-
Notifications
You must be signed in to change notification settings - Fork 57
/
Copy pathbwmenu
executable file
·544 lines (463 loc) · 13.1 KB
/
bwmenu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
#!/usr/bin/env bash
# Rofi extension for BitWarden-cli
NAME="$(basename "$0")"
VERSION="0.5"
DEFAULT_CLEAR=5
BW_HASH=
# Options
CLEAR=$DEFAULT_CLEAR # Clear password after N seconds (0 to disable)
SHOW_PASSWORD=no # Show part of the password in the notification
AUTO_LOCK=900 # 15 minutes, default for bitwarden apps
# Holds the available items in memory
ITEMS=
CACHE_FILE=/tmp/bwmenu/logins.gpg
# Stores which command will be used to emulate keyboard type
AUTOTYPE_MODE=
# Stores the argument need by xdotool to clear the modifiers (shift, control, alt, ...) first
CLEAR_MODIFIERS=
# Stores which command will be used to deal with clipboards
CLIPBOARD_MODE=
# Specify what happens when pressing Enter on an item.
# Defaults to copy_password, can be changed to (auto_type all) or (auto_type password)
ENTER_CMD=copy_password
# Keyboard shortcuts
: ${KB_SYNC="Alt+r"}
: ${KB_URLSEARCH="Alt+u"}
: ${KB_NAMESEARCH="Alt+n"}
: ${KB_FOLDERSELECT="Alt+c"}
: ${KB_TOTPCOPY="Alt+t"}
: ${KB_LOCK="Alt+L"}
: ${KB_TYPEALL="Alt+1"}
: ${KB_TYPEUSER="Alt+2"}
: ${KB_TYPEPASS="Alt+3"}
: ${KB_TYPETOTP="Alt+4"}
# Item type classification
TYPE_LOGIN=1
TYPE_NOTE=2
TYPE_CARD=3
TYPE_IDENTITY=4
# Populated in parse_cli_arguments
ROFI_OPTIONS=()
DEDUP_MARK="(+)"
# Source helper functions
DIR="$(dirname "$(readlink -f "$0")")"
source "$DIR/lib-bwmenu"
ask_password() {
rm $CACHE_FILE
mpw=$(printf '' | rofi -dmenu -p "Master Password" -password -l 0 ${ROFI_OPTIONS[@]}) || exit $?
if ! out="$(bw --raw --nointeraction unlock "$mpw" 2>&1)"; then
exit_error 1 "Could not unlock vault: $out"
fi
echo "$out"
}
get_session_key() {
if [ $AUTO_LOCK -eq 0 ]; then
keyctl purge user bw_session &>/dev/null
BW_HASH=$(ask_password)
else
if ! key_id=$(keyctl request user bw_session 2>/dev/null); then
session=$(ask_password) || exit $?
key_id=$(echo "$session" | keyctl padd user bw_session @u)
fi
if [ $AUTO_LOCK -gt 0 ]; then
keyctl timeout "$key_id" $AUTO_LOCK
fi
BW_HASH=$(keyctl pipe "$key_id")
fi
}
# Load encrypted passwords from cache if exists
load_cache() {
if [ -f "$CACHE_FILE" ]; then
ITEMS=$(gpg --quiet -d --batch --passphrase $BW_HASH --cipher-algo AES256 $CACHE_FILE)
else
load_items
fi
}
# source the hash file to gain access to the BitWarden CLI
# Pre fetch all the items
load_items() {
if ! ITEMS=$(bw --nointeraction list items --session "$BW_HASH" 2>/dev/null); then
keyctl purge user bw_session &>/dev/null
exit_error $? "Could not load items: $ITEMS"
fi
# create dir for cache and encrypt $ITEMS
mkdir -p $(dirname $CACHE_FILE)
echo "$ITEMS" | gpg -c --batch --passphrase $BW_HASH --cipher-algo AES256 -o $CACHE_FILE
}
exit_error() {
local code="$1"
local message="$2"
rofi -e "$message" ${ROFI_OPTIONS[@]}
exit "$code"
}
# Show the Rofi menu with options
# Reads items from stdin
rofi_menu() {
actions=(
-kb-custom-1 $KB_SYNC
-kb-custom-2 $KB_NAMESEARCH
-kb-custom-3 $KB_URLSEARCH
-kb-custom-4 $KB_FOLDERSELECT
-kb-custom-8 $KB_TOTPCOPY
-kb-custom-9 $KB_LOCK
)
msg="<b>$KB_SYNC</b>: sync | <b>$KB_URLSEARCH</b>: urls | <b>$KB_NAMESEARCH</b>: names | <b>$KB_FOLDERSELECT</b>: folders | <b>$KB_TOTPCOPY</b>: totp | <b>$KB_LOCK</b>: lock"
[[ ! -z "$AUTOTYPE_MODE" ]] && {
actions+=(
-kb-custom-5 $KB_TYPEALL
-kb-custom-6 $KB_TYPEUSER
-kb-custom-7 $KB_TYPEPASS
-kb-custom-10 $KB_TYPETOTP
)
msg+="
<b>$KB_TYPEALL</b>: Type all | <b>$KB_TYPEUSER</b>: Type user | <b>$KB_TYPEPASS</b>: Type pass | <b>$KB_TYPETOTP</b>: Type totp"
}
rofi -dmenu -p 'Name' \
-i -no-custom \
-mesg "$msg" \
"${actions[@]}" \
"${ROFI_OPTIONS[@]}"
}
# Show items in a rofi menu by name of the item
show_items() {
if item=$(
echo "$ITEMS" \
| jq -r ".[] | select( has( \"login\" ) ) | \"\\(.name)\"" \
| dedup_lines \
| rofi_menu
); then
item_array="$(array_from_name "$item")"
"${ENTER_CMD[@]}" "$item_array"
else
rofi_exit_code=$?
item_array="$(array_from_name "$item")"
on_rofi_exit "$rofi_exit_code" "$item_array"
fi
}
# Similar to show_items() but using the item's ID for deduplication
show_full_items() {
if item=$(
## Show id and name
echo "$ITEMS" \
| jq -r ".[] | select( has( \"login\" )) | \"name: \\(.name), username: \\(.login.username)\"" \
| rofi_menu
); then
username=$(echo -n $item | sed -r 's/.*username: (\w+)/\1/')
item_id=$(echo $ITEMS | jq -r ".[]|select(.login.username==\"$username\")|.id")
item_array="$(array_from_id "$item_id")"
"${ENTER_CMD[@]}" "$item_array"
else
rofi_exit_code=$?
username=$(echo -n $item | sed -r 's/.*username: (\w+)/\1/')
item_id=$(echo $ITEMS | jq -r ".[]|select(.login.username==\"$username\")|.id")
item_array="$(array_from_id "$item_id")"
on_rofi_exit "$rofi_exit_code" "$item_array"
fi
}
# Show items in a rofi menu by url of the item
# if url occurs in multiple items, show the menu again with those items only
show_urls() {
if url=$(
echo "$ITEMS" \
| jq -r '.[] | select(has("login")) | .login | select(has("uris")).uris | .[].uri' \
| rofi_menu
); then
item_array="$(bw list items --url "$url" --session "$BW_HASH")"
"${ENTER_CMD[@]}" "$item_array"
else
rofi_exit_code="$?"
item_array="$(bw list items --url "$url" --session "$BW_HASH")"
on_rofi_exit "$rofi_exit_code" "$item_array"
fi
}
show_folders() {
folders=$(bw list folders --session "$BW_HASH")
if folder=$(echo "$folders" | jq -r '.[] | .name' | rofi_menu); then
folder_id=$(echo "$folders" | jq -r ".[] | select(.name == $(jq_escape "$folder")).id")
ITEMS=$(bw list items --folderid "$folder_id" --session "$BW_HASH")
show_items
else
rofi_exit_code="$?"
folder_id=$(echo "$folders" | jq -r ".[] | select(.name == $(jq_escape "$folder")).id")
item_array=$(bw list items --folderid "$folder_id" --session "$BW_HASH")
on_rofi_exit "$rofi_exit_code" "$item_array"
fi
}
# re-sync the BitWarden items with the server
sync_bitwarden() {
if ! error="$(bw --nointeraction sync --session "$BW_HASH" 2>/dev/null)"; then
exit_error 1 "Failed to sync bitwarden: $error"
fi
rm $CACHE_FILE
load_items
show_items
}
# Evaluate the rofi exit codes
on_rofi_exit() {
case "$1" in
10) sync_bitwarden;;
11) load_items; show_items;;
12) show_urls;;
13) show_folders;;
17) copy_totp "$2";;
18) lock_vault;;
14) auto_type all "$2";;
15) auto_type username "$2";;
16) auto_type password "$2";;
19) auto_type totp "$2";;
*) exit "$1";;
esac
}
# Auto type using xdotool/ydotool
# $1: what to type; all, username, password
# $2: item array
auto_type() {
if not_unique "$2"; then
ITEMS="$2"
show_full_items
else
sleep 0.3
case "$1" in
all)
type_word "$(echo "$2" | jq -r '.[0].login.username')"
type_tab
type_word "$(echo "$2" | jq -r '.[0].login.password')"
;;
username)
type_word "$(echo "$2" | jq -r '.[0].login.username')"
;;
password)
type_word "$(echo "$2" | jq -r '.[0].login.password')"
;;
totp)
type_word "$(get_totp "$2")"
;;
esac
fi
}
# Set $AUTOTYPE_MODE to a command that will emulate keyboard input
select_autotype_command() {
if [[ -z "$AUTOTYPE_MODE" ]]; then
if [ "$XDG_SESSION_TYPE" = "wayland" ] && hash ydotool 2>/dev/null; then
AUTOTYPE_MODE=(sudo ydotool)
elif [ "$XDG_SESSION_TYPE" != "wayland" ] && hash xdotool 2>/dev/null; then
AUTOTYPE_MODE=xdotool
CLEAR_MODIFIERS="--clearmodifiers"
fi
fi
}
type_word() {
"${AUTOTYPE_MODE[@]}" type $CLEAR_MODIFIERS "$1"
}
type_tab() {
"${AUTOTYPE_MODE[@]}" key $CLEAR_MODIFIERS Tab
}
# Set $CLIPBOARD_MODE to a command that will put stdin into the clipboard.
select_copy_command() {
if [[ -z "$CLIPBOARD_MODE" ]]; then
if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
hash wl-copy 2>/dev/null && CLIPBOARD_MODE=wayland
elif hash xclip 2>/dev/null; then
CLIPBOARD_MODE=xclip
elif hash xsel 2>/dev/null; then
CLIPBOARD_MODE=xsel
fi
[ -z "$CLIPBOARD_MODE" ] && exit_error 1 "No clipboard command found. Please install either xclip, xsel, or wl-clipboard."
fi
}
clipboard-set() {
clipboard-${CLIPBOARD_MODE}-set
}
clipboard-get() {
clipboard-${CLIPBOARD_MODE}-get
}
clipboard-clear() {
clipboard-${CLIPBOARD_MODE}-clear
}
clipboard-xclip-set() {
xclip -selection clipboard -r
}
clipboard-xclip-get() {
xclip -selection clipboard -o
}
clipboard-xclip-clear() {
echo -n "" | xclip -selection clipboard -r
}
clipboard-xsel-set() {
xsel --clipboard --input
}
clipboard-xsel-get() {
xsel --clipboard
}
clipboard-xsel-clear() {
xsel --clipboard --delete
}
clipboard-wayland-set() {
wl-copy
}
clipboard-wayland-get() {
wl-paste
}
clipboard-wayland-clear() {
wl-copy --clear
}
# Copy the password
# copy to clipboard and give the user feedback that the password is copied
# $1: json array of items
copy_password() {
if not_unique "$1"; then
ITEMS="$1"
show_full_items
else
pass="$(echo "$1" | jq -r '.[0].login.password')"
show_copy_notification "$(echo "$1" | jq -r '.[0]')"
echo -n "$pass" | clipboard-set
if [[ $CLEAR -gt 0 ]]; then
sleep "$CLEAR"
if [[ "$(clipboard-get)" == "$pass" ]]; then
clipboard-clear
fi
fi
fi
}
# Get the TOTP
# $1: item array
get_totp() {
if not_unique "$1"; then
ITEMS="$item_array"
show_full_items
else
id=$(echo "$1" | jq -r ".[0].id")
if ! totp=$(bw --session "$BW_HASH" get totp "$id" 2>&1); then
exit_error 1 "$totp"
fi
echo -n "$totp"
fi
}
# Copy the TOTP
# $1: item array
copy_totp() {
if not_unique "$1"; then
ITEMS="$item_array"
show_full_items
else
get_totp "$1" | clipboard-set
notify-send "TOTP Copied"
fi
}
# Lock the vault by purging the key used to store the session hash
lock_vault() {
keyctl purge user bw_session &>/dev/null
}
# Show notification about the password being copied.
# $1: json item
show_copy_notification() {
local title
local body=""
local extra_options=()
title="<b>$(echo "$1" | jq -r '.name')</b> copied"
if [[ $SHOW_PASSWORD == "yes" ]]; then
pass=$(echo "$1" | jq -r '.login.password')
body="${pass:0:4}****"
fi
if [[ $CLEAR -gt 0 ]]; then
body="$body<br>Will be cleared in ${CLEAR} seconds."
# Keep notification visible while the clipboard contents are active.
extra_options+=("-t" "$((CLEAR * 1000))")
fi
# not sure if icon will be present everywhere, /usr/share/icons is default icon location
notify-send "$title" "$body" "${extra_options[@]}" -i /usr/share/icons/hicolor/64x64/apps/bitwarden.png
}
parse_cli_arguments() {
# Use GNU getopt to parse command line arguments
if ! ARGUMENTS=$(getopt -o c:C --long auto-lock:,clear:,no-clear,show-password,state-path:,help,version -- "$@"); then
exit_error 1 "Failed to parse command-line arguments"
fi
eval set -- "$ARGUMENTS"
while true; do
case "$1" in
--help )
cat <<-USAGE
$NAME $VERSION
Usage:
$NAME [options] -- [rofi options]
Options:
--help
Show this help text and exit.
--version
Show version information and exit.
--auto-lock <SECONDS>
Automatically lock the Vault <SECONDS> seconds after last unlock.
Use 0 to lock immediatly.
Use -1 to disable.
Default: 900 (15 minutes)
-c <SECONDS>, --clear <SECONDS>, --clear=<SECONDS>
Clear password from clipboard after this many seconds.
Defaults: ${DEFAULT_CLEAR} seconds.
-C, --no-clear
Don't automatically clear the password from the clipboard. This disables
the default --clear option.
--show-password
Show the first 4 characters of the copied password in the notification.
Quick Actions:
When hovering over an item in the rofi menu, you can make use of Quick Actions.
$KB_SYNC Resync your vault
$KB_URLSEARCH Search through urls
$KB_NAMESEARCH Search through names
$KB_FOLDERSELECT Search through folders
$KB_TOTPCOPY Copy the TOTP
$KB_TYPEALL Autotype the username and password [needs xdotool or ydotool]
$KB_TYPEUSER Autotype the username [needs xdotool or ydotool]
$KB_TYPEPASS Autotype the password [needs xdotool or ydotool]
$KB_TYPETOTP Autotype the TOTP [needs xdotool or ydotool]
$KB_LOCK Lock your vault
Examples:
# Default options work well
$NAME
# Immediatly lock the Vault after use
$NAME --auto-lock 0
# Never lock the Vault
$NAME --auto-lock -1
# Place rofi on top of screen, like a Quake console
$NAME -- -location 2
USAGE
shift
exit 0
;;
--version )
echo "$NAME $VERSION"
shift
exit 0
;;
--auto-lock )
AUTO_LOCK=$2
shift 2
;;
-c | --clear )
CLEAR="$2"
shift 2
;;
-C | --no-clear )
CLEAR=0
shift
;;
--show-password )
SHOW_PASSWORD=yes
shift
;;
-- )
shift
ROFI_OPTIONS=("$@")
break
;;
* )
exit_error 1 "Unknown option $1"
esac
done
}
parse_cli_arguments "$@"
get_session_key
select_autotype_command
select_copy_command
load_cache
show_items