lastpass 1.0.0

data/lib/lastpass/session.rb

@@ -0,0 +1,14 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+module LastPass
+    class Session
+        attr_reader :id,
+                    :key_iteration_count
+
+        def initialize id, key_iteration_count
+            @id = id
+            @key_iteration_count = key_iteration_count
+        end
+    end
+end

data/lib/lastpass/vault.rb

@@ -0,0 +1,34 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+module LastPass
+    class Vault
+        attr_reader :accounts
+
+        # Fetches a blob from the server and creates a vault
+        def self.open_remote username, password
+            open Vault.fetch_blob(username, password), username, password
+        end
+
+        # Creates a vault from a locally stored blob
+        def self.open_local blob_filename, username, password
+            # TODO: read the blob here
+        end
+
+        # Creates a vault from a blob object
+        def self.open blob, username, password
+            new blob, blob.encryption_key(username, password)
+        end
+
+        # Just fetches the blob, could be used to store it locally
+        def self.fetch_blob username, password
+            Fetcher.fetch Fetcher.login username, password
+        end
+
+        # This more of an internal method, use of the static constructors instead
+        def initialize blob, encryption_key
+            chunks = Parser.extract_chunks blob
+            @accounts = (chunks["ACCT"] || []).map { |i| Parser.parse_account i, encryption_key }
+        end
+    end
+end

data/lib/lastpass/version.rb

@@ -0,0 +1,6 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+module LastPass
+    VERSION = "1.0.0"
+end

data/spec/account_spec.rb

@@ -0,0 +1,22 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+require "spec_helper"
+
+describe LastPass::Account do
+    let(:id) { "id" }
+    let(:name) { "name" }
+    let(:username) { "username" }
+    let(:password) { "password" }
+    let(:url) { "url" }
+    let(:group) { "group" }
+
+    subject { LastPass::Account.new id, name, username, password, url, group }
+
+    its(:id) { should eq id }
+    its(:name) { should eq name }
+    its(:username) { should eq username }
+    its(:password) { should eq password }
+    its(:url) { should eq url }
+    its(:group) { should eq group }
+end

data/spec/blob_spec.rb

@@ -0,0 +1,23 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+require "spec_helper"
+
+describe LastPass::Blob do
+    let(:bytes) { "TFBBVgAAAAMxMjJQUkVNAAAACjE0MTQ5".decode64 }
+    let(:key_iteration_count) { 500 }
+    let(:username) { "postlass@gmail.com" }
+    let(:password) { "pl1234567890" }
+    let(:encryption_key) { "OfOUvVnQzB4v49sNh4+PdwIFb9Fr5+jVfWRTf+E2Ghg=".decode64 }
+
+    subject { LastPass::Blob.new bytes, key_iteration_count }
+
+    its(:bytes) { should eq bytes }
+    its(:key_iteration_count) { should eq key_iteration_count }
+
+    describe "#encryption_key" do
+        it "returns encryption key" do
+            expect(subject.encryption_key username, password).to eq encryption_key
+        end
+    end
+end

data/spec/chunk_spec.rb

@@ -0,0 +1,14 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+require "spec_helper"
+
+describe LastPass::Chunk do
+    let(:id) { "IDID" }
+    let(:payload) { "Payload" }
+
+    subject { LastPass::Chunk.new id, payload }
+
+    its(:id) { should eq id }
+    its(:payload) { should eq payload }
+end

data/spec/fetcher_spec.rb

@@ -0,0 +1,228 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+require "spec_helper"
+
+describe LastPass::Fetcher do
+    let(:username) { "username" }
+    let(:password) { "password" }
+    let(:key_iteration_count) { 5000 }
+    let(:session_id) { "53ru,Hb713QnEVM5zWZ16jMvxS0" }
+    let(:session) { LastPass::Session.new session_id, key_iteration_count }
+    let(:blob_response) { "TFBBVgAAAAMxMjJQUkVNAAAACjE0MTQ5" }
+    let(:blob_bytes) { blob_response.decode64 }
+    let(:blob) { LastPass::Blob.new blob_bytes, key_iteration_count }
+
+    describe ".request_iteration_count" do
+        it "makes a POST request" do
+            expect(web_client = double("web_client")).to receive(:post)
+                .with("https://lastpass.com/iterations.php", query: {email: username})
+                .and_return(http_ok(key_iteration_count.to_s))
+
+            LastPass::Fetcher.request_iteration_count username, web_client
+        end
+
+        it "returns key iteration count" do
+            expect(
+                LastPass::Fetcher.request_iteration_count username,
+                                                          double("web_client", post: http_ok(key_iteration_count.to_s))
+            ).to eq key_iteration_count
+        end
+
+        it "raises an exception on HTTP error" do
+            expect {
+                LastPass::Fetcher.request_iteration_count username,
+                                                          double("web_client", post: http_error)
+            }.to raise_error LastPass::NetworkError
+        end
+
+        it "raises an exception on invalid key iteration count" do
+            expect {
+                LastPass::Fetcher.request_iteration_count username,
+                                                          double("web_client", post: http_ok("not a number"))
+            }.to raise_error LastPass::InvalidResponse, "Key iteration count is invalid"
+        end
+
+        it "raises an exception on zero key iteration count" do
+            expect {
+                LastPass::Fetcher.request_iteration_count username,
+                                                          double("web_client", post: http_ok("0"))
+            }.to raise_error LastPass::InvalidResponse, "Key iteration count is not positive"
+        end
+
+        it "raises an exception on negative key iteration count" do
+            expect {
+                LastPass::Fetcher.request_iteration_count username,
+                                                          double("web_client", post: http_ok("-1"))
+            }.to raise_error LastPass::InvalidResponse, "Key iteration count is not positive"
+        end
+    end
+
+    describe ".request_login" do
+        it "makes a POST request" do
+            expect(web_client = double("web_client")).to receive(:post)
+                .with("https://lastpass.com/login.php", format: :xml, body: anything)
+                .and_return(http_ok("ok" => {"sessionid" => session_id}))
+
+            LastPass::Fetcher.request_login username, password, key_iteration_count, web_client
+        end
+
+        it "returns a session" do
+            expect(request_login_with_xml "<ok sessionid='#{session_id}' />").to eq session
+        end
+
+        it "raises an exception on HTTP error" do
+            expect { request_login_with_error }.to raise_error LastPass::NetworkError
+        end
+
+        it "raises an exception when response is not a hash" do
+            expect { request_login_with_ok "not a hash" }.to raise_error LastPass::InvalidResponse
+        end
+
+        it "raises an exception on unknown response schema" do
+            expect { request_login_with_xml "<unknown />" }.to raise_error LastPass::UnknownResponseSchema
+        end
+
+        it "raises an exception on unknown response schema" do
+            expect { request_login_with_xml "<response />" }.to raise_error LastPass::UnknownResponseSchema
+        end
+
+        it "raises an exception on unknown response schema" do
+            expect { request_login_with_xml "<response><error /></response>" }
+                .to raise_error LastPass::UnknownResponseSchema
+        end
+
+        it "raises an exception on unknown username" do
+            message = "Unknown email address."
+            expect { request_login_with_lastpass_error "unknownemail", message }
+                .to raise_error LastPass::LastPassUnknownUsername, message
+        end
+
+        it "raises an exception on invalid password" do
+            message = "Invalid password!"
+            expect { request_login_with_lastpass_error "unknownpassword", message }
+                .to raise_error LastPass::LastPassInvalidPassword, message
+        end
+
+        it "raises an exception on unknown LastPass error with a message" do
+            message = "Unknow error message"
+            expect { request_login_with_lastpass_error "Unknown cause", message }
+                .to raise_error LastPass::LastPassUnknownError, message
+        end
+
+        it "raises an exception on unknown LastPass error without a message" do
+            cause = "Unknown casue"
+            expect { request_login_with_lastpass_error cause }
+                .to raise_error LastPass::LastPassUnknownError, cause
+        end
+    end
+
+    describe ".fetch" do
+        it "makes a GET request" do
+            expect(web_client = double("web_client")).to receive(:get)
+                .with("https://lastpass.com/getaccts.php?mobile=1&b64=1&hash=0.0",
+                      format: :plain,
+                      cookies: {"PHPSESSID" => session_id})
+                .and_return(http_ok(blob_response))
+
+            LastPass::Fetcher.fetch session, web_client
+        end
+
+        it "returns a blob" do
+            expect(LastPass::Fetcher.fetch session, double("web_client", get: http_ok(blob_response)))
+                .to eq blob
+        end
+
+        it "raises an exception on HTTP error" do
+            expect {
+                LastPass::Fetcher.fetch session, double("web_client", get: http_error)
+            }   .to raise_error LastPass::NetworkError
+        end
+    end
+
+    describe ".make_key" do
+        it "generates correct keys" do
+            def key iterations
+                LastPass::Fetcher.make_key "postlass@gmail.com", "pl1234567890", iterations
+            end
+
+            expect(key 1).to eq "C/Bh2SGWxI8JDu54DbbpV8J9wa6pKbesIb9MAXkeF3Y=".decode64
+            expect(key 5).to eq "pE9goazSCRqnWwcixWM4NHJjWMvB5T15dMhe6ug1pZg=".decode64
+            expect(key 10).to eq "n9S0SyJdrMegeBHtkxUx8Lzc7wI6aGl+y3/udGmVey8=".decode64
+            expect(key 50).to eq "GwI8/kNy1NjIfe3Z0VAZfF78938UVuCi6xAL3MJBux0=".decode64
+            expect(key 100).to eq "piGdSULeHMWiBS3QJNM46M5PIYwQXA6cNS10pLB3Xf8=".decode64
+            expect(key 500).to eq "OfOUvVnQzB4v49sNh4+PdwIFb9Fr5+jVfWRTf+E2Ghg=".decode64
+            expect(key 1000).to eq "z7CdwlIkbu0XvcB7oQIpnlqwNGemdrGTBmDKnL9taPg=".decode64
+        end
+    end
+
+    describe ".make_hash" do
+        it "generates correct hashes" do
+            def hash iterations
+                LastPass::Fetcher.make_hash "postlass@gmail.com", "pl1234567890", iterations
+            end
+
+            expect(hash 1).to eq "a1943cfbb75e37b129bbf78b9baeab4ae6dd08225776397f66b8e0c7a913a055"
+            expect(hash 5).to eq "a95849e029a7791cfc4503eed9ec96ab8675c4a7c4e82b00553ddd179b3d8445"
+            expect(hash 10).to eq "0da0b44f5e6b7306f14e92de6d629446370d05afeb1dc07cfcbe25f169170c16"
+            expect(hash 50).to eq "1d5bc0d636da4ad469cefe56c42c2ff71589facb9c83f08fcf7711a7891cc159"
+            expect(hash 100).to eq "82fc12024acb618878ba231a9948c49c6f46e30b5a09c11d87f6d3338babacb5"
+            expect(hash 500).to eq "3139861ae962801b59fc41ff7eeb11f84ca56d810ab490f0d8c89d9d9ab07aa6"
+            expect(hash 1000).to eq "03161354566c396fcd624a424164160e890e96b4b5fa6d942fc6377ab613513b"
+        end
+    end
+
+    #
+    # Helpers
+    #
+
+    private
+
+    def mock_response type, code, body
+        double response: type.new("1.1", code, ""),
+               parsed_response: body
+    end
+
+    def http_ok body
+        mock_response Net::HTTPOK, 200, body
+    end
+
+    def http_error body = ""
+        mock_response Net::HTTPNotFound, 404, body
+    end
+
+    def xml text
+        MultiXml.parse text
+    end
+
+    def lastpass_error cause, message
+        if message
+            %Q{<response><error cause="#{cause}" message="#{message}" /></response>}
+        else
+            %Q{<response><error cause="#{cause}" /></response>}
+        end
+    end
+
+    def request_login_with_lastpass_error cause, message = nil
+        request_login_with_xml lastpass_error cause, message
+    end
+
+    def request_login_with_xml text
+        request_login_with_ok xml text
+    end
+
+    def request_login_with_ok response
+        request_login_with_response http_ok response
+    end
+
+    def request_login_with_error
+        request_login_with_response http_error
+    end
+
+    def request_login_with_response response
+        LastPass::Fetcher.request_login username,
+                                        password,
+                                        key_iteration_count,
+                                        double("web_client", post: response)
+    end
+end

data/spec/parser_spec.rb

@@ -0,0 +1,292 @@
+# Copyright (C) 2013 Dmitry Yakimenko (detunized@gmail.com).
+# Licensed under the terms of the MIT license. See LICENCE for details.
+
+require "spec_helper"
+require_relative "test_data"
+
+describe LastPass::Parser do
+    let(:key_iteration_count) { 5000 }
+    let(:blob) { LastPass::Blob.new TEST_BLOB, key_iteration_count }
+    let(:padding) { "BEEFFACE"}
+    let(:encryption_key) { "OfOUvVnQzB4v49sNh4+PdwIFb9Fr5+jVfWRTf+E2Ghg=".decode64 }
+
+    describe ".extract_chunks" do
+        context "returned chunks" do
+            let(:chunks) { LastPass::Parser.extract_chunks blob }
+
+            it { expect(chunks).to be_instance_of Hash }
+
+            it "all keys are strings" do
+                expect(chunks.keys).to match_array TEST_CHUNK_IDS
+            end
+
+            it "all values are arrays" do
+                expect(chunks.values.map(&:class).uniq).to eq [Array]
+            end
+
+            it "all arrays contain only chunks" do
+                expect(chunks.values.flat_map { |i| i.map &:class }.uniq).to eq [LastPass::Chunk]
+            end
+
+            it "all chunks grouped under correct IDs" do
+                expect(
+                    chunks.all? { |id, chunk_group| chunk_group.map(&:id).uniq == [id] }
+                ).to be_true
+            end
+        end
+    end
+
+    describe ".parse_account" do
+        let(:accounts) {
+            LastPass::Parser
+                .extract_chunks(blob)["ACCT"]
+                .map { |i| LastPass::Parser.parse_account i, TEST_ENCRYPTION_KEY }
+        }
+
+        it "parses accounts" do
+            expect(accounts.map &:id).to eq TEST_ACCOUNTS.map &:id
+        end
+    end
+
+    describe ".read_chunk" do
+        it "returns a chunk" do
+            with_hex "4142434400000004DEADBEEF" + padding do |io|
+                expect(LastPass::Parser.read_chunk io).to eq LastPass::Chunk.new("ABCD", "DEADBEEF".decode_hex)
+                expect(io.pos).to eq 12
+            end
+        end
+    end
+
+    describe ".read_item" do
+        it "returns an item" do
+            with_hex "00000004DEADBEEF" + padding do |io|
+                expect(LastPass::Parser.read_item io).to eq "DEADBEEF".decode_hex
+                expect(io.pos).to eq 8
+            end
+        end
+    end
+
+    describe ".skip_item" do
+        it "skips an empty item" do
+            with_hex "00000000" + padding do |io|
+                LastPass::Parser.skip_item io
+                expect(io.pos).to eq 4
+            end
+        end
+
+        it "skips a non-empty item" do
+            with_hex "00000004DEADBEEF" + padding do |io|
+                LastPass::Parser.skip_item io
+                expect(io.pos).to eq 8
+            end
+        end
+    end
+
+    describe ".read_id" do
+        it "returns an id" do
+            with_bytes "ABCD" + padding do |io|
+                expect(LastPass::Parser.read_id io).to eq "ABCD"
+                expect(io.pos).to eq 4
+            end
+        end
+    end
+
+    describe ".read_size" do
+        it "returns a size" do
+            with_hex "DEADBEEF" + padding do |io|
+                expect(LastPass::Parser.read_size io).to eq 0xDEADBEEF
+                expect(io.pos).to eq 4
+            end
+        end
+    end
+
+    describe ".read_payload" do
+        it "returns a payload" do
+            with_hex "FEEDDEADBEEF" + padding do |io|
+                expect(LastPass::Parser.read_payload io, 6).to eq "FEEDDEADBEEF".decode_hex
+                expect(io.pos).to eq 6
+            end
+        end
+    end
+
+    describe ".read_uint32" do
+        it "returns a number" do
+            with_hex "DEADBEEF" + padding do |io|
+                expect(LastPass::Parser.read_size io).to eq 0xDEADBEEF
+                expect(io.pos).to eq 4
+            end
+        end
+    end
+
+    describe ".decode_hex" do
+        it "decodes hex" do
+            expect(LastPass::Parser.decode_hex "")
+                .to eq ""
+
+            expect(LastPass::Parser.decode_hex "00ff")
+                .to eq "\x00\xFF"
+
+            expect(LastPass::Parser.decode_hex "00010203040506070809")
+                .to eq "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09"
+
+            expect(LastPass::Parser.decode_hex "000102030405060708090a0b0c0d0e0f")
+                .to eq "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+
+            expect(LastPass::Parser.decode_hex "8af633933e96a3c3550c2734bd814195")
+                .to eq "\x8A\xF6\x33\x93\x3E\x96\xA3\xC3\x55\x0C\x27\x34\xBD\x81\x41\x95"
+        end
+
+        it "raises exception on odd length" do
+            expect { LastPass::Parser.decode_hex "0" }
+                .to raise_error ArgumentError, "Input length must be multple of 2"
+        end
+
+        it "raises exception on invalid characters" do
+            expect { LastPass::Parser.decode_hex "xz" }
+                .to raise_error ArgumentError, "Input contains invalid characters"
+        end
+    end
+
+    describe ".decode_base64" do
+        it "decodes base64" do
+            def check base64, plain
+                expect(LastPass::Parser.decode_base64 base64).to eq plain
+            end
+
+            check "", ""
+            check "YQ==", "a"
+            check "YWI=", "ab"
+            check "YWJj", "abc"
+            check "YWJjZA==", "abcd"
+        end
+    end
+
+    describe ".decode_aes256_auto" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_auto encoded, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes ECB/plain string" do
+            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=".decode64,
+                   "All your base are belong to us"
+        end
+
+        it "decodes ECB/base64 string" do
+            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=",
+                   "All your base are belong to us"
+        end
+
+        it "decodes CBC/plain string" do
+            check "IcokDWmjOkKtLpZehWKL6666Uj6fNXPpX6lLWlou+1Lrwb+D3ymP6BAwd6C0TB3hSA==".decode64,
+                   "All your base are belong to us"
+        end
+
+        it "decodes CBC/base64 string" do
+            check "!YFuiAVZgOD2K+s6y8yaMOw==|TZ1+if9ofqRKTatyUaOnfudletslMJ/RZyUwJuR/+aI=",
+                   "All your base are belong to us"
+        end
+    end
+
+    describe ".decode_aes256_ecb_plain" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_ecb_plain encoded.decode64, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes a short string" do
+            check "8mHxIA8rul6eq72a/Gq2iw==", "0123456789"
+        end
+
+        it "decodes a long string" do
+            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=", "All your base are belong to us"
+        end
+    end
+
+    describe ".decode_aes256_ecb_base64" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_ecb_base64 encoded, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes a short string" do
+            check "8mHxIA8rul6eq72a/Gq2iw==", "0123456789"
+        end
+
+        it "decodes a long string" do
+            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=", "All your base are belong to us"
+        end
+    end
+
+    describe ".decode_aes256_cbc_plain" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_cbc_plain encoded.decode64, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes a short string" do
+            check "IQ+hiIy0vGG4srsHmXChe3ehWc/rYPnfiyqOG8h78DdX", "0123456789"
+        end
+
+        it "decodes a long string" do
+            check "IcokDWmjOkKtLpZehWKL6666Uj6fNXPpX6lLWlou+1Lrwb+D3ymP6BAwd6C0TB3hSA==",
+                  "All your base are belong to us"
+        end
+    end
+
+    describe ".decode_aes256_cbc_base64" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_cbc_base64 encoded, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes a short string" do
+            check "!6TZb9bbrqpocMaNgFjrhjw==|f7RcJ7UowesqGk+um+P5ug==", "0123456789"
+        end
+
+        it "decodes a long string" do
+            check "!YFuiAVZgOD2K+s6y8yaMOw==|TZ1+if9ofqRKTatyUaOnfudletslMJ/RZyUwJuR/+aI=",
+                  "All your base are belong to us"
+        end
+    end
+
+    #
+    # Helpers
+    #
+
+    private
+
+    def with_blob &block
+        with_bytes TEST_BLOB, &block
+    end
+
+    def with_hex hex, &block
+        with_bytes hex.decode_hex, &block
+    end
+
+    def with_bytes bytes, &block
+        StringIO.open bytes do |io|
+            yield io
+        end
+    end
+end