rougail-user-data-bitwarden/src/rougail/user_data_bitwarden/data.py

"""
Silique (https://www.silique.fr)
Copyright (C) 2025

distribued with GPL-2 or later license

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
"""

from subprocess import run
from json import loads
from os import environ
from shutil import which


from rougail.error import ExtentionError
from .i18n import _


class RougailUserDataBitwarden:
    force_apply_user_data = True

    def __init__(
        self,
        config: "Config",
        *,
        rougailconfig: "RougailConfig" = None,
    ):
        # this is the tiramisu config object
        self.config = config
        if rougailconfig is None:
            from rougail.config import RougailConfig

            rougailconfig = RougailConfig
            user_data = rougailconfig["step.user_data"]
            if "bitwarden" not in user_data:
                user_data.append("bitwarden")
                rougailconfig["step.user_data"] = user_data
        user_data = rougailconfig["step.user_data"]
        self.rougailconfig = rougailconfig
        if "bitwarden" not in user_data:
            raise ExtentionError(_('"bitwarden" is not set in step.user_data'))
        self.errors = []
        self.warnings = []
        self.leader_informations = {}
        self.bitwarden_command_line = self.get_command(rougailconfig)

    def get_command(self, rougailconfig):
        if "ROUGAIL_BITWARDEN_MOCK_ENABLE" in environ:
            return None
        one_is_find = False
        force_command = rougailconfig["bitwarden.command"]
        if force_command:
            commands = [force_command]
        else:
            commands = ["rbw", "bw"]
        for command in commands:
            status = self.test_command(command)
            if status is False:
                one_is_find = True
            elif status:
                return command
        if not force_command:
            command_string = _('"rbw" or "bw"')
        else:
            command_string = _('"{0}"').format(force_command)
        if one_is_find:
            raise ExtentionError(
                _("please unlock Bitwarden password database with {0}").format(
                    command_string
                )
            )
        raise ExtentionError(
            _("cannot find Bitwarden command {0} please install it").format(
                command_string
            )
        )

    def test_command(self, command):
        if not which(command):
            return None
        if command == "rbw":
            cmd = ["rbw", "unlocked"]
        else:
            cmd = ["bw", "status"]
        try:
            cpe = run(cmd, capture_output=True)
        except Exception as exc:
            return False
        if cpe.returncode != 0:
            return False
        if command == "rbw":
            return True
        try:
            data = loads(cpe.stdout.decode("utf8"))
            if data["status"] == "unlocked":
                return True
        except:
            pass
        return False

    def run(self):
        self.set_passwords(self.config.forcepermissive)
        return {
            "errors": self.errors,
            "warnings": self.warnings,
        }

    def run_commandline(self, cmd) -> str:
        cpe = run(cmd, capture_output=True)
        err = cpe.stderr.decode("utf8")
        if cpe.returncode != 0 or err:
            raise Exception("{0} ({1})".format(err, cpe.returncode))
        return cpe.stdout.decode("utf8")

    def get_key_from_commandline(
        self, key_bitwarden: str, allow_multiple: bool
    ) -> list[str]:
        if self.bitwarden_command_line == "rbw":
            keys = []
            items = self.run_commandline(["rbw", "search", key_bitwarden]).strip()
            if items:
                items = items.split("\n")
            else:
                items = []
            for item in items:
                # if item.count('@') != 1:
                #    continue
                if "@" in item:
                    keys.append(item.split("@", 1)[-1])
                else:
                    keys.append(item.rsplit("/", 1)[-1])
            if not allow_multiple:
                if not items:
                    return []
                if len(items) > 1:
                    return [{"name": key} for key in keys]
                keys = [key_bitwarden]
            datas = []
            for key in keys:
                data = loads(
                    self.run_commandline(
                        ["rbw", "get", key, "--raw", "--ignorecase"]
                    ).strip()
                )
                datas.append({"name": key, "login": data["data"]})
            return datas
        return loads(
            self.run_commandline(
                ["bw", "list", "items", "--search", key_bitwarden, "--nointeraction"]
            )
        )

    def set_passwords(self, optiondescription):
        for option in optiondescription:
            if option.isoptiondescription():
                self.set_passwords(option)
            elif option.information.get("bitwarden", False):
                path = option.path()
                if not option.owner.isdefault():
                    if option.isfollower():
                        self.errors.append(
                            _(
                                'the value for "{0}" at index {1} is already set while it should be filled in by Bitwarden'
                            ).format(path, option.index())
                        )
                    else:
                        self.errors.append(
                            _(
                                'the value for "{0}" is already set while it should be filled in by Bitwarden'
                            ).format(path)
                        )
                    continue
                type_ = option.information.get("type")
                if option.isleader():
                    leader_values = []
                    self.leader_informations[path] = []
                    values = option.value.get()
                    for val in values:
                        names, values = self.get_values(
                            path, type_, val, allow_multiple=True
                        )
                        if isinstance(values, list):
                            leader_values.extend(values)
                            self.leader_informations[path].extend(names)
                        else:
                            leader_values.append(values)
                            self.leader_informations[path].append(names)
                    option.value.set(leader_values)
                else:
                    if option.isfollower():
                        leader_path = optiondescription.leader().path()
                        if leader_path in self.leader_informations:
                            key_bitwarden = self.leader_informations[leader_path][
                                option.index()
                            ]
                        else:
                            key_bitwarden = option.value.get()
                    else:
                        key_bitwarden = option.value.get()
                    option.value.set(self.get_values(path, type_, key_bitwarden)[1])
                option.permissive.add("novalidator")

    def get_values(self, path, type_, key_bitwarden, *, allow_multiple=False):
        if not isinstance(key_bitwarden, str):
            self.errors.append(
                _('the default value for "{0}" must be the Bitwarden item name').format(
                    path
                )
            )
            return None, None
        if "ROUGAIL_BITWARDEN_MOCK_ENABLE" in environ:
            if type_ == "secret":
                value = "Ex4mpL3_P4ssw0rD"
            else:
                value = "example_login"
            if allow_multiple:
                return [key_bitwarden], [value]
            return key_bitwarden, value
        try:
            data = self.get_key_from_commandline(key_bitwarden, allow_multiple)
        except Exception as exc:
            self.errors.append(
                _(
                    'cannot execute the "{0}" commandline from Bitwarden for "{1}": {2}'
                ).format(self.bitwarden_command_line, path, exc)
            )
            return None, None
        if not data:
            self.errors.append(
                _('item "{0}" in Bitwarden is not found for "{1}"').format(
                    key_bitwarden, path
                )
            )
            return None, None
        if len(data) != 1:
            names = [d["name"] for d in data]
            if allow_multiple:
                ret = []
                return names, [
                    self.get_value(key_bitwarden, path, type_, d) for d in data
                ]
            self.errors.append(
                _(
                    'several items found with name "{0}" in Bitwarden for "{1}": "{2}"'
                ).format(key_bitwarden, path, '", "'.join(names))
            )
            return None, None
        return data[0]["name"], self.get_value(key_bitwarden, path, type_, data[0])

    def get_value(self, key_bitwarden: str, path: str, type_: str, data: dict) -> str:
        try:
            if type_ == "secret":
                value = data["login"]["password"]
            else:
                value = data["login"]["username"]
        except Exception as exc:
            self.errors.append(
                _('unexpected datas "{0}" from Bitwarden for "{1}": {2}').format(
                    key_bitwarden, path, exc
                )
            )
            value = None
        else:
            if value is None:
                if type_ == "secret":
                    bw_type = _("password")
                else:
                    bw_type = _("username")
                self.errors.append(
                    _('item "{0}" in Bitwarden has no {1} for "{2}"').format(
                        key_bitwarden, bw_type, path
                    )
                )
        return value
feat: first version 2025-02-05 11:30:51 +01:00			`"""`
			`Silique (https://www.silique.fr)`
			`Copyright (C) 2025`

			`distribued with GPL-2 or later license`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`
			`"""`

			`from subprocess import run`
			`from json import loads`
fix: many improvment 2025-02-12 15:36:48 +01:00			`from os import environ`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`from shutil import which`
feat: first version 2025-02-05 11:30:51 +01:00

			`from rougail.error import ExtentionError`
			`from .i18n import _`


			`class RougailUserDataBitwarden:`
			`force_apply_user_data = True`

fix: black 2025-05-11 19:11:17 +02:00			`def __init__(`
			`self,`
			`config: "Config",`
			`*,`
			`rougailconfig: "RougailConfig" = None,`
			`):`
feat: first version 2025-02-05 11:30:51 +01:00			`# this is the tiramisu config object`
			`self.config = config`
			`if rougailconfig is None:`
			`from rougail.config import RougailConfig`
fix: black 2025-05-11 19:11:17 +02:00
feat: first version 2025-02-05 11:30:51 +01:00			`rougailconfig = RougailConfig`
fix: black 2025-05-11 19:11:17 +02:00			`user_data = rougailconfig["step.user_data"]`
			`if "bitwarden" not in user_data:`
			`user_data.append("bitwarden")`
			`rougailconfig["step.user_data"] = user_data`
			`user_data = rougailconfig["step.user_data"]`
feat: first version 2025-02-05 11:30:51 +01:00			`self.rougailconfig = rougailconfig`
fix: black 2025-05-11 19:11:17 +02:00			`if "bitwarden" not in user_data:`
feat: first version 2025-02-05 11:30:51 +01:00			`raise ExtentionError(_('"bitwarden" is not set in step.user_data'))`
			`self.errors = []`
			`self.warnings = []`
fix: many improvment 2025-02-12 15:36:48 +01:00			`self.leader_informations = {}`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`self.bitwarden_command_line = self.get_command(rougailconfig)`

			`def get_command(self, rougailconfig):`
fix: black 2025-05-11 19:11:17 +02:00			`if "ROUGAIL_BITWARDEN_MOCK_ENABLE" in environ:`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`return None`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`one_is_find = False`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`force_command = rougailconfig["bitwarden.command"]`
			`if force_command:`
			`commands = [force_command]`
			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`commands = ["rbw", "bw"]`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`for command in commands:`
			`status = self.test_command(command)`
			`if status is False:`
fix: if mock is active, do not search rbw or bw 2025-02-19 08:59:13 +01:00			`one_is_find = True`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`elif status:`
			`return command`
			`if not force_command:`
			`command_string = _('"rbw" or "bw"')`
			`else:`
			`command_string = _('"{0}"').format(force_command)`
			`if one_is_find:`
fix: black 2025-05-11 19:11:17 +02:00			`raise ExtentionError(`
			`_("please unlock Bitwarden password database with {0}").format(`
			`command_string`
			`)`
			`)`
			`raise ExtentionError(`
			`_("cannot find Bitwarden command {0} please install it").format(`
			`command_string`
			`)`
			`)`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00
			`def test_command(self, command):`
			`if not which(command):`
			`return None`
fix: black 2025-05-11 19:11:17 +02:00			`if command == "rbw":`
			`cmd = ["rbw", "unlocked"]`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`cmd = ["bw", "status"]`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`try:`
			`cpe = run(cmd, capture_output=True)`
			`except Exception as exc:`
			`return False`
			`if cpe.returncode != 0:`
			`return False`
fix: black 2025-05-11 19:11:17 +02:00			`if command == "rbw":`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`return True`
			`try:`
fix: black 2025-05-11 19:11:17 +02:00			`data = loads(cpe.stdout.decode("utf8"))`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`if data["status"] == "unlocked":`
			`return True`
			`except:`
			`pass`
			`return False`
feat: first version 2025-02-05 11:30:51 +01:00
			`def run(self):`
fix: support hidden attribut 2025-02-17 15:25:59 +01:00			`self.set_passwords(self.config.forcepermissive)`
fix: black 2025-05-11 19:11:17 +02:00			`return {`
			`"errors": self.errors,`
			`"warnings": self.warnings,`
			`}`
feat: first version 2025-02-05 11:30:51 +01:00
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`def run_commandline(self, cmd) -> str:`
			`cpe = run(cmd, capture_output=True)`
fix: black 2025-05-11 19:11:17 +02:00			`err = cpe.stderr.decode("utf8")`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`if cpe.returncode != 0 or err:`
fix: black 2025-05-11 19:11:17 +02:00			`raise Exception("{0} ({1})".format(err, cpe.returncode))`
			`return cpe.stdout.decode("utf8")`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00
fix: black 2025-05-11 19:11:17 +02:00			`def get_key_from_commandline(`
			`self, key_bitwarden: str, allow_multiple: bool`
			`) -> list[str]:`
			`if self.bitwarden_command_line == "rbw":`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`keys = []`
			`items = self.run_commandline(["rbw", "search", key_bitwarden]).strip()`
			`if items:`
fix: black 2025-05-11 19:11:17 +02:00			`items = items.split("\n")`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`else:`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`items = []`
			`for item in items:`
fix: black 2025-05-11 19:11:17 +02:00			`# if item.count('@') != 1:`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`# continue`
fix: support item without username 2025-03-19 15:31:52 +01:00			`if "@" in item:`
fix: black 2025-05-11 19:11:17 +02:00			`keys.append(item.split("@", 1)[-1])`
fix: support item without username 2025-03-19 15:31:52 +01:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`keys.append(item.rsplit("/", 1)[-1])`
feat: same behavour between bw et rbw 2025-03-01 18:04:38 +01:00			`if not allow_multiple:`
			`if not items:`
			`return []`
			`if len(items) > 1:`
fix: black 2025-05-11 19:11:17 +02:00			`return [{"name": key} for key in keys]`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`keys = [key_bitwarden]`
			`datas = []`
			`for key in keys:`
fix: black 2025-05-11 19:11:17 +02:00			`data = loads(`
			`self.run_commandline(`
			`["rbw", "get", key, "--raw", "--ignorecase"]`
			`).strip()`
			`)`
			`datas.append({"name": key, "login": data["data"]})`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`return datas`
fix: black 2025-05-11 19:11:17 +02:00			`return loads(`
			`self.run_commandline(`
			`["bw", "list", "items", "--search", key_bitwarden, "--nointeraction"]`
			`)`
			`)`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00
feat: first version 2025-02-05 11:30:51 +01:00			`def set_passwords(self, optiondescription):`
			`for option in optiondescription:`
			`if option.isoptiondescription():`
			`self.set_passwords(option)`
fix: black 2025-05-11 19:11:17 +02:00			`elif option.information.get("bitwarden", False):`
fix: many improvment 2025-02-12 15:36:48 +01:00			`path = option.path()`
			`if not option.owner.isdefault():`
			`if option.isfollower():`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_(`
			`'the value for "{0}" at index {1} is already set while it should be filled in by Bitwarden'`
			`).format(path, option.index())`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_(`
			`'the value for "{0}" is already set while it should be filled in by Bitwarden'`
			`).format(path)`
			`)`
feat: first version 2025-02-05 11:30:51 +01:00			`continue`
fix: black 2025-05-11 19:11:17 +02:00			`type_ = option.information.get("type")`
fix: many improvment 2025-02-12 15:36:48 +01:00			`if option.isleader():`
			`leader_values = []`
			`self.leader_informations[path] = []`
fix: bitwarden key could be an invalid username/secret 2025-02-13 22:09:15 +01:00			`values = option.value.get()`
			`for val in values:`
fix: black 2025-05-11 19:11:17 +02:00			`names, values = self.get_values(`
			`path, type_, val, allow_multiple=True`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`if isinstance(values, list):`
			`leader_values.extend(values)`
			`self.leader_informations[path].extend(names)`
			`else:`
			`leader_values.append(values)`
			`self.leader_informations[path].append(names)`
			`option.value.set(leader_values)`
			`else:`
			`if option.isfollower():`
fix: black 2025-05-11 19:11:17 +02:00			`leader_path = optiondescription.leader().path()`
fix: many improvment 2025-02-12 15:36:48 +01:00			`if leader_path in self.leader_informations:`
fix: black 2025-05-11 19:11:17 +02:00			`key_bitwarden = self.leader_informations[leader_path][`
			`option.index()`
			`]`
fix: many improvment 2025-02-12 15:36:48 +01:00			`else:`
			`key_bitwarden = option.value.get()`
			`else:`
			`key_bitwarden = option.value.get()`
			`option.value.set(self.get_values(path, type_, key_bitwarden)[1])`
fix: black 2025-05-11 19:11:17 +02:00			`option.permissive.add("novalidator")`
fix: many improvment 2025-02-12 15:36:48 +01:00
			`def get_values(self, path, type_, key_bitwarden, *, allow_multiple=False):`
			`if not isinstance(key_bitwarden, str):`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_('the default value for "{0}" must be the Bitwarden item name').format(`
			`path`
			`)`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`return None, None`
fix: black 2025-05-11 19:11:17 +02:00			`if "ROUGAIL_BITWARDEN_MOCK_ENABLE" in environ:`
			`if type_ == "secret":`
			`value = "Ex4mpL3_P4ssw0rD"`
fix: with ROUGAIL_BITWARDEN_MOCK_ENABLE variable, unix_user and password are different 2025-04-04 08:27:05 +02:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`value = "example_login"`
fix: MOCK 2025-02-19 09:27:47 +01:00			`if allow_multiple:`
fix: with ROUGAIL_BITWARDEN_MOCK_ENABLE variable, unix_user and password are different 2025-04-04 08:27:05 +02:00			`return [key_bitwarden], [value]`
			`return key_bitwarden, value`
fix: many improvment 2025-02-12 15:36:48 +01:00			`try:`
feat: support rbw and bw command line 2025-02-17 09:34:26 +01:00			`data = self.get_key_from_commandline(key_bitwarden, allow_multiple)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`except Exception as exc:`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_(`
			`'cannot execute the "{0}" commandline from Bitwarden for "{1}": {2}'`
			`).format(self.bitwarden_command_line, path, exc)`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`return None, None`
			`if not data:`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_('item "{0}" in Bitwarden is not found for "{1}"').format(`
			`key_bitwarden, path`
			`)`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`return None, None`
			`if len(data) != 1:`
			`names = [d["name"] for d in data]`
			`if allow_multiple:`
			`ret = []`
fix: black 2025-05-11 19:11:17 +02:00			`return names, [`
			`self.get_value(key_bitwarden, path, type_, d) for d in data`
			`]`
			`self.errors.append(`
			`_(`
			`'several items found with name "{0}" in Bitwarden for "{1}": "{2}"'`
			`).format(key_bitwarden, path, '", "'.join(names))`
			`)`
fix: many improvment 2025-02-12 15:36:48 +01:00			`return None, None`
fix: black 2025-05-11 19:11:17 +02:00			`return data[0]["name"], self.get_value(key_bitwarden, path, type_, data[0])`
fix: many improvment 2025-02-12 15:36:48 +01:00
			`def get_value(self, key_bitwarden: str, path: str, type_: str, data: dict) -> str:`
			`try:`
fix: black 2025-05-11 19:11:17 +02:00			`if type_ == "secret":`
			`value = data["login"]["password"]`
fix: better error message 2025-04-09 14:20:56 +02:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`value = data["login"]["username"]`
fix: many improvment 2025-02-12 15:36:48 +01:00			`except Exception as exc:`
fix: black 2025-05-11 19:11:17 +02:00			`self.errors.append(`
			`_('unexpected datas "{0}" from Bitwarden for "{1}": {2}').format(`
			`key_bitwarden, path, exc`
			`)`
			`)`
fix: better error message 2025-04-09 14:20:56 +02:00			`value = None`
			`else:`
			`if value is None:`
fix: black 2025-05-11 19:11:17 +02:00			`if type_ == "secret":`
			`bw_type = _("password")`
fix: better error message 2025-04-09 14:20:56 +02:00			`else:`
fix: black 2025-05-11 19:11:17 +02:00			`bw_type = _("username")`
			`self.errors.append(`
			`_('item "{0}" in Bitwarden has no {1} for "{2}"').format(`
			`key_bitwarden, bw_type, path`
			`)`
			`)`
fix: better error message 2025-04-09 14:20:56 +02:00			`return value`