dotfiles

Obligatory dotfiles repo
git clone git://git.danielmoch.com/dotfiles.git
Log | Files | Refs
commit dffada75675d4a3217153d70a748fa075af85970
parent 024810b39c7647263e8758eb65d40076920cdea9
Author: Daniel Moch <daniel@danielmoch.com>
Date:   Mon,  7 Jan 2019 17:48:00 -0500

Add qute-pass userscript

Diffstat:

A.local/share/qutebrowser/userscripts/qute-pass | 215+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 215 insertions(+), 0 deletions(-)

diff --git a/.local/share/qutebrowser/userscripts/qute-pass b/.local/share/qutebrowser/userscripts/qute-pass
@@ -0,0 +1,215 @@
+#!/usr/bin/env python3
+
+# Copyright 2017 Chris Braun (cryzed) <cryzed@googlemail.com>
+#
+# Modified by Daniel Moch to allow URL in file name in addition to path
+#
+# This file is part of qutebrowser.
+#
+# qutebrowser is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# qutebrowser is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with qutebrowser.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Insert login information using pass and a dmenu-compatible application (e.g. dmenu, rofi -dmenu, ...). A short
+demonstration can be seen here: https://i.imgur.com/KN3XuZP.gif.
+"""
+
+USAGE = """The domain of the site has to appear as a segment in the pass path, for example: "github.com/cryzed" or
+"websites/github.com". How the username and password are determined is freely configurable using the CLI arguments. The
+login information is inserted by emulating key events using qutebrowser's fake-key command in this manner:
+[USERNAME]<Tab>[PASSWORD], which is compatible with almost all login forms.
+
+Suggested bindings similar to Uzbl's `formfiller` script:
+
+    config.bind('<z><l>', 'spawn --userscript qute-pass')
+    config.bind('<z><u><l>', 'spawn --userscript qute-pass --username-only')
+    config.bind('<z><p><l>', 'spawn --userscript qute-pass --password-only')
+    config.bind('<z><o><l>', 'spawn --userscript qute-pass --otp-only')
+"""
+
+EPILOG = """Dependencies: tldextract (Python 3 module), pass, pass-otp (optional).
+For issues and feedback please use: https://github.com/cryzed/qutebrowser-userscripts.
+
+WARNING: The login details are viewable as plaintext in qutebrowser's debug log (qute://log) and might be shared if
+you decide to submit a crash report!"""
+
+import argparse
+import enum
+import fnmatch
+import functools
+import os
+import re
+import shlex
+import subprocess
+import sys
+
+import tldextract
+
+argument_parser = argparse.ArgumentParser(description=__doc__, usage=USAGE, epilog=EPILOG)
+argument_parser.add_argument('url', nargs='?', default=os.getenv('QUTE_URL'))
+argument_parser.add_argument('--password-store', '-p', default=os.path.expanduser('~/.password-store'),
+                             help='Path to your pass password-store')
+argument_parser.add_argument('--username-pattern', '-u', default=r'.*/(.+)',
+                             help='Regular expression that matches the username')
+argument_parser.add_argument('--username-target', '-U', choices=['path', 'secret'], default='path',
+                             help='The target for the username regular expression')
+argument_parser.add_argument('--password-pattern', '-P', default=r'(.*)',
+                             help='Regular expression that matches the password')
+argument_parser.add_argument('--dmenu-invocation', '-d', default='rofi -dmenu',
+                             help='Invocation used to execute a dmenu-provider')
+argument_parser.add_argument('--no-insert-mode', '-n', dest='insert_mode', action='store_false',
+                             help="Don't automatically enter insert mode")
+argument_parser.add_argument('--io-encoding', '-i', default='UTF-8',
+                             help='Encoding used to communicate with subprocesses')
+argument_parser.add_argument('--merge-candidates', '-m', action='store_true',
+                             help='Merge pass candidates for fully-qualified and registered domain name')
+group = argument_parser.add_mutually_exclusive_group()
+group.add_argument('--username-only', '-e', action='store_true', help='Only insert username')
+group.add_argument('--password-only', '-w', action='store_true', help='Only insert password')
+group.add_argument('--otp-only', '-o', action='store_true', help='Only insert OTP code')
+
+stderr = functools.partial(print, file=sys.stderr)
+
+
+class ExitCodes(enum.IntEnum):
+    SUCCESS = 0
+    FAILURE = 1
+    # 1 is automatically used if Python throws an exception
+    NO_PASS_CANDIDATES = 2
+    COULD_NOT_MATCH_USERNAME = 3
+    COULD_NOT_MATCH_PASSWORD = 4
+
+
+def qute_command(command):
+    with open(os.environ['QUTE_FIFO'], 'w') as fifo:
+        fifo.write(command + '\n')
+        fifo.flush()
+
+
+def find_pass_candidates(domain, password_store_path):
+    domain_file = f'{domain}.gpg'
+    candidates = []
+    for path, directories, file_names in os.walk(password_store_path, followlinks=True):
+        pass_path = path[len(password_store_path) + 1:]
+        if domain in path:
+            candidates.extend(
+                    os.path.join(pass_path, os.path.splitext(file_name)[0]) \
+                            for file_name in file_names
+                    )
+        else:
+            candidates.extend(
+                    os.path.join(pass_path, os.path.splitext(file_name)[0]) \
+                            for file_name in file_names if \
+                            domain in file_name
+                    )
+    return candidates
+
+
+def _run_pass(command, encoding):
+    process = subprocess.run(command, stdout=subprocess.PIPE)
+    return process.stdout.decode(encoding).strip()
+
+
+def pass_(path, encoding):
+    return _run_pass(['pass', path], encoding)
+
+
+def pass_otp(path, encoding):
+    return _run_pass(['pass', 'otp', path], encoding)
+
+
+def dmenu(items, invocation, encoding):
+    command = shlex.split(invocation)
+    process = subprocess.run(command, input='\n'.join(items).encode(encoding), stdout=subprocess.PIPE)
+    return process.stdout.decode(encoding).strip()
+
+
+def fake_key_raw(text):
+    for character in text:
+        # Escape all characters by default, space requires special handling
+        sequence = '" "' if character == ' ' else '\{}'.format(character)
+        qute_command('fake-key {}'.format(sequence))
+
+
+def main(arguments):
+    if not arguments.url:
+        argument_parser.print_help()
+        return ExitCodes.FAILURE
+
+    extract_result = tldextract.extract(arguments.url)
+
+    # Expand potential ~ in paths, since this script won't be called from a shell that does it for us
+    password_store_path = os.path.expanduser(arguments.password_store)
+
+    # Try to find candidates using targets in the following order: fully-qualified domain name (includes subdomains),
+    # the registered domain name and finally: the IPv4 address if that's what the URL represents
+    candidates = set()
+    for target in filter(None, [extract_result.fqdn, extract_result.registered_domain, extract_result.ipv4]):
+        target_candidates = find_pass_candidates(target, password_store_path)
+        if not target_candidates:
+            continue
+
+        candidates.update(target_candidates)
+        if not arguments.merge_candidates:
+            break
+    else:
+        if not candidates:
+            stderr('No pass candidates for URL {!r} found!'.format(arguments.url))
+            return ExitCodes.NO_PASS_CANDIDATES
+
+    selection = candidates.pop() if len(candidates) == 1 else dmenu(sorted(candidates), arguments.dmenu_invocation,
+                                                                    arguments.io_encoding)
+    # Nothing was selected, simply return
+    if not selection:
+        return ExitCodes.SUCCESS
+
+    secret = pass_(selection, arguments.io_encoding)
+
+    # Match username
+    target = selection if arguments.username_target == 'path' else secret
+    match = re.search(arguments.username_pattern, target, re.MULTILINE)
+    if not match:
+        stderr('Failed to match username pattern on {}!'.format(arguments.username_target))
+        return ExitCodes.COULD_NOT_MATCH_USERNAME
+    username = match.group(1)
+
+    # Match password
+    match = re.match(arguments.password_pattern, secret, re.MULTILINE)
+    if not match:
+        stderr('Failed to match password pattern on secret!')
+        return ExitCodes.COULD_NOT_MATCH_PASSWORD
+    password = match.group(1)
+
+    if arguments.username_only:
+        fake_key_raw(username)
+    elif arguments.password_only:
+        fake_key_raw(password)
+    elif arguments.otp_only:
+        otp = pass_otp(selection, arguments.io_encoding)
+        fake_key_raw(otp)
+    else:
+        # Enter username and password using fake-key and <Tab> (which seems to work almost universally), then switch
+        # back into insert-mode, so the form can be directly submitted by hitting enter afterwards
+        fake_key_raw(username)
+        qute_command('fake-key <Tab>')
+        fake_key_raw(password)
+
+    if arguments.insert_mode:
+        qute_command('enter-mode insert')
+
+    return ExitCodes.SUCCESS
+
+
+if __name__ == '__main__':
+    arguments = argument_parser.parse_args()
+    sys.exit(main(arguments))