update
This commit is contained in:
parent
8f6c20f8b2
commit
4596df0212
3 changed files with 373 additions and 6 deletions
|
|
@ -35,7 +35,6 @@ config.set("colors.webpage.darkmode.enabled", False, "file://*")
|
||||||
|
|
||||||
#
|
#
|
||||||
c.tabs.title.format = "{audio}{current_title}"
|
c.tabs.title.format = "{audio}{current_title}"
|
||||||
c.fonts.web.size.default = 20
|
|
||||||
|
|
||||||
c.url.searchengines = {
|
c.url.searchengines = {
|
||||||
# note - if you use duckduckgo, you can make use of its built in bangs, of which there are many! https://duckduckgo.com/bangs
|
# note - if you use duckduckgo, you can make use of its built in bangs, of which there are many! https://duckduckgo.com/bangs
|
||||||
|
|
@ -48,10 +47,7 @@ c.url.searchengines = {
|
||||||
|
|
||||||
c.completion.open_categories = [
|
c.completion.open_categories = [
|
||||||
"searchengines",
|
"searchengines",
|
||||||
"quickmarks",
|
|
||||||
"bookmarks",
|
"bookmarks",
|
||||||
"history",
|
|
||||||
"filesystem",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
c.auto_save.session = False # save tabs on quit/restart
|
c.auto_save.session = False # save tabs on quit/restart
|
||||||
|
|
@ -82,8 +78,10 @@ c.tabs.indicator.width = 0 # no tab indicators
|
||||||
c.tabs.width = "7%"
|
c.tabs.width = "7%"
|
||||||
|
|
||||||
# fonts
|
# fonts
|
||||||
c.fonts.default_family = []
|
c.fonts.default_family = "JetBrainsMono Nerd Font"
|
||||||
c.fonts.default_size = "13pt"
|
c.fonts.default_size = "13pt"
|
||||||
|
c.fonts.web.size.minimum = 16
|
||||||
|
c.fonts.web.size.default = 16
|
||||||
c.fonts.web.family.fixed = "monospace"
|
c.fonts.web.family.fixed = "monospace"
|
||||||
c.fonts.web.family.sans_serif = "monospace"
|
c.fonts.web.family.sans_serif = "monospace"
|
||||||
c.fonts.web.family.serif = "monospace"
|
c.fonts.web.family.serif = "monospace"
|
||||||
|
|
@ -93,7 +91,7 @@ c.fonts.web.family.standard = "monospace"
|
||||||
# config.set("completion.cmd_history_max_items", 0)
|
# config.set("completion.cmd_history_max_items", 0)
|
||||||
# config.set("content.private_browsing", True)
|
# config.set("content.private_browsing", True)
|
||||||
config.set("content.webgl", False, "*")
|
config.set("content.webgl", False, "*")
|
||||||
config.set("content.canvas_reading", False)
|
config.set("content.canvas_reading", True)
|
||||||
config.set("content.geolocation", False)
|
config.set("content.geolocation", False)
|
||||||
config.set("content.webrtc_ip_handling_policy", "default-public-interface-only")
|
config.set("content.webrtc_ip_handling_policy", "default-public-interface-only")
|
||||||
config.set("content.cookies.accept", "all")
|
config.set("content.cookies.accept", "all")
|
||||||
|
|
|
||||||
368
.config/qutebrowser/userscripts/bw
Executable file
368
.config/qutebrowser/userscripts/bw
Executable file
|
|
@ -0,0 +1,368 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
# SPDX-FileCopyrightText: Chris Braun (cryzed) <cryzed@googlemail.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
"""
|
||||||
|
Insert login information using Bitwarden CLI and a dmenu-compatible application
|
||||||
|
(e.g. dmenu, wofi -dmenu, ...).
|
||||||
|
"""
|
||||||
|
|
||||||
|
USAGE = """The domain of the site has to be in the name of the Bitwarden entry, for example: "github.com/cryzed" or
|
||||||
|
"websites/github.com". The login information is inserted by emulating key events using qutebrowser's fake-key command in this manner:
|
||||||
|
[USERNAME]<Tab>[PASSWORD], which is compatible with almost all login forms.
|
||||||
|
|
||||||
|
If enabled, with the `--totp` flag, it will also move the TOTP code to the
|
||||||
|
clipboard, much like the Firefox add-on.
|
||||||
|
|
||||||
|
You must log into Bitwarden CLI using `bw login` prior to use of this script.
|
||||||
|
The session key will be stored using keyctl for the number of seconds passed to
|
||||||
|
the --auto-lock option.
|
||||||
|
|
||||||
|
To use in qutebrowser, run: `spawn --userscript qute-bitwarden`
|
||||||
|
"""
|
||||||
|
|
||||||
|
EPILOG = """Dependencies: tldextract (Python 3 module), pyperclip (optional
|
||||||
|
Python module, used for TOTP codes), Bitwarden CLI (1.7.4 is known to work
|
||||||
|
but older versions may well also work)
|
||||||
|
|
||||||
|
WARNING: The login details are viewable as plaintext in qutebrowser's debug log
|
||||||
|
(qute://log) and might be shared if you decide to submit a crash report!"""
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import enum
|
||||||
|
import functools
|
||||||
|
import os
|
||||||
|
import shlex
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
import json
|
||||||
|
import tldextract
|
||||||
|
|
||||||
|
argument_parser = argparse.ArgumentParser(
|
||||||
|
description=__doc__,
|
||||||
|
usage=USAGE,
|
||||||
|
epilog=EPILOG,
|
||||||
|
)
|
||||||
|
argument_parser.add_argument("url", nargs="?", default=os.getenv("QUTE_URL"))
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--dmenu-invocation",
|
||||||
|
"-d",
|
||||||
|
default="wofi -dmenu -i -p Bitwarden --columns 1",
|
||||||
|
help="Invocation used to execute a dmenu-provider",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--password-prompt-invocation",
|
||||||
|
"-p",
|
||||||
|
default='wofi -dmenu -p "Master Password" -password -lines 0',
|
||||||
|
help="Invocation used to prompt the user for their Bitwarden password",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--no-insert-mode",
|
||||||
|
"-n",
|
||||||
|
dest="insert_mode",
|
||||||
|
action="store_false",
|
||||||
|
help="Don't automatically enter insert mode",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--totp",
|
||||||
|
"-t",
|
||||||
|
action="store_true",
|
||||||
|
default="store_true",
|
||||||
|
help="Copy TOTP key to clipboard",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--io-encoding",
|
||||||
|
"-i",
|
||||||
|
default="UTF-8",
|
||||||
|
help="Encoding used to communicate with subprocesses",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--merge-candidates",
|
||||||
|
"-m",
|
||||||
|
action="store_true",
|
||||||
|
help="Merge pass candidates for fully-qualified and registered domain name",
|
||||||
|
)
|
||||||
|
argument_parser.add_argument(
|
||||||
|
"--auto-lock",
|
||||||
|
type=int,
|
||||||
|
default=900,
|
||||||
|
help="Automatically lock the vault after this many seconds",
|
||||||
|
)
|
||||||
|
group = argument_parser.add_mutually_exclusive_group()
|
||||||
|
group.add_argument(
|
||||||
|
"--username-only", "-e", action="store_true", help="Only insert username"
|
||||||
|
)
|
||||||
|
group.add_argument(
|
||||||
|
"--password-only", "-w", action="store_true", help="Only insert password"
|
||||||
|
)
|
||||||
|
group.add_argument(
|
||||||
|
"--totp-only", "-T", action="store_true", help="Only insert totp code"
|
||||||
|
)
|
||||||
|
|
||||||
|
stderr = functools.partial(print, file=sys.stderr)
|
||||||
|
|
||||||
|
|
||||||
|
class ExitCodes(enum.IntEnum):
|
||||||
|
SUCCESS = 0
|
||||||
|
FAILURE = 1
|
||||||
|
# 1 is automatically used if Python throws an exception
|
||||||
|
NO_PASS_CANDIDATES = 2
|
||||||
|
COULD_NOT_MATCH_USERNAME = 3
|
||||||
|
COULD_NOT_MATCH_PASSWORD = 4
|
||||||
|
|
||||||
|
|
||||||
|
def qute_command(command):
|
||||||
|
with open(os.environ["QUTE_FIFO"], "w") as fifo:
|
||||||
|
fifo.write(command + "\n")
|
||||||
|
fifo.flush()
|
||||||
|
|
||||||
|
|
||||||
|
def ask_password(password_prompt_invocation):
|
||||||
|
process = subprocess.run(
|
||||||
|
shlex.split(password_prompt_invocation),
|
||||||
|
text=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
)
|
||||||
|
if process.returncode > 0:
|
||||||
|
raise Exception("Could not unlock vault")
|
||||||
|
master_pass = process.stdout.strip()
|
||||||
|
return subprocess.check_output(
|
||||||
|
["bw", "unlock", "--raw", "--passwordenv", "BW_MASTERPASS"],
|
||||||
|
env={**os.environ, "BW_MASTERPASS": master_pass},
|
||||||
|
text=True,
|
||||||
|
).strip()
|
||||||
|
|
||||||
|
|
||||||
|
def get_session_key(auto_lock, password_prompt_invocation):
|
||||||
|
try:
|
||||||
|
# Get the password from secret-tool
|
||||||
|
password_process = subprocess.run(
|
||||||
|
["secret-tool", "lookup", "drive", "bitwarden"],
|
||||||
|
text=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
password = password_process.stdout.strip()
|
||||||
|
|
||||||
|
# Unlock Bitwarden using the retrieved password
|
||||||
|
bw_process = subprocess.run(
|
||||||
|
["bw", "unlock", password, "--raw"],
|
||||||
|
text=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
return bw_process.stdout.strip()
|
||||||
|
except subprocess.CalledProcessError as e:
|
||||||
|
print(f"Error: {e.stderr}")
|
||||||
|
raise Exception("Could not unlock vault") from e
|
||||||
|
|
||||||
|
|
||||||
|
def pass_(domain, encoding, auto_lock, password_prompt_invocation):
|
||||||
|
session_key = get_session_key(auto_lock, password_prompt_invocation)
|
||||||
|
process = subprocess.run(
|
||||||
|
[
|
||||||
|
"bw",
|
||||||
|
"list",
|
||||||
|
"items",
|
||||||
|
"--nointeraction",
|
||||||
|
"--session",
|
||||||
|
session_key,
|
||||||
|
"--url",
|
||||||
|
domain,
|
||||||
|
],
|
||||||
|
capture_output=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
err = process.stderr.decode(encoding).strip()
|
||||||
|
if err:
|
||||||
|
msg = "Bitwarden CLI returned for {:s} - {:s}".format(domain, err)
|
||||||
|
stderr(msg)
|
||||||
|
|
||||||
|
if "Vault is locked" in err:
|
||||||
|
stderr("Bitwarden Vault got locked, trying again with clean session")
|
||||||
|
return pass_(domain, encoding, 0, password_prompt_invocation)
|
||||||
|
|
||||||
|
if process.returncode:
|
||||||
|
return "[]"
|
||||||
|
|
||||||
|
out = process.stdout.decode(encoding).strip()
|
||||||
|
|
||||||
|
return out
|
||||||
|
|
||||||
|
|
||||||
|
def get_totp_code(
|
||||||
|
selection_id, domain_name, encoding, auto_lock, password_prompt_invocation
|
||||||
|
):
|
||||||
|
session_key = get_session_key(auto_lock, password_prompt_invocation)
|
||||||
|
process = subprocess.run(
|
||||||
|
[
|
||||||
|
"bw",
|
||||||
|
"get",
|
||||||
|
"totp",
|
||||||
|
"--nointeraction",
|
||||||
|
"--session",
|
||||||
|
session_key,
|
||||||
|
selection_id,
|
||||||
|
],
|
||||||
|
capture_output=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
err = process.stderr.decode(encoding).strip()
|
||||||
|
if err:
|
||||||
|
# domain_name instead of selection_id to make it more user-friendly
|
||||||
|
msg = "Bitwarden CLI returned for {:s} - {:s}".format(domain_name, err)
|
||||||
|
stderr(msg)
|
||||||
|
|
||||||
|
if "Vault is locked" in err:
|
||||||
|
stderr("Bitwarden Vault got locked, trying again with clean session")
|
||||||
|
return get_totp_code(
|
||||||
|
selection_id, domain_name, encoding, 0, password_prompt_invocation
|
||||||
|
)
|
||||||
|
|
||||||
|
if process.returncode:
|
||||||
|
return "[]"
|
||||||
|
|
||||||
|
out = process.stdout.decode(encoding).strip()
|
||||||
|
|
||||||
|
return out
|
||||||
|
|
||||||
|
|
||||||
|
def dmenu(items, invocation, encoding):
|
||||||
|
command = shlex.split(invocation)
|
||||||
|
process = subprocess.run(
|
||||||
|
command, input="\n".join(items).encode(encoding), stdout=subprocess.PIPE
|
||||||
|
)
|
||||||
|
return process.stdout.decode(encoding).strip()
|
||||||
|
|
||||||
|
|
||||||
|
def fake_key_raw(text):
|
||||||
|
for character in text:
|
||||||
|
# Escape all characters by default, space requires special handling
|
||||||
|
sequence = '" "' if character == " " else r"\{}".format(character)
|
||||||
|
qute_command("fake-key {}".format(sequence))
|
||||||
|
|
||||||
|
|
||||||
|
def main(arguments):
|
||||||
|
if not arguments.url:
|
||||||
|
argument_parser.print_help()
|
||||||
|
return ExitCodes.FAILURE
|
||||||
|
|
||||||
|
extract_result = tldextract.extract(arguments.url)
|
||||||
|
|
||||||
|
# Try to find candidates using targets in the following order: fully-qualified domain name (includes subdomains),
|
||||||
|
# the registered domain name and finally: the IPv4 address if that's what
|
||||||
|
# the URL represents
|
||||||
|
candidates = []
|
||||||
|
for target in filter(
|
||||||
|
None,
|
||||||
|
[
|
||||||
|
extract_result.fqdn,
|
||||||
|
getattr(
|
||||||
|
extract_result,
|
||||||
|
"top_domain_under_public_suffix",
|
||||||
|
getattr(extract_result, "registered_domain"),
|
||||||
|
),
|
||||||
|
extract_result.subdomain + "." + extract_result.domain,
|
||||||
|
extract_result.domain,
|
||||||
|
extract_result.ipv4,
|
||||||
|
],
|
||||||
|
):
|
||||||
|
target_candidates = json.loads(
|
||||||
|
pass_(
|
||||||
|
target,
|
||||||
|
arguments.io_encoding,
|
||||||
|
arguments.auto_lock,
|
||||||
|
arguments.password_prompt_invocation,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
if not target_candidates:
|
||||||
|
continue
|
||||||
|
|
||||||
|
candidates = candidates + target_candidates
|
||||||
|
if not arguments.merge_candidates:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
if not candidates:
|
||||||
|
stderr("No pass candidates for URL {!r} found!".format(arguments.url))
|
||||||
|
return ExitCodes.NO_PASS_CANDIDATES
|
||||||
|
|
||||||
|
if len(candidates) == 1:
|
||||||
|
selection = candidates.pop()
|
||||||
|
else:
|
||||||
|
choices = [
|
||||||
|
"{:s} | {:s}".format(c["name"], c["login"]["username"]) for c in candidates
|
||||||
|
]
|
||||||
|
choice = dmenu(choices, arguments.dmenu_invocation, arguments.io_encoding)
|
||||||
|
choice_tokens = choice.split("|")
|
||||||
|
choice_name = choice_tokens[0].strip()
|
||||||
|
choice_username = choice_tokens[1].strip()
|
||||||
|
selection = next(
|
||||||
|
(
|
||||||
|
c
|
||||||
|
for (i, c) in enumerate(candidates)
|
||||||
|
if c["name"] == choice_name
|
||||||
|
and c["login"]["username"] == choice_username
|
||||||
|
),
|
||||||
|
None,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Nothing was selected, simply return
|
||||||
|
if not selection:
|
||||||
|
return ExitCodes.SUCCESS
|
||||||
|
|
||||||
|
username = selection["login"]["username"]
|
||||||
|
password = selection["login"]["password"]
|
||||||
|
totp = selection["login"]["totp"]
|
||||||
|
|
||||||
|
if arguments.username_only:
|
||||||
|
fake_key_raw(username)
|
||||||
|
elif arguments.password_only:
|
||||||
|
fake_key_raw(password)
|
||||||
|
elif arguments.totp_only:
|
||||||
|
# No point in moving it to the clipboard in this case
|
||||||
|
fake_key_raw(
|
||||||
|
get_totp_code(
|
||||||
|
selection["id"],
|
||||||
|
selection["name"],
|
||||||
|
arguments.io_encoding,
|
||||||
|
arguments.auto_lock,
|
||||||
|
arguments.password_prompt_invocation,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
# Enter username and password using fake-key and <Tab> (which seems to work almost universally), then switch
|
||||||
|
# back into insert-mode, so the form can be directly submitted by
|
||||||
|
# hitting enter afterwards
|
||||||
|
fake_key_raw(username)
|
||||||
|
qute_command("fake-key <Tab>")
|
||||||
|
fake_key_raw(password)
|
||||||
|
|
||||||
|
if arguments.insert_mode:
|
||||||
|
qute_command("mode-enter insert")
|
||||||
|
|
||||||
|
# If it finds a TOTP code, it copies it to the clipboard,
|
||||||
|
# which is the same behavior as the Firefox add-on.
|
||||||
|
if not arguments.totp_only and totp and arguments.totp:
|
||||||
|
# The import is done here, to make pyperclip an optional dependency
|
||||||
|
import pyperclip
|
||||||
|
|
||||||
|
pyperclip.copy(
|
||||||
|
get_totp_code(
|
||||||
|
selection["id"],
|
||||||
|
selection["name"],
|
||||||
|
arguments.io_encoding,
|
||||||
|
arguments.auto_lock,
|
||||||
|
arguments.password_prompt_invocation,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
return ExitCodes.SUCCESS
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
arguments = argument_parser.parse_args()
|
||||||
|
sys.exit(main(arguments))
|
||||||
|
|
@ -104,6 +104,7 @@ required_packages_pacman:
|
||||||
- blueman
|
- blueman
|
||||||
- qutebrowser
|
- qutebrowser
|
||||||
- python-tldextrct
|
- python-tldextrct
|
||||||
|
- python-pyperclip
|
||||||
|
|
||||||
flatpak_remote:
|
flatpak_remote:
|
||||||
- { name: "flathub", url: "https://dl.flathub.org/repo/flathub.flatpakrepo" }
|
- { name: "flathub", url: "https://dl.flathub.org/repo/flathub.flatpakrepo" }
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue