Fix api token breaking authentication

2024-01-04 23:40:07 +01:00 · 2024-01-04 23:40:07 +01:00 · 7c53863578
parent 6631979e2f
commit 7c53863578
5 changed files with 24 additions and 4 deletions
--- a/agent/actions/login.go
+++ b/agent/actions/login.go
@ -34,10 +34,13 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	var masterpasswordHash string

 	if secret, err := cfg.GetClientSecret(); err == nil && secret != "" {
+		actionsLog.Info("Logging in with client secret")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithApiKey(ctx, req.Email, cfg, vault)
 	} else if req.Passwordless {
+		actionsLog.Info("Logging in with passwordless")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithDevice(ctx, req.Email, cfg, vault)
 	} else {
+		actionsLog.Info("Logging in with master password")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithMasterpassword(ctx, req.Email, cfg, vault)
 	}
 	if err != nil {
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -165,6 +165,8 @@ func (c *Config) Purge() {
 	c.ConfigFile.EncryptedMasterPasswordHash = ""
 	c.ConfigFile.EncryptedToken = ""
 	c.ConfigFile.EncryptedUserSymmetricKey = ""
+	c.ConfigFile.EncryptedClientID = ""
+	c.ConfigFile.EncryptedClientSecret = ""
 	c.ConfigFile.ConfigKeyHash = ""
 	c.ConfigFile.EncryptedMasterKey = ""
 	key := NewBuffer(32, c.useMemguard)
@ -189,6 +191,8 @@ func (c *Config) UpdatePin(password string, write bool) {
 	plaintextUserSymmetricKey, err3 := c.decryptString(c.ConfigFile.EncryptedUserSymmetricKey)
 	plaintextEncryptedMasterPasswordHash, err4 := c.decryptString(c.ConfigFile.EncryptedMasterPasswordHash)
 	plaintextMasterKey, err5 := c.decryptString(c.ConfigFile.EncryptedMasterKey)
+	plaintextClientID, err6 := c.decryptString(c.ConfigFile.EncryptedClientID)
+	plaintextClientSecret, err7 := c.decryptString(c.ConfigFile.EncryptedClientSecret)

 	key := NewBufferFromBytes(newKey, c.useMemguard)
 	c.key = &key
@ -205,6 +209,12 @@ func (c *Config) UpdatePin(password string, write bool) {
 	if err5 == nil {
 		c.ConfigFile.EncryptedMasterKey, err5 = c.encryptString(plaintextMasterKey)
 	}
+	if err6 == nil {
+		c.ConfigFile.EncryptedClientID, err6 = c.encryptString(plaintextClientID)
+	}
+	if err7 == nil {
+		c.ConfigFile.EncryptedClientSecret, err7 = c.encryptString(plaintextClientSecret)
+	}
 	c.mu.Unlock()

 	if write {
--- a/cmd/config.go
+++ b/cmd/config.go
@ -2,6 +2,7 @@ package cmd

 import (
 	"fmt"
+	"strings"

 	"github.com/quexten/goldwarden/ipc/messages"
 	"github.com/spf13/cobra"
@ -116,6 +117,10 @@ var setApiClientIDCmd = &cobra.Command{
 		}

 		id := args[0]
+		if len(id) >= 2 && strings.HasPrefix(id, "\"") && strings.HasSuffix(id, "\"") {
+			id = id[1 : len(id)-1]
+		}
+		id = strings.TrimSpace(id)
 		request := messages.SetClientIDRequest{}
 		request.Value = id

@ -149,6 +154,10 @@ var setApiSecretCmd = &cobra.Command{
 		}

 		secret := args[0]
+		if len(secret) >= 2 && strings.HasPrefix(secret, "\"") && strings.HasSuffix(secret, "\"") {
+			secret = secret[1 : len(secret)-1]
+		}
+		secret = strings.TrimSpace(secret)
 		request := messages.SetClientSecretRequest{}
 		request.Value = secret

--- a/ui/goldwarden.py
+++ b/ui/goldwarden.py
@ -28,13 +28,13 @@ def set_notification_url(url):
        raise Exception("Failed to initialize repository, err", result.stderr)

 def set_client_id(client_id):
-    restic_cmd = f"{BINARY_PATH} config set-client-id {client_id}"
+    restic_cmd = f"{BINARY_PATH} config set-client-id \"{client_id}\""
    result = subprocess.run(restic_cmd.split(), capture_output=True, text=True)
    if result.returncode != 0:
        raise Exception("Failed err", result.stderr)

 def set_client_secret(client_secret):
-    restic_cmd = f"{BINARY_PATH} config set-client-secret {client_secret}"
+    restic_cmd = f"{BINARY_PATH} config set-client-secret \"{client_secret}\""
    result = subprocess.run(restic_cmd.split(), capture_output=True, text=True)
    if result.returncode != 0:
        raise Exception("Failed err", result.stderr)
--- a/ui/settings.py
+++ b/ui/settings.py
@ -304,10 +304,8 @@ def show_login():
        def login():
            res = goldwarden.login_with_password(email_entry.get_text(), "password")
            def handle_res():
-                print("handle res", res)
                if res == "ok":
                    dialog.close()
-                    print("ok")
                elif res == "badpass":
                    bad_pass_diag = Gtk.MessageDialog(transient_for=dialog, modal=True, message_type=Gtk.MessageType.ERROR, buttons=Gtk.ButtonsType.OK, text="Bad password")
                    bad_pass_diag.connect("response", lambda dialog, response: bad_pass_diag.close())