pwss 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55b89de23284b460cea7b8ecae62a0c4e668e98f
-  data.tar.gz: 350e6f23afa3abea664808989b0f356cb6ca42a4
+  metadata.gz: d81cc493cb6f1b3dc7f917cdfa7fcbb81c844af4
+  data.tar.gz: 44c566b64b9fc0cf9b72f00a0396a9a72a400180
 SHA512:
-  metadata.gz: df29869f6f101c103cde9bd8c0326cbbdf22572fb1a13c1567b26445a79d4b163e5b0897573f3cc1ecafb8c2ae21f0fd93027cc72189053fd6c3ec30f04e4226
-  data.tar.gz: 84f87ffd3efa46fe0566458edba2c6750e754ae592fe7190865f5d0a884c25aeab75326e5bc08f3e47fa5797cf4dcdf15ceae6eb765e3c3307e2a21bd49881a9
+  metadata.gz: 33cbef0aa13c6f8cf89313fddb500a289917e4c0c1e380b77b9494b85eee0c446601091573d01525e11ac2c704ced7312283e7adb2e4b2c0c99873a27f315bcc
+  data.tar.gz: aab0df3a4bff00ec6157e442d878706312209f4085ffa96cab604e7208d6bed0f3269f2e01724a03211df77b9cda74d1026349674643e8bb4649968380623370

data/README.textile

@@ -4,68 +4,82 @@ A password manager in the spirit of "pws":https://github.com/janlelis/pws.
 
 Features:
 
-* Multiple entries can be stored in a single file
-* Entries are "complex" records, including title, username, password, url, description
-* Support for multiple password files
-* The password file can be stored encrypted or not
-* The password file is human-readable and editable (when not encrypted)
-* Decrypt and encrypt commands allow one to operate directly on the password file
+* Each entry stores: title, username, password, url, description
+* A file (or safe) can store many entries
+* The user can manage different files (safes)
+* CRUD (create, read, update, delete) commands are available to
+  operate on entries and safes
+* pwss can generate completely random passwords for you
+* Safes can be encrypted (to improve security)
+* Encrypted safes can be decrypted (for instance to batch process
+  entries, to migrate to another tool, or to manually edit entries)
+* Entries are human readable and editable (when not encrypted)
 
 h2. Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'pwss'
+bc. gem 'pwss'
 
 And then execute:
 
-    $ bundle
+bc. $ bundle
 
 Or install it yourself as:
 
-    $ gem install pwss
+bc. $ gem install pwss
 
 h2. Usage
 
-*Getting started.* @pwss@ stores passwords in YAML files (also called "password safe" in the following), possibly encrypted.
+*Getting started.* @pwss@ stores passwords in a YAML file (also called "password safe" in the following), possibly encrypted.
 
 A typical usage scenario is the following:
 
 # @pwss init@ will create a new encrypted password safe in @~/.pwss.yaml.enc@
 # @pwss add@ will add a new entry to the file
-# @pwss get entry@ will retrieve all entries whose *title* contains @entry@
+# @pwss get entry@ will retrieve all entries whose *title* contains @entry@ and make the password of the chosen entry available in the clipboard
 
-*Using multiple safes.* If you want to create your password safe in a different location, use the @-f@ (@--filename@) option:
+*Using multiple safes.* If you want to create multiple password safes or store the password safe in a non-standard location, use the @-f@ (@--filename@) option:
 
 # @pwss -f MYFILE init@
 # @pwss -f MYFILE add@
 # @pwss -f MYFILE get@
 
-*Encrypted and Plain Files.* @pwss@ works equally well with encrypted and plain files.  More in detailes, the file extension determines whether @pwss@ tries to decrypt/encrypt the file or not.  Use @.enc@ to store password safes encrypted; any other extension will leave the file in plain format.
+*Controlling how long passwords are made available* Use the @-w@ option to determine how long the password is made available in the clipboard.  For instance:
+
+bc. $ pwss get my_email -w 3
+
+will retrieve entry whose title is @my_email@ and make the password available in the clipboard for @2@ seconds.
+
+Use @0@ to keep the password in the clipboard till a key is pressed.
+
+*Automatically Generated Password* pwss can automatically generate passwords for entries which are added or updated, using the @-g LENGTH@ option, where @LENGTH@ is the length of the password to generate.  If you want to generate password including only alphabetic and numeric characters, use the @-a@ option.  *The passwords are made available in the clipboard, so that it can be used as needed*.
 
 For instance:
 
-<pre>
-  $ pwss -f a.yaml.enc init 
-</pre>
+bc. $ pwss update my_email -g 10 -a -w 20
+
+will update the @my_email@ entry, by replacing the existing password with one of length @10@ automatically generated by @pwss@; the password contains only alphabetic characters and digits.  The new password will be made available in the clipboard for @20@ seconds.
+
+*Encrypted and Plain Files.* @pwss@ works equally well with encrypted and plain files.  More in details, the file extension determines whether @pwss@ tries to decrypt/encrypt the file or not.  The @.enc@ extension tells @pwss@ that the file is encrypted; any other extension will tell @pwss@ to treat the file as plain text.
+
+For instance:
+
+bc. $ pwss -f a.yaml.enc init 
 
-will store the password in to encrypted file @a.yaml.enc@.
+will store the password in the *encrypted* file @a.yaml.enc@.
 
 By contrast,
 
-<pre>
-  $ pwss -f a.yaml get entry
-</pre>
+bc. $ pwss -f a.yaml get entry
 
-will try to retrieve @entry@ from file @a.yaml@, which is not encrypted.
+will try to retrieve @entry@ from file @a.yaml@; the file is assumed to be in plain text by @pwss@ which will not ask for a master password, nor will try to decrypt it.
 
-Encrypting important passwords is a good idea.  However, if you use @pwss@ to store non-critical infomation, prefer to edit the password safe with a text editor, or use another application for managing encryption and decryption, using @pwss@ with the file in plain format might be more convenient.
+Encrypting important passwords is a good idea. (Just in case you were looking for a witty statement.)  However, if you use @pwss@ to store non-critical infomation, prefer to edit the password safe with a text editor, or use another application for managing encryption and decryption, using @pwss@ with the file in plain format might be more convenient.
 
 *Moving from plain to encrypted.* Use the @encrypt@ and @decrypt@ commands at any time to move from the plain to the encrypted format.
 
-<pre>
-  $ pwss -f YOURFILE encrypt 
-</pre>
+bc. $ pwss -f YOURFILE encrypt 
 
 will encrypt @YOURFILE@ while @decrypt@ will perform the opposite operation.
 
@@ -78,11 +92,11 @@ In this scenario, you can use the following commands to get started:
 
 To add entries to the password safe, use the @add@ command.  If you prefer to operate on the file using a text editor, you can also use the @decrypt@ and @encrypt@ commands.
 
+*Defining your entries.*  @pwss@ requires entries to have only a @title@ and a @password@ field.  If you want you can define and store your own records in the yaml files.
+
 *Getting Help.*
 
-<pre>
-  $ pwss
-</pre>
+bc. $ pwss
 
 will show all command options.
 
@@ -120,12 +134,18 @@ Example
 
 Notice that only @title@ and @password@ are required.
 
+h2. Changelog
+
+* *Release 0.1.0*
+** the update command now allows one to update the password or any other field of existing entries
+** a simple password generator allows pwss to generate a random password
+** most commands make the password of the selected entry available in the clipboard (useful, for instance, if you automatically generate a password)
+** a destroy command allows one to delete an entry from a safe.  Similar to get, all entries matching a query are shown.  The user is then asked to select which entry has to be deleted or stop.  User confirmation is required even in case of a single match.
+
 h2. License and Additional Disclaimer
 
 Licensed under the terms of the MIT License.
 
-*Make sure you backup your important data and do not rely solely on @pwss@ to store your critical data.*
-
 h2. Contributing
 
 1. Fork it ( http://github.com/<my-github-username>/pwss/fork )

data/bin/pwss

@@ -20,20 +20,24 @@ PWSS is a password safe, in the spirit of pws
 Features:
 
 * Each entry stores: title, username, password, url, description
-* Many entries per file (or 'safe')
-* Management of different safes
-* Decrypt and encrypt commands to operate directly on safes
-* Safes are human-readable and editable (when not encrypted)
-* Safes can be stored encrypted or not
+* A file (or safe) can store many entries
+* The user can manage different files (safes)
+* CRUD (create, read, update, delete) commands are available to
+  operate on entries and safes
+* Safes can be encrypted
+* Encrypted safes can be decrypted, for instance, to batch process
+  entries, to migrate to another tool, or to manually edit entries
+* Entries are human-readable (and editable), when not encrypted
 EOS
 
-  p.syntax "pwss [global option] <subcommand> [options] args"
-  p.option 'filename', '--filename FILE', '-f FILE', 'Password file'
+  p.syntax "pwss <subcommand> [options] [args]"
+  p.option 'filename', '-f FILE', '--filename FILE', 'Password file'
+  p.option 'wait', '-w SECS', '--wait SECS', 'Number of seconds password is available in the clipboard (use 0 for interactive).'
 
   p.command(:init) do |c|
     c.syntax "init"
-    c.description "Init a new password file"
-      
+    c.description 'Init a new password file (= password safe)'
+
     c.action do |args, opts|
       filename = opts['filename']  || DEFAULT_FILENAME
 
@@ -55,7 +59,7 @@ EOS
   end
 
   p.command(:list) do |c|
-    c.syntax "list all entries"
+    c.syntax "list"
     c.description "List all entries in a safe"
       
     c.action do |args, opts|
@@ -70,31 +74,37 @@ EOS
 
   p.command(:get) do |c|
     c.syntax "get string"
-    c.description "Get first entry matching string in title"
-    c.option 'interactive', '--interactive', '-i', 'Wait for user input to clean password.'
+    c.description "Get password for entry matching <string> in the title field"
 
     c.action do |args, opts|
-      filename = opts['filename']  || DEFAULT_FILENAME
-      interactive = opts['interactive']
-
+      filename = opts['filename'] || DEFAULT_FILENAME
+      waiting = opts['wait'] ? opts['wait'].to_i : 30
+      
       string, _ = file2string filename
       entries = YAML::load(string) || Array.new
 
-      Pwss::get args.join(" "), entries, interactive
+      password = Pwss::get args.join(" "), entries
+      Cipher.password_to_clipboard password, waiting
     end
   end
 
   p.command(:add) do |c|
-    c.syntax "add an entry"
+    c.syntax "add"
     c.description "Add an entry to a password safe"
       
+    c.option "generate", "-g LENGTH", "--generate LENGTH", "automatically generate a password of length LENGTH"
+    c.option "alnum", "-a", "--alnum", "use only alphanumeric characters for the generated password"
+
     c.action do |args, opts|
       filename = opts['filename'] || DEFAULT_FILENAME
+      waiting = opts['wait'] ? opts['wait'].to_i : 30
+      length = opts['generate'] ? opts['generate'].to_i : 0
+
       string, password = file2string filename
 
       # ask for a new entry
       pe = Pwss::Entry.new
-      pe.ask
+      pe.ask length, opts['alnum']
 
       # add the entry to the safe
       entries = YAML::load(string) || Array.new
@@ -109,20 +119,39 @@ EOS
 
       FileOps::backup filename
       FileOps::save filename, new_string
+
+      puts "Entry added."
+      
+      # make password available in the clipboard
+      Cipher.password_to_clipboard pe.entry["password"], waiting
     end
   end
 
   p.command(:update) do |c|
-    c.syntax "update the password for an entry"
-    c.description "Update the password for an entry"
+    c.syntax "update a field of an existing entry"
+    c.description "Update some field of an existing entry (default: password)"
+
+    c.option 'field', '--field FIELD', 'Field to update (if not specified, update the password field)'
+    c.option "generate", "-g LENGTH", "--generate LENGTH", "generate a password of length LENGTH"
+    c.option "alnum", "-a", "--alnum", "use only alphabetic and numeric characters for the generated password"
 
     c.action do |args, opts|
       filename = opts['filename'] || DEFAULT_FILENAME
+      waiting = opts['wait'] ? opts['wait'].to_i : 30
+      length = opts['generate'] ? opts['generate'].to_i : 0
+      field = opts['field']
+
       string, password = file2string filename
 
       # load entries and update 
       entries = YAML::load(string) || Array.new
-      entries = Pwss::update args.join(" "), entries
+
+      if field then
+        entries, entry_password = Pwss::update_field args.join(" "), entries, field
+      else
+        # update password
+        entries, entry_password = Pwss::update args.join(" "), entries, length, opts["alnum"]
+      end
 
       # check status of input file and encrypt if necessary
       if FileOps::encrypted? filename then
@@ -133,13 +162,23 @@ EOS
 
       FileOps::backup filename
       FileOps::save filename, new_string
+
+      puts "Entry updated."
+
+      # copy to clipboard the new password
+      Cipher.password_to_clipboard entry_password, waiting
     end
   end    
 
 
   p.command(:destroy) do |c|
-    c.syntax "delete an entry"
-    c.description "Permenently delete an entry from a safe"
+    c.syntax "destroy string"
+    c.description "Show entries matching <string> and let the user select one to destroy"
+
+    # Look for entries matching string, offer the user to select one of the
+    # matching entries, and destroy the entry.  
+    # The command asks for confirmation even if there is only one matching entry.
+    # Destroyed entries cannot be recovered (unless you dig in the backup file).
       
     c.action do |args, opts|
       filename = opts['filename'] || DEFAULT_FILENAME
@@ -158,6 +197,8 @@ EOS
 
       FileOps::backup filename
       FileOps::save filename, new_string
+
+      puts "Entry deleted."
     end
   end
   
@@ -198,6 +239,7 @@ EOS
       dec_filename = filename.sub(/\.enc$/,"")
       FileOps::save dec_filename, decrypted
       puts "A decrypted copy now lives in #{dec_filename}"
+      puts "You might want to check everything is ok and delete #{filename}, if you wish."
     end
   end
 

data/lib/pwss.rb

@@ -7,51 +7,47 @@ require 'yaml'
 
 module Pwss
 
-  WAITING_PERIOD=30 # seconds
-
-  def self.get search_string, entries, interactive
+  def self.get search_string, entries
     id = choose_entry search_string, entries
 
-    # it causes confusion ... here id is the absolute id
-    # (the one printed by choose_entry is the relative match)
-    # puts "Selected entry:\n"
-    # print_entry id, entries[id]
-
-    #
-    # make the password available and then forget it
-    #
-    password = entries[id]["password"]
-    system("echo #{password} | pbcopy")
+    entries[id]["password"]
+  end
 
-    if interactive
-      puts "\nPassword available in clipboard: press any key when you are done."
-      STDIN.getc
-    else
-      puts "\nPassword available in clipboard for #{WAITING_PERIOD} seconds."
-      sleep(WAITING_PERIOD)
-    end
 
-    system("echo ahahahahaha | pbcopy")
-  end
+  def self.update search_string, entries, length, alnum
+    id = choose_entry search_string, entries, true
 
+    password = Cipher.check_or_generate "new password for entry", length, alnum
 
-  def self.update search_string, entries
-    id = choose_entry search_string, entries
-    password = Cipher::check_password
     entries[id]["password"] = password
-    entries
+    entries[id]["updated_at"] = Date.today
+
+    return entries, password
   end
     
+  def self.update_field search_string, entries, field
+    id = choose_entry search_string, entries, true
+
+    field_value = Readline.readline("\nEnter new value for #{field}: ")
+    
+    entries[id][field] = field_value
+    entries[id]["updated_at"] = Date.today
+    password = entries[id]["password"]
+    
+    return entries, password
+  end
+
 
   def self.destroy search_string, entries
-    id = choose_entry search_string, entries
+    id = choose_entry search_string, entries, true
+
     entries.delete_at(id) if id != -1
     entries
   end
   
 
   def self.list entries
-    index = 0
+    index = 0 
     entries.each do |element|
       print_entry index, element
       index += 1
@@ -64,11 +60,13 @@ module Pwss
   # Let the user select an entry from data
   # (data is a YAML string with an array of entries)
   #
-  def self.choose_entry search_string, entries
+  def self.choose_entry search_string, entries, confirm_even_if_one = false
     # here we have a nuisance: we want the user to choose one entry
     # by relative id (e.g. the third found), but we need to return
-    # the absolute id... so we just keep track of the real ids with an array
-    # we ask the user the index of the array
+    # the absolute id (to update the right entry in the safe)
+    #
+    # ... so we just keep track of the real ids with an array
+    #     the relative id is the index in the array
 
     index = 0
     found = Array.new
@@ -81,20 +79,29 @@ module Pwss
     end
 
     if found.size == 0 then
-      printf "\nNo entry matches the search criteria."
-      return -1
+      printf "No entry matches the search criteria.\n"
+      exit -1
     end
 
-    if found.size > 1 then
-      printf "\nVarious matches. Select entry by ID (0..#{found.size-1}): "
+    if found.size > 1 or confirm_even_if_one then
+      printf "\nVarious matches." if found.size > 1
+      printf "\nSelect entry by ID (0..#{found.size-1}) or -1 to exit: "
+
       id = STDIN.gets.chomp.to_i
+      while (id < -1 or id >= found.size)
+        printf "Select entry by ID (0..#{found.size-1}) or -1 to exit: "
+        id = STDIN.gets.chomp.to_i
+      end
+      if id == -1 then
+        exit -1
+      end
     else
       id = 0
     end
 
     found[id]
   end
-
+  
   #
   # Print entry
   #

data/lib/pwss/cipher.rb

@@ -24,11 +24,11 @@ module Cipher
   end
 
   # Ask for a password twice and make sure it is entered the same
-  def self.check_password prompt="master password: "
+  def self.check_password prompt="master password"
     match = false
     while ! match
-      password = ask_password "Enter #{prompt}"
-      repeat = ask_password "Repeat #{prompt}"
+      password = ask_password "Enter #{prompt}: "
+      repeat = ask_password "Repeat #{prompt}: "
       match = (password == repeat)
 
       if match == false then
@@ -37,4 +37,38 @@ module Cipher
     end
     password
   end
+
+  # Ask for a password (twice) or generate one, if length is greater than 0
+  def self.check_or_generate prompt, length=0, alnum=false
+    length > 0 ? generate_password(length, alnum) : check_password(prompt)
+  end
+
+  #
+  # make the password available to the clipboard.
+  #
+  def self.password_to_clipboard password, counter = 30
+    system("printf \"%s\" \"#{password}\" | pbcopy")
+
+    if counter <= 0
+      puts "\nPassword available in clipboard: press enter when you are done."
+      STDIN.getc
+    else
+      puts "\nPassword available in clipboard for #{counter} seconds."
+      sleep(counter)
+    end
+
+    system("echo ahahahahaha | pbcopy")
+  end
+
+  private
+
+  # Generate a random password
+  # (Adapted from: http://randompasswordsgenerator.net/tutorials/ruby-random-password-generator.html)
+  def self.generate_password(length=8, alnum=false)  
+    chars = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ1234567890'  
+    chars += '!@#$%^&*()_+=[]{}<>/~,.;:|' if not alnum
+    Array.new(length) { chars[rand(chars.length)].chr }.join  
+  end
+
+
 end

data/lib/pwss/entry.rb

@@ -14,8 +14,9 @@ module Pwss
     FIELDS = {
       "title"       => ["Readline.readline('title: ')", "'title'"],
       "username"    => ["Readline.readline('username: ')", "''"],
-      "password"    => ["Cipher.check_password('password for entry: ')", "''"],
-      "added"       => ["", "Date.today.to_s"],
+      "password"    => ["Cipher.check_or_generate('password for entry', length, alnum)", "''"],
+      "created_at"  => ["", "Date.today"],
+      "updated_at"  => ["", "nil"],
       "url"         => ["Readline.readline('url: ')", "''"],
       "description" => ["get_lines",   "''"]
     }
@@ -28,7 +29,8 @@ module Pwss
     end
 
     # interactively ask from command line all fields specified in FIELDS
-    def ask
+    # arguments length and alnum are for password generation
+    def ask length, alnum
       FIELDS.keys.each do |key|
         @entry[key] = (eval FIELDS[key][INPUT_F]) || (eval FIELDS[key][DEFAULT])
       end

data/lib/pwss/fileops.rb

@@ -16,6 +16,7 @@ module FileOps
     file = File.open(filename, "wb")
     file.write data
     file.close
+    puts "Password safe #{filename} updated."
   end
 
   # check if the extension is ".enc"
@@ -25,6 +26,7 @@ module FileOps
 
   def self.backup filename
     FileUtils::cp filename, filename + "~"
+    puts "Backup copy of password safe created in #{filename}~."
   end
   
 end

data/lib/pwss/version.rb

@@ -1,3 +1,3 @@
 module Pwss
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

data/pwss.gemspec

@@ -27,6 +27,6 @@ Distinguishing features:
   spec.add_development_dependency "bundler", "~> 1.5"
   spec.add_development_dependency "rake"
 
-  spec.add_runtime_dependency 'mercenary', '~> 0.3.3', '>= 0.3.3'
+  spec.add_runtime_dependency 'mercenary', '~> 0.3.4', '>= 0.3.4'
   spec.add_runtime_dependency 'encryptor', '~> 1.3.0', '>= 1.3.0'     
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwss
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Adolfo Villafiorita
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-01 00:00:00.000000000 Z
+date: 2014-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,20 +44,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.4
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.3.4
 - !ruby/object:Gem::Dependency
   name: encryptor
   requirement: !ruby/object:Gem::Requirement