pwss 0.5.1 → 0.6.0

data/Rakefile

@@ -1 +1,10 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "pwss"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/pwss

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'pwss'
+
+# read-eval-print-step passing all commands and the argument
+Pwss::CommandSemantics.reps Pwss::CommandSyntax.commands, ARGV

data/lib/pwss.rb

@@ -1,127 +1,17 @@
-require 'yaml'
-
-#
-# This module reasons at the entries level
-# (list of entry)
-#
-
-module Pwss
-
-  # entry_no is the relative id of an entry, specified by the user from the command line
-  # (useful when the search criteria returns more than one match, in an order which is known
-  # to the user)
-  def self.get search_string, entries, entry_no = nil
-    id = choose_entry search_string, entries, false, entry_no
-
-    entries[id]["password"]
-  end
-
-
-  def self.update search_string, entries, length, alnum
-    id = choose_entry search_string, entries, true
-
-    password = Cipher.check_or_generate "new password for entry", length, alnum
-
-    entries[id]["password"] = password
-    entries[id]["updated_at"] = Date.today
-
-    return entries, password
-  end
-    
-  def self.update_field search_string, entries, field
-    id = choose_entry search_string, entries, true
-
-    field_value = Readline.readline("\nEnter new value for #{field}: ")
-    
-    entries[id][field] = field_value
-    entries[id]["updated_at"] = Date.today
-    password = entries[id]["password"]
-    
-    return entries, password
-  end
-
-
-  def self.destroy search_string, entries
-    id = choose_entry search_string, entries, true
-
-    entries.delete_at(id) if id != -1
-    entries
-  end
-  
-
-  def self.list entries
-    index = 0 
-    entries.each do |element|
-      print_entry index, element
-      index += 1
-    end
-  end
-
-  private
-
-  #
-  # Let the user select an entry from data
-  # (data is a YAML string with an array of entries)
-  #
-  def self.choose_entry search_string, entries, confirm_even_if_one = false, entry_no = nil
-    # here we have a nuisance: we want the user to choose one entry
-    # by relative id (e.g. the third found), but we need to return
-    # the absolute id (to update the right entry in the safe)
-    #
-    # ... so we just keep track of the real ids with an array
-    #     the relative id is the index in the array
-
-    found = Array.new
-    entries.each_with_index do |entry, index|
-      if entry["title"].downcase.include?(search_string.downcase)
-        found << index
-      end
-    end
-
-    if found.size == 0 then
-      printf "No entry matches the search criteria.\n"
-      exit -1
-    end
-
-    if entry_no then
-      # accept entry_no even if there is one entry
-      id = entry_no
-    elsif found.size > 1 or confirm_even_if_one then
-      # print the entry or the entries found together with their relative ids
-      found.each_with_index do |absolute_index, relative_index|
-        print_entry relative_index, entries[absolute_index]
-      end
-
-      printf "\nVarious matches." if found.size > 1
-      
-      printf "\nSelect entry by ID (0..#{found.size-1}); -1 or empty string to exit: "
-      response = Readline.readline
-      id = response == "" ? -1 : response.to_i
-      while (id < -1 or id >= found.size)
-        response = Readline.readline "Select entry by ID (0..#{found.size-1}); -1 or empty string to exit: "
-        id = response == "" ? -1 : response.to_i
-      end
-      if id == -1 then
-        exit -1
-      end
-    else
-      id = 0
-      print_entry 0, entries[found[id]]
-    end
-
-    found[id]
-  end
-  
-  #
-  # Print entry
-  #
-  def self.print_entry id, element
-    puts "\n---\nENTRY ID: #{id}"
-    # we need to duplicate, because deletion in place will remove
-    # passwords from entries (and, frankly, we need them)
-    new_el = element.dup
-    new_el.delete("password")
-    puts new_el.to_yaml
-  end
-  
-end
+require 'pwss/generators/fields'
+require 'pwss/generators/entry'
+require 'pwss/generators/code'
+require 'pwss/generators/bank_account'
+require 'pwss/generators/credit_card'
+require 'pwss/generators/software_license'
+require 'pwss/generators/sim.rb'
+
+require 'pwss/cipher'
+require 'pwss/fileops'
+require 'pwss/safe'
+require 'pwss/password'
+
+require 'pwss/cli/command_syntax'
+require 'pwss/cli/command_semantics'
+
+require 'pwss/version'

data/lib/pwss/cipher.rb

@@ -1,85 +1,22 @@
 require 'encryptor'
- 
+
 #
 # Cipher does encryption and decryption of data
 # It reasons at the string level (both in input and in output)
 #
-module Cipher
-  def self.encrypt string, password
-    Encryptor.encrypt(:value => string, :key => password)
-  end
-
-  def self.decrypt string, password
-    begin
-      Encryptor.decrypt(:value => string, :key => password)
-    rescue Exception => e
-      puts "Unable to decrypt. Exiting"
-      exit 1
+module Pwss
+  module Cipher
+    def self.encrypt string, password
+      Encryptor.encrypt(:value => string, :key => password)
     end
-  end
-
-  # Ask for a password fom the command line
-  def self.ask_password prompt="Enter master password: "
-    printf prompt
-    system "stty -echo"
-    password = $stdin.gets.chomp
-    system "stty echo"
-    puts ""
-    password
-  end
-
-  # Ask for a password twice and make sure it is entered the same
-  def self.check_password prompt="master password"
-    match = false
-    while ! match
-      password = ask_password "Enter #{prompt}: "
-      repeat = ask_password "Repeat #{prompt}: "
-      match = (password == repeat)
 
-      if match == false then
-        puts "Error! Password do not match.  Please enter them again."
+    def self.decrypt string, password
+      begin
+        Encryptor.decrypt(:value => string, :key => password)
+      rescue Exception => e
+        puts "Unable to decrypt. Exiting"
+        exit 1
       end
     end
-    password
   end
-
-  # Ask for a password (twice) or generate one, if length is greater than 0
-  def self.check_or_generate prompt, length=0, alnum=false
-    length > 0 ? generate_password(length, alnum) : check_password(prompt)
-  end
-
-  #
-  # make the password available to the clipboard.
-  #
-  def self.password_to_clipboard password, counter = 30
-    old_clipboard = `pbpaste`
-    system("printf \"%s\" \"#{password}\" | pbcopy")
-
-    begin
-      if counter <= 0
-        STDIN.flush
-        puts "\nPassword available in clipboard: press enter when you are done."
-        STDIN.getc
-      else
-        puts "\nPassword available in clipboard for #{counter} seconds."
-        sleep(counter)
-      end
-      system("printf \"#{old_clipboard}\" | pbcopy")
-    rescue Exception => e
-      system("printf \"#{old_clipboard}\" | pbcopy")
-      puts "Clipboard restored. Exiting."
-    end
-  end
-
-  private
-
-  # Generate a random password
-  # (Adapted from: http://randompasswordsgenerator.net/tutorials/ruby-random-password-generator.html)
-  def self.generate_password(length=8, alnum=false)  
-    chars = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ1234567890'  
-    chars += '!@#$%^&*()_+=[]{}<>/~,.;:|' if not alnum
-    Array.new(length) { chars[rand(chars.length)].chr }.join  
-  end
-
-
 end

data/lib/pwss/cli/command_semantics.rb

@@ -0,0 +1,402 @@
+require 'pwss/version'
+
+module Pwss
+  # what we are supposed to do with each command
+  module CommandSemantics
+    VERSION = Pwss::VERSION
+    # TODO: make the list of entries read from code 
+    MAN = <<EOS
+NAME
+  pwss -- A command-line password manager
+
+SYNOPSYS
+  pwss command [options] [args]
+
+DESCRIPTION
+  PWSS is a password manager, in the spirit of pass and pws.
+
+  Features:
+
+  * PWSS manages password *files*:
+    - A password file can store different entries (password and other
+      sensitive information)
+    - The user can manage different password files (e.g., work, personal)
+
+  * Entries in a password file can be of different types.  Each type stores
+    different information.  Use the 'describe' command for more info about 
+    the available types and their fields.
+
+  * Password files can be encrypted
+
+  * Encrypted password files can be decrypted, for instance, to batch process
+    entries, to migrate to another tool, or to manually edit entries
+
+  * Entries are human-readable (and editable), when the password file is not
+    encrypted
+
+  * A console allows to decrypt a file once and perform multiple queries
+
+EXAMPLES
+  pwss help                             # get syntax of each command
+
+  # scenario
+  pwss init -f a.enc                    # generate an encrypted safe a.enc
+  pwss add -f a.enc                     # add an entry (pwss will generate a random 16-char password)
+  pwss get -f a.enc my secret account   # find an entry
+  pwss console -f a.enc                 # decrypt a.enc and enter the pwss console to operate on a.enc
+
+VERSION
+  This is version #{VERSION}
+
+LICENSE
+  MIT
+
+SEE ALSO
+  pwss man
+  pwss help
+  https://github.com/avillafiorita/pwss
+EOS
+
+    # the default filename
+    # YOU SHOULDN'T BE USING THESE CONTANSTS. USE `default_filename` INSTEAD
+    DEFAULT_BASENAME = File.join(Dir.home, ".pwss.yaml")
+    DEFAULT_FILENAME = DEFAULT_BASENAME + ".gpg"
+
+    # return the default filename
+    # 
+    # this is obtained by looking for plain text or encryped versions
+    # of the DEFAULT_BASENAME, with the following priority: .enc,
+    # .gpg, plain text.
+    #
+    # If no file is found (like it might be the case when running the
+    # init command), use GPG
+    def self.default_filename
+      [".enc", ".gpg", ""].each do |ext|
+        filename = DEFAULT_BASENAME + ext
+        return filename if File.exist?(filename)
+      end
+      return DEFAULT_FILENAME
+    end
+
+    # return true if the default basename appears with different
+    # extensions.
+    #
+    # for instance: if the DEFAULT_BASENAME appears both with .gpg and .enc
+    # (or plain and encrypted).
+    #
+    # This is potentially a problem, since all operations are
+    # performed on a different file from the one the user believes it
+    # is operating on.
+    def self.ambiguous_default
+      [".enc", ".gpg", ""].map { |ext| File.exist?(DEFAULT_BASENAME + ext) }.count(true) > 1
+    end
+    
+    # return true if none of the default files exist
+    def self.no_default
+      [".enc", ".gpg", ""].map { |ext| File.exist?(DEFAULT_BASENAME + ext) }.count(true) == 0
+    end
+
+    # return all the default safes we look for
+    def self.all_safes
+      [".enc", ".gpg", ""].map { |ext| DEFAULT_BASENAME + ext }
+    end
+
+    # return the existing safes
+    def self.existing_safes
+      [".enc", ".gpg", ""].map { |ext| DEFAULT_BASENAME + ext }.select { |x| File.exist?(x) }
+    end      
+
+    # cache is the content of the file last operated on
+    # is it used 
+    @@cache = nil
+    
+    def self.version opts = nil, argv = []
+      puts "pwss version #{VERSION}"
+    end
+
+    def self.man opts = nil, argv = []
+      puts MAN
+    end
+
+    def self.help opts = nil, argv = []
+      all_commands = Pwss::CommandSyntax.commands
+      
+      if argv != []
+        argv.map { |x| puts all_commands[x.to_sym][0] }
+      else
+        puts "pwss command [options] [args]"
+        puts ""
+        puts "Available commands:"
+        puts ""
+        all_commands.keys.each do |key|
+          puts "  " + all_commands[key][0].banner
+        end
+      end
+    end
+
+    def self.describe  opts = nil, argv = []
+      if opts[:type]
+        types = [("Pwss::" + opts[:type].capitalize).to_sym]
+      else
+        types = [Pwss::Entry] + ObjectSpace.each_object(Class).select { |klass| klass < Pwss::Entry }
+      end
+      types.each do |type|
+        t = eval("#{type}.new")
+        puts "#{type.to_s.gsub("Pwss::", "").downcase}:\n  #{t.fields.join(", ")}\n\n"
+      end
+    end
+    
+    def self.init opts, argv = []
+      filename = opts[:filename] || @@cache.filename || DEFAULT_FILENAME
+
+      if File.exist?(filename)
+        raise "Error: file #{filename} already exists."
+      end
+
+      safe = Pwss::Safe.new filename
+      safe.save
+      
+      puts "New safe created in #{filename}"
+    end
+
+    def self.list opts, argv = []
+      safe = use_safe opts[:filename]
+      clean = opts[:clean]
+
+      cleaned_entries = safe.prune(["created_at", "updated_at"]).map { |x| Pwss::Fields.to_clean_hash x }
+      puts cleaned_entries.to_yaml
+    end
+    
+    def self.get opts, argv
+      waiting = opts[:wait]
+      stdout_opt = opts[:stdout]
+      field_name = opts[:field] || "password"
+      hide = opts[:hide]
+      string = argv.join(" ")
+      
+      safe = use_safe opts[:filename]
+      entries_with_idx = safe.match string
+      id = Pwss::Safe.choose_entry entries_with_idx
+      if id != -1 then
+        puts (hide ? safe.get_pruned(id).to_yaml : safe.get(id).to_yaml )
+        field_value = safe.get_field id, field_name
+        if field_value then
+          stdout_opt ? printf("%s", field_value) : Pwss::Password.to_clipboard(field_name, field_value, waiting)
+        end
+      end
+    end
+
+    def self.add_entry opts, argv
+      waiting  = opts[:wait]
+      type     = opts[:type] || "entry"
+      strategy = opts[:ask] ? "ask" : (opts[:method] || "random")
+      length   = opts[:length]
+
+      safe = use_safe opts[:filename]
+
+      # the title can be specified in the argument
+      arguments = Hash.new
+      arguments["title"] = argv.join(" ") if argv != []
+      arguments[:strategy] = strategy
+      arguments[:length] = length
+
+      new_entry = eval("Pwss::" + type.capitalize).new
+      new_entry.ask arguments
+
+      puts "Adding entry '#{new_entry.entry["title"]}' of type '#{type}' to #{safe.filename}"
+      safe.add new_entry.entry
+      safe.save
+      puts "Entry added"
+      
+      # make password available in the clipboard, if there is a password to make available
+      if new_entry.entry["password"] 
+        Pwss::Password.to_clipboard "password", new_entry.entry["password"], waiting
+      end
+    end
+
+    def self.update opts, argv
+      field    = (opts.to_hash[:password] or opts.to_hash[:method] or opts.to_hash[:ask]) ? "password" : opts.to_hash[:field]
+      strategy = opts.to_hash[:ask] ? "ask" : (opts.to_hash[:method] || "random")
+      length   = opts.to_hash[:length]
+      waiting  = opts.to_hash[:wait]
+      string   = argv.join(" ") # the entry we are looking for
+
+      if not field then
+        raise "Error: please specify a field to update (use --field, -p, or --ask)"
+      end
+
+      safe = use_safe opts[:filename]
+
+      entries_with_idx = safe.match string
+      id = Pwss::Safe.choose_entry entries_with_idx, true
+      if id != -1 then
+        field_value = Pwss::Fields.ask field, { strategy: strategy, length: length }
+        puts "Updating #{field} field of '#{safe.entries[id]["title"]}' in #{safe.filename}"
+        safe.update id, field, field_value
+        safe.save
+        puts "Entry updated"
+        
+        # make the field available in the clipboard, just in case it is needed
+        if field == "password"
+          Pwss::Password.to_clipboard "password", field_value, waiting
+        end
+      end
+    end
+    
+    def self.destroy opts, argv
+      safe = use_safe opts[:filename]
+
+      string = argv.join(" ")
+      entries_with_idx = safe.match string
+      id = Pwss::Safe.choose_entry entries_with_idx, true    
+      if id != -1 then
+        safe.destroy id
+        safe.save
+      end
+    end
+
+    def self.encrypt opts, argv = []
+      # filename: use the one passed from the cli or the cached one or .pwss.yaml DEFAULT_*BASE*NAME
+      filename = opts[:filename] || (@@cache ? @@cache.filename : DEFAULT_BASENAME)
+      encryption = opts[:symmetric] ? :enc : :gpg
+
+      if not File.exist?(filename)
+        raise "Error: file #{filename} does not exist."
+      end
+
+      if Pwss::FileOps.encrypted? filename
+        raise "Error: #{filename} ends with '.gpg' or '.enc' (and I assume these files to be encrypted)"
+      end
+
+      if encryption == :enc then
+        password = Pwss::Password.ask_password_twice
+        if password == "" then
+          raise "Error: Please specify a non-empty password."
+        end  
+      else
+        password = nil # it will be asked by GPG
+      end
+      
+      safe = use_safe filename
+      safe.toggle_encryption :password => password, :schema => encryption
+      safe.save
+      puts "An encrypted copy now lives in #{safe.filename}"
+      puts "You might want to check everything is ok and delete the plain file: #{filename}"
+      puts "If you do nothing, the next pwss command will run on #{default_filename}"
+    end
+
+    def self.decrypt opts, argv = []
+      # filename: passed from options, cached one or, in order, .gpg, .enc, plain (but plain will fail)
+      filename = opts[:filename] || (@@cache ? @@cache.filename : default_filename)
+
+      if not File.exist?(filename)
+        raise "Error: file #{filename} does not exist."
+      end
+
+      if not Pwss::FileOps.encrypted? filename
+        raise "Error: #{filename} does not end with '.gpg' or '.enc' (and I assume it to be in plain text)"
+      end
+
+      safe = use_safe filename
+      safe.toggle_encryption
+      safe.save
+      puts "A plain text copy now lives in #{safe.filename}"
+      puts "You might want to check everything is ok and delete the plain file: #{filename}"
+      puts "If you do nothing, the next pwss command will run on #{default_filename}"
+    end
+
+    def self.console opts, argv = []
+      all_commands = Pwss::CommandSyntax.commands
+      all_commands.delete(:console)
+      open opts, argv # open and cache the file
+      
+      i = 0
+      while true
+        string = Readline.readline('pwss:%03d> ' % i, true)
+        string.gsub!(/^pwss /, "") # as a courtesy, remove any leading pwss string
+        if string == "exit" or string == "quit" or string == "." then
+          exit 0
+        end
+        reps all_commands, string.split(' ')
+        i = i + 1
+      end
+    end
+
+    def self.open opts, argv = []
+      filename = opts[:filename] || default_filename
+      @@cache = load_safe filename
+      puts "Loaded #{filename}"
+    end
+
+    def self.default opts, argv = []
+      if @@cache
+        @@cache.filename
+      elsif self.no_default
+        puts "No default password file found."
+        puts "Use -f if you have a password file stored somewhere else."
+        puts "pwss init will create #{default_filename}."
+      elsif self.ambiguous_default
+        puts "Operating on #{default_filename}."
+        puts "Warning: #{existing_safes.join(", ")} exist."
+      else
+        puts "Operating on #{default_filename}"
+      end
+    end
+    
+    # read-eval-print step
+    def self.reps all_commands, argv
+      if argv == []
+        Pwss::CommandSemantics.help
+        exit 0
+      else
+        command = argv[0]
+        syntax_and_semantics = all_commands[command.to_sym]
+
+        if syntax_and_semantics
+          opts = syntax_and_semantics[0]
+          function = syntax_and_semantics[1]
+          
+          begin
+            parser = Slop::Parser.new(opts)
+            result = parser.parse(argv[1..-1])
+            options = result.to_hash
+            arguments = result.arguments
+
+            eval "Pwss::CommandSemantics::#{function}(options, arguments)"
+          rescue Slop::Error => e
+            puts "pwss: #{e}"
+          rescue Exception => e
+            puts e
+          end
+        else
+          puts "pwss: '#{command}' is not a pwss command. See 'pwss help'"
+        end
+      end
+    end
+
+    private
+
+    # use a specific filename (if specified), try @@cache if -f is not specified, or the default filename
+    def self.use_safe filename
+      if filename then
+        load_safe filename
+      elsif @@cache then
+        @@cache
+      else
+        load_safe default_filename
+      end
+    end
+
+    # load a password safe
+    def self.load_safe filename
+      if File.exist?(filename)
+        safe = Pwss::Safe.new filename
+        safe.load
+        safe
+      else
+        raise "Error: file #{filename} does not exist."
+      end
+    end
+
+  end
+end