sym 2.3.0 → 2.4.3

data/lib/sym/app/commands/open_editor.rb

@@ -10,7 +10,7 @@ module Sym
       class OpenEditor < BaseCommand
         include Sym
 
-        required_options [ :private_key, :keyfile, :keychain, :interactive ],
+        required_options [ :key, :interactive ],
                            :edit,
                            :file
 

data/lib/sym/app/commands/password_protect_key.rb

@@ -5,16 +5,21 @@ module Sym
     module Commands
       class PasswordProtectKey < BaseCommand
 
-        required_options [:private_key, :keyfile, :keychain, :interactive],
-                         :password
-
+        required_options %i(key interactive), :password
+        incompatible_options %i(examples help version bash_completion)
         try_after :generate_key, :encrypt, :decrypt
 
         def execute
           retries ||= 0
 
           the_key = self.key
-          the_key = encrypt_password_if_needed(the_key)
+
+          if opts[:password]
+             encrypted_key, password = encrypt_with_password(the_key)
+             add_password_to_the_cache(encrypted_key, password)
+             the_key = encrypted_key
+           end
+
           add_to_keychain_if_needed(the_key)
 
           the_key

data/lib/sym/app/commands/print_key.rb

@@ -4,9 +4,9 @@ module Sym
   module App
     module Commands
       class PrintKey < BaseCommand
-        required_options [ :keychain, :keyfile ]
-
-        try_after :generate_key, :encrypt, :decrypt, :password_protect_key, :keychain_add_key
+        required_options %i(keychain key)
+        incompatible_options %i(examples help version bash_completion)
+        try_after :show_examples, :generate_key, :encrypt, :decrypt, :password_protect_key, :keychain_add_key
 
         def execute
           self.key

data/lib/sym/app/commands/show_examples.rb

@@ -5,7 +5,7 @@ module Sym
     module Commands
       class ShowExamples < BaseCommand
         required_options :examples
-        try_after :show_help
+        try_after :show_version
 
         def execute
           output = []
@@ -15,28 +15,36 @@ module Sym
                             echo:    'echo $mykey',
                             result:  '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='.green)
 
-          output << example(comment: 'generate a new password-protected key & save to a file',
-                            command: 'sym -gp -o ~/.key',
+          output << example(comment: 'generate a new key with a cached password & save to the default key file',
+                            command: 'sym -gcpqo ' + Sym.default_key_file,
                             echo:    'New Password     : ' + '••••••••••'.green,
                             result:  'Confirm Password : ' + '••••••••••'.green)
 
-          output << example(comment: 'encrypt a plain text string with a key, and save the output to a file',
-                            command: 'sym -e -s ' + '"secret string"'.bold.yellow + ' -k $mykey -o file.enc',
-                            echo:    'cat file.enc',
-                            result:  'Y09MNDUyczU1S0UvelgrLzV0RTYxZz09CkBDMEw4Q0R0TmpnTm9md1QwNUNy%T013PT0K'.green)
+          output << example(comment: 'encrypt a plain text string with default key file, and immediately decrypt it',
+                            command: 'sym -es ' + '"secret string"'.bold.yellow + ' | sym -d',
+                            result:  'secret string'.green)
+
+          output << example(comment: 'encrypt secrets file using key in the environment, and --negate option:',
+                            command: 'export PRIVATE_KEY="75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4="',
+                            echo:    'sym -ck PRIVATE_KEY -n secrets.yml',
+                            result:  ''.green)
 
-          output << example(comment: 'decrypt a previously encrypted string:',
-                            command: 'sym -d -s $(cat file.enc) -k $mykey',
+          output << example(comment: 'encrypt a secrets file using the key in the keychain:',
+                            command: 'sym -gqx keychain.key',
+                            echo:    'sym -ck keychain.key -n secrets.yml',
                             result:  'secret string'.green)
 
-          output << example(comment: 'encrypt sym.yml and save it to sym.enc:',
-                            command: 'sym -e -f sym.yml -o sym.enc -k $mykey')
+          output << example(comment: 'encrypt/decrypt sym.yml using the default key file',
+                            command: 'sym -gcq > ' + Sym.default_key_file,
+                            echo:    'sym -n secrets.yml',
+                            result:  'sym -df secrets.yml.enc',
+          )
 
           output << example(comment: 'decrypt an encrypted file and print it to STDOUT:',
-                            command: 'sym -df sym.enc -k $mykey')
+                            command: 'sym -ck production.key -df secrets.yml.enc')
 
-          output << example(comment: 'edit an encrypted file in $EDITOR, ask for key, create file backup',
-                            command: 'sym -tibf ecrets.enc',
+          output << example(comment: 'edit an encrypted file in $EDITOR, use default key file, create file backup',
+                            command: 'sym -tbf secrets.enc',
                             result:  '
 Private Key: ••••••••••••••••••••••••••••••••••••••••••••
 Saved encrypted content to sym.enc.
@@ -50,13 +58,13 @@ Diff:
 
           if Sym::App.is_osx?
           output << example(comment: 'generate a new password-encrypted key, save it to your Keychain:',
-                            command: 'sym -gpx mykey -o ~/.key')
+                            command: 'sym -gpcx staging.key')
 
           output << example(comment: 'use the new key to encrypt a file:',
-                            command: 'sym -x mykey -e -f password.txt -o passwords.enc')
+                            command: 'sym -e -c -k staging.key -n etc/passwords.enc')
 
           output << example(comment: 'use the new key to inline-edit the encrypted file:',
-                            command: 'sym -x mykey -t -f sym.yml')
+                            command: 'sym -k mykey -tf sym.yml.enc')
           end
 
           output.flatten.compact.join("\n")

data/lib/sym/app/commands/show_help.rb

@@ -4,10 +4,10 @@ module Sym
     module Commands
       class ShowHelp < BaseCommand
 
-        required_options :help, ->(opts) { opts.to_hash.keys.all? { |k| !opts[k] } }
+        required_options :help, ->(opts) { opts.keys.all? { |k| !opts[k] } }
 
         def execute
-          opts.to_s(prefix: ' ' * 2)
+          opts_original.to_s(prefix: ' ' * 2)
         end
       end
     end

data/lib/sym/app/keychain.rb

@@ -13,6 +13,10 @@ module Sym
       class << self
         attr_accessor :user, :kind, :sub_section
 
+        def get(value)
+          self.new(value).find
+        end
+
         def configure
           yield self
         end
@@ -35,6 +39,7 @@ module Sym
         self.key_name = key_name
         self.opts     = opts
         self.class.validate!
+        stderr_off
       end
 
       def add(password)

data/lib/sym/app/output/base.rb

@@ -4,14 +4,10 @@ module Sym
     module Output
       class Base
 
-        attr_accessor :cli
+        attr_accessor :opts
 
-        def initialize(cli)
-          self.cli = cli
-        end
-
-        def opts
-          cli.opts
+        def initialize(opts)
+          self.opts = opts
         end
 
         @outputs = []

data/lib/sym/app/output/file.rb

@@ -6,7 +6,6 @@ module Sym
 
         required_option :output
 
-
         def output_proc
           ->(data) {
             ::File.open(opts[:output], 'w') { |f| f.write(data) }

data/lib/sym/app/output/noop.rb

@@ -1,4 +1,5 @@
-require_relative 'base'
+require 'sym/app/output/base'
+
 module Sym
   module App
     module Output

data/lib/sym/app/password/providers.rb

@@ -26,6 +26,10 @@ module Sym
             provider_from_argument(p, **opts, &block) || detect
           end
 
+          def provider_list
+            registry.keys.map(&:to_s).join(', ')
+          end
+
           private
 
           def short_name(klass)

data/lib/sym/app/password/providers/memcached_provider.rb

@@ -11,7 +11,7 @@ module Sym
 
           def initialize(**opts)
             # disable logging
-            Dalli.logger = Sym::NIL_LOGGER
+            Dalli.logger = Sym::Constants::Log::NIL
             self.dalli = ::Dalli::Client.new(
               * Sym::Configuration.config.password_cache_arguments[:memcached][:args],
               ** Sym::Configuration.config.password_cache_arguments[:memcached][:opts].merge!(opts)

data/lib/sym/app/private_key/base64_decoder.rb

@@ -1,3 +1,4 @@
+require 'base64'
 module Sym
   module App
     module PrivateKey

data/lib/sym/app/private_key/decryptor.rb

@@ -1,5 +1,6 @@
 require 'sym/app/private_key/decryptor'
 require 'sym/app/password/cache'
+require 'sym/errors'
 module Sym
   module App
     module PrivateKey

data/lib/sym/app/private_key/detector.rb

@@ -1,42 +1,61 @@
+require 'sym/app/private_key/base64_decoder'
+require 'sym/app/private_key/decryptor'
+require 'sym/app/private_key/key_source_check'
+require 'sym/app/input/handler'
+
 module Sym
   module App
     module PrivateKey
-      class Detector < Struct.new(:opts, :input_handler) # :nodoc:s
-        @mapping = Hash.new
-        class << self
-          attr_reader :mapping
+      class Detector < Struct.new(:opts, :input_handler, :password_cache)
+        attr_accessor :key, :key_source
 
-          def register(argument, proc)
-            self.mapping[argument] = proc
-          end
+        def initialize(*args)
+          super(*args)
+          read
+        end
+
+        def read
+          return key if key
+          self.key, self.key_source = read!
         end
 
-        def key
-          self.class.mapping.each_pair do |options_key, key_proc|
-            return key_proc.call(opts[options_key], self) if opts[options_key]
+        # Returns the first valid 32-bit key obtained by running the above
+        # procs on a given string.
+        def read!
+          KeySourceCheck::CHECKS.each do |source_check|
+            if result = source_check.detect(self) rescue nil
+              if key_ = normalize_key(result.key)
+                key_source_ = result.to_s
+                return key_, key_source_
+              end
+            end
           end
           nil
         end
-      end
-
-      Detector.register :private_key,
-                        ->(key, *) { key }
 
-      Detector.register :interactive,
-                        ->(*, detector) { detector.input_handler.prompt('Please paste your private key: ', :magenta) }
+        private
 
-      Detector.register :keychain,
-                        ->(key_name, * ) { KeyChain.new(key_name).find rescue nil }
+        def normalize_key(key)
+          return nil if key.nil?
+          if key && key.length > 45
+            key = Decryptor.new(Base64Decoder.new(key).key, input_handler, password_cache).key
+          end
+          validate(key)
+        end
 
-      Detector.register :keyfile,
-                        ->(file, *) {
-        begin
-          ::File.read(file)
-        rescue Errno::ENOENT
-          raise Sym::Errors::FileNotFound.new("Encryption key file #{file} was not found.")
-          nil
+        def validate(key)
+          if key
+            begin
+              decoded = Base64Decoder.new(key).key
+              decoded.length == 32 ? key : nil
+            rescue
+              nil
+            end
+          else
+            nil
+          end
         end
-      }
+      end
     end
   end
 end

data/lib/sym/app/private_key/handler.rb

@@ -1,42 +1,37 @@
-require_relative 'detector'
-require_relative 'base64_decoder'
-require_relative 'decryptor'
-require_relative '../input/handler'
+require 'sym/app/private_key/base64_decoder'
+require 'sym/app/private_key/decryptor'
+require 'sym/app/private_key/detector'
+require 'sym/app/input/handler'
+require 'sym/app/args'
+require 'sym/errors'
 module Sym
   module App
     module PrivateKey
       # This class figures out what is the private key that is
       # provided to be used.
-      class Handler
+      class Handler < Struct.new(:opts, :input_handler, :password_cache)
         include Sym
+        attr_accessor :key, :key_source
 
-        attr_accessor :opts, :input_handler, :password_cache
-        attr_writer :key
-
-        def initialize(opts, input_handler, password_cache)
-          self.opts           = opts
-          self.input_handler  = input_handler
-          self.password_cache = password_cache
+        def initialize(*args)
+          super(*args)
+          self.key, self.key_source = detect_key
         end
 
+        private
 
-        # @return [String] key Private key detected
-        def key
-          return @key if @key
-
-          @key = begin
-            Detector.new(opts, input_handler).key
+        def detect_key
+          begin
+            reader = Detector.new(opts, input_handler, password_cache)
+            key = reader.key
+            key_source = reader.key_source
           rescue Sym::Errors::Error => e
-            if Sym::App::Args.new(opts).specify_key? && key.nil?
+            if Sym::App::Args.new(opts.to_h).specify_key? && key.nil?
               raise e
             end
           end
-
-          if @key && @key.length > 45
-            @key = Decryptor.new(Base64Decoder.new(key).key, input_handler, password_cache).key
-          end
-
-          @key
+          key = Decryptor.new(Base64Decoder.new(key).key, input_handler, password_cache).key if key && key.length > 45
+          return key ? [key, key_source] : [nil, nil]
         end
       end
     end

data/lib/sym/app/private_key/key_source_check.rb

@@ -0,0 +1,89 @@
+require 'sym/app/private_key/base64_decoder'
+require 'sym/app/private_key/decryptor'
+require 'sym/app/input/handler'
+require 'base64'
+
+module Sym
+  module App
+    module PrivateKey
+      class KeySourceResult < Struct.new(:name, :reducted, :input, :key)
+        def to_s
+          "#{name}://#{reducted ? '[reducted]' : input}"
+        end
+      end
+
+      class KeySourceCheck
+        attr_accessor :name, :reducted, :input, :output
+
+        def initialize(name:,
+                       reducted: false,
+                       input: ->(detector) { detector.opts[:key] },
+                       output:)
+
+          self.name     = name
+          self.reducted = reducted
+          self.input    = input
+          self.output   = output
+        end
+
+        def detect(detector)
+          input_value = input.call(detector)
+          return nil unless input_value
+          KeySourceResult.new(name,
+                              reducted,
+                              input_value,
+                              output.call(detector, input_value))
+        end
+
+        CHECKS = [
+          # Order of registration is important for auto-detect feature;
+          # First proc is tried before the last; first one to succeed wins.
+          KeySourceCheck.new(
+            name:     :interactive,
+            reducted: true,
+            input:    ->(detector) { detector.opts[:interactive] },
+            output:   ->(detector, *) { detector.input_handler.prompt('Please paste your private key: ', :magenta) }
+          ),
+
+          KeySourceCheck.new(
+            name:   :file,
+            output: ->(*, value) { ::File.read(value).chomp if value && File.exist?(value) }
+          ),
+
+          KeySourceCheck.new(
+            name:   :keychain,
+            output: ->(*, value) { KeyChain.get(value) if value }
+          ),
+
+          KeySourceCheck.new(
+            name:     :string,
+            reducted: true,
+            output:   ->(*, value) do
+              decoded = begin
+                Base64Decoder.new(value).key
+              rescue
+                nil
+              end
+              value if decoded
+            end
+          ),
+
+          KeySourceCheck.new(
+            name:   :env,
+            output: ->(*, value) { ENV[value] if value =~ /^[a-zA-Z0-9_]+$/ }
+          ),
+
+          KeySourceCheck.new(
+            name:   :default_file,
+            input:  ->(*) { Sym.default_key_file if Sym.default_key? },
+            output: ->(detector, *) {
+              key_provided_by = %i(key interactive) &
+                                detector.opts.to_hash.keys.select { |k| detector.opts[k] }
+              Sym.default_key if key_provided_by.empty?
+            }
+          )
+        ]
+      end
+    end
+  end
+end