sym 2.3.0 → 2.4.3

data/lib/sym.rb

@@ -2,14 +2,19 @@ require 'colored2'
 require 'zlib'
 require 'logger'
 
-require_relative 'sym/configuration'
+require 'sym/configuration'
+require 'sym/constants'
+require 'sym/version'
+require 'sym/errors'
 
 Sym::Configuration.configure do |config|
-  config.password_cipher     = 'AES-128-CBC'
-  config.data_cipher         = 'AES-256-CBC'
-  config.private_key_cipher  = config.data_cipher
-  config.compression_enabled = true
-  config.compression_level   = Zlib::BEST_COMPRESSION
+  config.password_cipher          = 'AES-128-CBC'
+  config.data_cipher              = 'AES-256-CBC'
+  config.private_key_cipher       = config.data_cipher
+  config.compression_enabled      = true
+  config.compression_level        = Zlib::BEST_COMPRESSION
+  config.encrypted_file_extension = 'enc'
+  config.default_key_file         = Sym::Constants::SYM_KEY_FILE
 
   config.password_cache_timeout          = 300
 
@@ -117,15 +122,23 @@ module Sym
     end
   end
 
-  COMPLETION_FILE        = '.sym.completion'.freeze
-  COMPLETION_PATH        = "#{ENV['HOME']}/#{COMPLETION_FILE}".freeze
-  NIL_LOGGER             = Logger.new(nil).freeze # empty logger
-  LOGGER                 = Logger.new(STDOUT).freeze
-  ENV_ARGS_VARIABLE_NAME = 'SYM_ARGS'.freeze
+  class << self
+    def config
+      Sym::Configuration.config
+    end
+
+    def default_key_file
+      config.default_key_file
+    end
+
+    def default_key
+      File.read(default_key_file) rescue nil
+    end
+
+    def default_key?
+      File.exist?(default_key_file)
+    end
 
-  BASH_COMPLETION        = {
-    file:   File.expand_path('../../bin/sym.completion', __FILE__),
-    script: "[[ -f '#{COMPLETION_PATH}' ]] && source '#{COMPLETION_PATH}'",
-  }.freeze
+  end
 end
 

data/lib/sym/app.rb

@@ -26,7 +26,7 @@ module Sym
     end
 
     def self.log(level, *args, **opts)
-      Sym::LOGGER.send(level, *args) if opts[:debug]
+      Sym::Constants::Log::LOG.send(level, *args) if opts[:debug]
     end
 
     def self.error(config: {},
@@ -70,9 +70,7 @@ module Sym
   end
 end
 
-require 'sym/version'
 require 'sym/app/short_name'
-
 require 'sym/app/args'
 require 'sym/app/cli'
 require 'sym/app/commands'

data/lib/sym/app/args.rb

@@ -5,7 +5,7 @@ module Sym
 
       OPTIONS_REQUIRE_KEY    = %i(encrypt decrypt edit)
       OPTIONS_KEY_CREATED    = %i(generate)
-      OPTIONS_SPECIFY_KEY    = %i(private_key interactive keyfile keychain)
+      OPTIONS_SPECIFY_KEY    = %i(key interactive keychain)
       OPTIONS_SPECIFY_OUTPUT = %i(output quiet)
 
       attr_accessor :opts, :selected_options
@@ -32,6 +32,10 @@ module Sym
         Sym::App::Output.outputs[output_type]
       end
 
+      def provided_options
+        opts.to_hash.keys.reject { |k| !opts[k] }
+      end
+
       private
       def do?(list)
         !(list & selected_options).empty?

data/lib/sym/app/cli.rb

@@ -58,12 +58,14 @@ module Sym
 
       attr_accessor :opts, :application, :outputs, :output_proc
 
-      def initialize(argv_original)
-        env_args = ENV[ENV_ARGS_VARIABLE_NAME]
+      def initialize(argv)
         begin
-          argv = argv_original.dup
-          argv << env_args.split(' ') if env_args && !(argv.include?('-M') or argv.include?('--no-environment'))
+          argv << args_from_environment(argv)
           argv.flatten!
+          argv.compact!
+          argv_original = argv.dup
+          # Re-map any leg  acy options to the new options
+          argv = CLI.replace_argv(argv)
           dict      = argv.delete('--dictionary')
           self.opts = parse(argv)
           command_dictionary if dict
@@ -72,11 +74,23 @@ module Sym
           return
         end
 
-        command_no_color(argv_original) if opts[:no_color]
+        # Disable coloring if requested, or if piping STDOUT
+        if opts[:no_color] || !STDOUT.tty?
+          command_no_color(argv_original)
+        end
+
         self.application = ::Sym::Application.new(opts)
         select_output_stream
       end
 
+      def args_from_environment(argv)
+        env_args = ENV[Sym::Constants::ENV_ARGS_VARIABLE_NAME]
+        if env_args && !(argv.include?('-M') or argv.include?('--no-environment'))
+          env_args.split(' ')
+        else
+          []
+        end
+      end
 
       def execute
         return Sym::App.exit_code if Sym::App.exit_code != 0
@@ -95,6 +109,40 @@ module Sym
         @command ||= self.application&.command
       end
 
+      def opts_present
+        o = opts.to_hash
+        o.keys.map { |k| opts[k] ? nil : k }.compact.each { |k| o.delete(k) }
+        o
+      end
+
+      class << self
+        # Re-map any legacy options to the new options
+        ARGV_FLAG_REPLACE_MAP = {
+          'C' => 'c'
+        }
+
+        def replace_regex(from)
+          %r{^-([\w]*)#{from}([\w]*)$}
+        end
+
+        def replace_argv(argv)
+          argv = argv.dup
+          replacements = []
+          ARGV_FLAG_REPLACE_MAP.each_pair do |from, to|
+            argv.map! do |a|
+              match = replace_regex(from).match(a)
+              if match
+                replacements << from
+                "-#{match[1]}#{to}#{match[2]}"
+              else
+                a
+              end
+            end
+          end
+          argv
+        end
+      end
+
       private
 
       def command_dictionary
@@ -114,7 +162,7 @@ module Sym
         unless output_klass && output_klass.is_a?(Class)
           raise "Can not determine output class from arguments #{opts.to_hash}"
         end
-        self.output_proc = output_klass.new(self).output_proc
+        self.output_proc = output_klass.new(application.opts).output_proc
       end
 
       def command_no_color(argv)

data/lib/sym/app/cli_slop.rb

@@ -1,3 +1,6 @@
+require 'sym/version'
+require 'sym/app/password/providers'
+
 module Sym
   module App
     module CLISlop
@@ -6,25 +9,34 @@ module Sym
 
           o.banner = "Sym (#{Sym::VERSION}) – encrypt/decrypt data with a private key\n".bold.white
           o.separator 'Usage:'.yellow
-          o.separator '   # Generate a new key...'.dark
-          o.separator '   sym -g '.green.bold + '[ -p ] [ -x keychain | -o keyfile | -q | ]  '.green
+          o.separator '   # Generate a new key, optionally password protected, and save it'.dark
+          o.separator '   # in one of: keychain, file, or STDOUT (-q turns off STDOUT) '.dark
+          o.separator '   sym -g '.green.bold + '[ -p/--password ] [ -x keychain | -o file | ] [ -q ]  '.green
+          o.separator ''
+          o.separator '   # To specify encryption key, provide the key as '.dark
+          o.separator '   #   1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable, '.dark
+          o.separator '   #   5) use -i to paste/type the key, 6) default key file, if present.'.dark
+          o.separator '   ' + key_spec + ' = -k/--key [ key | file | keychain | env ]'.green.bold
+          o.separator '                -i/--interactive'.green.bold
+
           o.separator ''
-          o.separator '   # To specify a key for an operation use one of...'.dark
-          o.separator '   ' + key_spec + ' = -k key | -K file | -x keychain | -i '.green.bold
+          o.separator '   # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:'.dark
+          o.separator '   sym -e/--encrypt '.green.bold + key_spec + ' [-f [file | - ] | -s string ] [-o file] '.green
+          o.separator '   sym -d/--decrypt '.green.bold + key_spec + ' [-f [file | - ] | -s string ] [-o file] '.green
           o.separator ''
-          o.separator '   # Encrypt/Decrypt to STDOUT or an output file '.dark
-          o.separator '   sym -e '.green.bold + key_spec + ' [-f <file> | -s <string>] [-o <file>] '.green
-          o.separator '   sym -d '.green.bold + key_spec + ' [-f <file> | -s <string>] [-o <file>] '.green
+          o.separator '   # Auto-detect mode based on a special file extension '.dark + '".enc"'.dark.bold
+          o.separator '   sym -n/--negate  '.green.bold + key_spec + ' file[.enc] '.green
           o.separator ' '
           o.separator '   # Edit an encrypted file in $EDITOR '.dark
-          o.separator '   sym -t '.green.bold + key_spec + '  -f <file> [ -b ]'.green.bold
+          o.separator '   sym -t/--edit    '.green.bold + key_spec + ' -f file [ -b/--backup ]'.green.bold
 
           o.separator ' '
-          o.separator '   # Specify any common flags in the BASH variable:'.dark
-          o.separator '   export SYM_ARGS="'.green + '-x staging -C'.bold.green + '"'.green
+          o.separator '   # Save commonly used flags in a BASH variable. Below we save KeyChain '.dark
+          o.separator '   # "staging" as the default key source, and enable password caching.'.dark
+          o.separator '   export SYM_ARGS="'.green + '-ck staging'.bold.green + '"'.green
           o.separator ' '
-          o.separator '   # And now encrypt without having to specify key location:'.dark
-          o.separator '   sym -e '.green.bold '-f <file>'.green.bold
+          o.separator '   # And now encrypt using default key location '.dark + Sym.default_key_file.magenta.bold
+          o.separator '   sym -e '.green.bold '-f file'.green.bold
           o.separator '   # May need to disable SYM_ARGS with -M, eg for help:'.dark
           o.separator '   sym -h -M '.green.bold
 
@@ -38,36 +50,36 @@ module Sym
           o.separator 'Create a new private key:'.yellow
           o.bool      '-g', '--generate',           '           generate a new private key'
           o.bool      '-p', '--password',           '           encrypt the key with a password'
+          if Sym::App.is_osx?
+            o.string '-x', '--keychain',            '[key-name] '.blue + 'write the key to OS-X Keychain'
+          end
 
           o.separator ' '
           o.separator 'Read existing private key from:'.yellow
-          o.string    '-k', '--private-key',        '[key]     '.blue + ' private key (or key file)'
-          o.string    '-K', '--keyfile',            '[key-file]'.blue + ' private key from a file'
-          if Sym::App.is_osx?
-            o.string '-x', '--keychain',            '[key-name] '.blue + 'add to (or read from) the OS-X Keychain'
-          end
+          o.string    '-k', '--key',                '[key-spec]'.blue + ' private key, key file, or keychain'
           o.bool      '-i', '--interactive',        '           Paste or type the key interactively'
 
           o.separator ' '
           o.separator 'Password Cache:'.yellow
-          o.bool      '-C', '--cache-password',     '           enable the cache (off by default)'
-          o.integer   '-T', '--cache-for',          '[seconds]'.blue + '  to cache the password for'
-          o.string    '-P', '--cache-provider',     '[provider]'.blue + ' type of cache, one of: ' + "\n\t\t\t\t    " +
-            "[ #{Sym::App::Password::Providers.registry.keys.map(&:to_s).join(', ').blue.bold} ]"
+          o.bool      '-c', '--cache-passwords',     '           enable password cache'
+          o.integer   '-u', '--cache-timeout',       '[seconds]'.blue + '  expire passwords after'
+          o.string    '-r', '--cache-provider',      '[provider]'.blue + ' cache provider, one of ' + "#{Sym::App::Password::Providers.provider_list}"
 
           o.separator ' '
           o.separator 'Data to Encrypt/Decrypt:'.yellow
           o.string    '-s', '--string',             '[string]'.blue + '   specify a string to encrypt/decrypt'
           o.string    '-f', '--file',               '[file]  '.blue + '   filename to read from'
           o.string    '-o', '--output',             '[file]  '.blue + '   filename to write to'
+          o.string    '-n', '--negate',             '[file]  '.blue + "   encrypts any regular #{'file'.green} into #{'file.enc'.green}" + "\n" +
+                                     "                                    conversely decrypts #{'file.enc'.green} into #{'file'.green}."
 
           o.separator ' '
           o.separator 'Flags:'.yellow
           o.bool      '-b', '--backup',             '           create a backup file in the edit mode'
           o.bool      '-v', '--verbose',            '           show additional information'
-          o.bool      '-A', '--trace',              '           print a backtrace of any errors'
-          o.bool      '-D', '--debug',              '           print debugging information'
           o.bool      '-q', '--quiet',              '           do not print to STDOUT'
+          o.bool      '-T', '--trace',              '           print a backtrace of any errors'
+          o.bool      '-D', '--debug',              '           print debugging information'
           o.bool      '-V', '--version',            '           print library version'
           o.bool      '-N', '--no-color',           '           disable color output'
           o.bool      '-M', '--no-environment',     '           disable reading flags from SYM_ARGS'

data/lib/sym/app/commands/base_command.rb

@@ -1,6 +1,6 @@
 require 'sym'
 require 'sym/app'
-
+require 'forwardable'
 require 'active_support/inflector'
 
 module Sym
@@ -47,30 +47,21 @@ module Sym
         end
 
         include Sym
+        extend Forwardable
 
         attr_accessor :application
+        def_delegators :@application, :opts, :opts_original, :key
 
         def initialize(application)
           self.application = application
         end
 
-        def opts
-          application.opts
-        end
-        def opts_hash
-          application.opts_hash
-        end
-
-        def key
-          @key ||= application.key
-        end
-
         def execute
           raise Sym::Errors::AbstractMethodCalled.new(:run)
         end
 
         def content
-          @content ||= (opts[:string] || (opts[:file].eql?('-') ? STDIN.read : File.read(opts[:file])))
+          @content ||= (opts[:string] || (opts[:file].eql?('-') ? STDIN.read : File.read(opts[:file]).chomp))
         end
 
         def to_s
@@ -89,12 +80,14 @@ module Sym
           end
         end
 
-        def encrypt_password_if_needed(key)
-          if opts[:password]
-            encr_password(key, application.input_handler.new_password)
-          else
-            key
-          end
+        def encrypt_with_password(key)
+          password = application.input_handler.new_password
+          return encr_password(key, password), password
+        end
+
+
+        def add_password_to_the_cache(encrypted_key, password)
+          self.application.password_cache[encrypted_key] = password
         end
       end
     end

data/lib/sym/app/commands/bash_completion.rb

@@ -11,7 +11,7 @@ module Sym
           install_completion_file
           file = opts[:bash_completion]
           if File.exist?(file)
-            if File.read(file).include?(Sym::BASH_COMPLETION[:script])
+            if File.read(file).include?(script)
               "#{'Hmmm'.bold.yellow}: #{file.bold.yellow} had completion for #{'sym'.bold.red} already installed\n"
             else
               append_completion_script(file)
@@ -23,15 +23,31 @@ module Sym
           end
         end
 
+        private
+
         def install_completion_file
-          FileUtils.cp(Sym::BASH_COMPLETION[:file], Sym::COMPLETION_PATH)
+          FileUtils.cp(source_file, path)
         end
 
         def append_completion_script(file)
           File.open(file, 'a') do |fd|
-            fd.write(Sym::BASH_COMPLETION[:script])
+            fd.write(script)
           end
         end
+
+
+        def script
+          Sym::Constants::Completion::Config[:script]
+        end
+
+        def source_file
+          Sym::Constants::Completion::Config[:file]
+        end
+
+        def path
+          Sym::Constants::Completion::PATH
+        end
+
       end
     end
   end

data/lib/sym/app/commands/decrypt.rb

@@ -5,7 +5,7 @@ module Sym
       class Decrypt < BaseCommand
         include Sym
 
-        required_options [ :private_key, :keyfile, :keychain, :interactive ],
+        required_options [ :key, :interactive ],
                          [ :decrypt ],
                          [ :file, :string ]
 

data/lib/sym/app/commands/encrypt.rb

@@ -5,7 +5,7 @@ module Sym
       class Encrypt < BaseCommand
         include Sym
 
-        required_options [ :private_key, :keyfile, :keychain, :interactive ],
+        required_options [ :key, :interactive ],
                          [ :encrypt ],
                          [ :file, :string ]
 

data/lib/sym/app/commands/generate_key.rb

@@ -13,15 +13,19 @@ module Sym
           retries ||= 0
 
           the_key = create_key
-          the_key = encrypt_password_if_needed(the_key)
-          add_to_keychain_if_needed(the_key)
 
+          if opts[:password]
+            encrypted_key, password = encrypt_with_password(the_key)
+            add_password_to_the_cache(encrypted_key, password)
+            the_key = encrypted_key
+          end
+
+          add_to_keychain_if_needed(the_key)
           the_key
         rescue Sym::Errors::PasswordsDontMatch, Sym::Errors::PasswordTooShort => e
           STDERR.puts e.message.bold
           retry if (retries += 1) < 3
         end
-
       end
     end
   end

data/lib/sym/app/commands/keychain_add_key.rb

@@ -1,17 +1,22 @@
 require 'sym/app/commands/base_command'
 require 'sym/app/keychain'
+require 'sym/errors'
 module Sym
   module App
     module Commands
       class KeychainAddKey < BaseCommand
 
-        required_options [:private_key, :keyfile, :interactive],
+        required_options [:key, :interactive],
                          :keychain
-
+        incompatible_options %i(examples help version bash_completion)
         try_after :generate_key, :encrypt, :decrypt, :password_protect_key
 
         def execute
+          if Sym.default_key? && Sym.default_key == self.key
+            raise 'Refusing to import key specified in the default key file ' + Sym.default_key_file.italic
+          end
           add_to_keychain_if_needed(self.key)
+          self.key unless opts[:quiet]
         end
       end
     end