140 lines
6.0 KiB
Python
Executable File
140 lines
6.0 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
# Insert login information using pass and a dmenu-provider (e.g. dmenu, rofi -dmenu, ...).
|
|
# A short demonstration can be seen here: https://i.imgur.com/KN3XuZP.gif.
|
|
#
|
|
# The domain of the site has to appear as a segment in the pass path, for example: "github.com/cryzed" or
|
|
# "websites/github.com". How the username and password are determined is freely configurable using the CLI arguments.
|
|
# The login information is inserted by emulating key events using qutebrowser's fake-key command in this manner:
|
|
# [USERNAME]<Tab>[PASSWORD], which is compatible with almost all login forms.
|
|
#
|
|
# Dependencies: tldextract (Python 3 module), pass
|
|
# For issues and feedback please use: https://github.com/cryzed/qutebrowser-userscripts
|
|
#
|
|
# Chris Braun (cryzed), 2017
|
|
|
|
import argparse
|
|
import enum
|
|
import fnmatch
|
|
import functools
|
|
import os
|
|
import re
|
|
import shlex
|
|
import subprocess
|
|
import sys
|
|
|
|
import tldextract
|
|
|
|
argument_parser = argparse.ArgumentParser()
|
|
argument_parser.add_argument('url', nargs='?', default=os.environ['QUTE_URL'])
|
|
argument_parser.add_argument('--password-store', '-p', default=os.path.expanduser('~/.password-store'),
|
|
help='Path to your pass password-store')
|
|
argument_parser.add_argument('--username-pattern', '-u', default=r'.*/(.+)',
|
|
help='Regular expression that matches the username')
|
|
argument_parser.add_argument('--username-target', '-U', choices=['path', 'secret'], default='path',
|
|
help='The target for the username regular expression')
|
|
argument_parser.add_argument('--password-pattern', '-P', default=r'(.*)',
|
|
help='Regular expression that matches the password')
|
|
argument_parser.add_argument('--dmenu-invocation', '-d', default='rofi -dmenu',
|
|
help='Invocation used to execute a dmenu-provider')
|
|
argument_parser.add_argument('--no-insert-mode', '-n', dest='insert_mode', action='store_false',
|
|
help="Don't automatically enter insert mode")
|
|
argument_parser.add_argument('--io-encoding', '-i', default='UTF-8',
|
|
help='Encoding used to communicate with subprocesses')
|
|
group = argument_parser.add_mutually_exclusive_group()
|
|
group.add_argument('--username-only', '-e', action='store_true', help='Only insert username')
|
|
group.add_argument('--password-only', '-w', action='store_true', help='Only insert password')
|
|
|
|
stderr = functools.partial(print, file=sys.stderr)
|
|
|
|
|
|
class ExitCodes(enum.IntEnum):
|
|
SUCCESS = 0
|
|
# 1 is reserved for general script errors
|
|
NO_PASS_CANDIDATES = 2
|
|
COULD_NOT_MATCH_USERNAME = 3
|
|
COULD_NOT_MATCH_PASSWORD = 4
|
|
|
|
|
|
def qute_command(command):
|
|
with open(os.environ['QUTE_FIFO'], 'w') as fifo:
|
|
fifo.write(command + '\n')
|
|
fifo.flush()
|
|
|
|
|
|
def find_pass_candidates(domain, password_store_path):
|
|
candidates = []
|
|
for path, directories, file_names in os.walk(password_store_path):
|
|
if directories or domain not in path.split(os.path.sep):
|
|
continue
|
|
|
|
# Strip password store path prefix to get the relative pass path
|
|
pass_path = path[len(password_store_path) + 1:]
|
|
secrets = fnmatch.filter(file_names, '*.gpg')
|
|
candidates.extend(os.path.join(pass_path, os.path.splitext(secret)[0]) for secret in secrets)
|
|
return candidates
|
|
|
|
|
|
def pass_(path, encoding):
|
|
process = subprocess.run(['pass', path], stdout=subprocess.PIPE)
|
|
return process.stdout.decode(encoding).strip()
|
|
|
|
|
|
def dmenu(items, invocation, encoding):
|
|
command = shlex.split(invocation)
|
|
process = subprocess.run(command, input='\n'.join(items).encode(encoding), stdout=subprocess.PIPE)
|
|
return process.stdout.decode(encoding).strip()
|
|
|
|
|
|
def main(arguments):
|
|
domain = tldextract.extract(arguments.url)
|
|
|
|
# Expand potential ~ in paths, since this script won't be called from a shell that does it for us
|
|
password_store_path = os.path.expanduser(arguments.password_store)
|
|
|
|
# Try to find candidates using targets in the following order: fully qualified domain (including subdomains),
|
|
# registered domain and finally the IPv4 address if that's what the URL was
|
|
for target in filter(None, [domain.fqdn, domain.registered_domain, domain.ipv4]):
|
|
candidates = find_pass_candidates(target, password_store_path)
|
|
if candidates:
|
|
break
|
|
else:
|
|
stderr('No pass candidates for URL {!r} found!'.format(arguments.url))
|
|
return ExitCodes.NO_PASS_CANDIDATES
|
|
|
|
selection = candidates[0] if len(candidates) == 1 else dmenu(candidates, arguments.dmenu_invocation,
|
|
arguments.io_encoding)
|
|
secret = pass_(selection, arguments.io_encoding)
|
|
|
|
# Match username
|
|
target = selection if arguments.username_target == 'path' else secret
|
|
match = re.match(arguments.username_pattern, target)
|
|
if not match:
|
|
stderr('Failed to match username pattern on {}!'.format(arguments.username_target))
|
|
return ExitCodes.COULD_NOT_MATCH_USERNAME
|
|
username = match.group(1)
|
|
|
|
# Match password
|
|
match = re.match(arguments.password_pattern, secret)
|
|
if not match:
|
|
stderr('Failed to match password pattern on secret!')
|
|
return ExitCodes.COULD_NOT_MATCH_PASSWORD
|
|
password = match.group(1)
|
|
|
|
insert_mode = ';; enter-mode insert' if arguments.insert_mode else ''
|
|
if arguments.username_only:
|
|
qute_command('fake-key {}{}'.format(username, insert_mode))
|
|
elif arguments.password_only:
|
|
qute_command('fake-key {}{}'.format(password, insert_mode))
|
|
else:
|
|
# Enter username and password using fake-key and <Tab> (which seems to work almost universally) and switch back
|
|
# into insert-mode, so the form can be directly submitted by hitting enter afterwards
|
|
qute_command('fake-key {} ;; fake-key <Tab> ;; fake-key {}{}'.format(username, password, insert_mode))
|
|
|
|
return ExitCodes.SUCCESS
|
|
|
|
|
|
if __name__ == '__main__':
|
|
arguments = argument_parser.parse_args()
|
|
sys.exit(main(arguments))
|