iamthefij
/
alfred-yubico-auth
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Browse Source

Improve support for YK5
continuous-integration/drone/push Build is passing
Details

master
IamTheFij 5 months ago
parent
fc3e8a356b
commit
f164b3a0af
3 changed files with 452 additions and 103 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 437
      info.plist
  2. 116
      main.go
  3. 2
      ykoath

437
info.plist
View File

@ -6,11 +6,11 @@
<string>com.iamthefij.alfred-yubico-auth</string>
<key>connections</key>
<dict>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<key>0149DE47-0232-434D-BB9E-B2C0B419A2E3</key>
<array>
<dict>
<key>destinationuid</key>
<string>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</string>
<string>55DFD4B6-922A-4259-8625-EC14889FBACD</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
@ -18,6 +18,22 @@
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</key>
<array>
<dict>
<key>destinationuid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<array>
<dict>
<key>destinationuid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
@ -30,19 +46,44 @@
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>0149DE47-0232-434D-BB9E-B2C0B419A2E3</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<key>55DFD4B6-922A-4259-8625-EC14889FBACD</key>
<array>
<dict>
<key>destinationuid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<string>AD82ED59-033E-4860-B371-8128574E2FBC</string>
<key>modifiers</key>
<integer>1048576</integer>
<integer>0</integer>
<key>modifiersubtext</key>
<string>Paste token</string>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<array>
<dict>
<key>destinationuid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
@ -53,6 +94,16 @@
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</string>
<key>modifiers</key>
<integer>1048576</integer>
<key>modifiersubtext</key>
<string>Paste code</string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</key>
<array>
@ -71,7 +122,32 @@
<array>
<dict>
<key>destinationuid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<string>DA99BA2E-7234-491D-BD0F-044151FA98E2</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>AD82ED59-033E-4860-B371-8128574E2FBC</key>
<array>
<dict>
<key>destinationuid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
@ -106,6 +182,31 @@
<false/>
</dict>
</array>
<key>DA99BA2E-7234-491D-BD0F-044151FA98E2</key>
<array>
<dict>
<key>destinationuid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>sourceoutputuid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
<key>vitoclose</key>
<false/>
</dict>
<dict>
<key>destinationuid</key>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>modifiers</key>
<integer>0</integer>
<key>modifiersubtext</key>
<string></string>
<key>vitoclose</key>
<false/>
</dict>
</array>
<key>E86DC7C1-35C1-4BA9-8B33-A95DE7082F7E</key>
<array>
<dict>
@ -146,21 +247,46 @@
<dict>
<key>config</key>
<dict>
<key>autopaste</key>
<true/>
<key>clipboardtext</key>
<string>{query}</string>
<key>ignoredynamicplaceholders</key>
<key>lastpathcomponent</key>
<false/>
<key>transient</key>
<true/>
<key>onlyshowifquerypopulated</key>
<false/>
<key>removeextension</key>
<false/>
<key>text</key>
<string>Password key is now stored in your keychain</string>
<key>title</key>
<string>Password saved</string>
</dict>
<key>type</key>
<string>alfred.workflow.output.clipboard</string>
<string>alfred.workflow.output.notification</string>
<key>uid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<key>version</key>
<integer>3</integer>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>./alfred-yubico-auth -run-script set-password</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
@ -190,7 +316,7 @@
<key>runningsubtext</key>
<string></string>
<key>script</key>
<string>./alfred-yubico-auth</string>
<string>./alfred-yubico-auth list</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
@ -211,6 +337,105 @@
<key>version</key>
<integer>3</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:result}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>success</string>
<key>outputlabel</key>
<string>success</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>else</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>DA99BA2E-7234-491D-BD0F-044151FA98E2</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:action}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>set-password</string>
<key>outputlabel</key>
<string>Set password</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>else</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>argument</key>
<string>{query}</string>
<key>passthroughargument</key>
<false/>
<key>variables</key>
<dict>
<key>result_action</key>
<string>paste</string>
</dict>
</dict>
<key>type</key>
<string>alfred.workflow.utility.argument</string>
<key>uid</key>
<string>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>autopaste</key>
<true/>
<key>clipboardtext</key>
<string>{query}</string>
<key>ignoredynamicplaceholders</key>
<false/>
<key>transient</key>
<true/>
</dict>
<key>type</key>
<string>alfred.workflow.output.clipboard</string>
<key>uid</key>
<string>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</string>
<key>version</key>
<integer>3</integer>
</dict>
<dict>
<key>config</key>
<dict>
@ -264,6 +489,61 @@
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>conditions</key>
<array>
<dict>
<key>inputstring</key>
<string>{var:result_action}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>paste</string>
<key>outputlabel</key>
<string>paste</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
</array>
<key>elselabel</key>
<string>copy</string>
</dict>
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>AD82ED59-033E-4860-B371-8128574E2FBC</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>query=$1
./alfred-yubico-auth -run-script "$query"</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>0149DE47-0232-434D-BB9E-B2C0B419A2E3</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
<dict>
@ -311,15 +591,15 @@
<array>
<dict>
<key>inputstring</key>
<string>{var:action}</string>
<string>{var:result}</string>
<key>matchcasesensitive</key>
<false/>
<key>matchmode</key>
<integer>0</integer>
<key>matchstring</key>
<string>set-password</string>
<string>success</string>
<key>outputlabel</key>
<string>Set password</string>
<string>success</string>
<key>uid</key>
<string>94F60406-01FF-4991-A697-2C83147293EB</string>
</dict>
@ -330,51 +610,28 @@
<key>type</key>
<string>alfred.workflow.utility.conditional</string>
<key>uid</key>
<string>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</string>
<string>55DFD4B6-922A-4259-8625-EC14889FBACD</string>
<key>version</key>
<integer>1</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>concurrently</key>
<false/>
<key>escaping</key>
<integer>102</integer>
<key>script</key>
<string>./alfred-yubico-auth set-password</string>
<key>scriptargtype</key>
<integer>1</integer>
<key>scriptfile</key>
<string></string>
<key>type</key>
<integer>0</integer>
</dict>
<key>type</key>
<string>alfred.workflow.action.script</string>
<key>uid</key>
<string>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</string>
<key>version</key>
<integer>2</integer>
</dict>
<dict>
<key>config</key>
<dict>
<key>lastpathcomponent</key>
<false/>
<key>onlyshowifquerypopulated</key>
<false/>
<true/>
<key>removeextension</key>
<false/>
<key>text</key>
<string>Password key is now stored in your keychain</string>
<string>{query}</string>
<key>title</key>
<string>Password saved</string>
<string>Alfred Yubikey Error</string>
</dict>
<key>type</key>
<string>alfred.workflow.output.notification</string>
<key>uid</key>
<string>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</string>
<string>506787F2-9A61-492C-8C49-30EE04FB70BC</string>
<key>version</key>
<integer>1</integer>
</dict>
@ -383,75 +640,117 @@
<string></string>
<key>uidata</key>
<dict>
<key>0149DE47-0232-434D-BB9E-B2C0B419A2E3</key>
<dict>
<key>xpos</key>
<integer>180</integer>
<key>ypos</key>
<integer>305</integer>
</dict>
<key>0718204D-3398-4AEF-A621-DDDE1FC6ED75</key>
<dict>
<key>xpos</key>
<integer>990</integer>
<integer>1245</integer>
<key>ypos</key>
<integer>145</integer>
<integer>225</integer>
</dict>
<key>27BC434A-1663-44A7-85AF-C4AC6E1BEFB7</key>
<dict>
<key>xpos</key>
<integer>260</integer>
<key>ypos</key>
<integer>155</integer>
</dict>
<key>2D69982A-0DB6-4ABA-812F-C7F2A73650AE</key>
<dict>
<key>xpos</key>
<integer>270</integer>
<integer>365</integer>
<key>ypos</key>
<integer>90</integer>
</dict>
<key>506787F2-9A61-492C-8C49-30EE04FB70BC</key>
<dict>
<key>xpos</key>
<integer>540</integer>
<key>ypos</key>
<integer>455</integer>
</dict>
<key>55DFD4B6-922A-4259-8625-EC14889FBACD</key>
<dict>
<key>xpos</key>
<integer>365</integer>
<key>ypos</key>
<integer>245</integer>
<integer>330</integer>
</dict>
<key>8486DCAA-AFB7-407D-A0E9-E57E09997B24</key>
<dict>
<key>xpos</key>
<integer>120</integer>
<integer>70</integer>
<key>ypos</key>
<integer>140</integer>
<integer>65</integer>
</dict>
<key>9F48DDE6-BBE7-42ED-ABE5-C9255C92F1CD</key>
<dict>
<key>xpos</key>
<integer>415</integer>
<integer>605</integer>
<key>ypos</key>
<integer>235</integer>
<integer>320</integer>
</dict>
<key>A8D2CCAC-5CA4-495E-BB62-5C7F596FA157</key>
<dict>
<key>xpos</key>
<integer>390</integer>
<integer>515</integer>
<key>ypos</key>
<integer>55</integer>
</dict>
<key>AD82ED59-033E-4860-B371-8128574E2FBC</key>
<dict>
<key>xpos</key>
<integer>485</integer>
<key>ypos</key>
<integer>415</integer>
<integer>285</integer>
</dict>
<key>BFB3A122-52BB-4FF1-B5B3-CECD42A730DB</key>
<dict>
<key>xpos</key>
<integer>810</integer>
<integer>1065</integer>
<key>ypos</key>
<integer>145</integer>
<integer>225</integer>
</dict>
<key>C252A5EC-1AEE-4EF4-864F-67483EAADCFA</key>
<dict>
<key>xpos</key>
<integer>595</integer>
<integer>800</integer>
<key>ypos</key>
<integer>420</integer>
<integer>45</integer>
</dict>
<key>DA3E9CE8-7C4F-4B09-BFA5-F8CA83297968</key>
<dict>
<key>xpos</key>
<integer>590</integer>
<integer>780</integer>
<key>ypos</key>
<integer>235</integer>
<integer>320</integer>
</dict>
<key>DA99BA2E-7234-491D-BD0F-044151FA98E2</key>
<dict>
<key>xpos</key>
<integer>670</integer>
<key>ypos</key>
<integer>75</integer>
</dict>
<key>E86DC7C1-35C1-4BA9-8B33-A95DE7082F7E</key>
<dict>
<key>xpos</key>
<integer>730</integer>
<integer>985</integer>
<key>ypos</key>
<integer>175</integer>
<integer>255</integer>
</dict>
<key>FB0DDF80-FF90-439A-BF3F-6EC58C2AA870</key>
<dict>
<key>xpos</key>
<integer>455</integer>
<integer>605</integer>
<key>ypos</key>
<integer>60</integer>
<integer>185</integer>
</dict>
</dict>
<key>version</key>

116
main.go
View File

@ -1,20 +1,23 @@
package main
import (
"bytes"
"errors"
"flag"
"fmt"
"git.iamthefij.com/iamthefij/slog"
aw "github.com/deanishe/awgo"
"github.com/deanishe/awgo/util"
"github.com/yawn/ykoath"
"bytes"
)
var (
wf *aw.Workflow
oath *ykoath.OATH
keychainAccount = "yubico-auth-creds"
errIncorrectPassword = errors.New("incorrect password")
)
func init() {
@ -28,102 +31,149 @@ func main() {
func promptPassword() (string, error) {
out, err := util.Run("./password-prompt.js")
if err != nil {
return "", err
return "", fmt.Errorf("error reading password from prompt: %w", err)
}
out = bytes.TrimRight(out, "\n")
return string(out), nil
}
func setPassword(s *ykoath.Select) error {
passphrase, err := promptPassword()
if err != nil {
slog.Error("failed reading passphrase")
return err
return fmt.Errorf("failed reading passphrase: %w", err)
}
err = validatePassphrase(s, passphrase)
if err != nil {
return fmt.Errorf("failed validating passphrase: %w", err)
}
err = wf.Keychain.Set(keychainAccount, passphrase)
if err != nil {
return fmt.Errorf("failed storing passphrase in keychain: %w", err)
}
return nil
}
func sendResult(result string, args ...string) error {
results := aw.NewArgVars()
results.Arg(args...)
results.Var("result", result)
return results.Send()
}
func validatePassphrase(s *ykoath.Select, passphrase string) error {
key := s.DeriveKey(passphrase)
// TODO: test key before storing
err = wf.Keychain.Set(keychainAccount, string(key))
// verify password is correct with a validate call
ok, err := oath.Validate(s, key)
if err != nil {
slog.Error("failed storing passphrase key in keychain")
return err
return fmt.Errorf("error in validate: %w", err)
}
if !ok {
return errIncorrectPassword
}
return nil
}
func run() {
runScript := flag.Bool("run-script", false, "change output to script output")
wf.Args()
flag.Parse()
if *runScript {
wf.Configure(aw.TextErrors(true))
}
var err error
oath, err = ykoath.New()
if err != nil {
slog.Error("failed to iniatialize new oath: %v", err)
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to iniatialize new oath: %w", err))
}
defer oath.Close()
oath.Debug = slog.Debug
// Select oath to begin
s, err := oath.Select()
if err != nil {
slog.Error("failed to select oath: %v", err)
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to select oath: %w", err))
}
// Check to see if we are trying to set a password
if flag.Arg(0) == "set-password" {
err = setPassword(s)
if err != nil {
wf.FatalError(err)
wf.FatalError(fmt.Errorf("failed to set password: %w", err))
}
if err = sendResult("success"); err != nil {
wf.FatalError(fmt.Errorf("failed to send password set result: %w", err))
}
return
}
// If required, authenticate with password from keychain
if s.Challenge != nil {
key, err := wf.Keychain.Get(keychainAccount)
passphrase, err := wf.Keychain.Get(keychainAccount)
if err != nil {
slog.Error("no key found in keychain but password is required")
wf.NewWarningItem("No password set", "↵ to set password").
Var("action", "set-password").
Valid(true)
wf.SendFeedback()
return
}
ok, err := oath.Validate(s, []byte(key))
slog.FatalOnErr(err, "validation failed")
if !ok {
panic("could not validate")
err = validatePassphrase(s, passphrase)
if err != nil {
wf.FatalError(fmt.Errorf("passphrase failed: %w", err))
}
}
if flag.Arg(0) == "list" {
// List names only
names, err := oath.List()
slog.FatalOnErr(err, "failed to list names")
if err != nil {
wf.FatalError(fmt.Errorf("failed to list names: %w", err))
}
for _, name := range names {
slog.Log(name.Name)
wf.NewItem(name.Name).
Icon(aw.IconAccount).
Subtitle("Copy to clipboard").
Arg(name.Name).
Valid(true)
}
} else {
// Default execution is to calculate all codes and return them in list
creds, err := oath.CalculateAll()
name := flag.Arg(0)
code, err := oath.CalculateOne(name)
if err != nil {
slog.Error("failed to calculate all")
wf.FatalError(err)
// TODO: Check for error "requires-auth" and notify touch
wf.FatalError(fmt.Errorf("failed to generate code: %w", err))
}
for cred, code := range creds {
slog.Log(cred)
wf.NewItem(cred).
Icon(aw.IconAccount).
Subtitle("Copy to clipboard").
Arg(code).
Copytext(code).
Valid(true)
slog.Log(code)
if err = sendResult("success", code); err != nil {
wf.FatalError(fmt.Errorf("failed to send code: %w", err))
}
}
wf.SendFeedback()
if !*runScript {
wf.SendFeedback()
}
}

2
ykoath

@ -1 +1 @@
Subproject commit 0bb0699e51d3672572cc7869397eeff871bdf45e
Subproject commit fd081cb213d030585bfdd03305e03bff4d6e7a09
Write Preview
Loading…
Cancel
Save