfred-yubico-auth -run-script "$query"</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>0149DE47-0232-434D-BB9E-B2C0B419A2E3</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
<dict>
@ -311,15 +591,15 @@
<array>
<dict>
<key>inputstring</key>
<string>{var:action}</string>
<string>{var:result}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>set-password</string>
<string>success</string>
<key>outputlabel</key>
<string>Set password</string>
<string>success</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
@ -330,51 +610,28 @@
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<string>55DFD4B6-922A-4259-8625-EC14889FBACD</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>./alfred-yubico-auth set-password</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>lastpathcomponent</key>
<false/>
<key>onlyshowifquerypopulated</key>
<false/>
<true/>
<key>removeextension</key>
<false/>
<key>text</key>
<string>Password key is now stored in your keychain</string>
<string>{query}</string>
<key>title</key>
<string>Password saved</string>
<string>Alfred Yubikey Error</string>
</dict>
<key>type</key>
<string>alfred.workflow.output.notification</string>
<key>uid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>version</key>
<integer>1</integer>
</dict>
@ -383,75 +640,117 @@
<string></string>
<key>uidata</key>
<dict>
<key>0149DE47-0232-434D-BB9E-B2C0B419A2E3</key>
<dict>
<key>xpos</key>
<integer>180</integer>
<key>ypos</key>
<integer>305</integer>
</dict>
<key>0718204D-3398-4AEF-A621-DDDE1FC6ED75</key>
<dict>
<key>xpos</key>
<integer>990</integer>
<integer>1245</integer>
<key>ypos</key>
<integer>145</integer>
<integer>225</integer>
</dict>
<key>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</key>
<dict>
<key>xpos</key>
<integer>260</integer>
<key>ypos</key>
<integer>155</integer>
</dict>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<dict>
<key>xpos</key>
<integer>270</integer>
<integer>365</integer>
<key>ypos</key>
<integer>245</integer>
<integer>90</integer>
</dict>
<key>506787F2-9A61-492C-8C49-30EE04FB70BC</key>
<dict>
<key>xpos</key>
<integer>540</integer>
<key>ypos</key>
<integer>455</integer>
</dict>
<key>55DFD4B6-922A-4259-8625-EC14889FBACD</key>
<dict>
<key>xpos</key>
<integer>365</integer>
<key>ypos</key>
<integer>330</integer>
</dict>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<dict>
<key>xpos</key>
<integer>120</integer>
<integer>70</integer>
<key>ypos</key>
<integer>140</integer>
<integer>65</integer>
</dict>
<key>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</key>
<dict>
<key>xpos</key>
<integer>415</integer>
<integer>605</integer>
<key>ypos</key>
<integer>235</integer>
<integer>320</integer>
</dict>
<key>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</key>
<dict>
<key>xpos</key>
<integer>390</integer>
<integer>515</integer>
<key>ypos</key>
<integer>415</integer>
<integer>55</integer>
</dict>
<key>AD82ED59-033E-4860-B371-8128574E2FBC</key>
<dict>
<key>xpos</key>
<integer>485</integer>
<key>ypos</key>
<integer>285</integer>
</dict>
<key>BFB3A122-52BB-4FF1-B5B3-CECD42A730DB</key>
<dict>
<key>xpos</key>
<integer>810</integer>
<integer>1065</integer>
<key>ypos</key>
<integer>145</integer>
<integer>225</integer>
</dict>
<key>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</key>
<dict>
<key>xpos</key>
<integer>595</integer>
<integer>800</integer>
<key>ypos</key>
<integer>420</integer>
<integer>45</integer>
</dict>
<key>DA3E9CE8-7C4F-4B09-BFA5-F8CA83297968</key>
<dict>
<key>xpos</key>
<integer>590</integer>
<integer>780</integer>
<key>ypos</key>
<integer>235</integer>
<integer>320</integer>
</dict>
<key>DA99BA2E-7234-491D-BD0F-044151FA98E2</key>
<dict>
<key>xpos</key>
<integer>670</integer>
<key>ypos</key>
<integer>75</integer>
</dict>
<key>E86DC7C1-35C1-4BA9-8B33-A95DE7082F7E</key>
<dict>
<key>xpos</key>
<integer>730</integer>
<integer>985</integer>
<key>ypos</key>
<integer>175</integer>
<integer>255</integer>
</dict>
<key>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</key>
<dict>
<key>xpos</key>
<integer>455</integer>
<integer>605</integer>
<key>ypos</key>
<integer>60</integer>
<integer>185</integer>
</dict>
</dict>
<key>version</key>

116
main.go
View File

@ -1,20 +1,23 @@
package main
import (
"bytes"
"errors"
"flag"
"fmt"
"git.iamthefij.com/iamthefij/slog"
aw "github.com/deanishe/awgo"
"github.com/deanishe/awgo/util"
"github.com/yawn/ykoath"
"bytes"
)
var (
wf *aw.Workflow
oath *ykoath.OATH
keychainAccount = "yubico-auth-creds"
errIncorrectPassword = errors.New("incorrect password")
)
func init() {
@ -28,102 +31,149 @@ func main() {
func promptPassword() (string, error) {
out, err := util.Run("./password-prompt.js")
if err != nil {
return "", err
return "", fmt.Errorf("error reading password from prompt: %w", err)
}
out = bytes.TrimRight(out, "\n")
return string(out), nil
}
func setPassword(s *ykoath.Select) error {
passphrase, err := promptPassword()
if err != nil {
slog.Error("failed reading passphrase")
return err
return fmt.Errorf("failed reading passphrase: %w", err)
}
key := s.DeriveKey(passphrase)
// TODO: test key before storing
err = wf.Keychain.Set(keychainAccount, string(key))
err = validatePassphrase(s, passphrase)
if err != nil {
slog.Error("failed storing passphrase key in keychain")
return err
return fmt.Errorf("failed validating passphrase: %w", err)
}
err = wf.Keychain.Set(keychainAccount, passphrase)
if err != nil {
return fmt.Errorf("failed storing passphrase in keychain: %w", err)
}
return nil
}
func sendResult(result string, args ...string) error {
results := aw.NewArgVars()
results.Arg(args...)
results.Var("result", result)
return results.Send()
}
func validatePassphrase(s *ykoath.Select, passphrase string) error {
key := s.DeriveKey(passphrase)
// verify password is correct with a validate call
ok, err := oath.Validate(s, key)
if err != nil {
return fmt.Errorf("error in validate: %w", err)
}
if !ok {
return errIncorrectPassword
}
return nil
}
func run() {
runScript := flag.Bool("run-script", false, "change output to script output")
wf.Args()
flag.Parse()
if *runScript {
wf.Configure(aw.TextErrors(true))
}
var err error
oath, err = ykoath.New()
if err != nil {
slog.Error("failed to iniatialize new oath: %v", err)
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to iniatialize new oath: %w", err))
}
defer oath.Close()
oath.Debug = slog.Debug
// Select oath to begin
s, err := oath.Select()
if err != nil {
slog.Error("failed to select oath: %v", err)
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to select oath: %w", err))
}
// Check to see if we are trying to set a password
if flag.Arg(0) == "set-password" {
err = setPassword(s)
if err != nil {
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to set password: %w", err))
}
if err = sendResult("success"); err != nil {
wf.FatalError(fmt.Errorf("failed to send password set result: %w", err))
}
return
}
// If required, authenticate with password from keychain
if s.Challenge != nil {
key, err := wf.Keychain.Get(keychainAccount)
passphrase, err := wf.Keychain.Get(keychainAccount)
if err != nil {
slog.Error("no key found in keychain but password is required")
wf.NewWarningItem("No password set", "↵ to set password").
Var("action", "set-password").
Valid(true)
wf.SendFeedback()
return
}
ok, err := oath.Validate(s, []byte(key))
slog.FatalOnErr(err, "validation failed")
if !ok {
panic("could not validate")
err = validatePassphrase(s, passphrase)
if err != nil {
wf.FatalError(fmt.Errorf("passphrase failed: %w", err))
}
}
if flag.Arg(0) == "list" {
// List names only
names, err := oath.List()
slog.FatalOnErr(err, "failed to list names")
if err != nil {
wf.FatalError(fmt.Errorf("failed to list names: %w", err))
}
for _, name := range names {
slog.Log(name.Name)
wf.NewItem(name.Name).
Icon(aw.IconAccount).
Subtitle("Copy to clipboard").
Arg(name.Name).
Valid(true)
}
} else {
// Default execution is to calculate all codes and return them in list
creds, err := oath.CalculateAll()
name := flag.Arg(0)
code, err := oath.CalculateOne(name)
if err != nil {
slog.Error("failed to calculate all")
wf.FatalError(err)
// TODO: Check for error "requires-auth" and notify touch
wf.FatalError(fmt.Errorf("failed to generate code: %w", err))
}
for cred, code := range creds {
slog.Log(cred)
wf.NewItem(cred).
Icon(aw.IconAccount).
Subtitle("Copy to clipboard").
Arg(code).
Copytext(code).
Valid(true)
slog.Log(code)
if err = sendResult("success", code); err != nil {
wf.FatalError(fmt.Errorf("failed to send code: %w", err))
}
}
if !*runScript {
wf.SendFeedback()
}
}

2
ykoath

@ -1 +1 @@
Subproject commit 0bb0699e51d3672572cc7869397eeff871bdf45e
Subproject commit fd081cb213d030585bfdd03305e03bff4d6e7a09