Skip to content

Commit

Permalink
secret: fix non-biometric v2 usage
Browse files Browse the repository at this point in the history
  • Loading branch information
@balupton
balupton committed Jul 17, 2023
1 parent ec6bfc8 commit b64716b
Showing 1 changed file with 45 additions and 22 deletions.
67 changes: 45 additions & 22 deletions commands/secret
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,14 @@ function secret() (
fi
mkdir -p "$state"

# prepare
export OP_SESSION='' OP_SUBDOMAIN=''
# ensure env vars are available
export OP_SESSION OP_SUBDOMAIN
if test -z "${OP_SESSION-}"; then
OP_SESSION=''
fi
if test -z "${OP_SUBDOMAIN-}"; then
OP_SUBDOMAIN=''
fi

# conceal
local ask_password_arguments=()
Expand Down Expand Up @@ -332,7 +338,7 @@ function secret() (
if test "$quiet" != 'yes'; then
echo 'Unauthenticating...'
fi
if test -z "${OP_SESSION-}"; then
if test -z "$OP_SESSION"; then
if cache_exists "OP_SESSION"; then
OP_SESSION="$(cache_read OP_SESSION)"
if test "$op_version" -eq 2; then
Expand Down Expand Up @@ -366,13 +372,13 @@ function secret() (
if test "$quiet" != 'yes'; then
echo 'Authenticating...'
fi
if test -z "${OP_SESSION-}"; then
if test -z "$OP_SESSION"; then
OP_SESSION="$( (cache_exists OP_SESSION && cache_read OP_SESSION) || :)"
if test -z "$OP_SESSION"; then
# subdomain
if test -z "${OP_SUBDOMAIN-}"; then
if test -z "$OP_SUBDOMAIN"; then
OP_SUBDOMAIN="$( (cache_exists OP_SUBDOMAIN && cache_read OP_SUBDOMAIN) || :)"
if test -z "${OP_SUBDOMAIN-}"; then
if test -z "$OP_SUBDOMAIN"; then
OP_SUBDOMAIN="$(
ask --required "${ask_password_arguments[@]}" \
--question='What is your 1password subdomain?'
Expand Down Expand Up @@ -416,8 +422,25 @@ function secret() (
}

function opwrap {
local ec result
ec=0 && result="$(op "$@" 2>&1)" || ec="$?"
local cmd=() ec result
if test -z "$OP_SESSION" && cache_exists "OP_SESSION"; then
OP_SESSION="$(cache_read OP_SESSION)"
fi
if test "$op_version" -eq 2; then
cmd+=(
op
"$@"
--session
"$OP_SESSION"
)
else
cmd+=(
op
"$@"
--session="$OP_SESSION"
)
fi
ec=0 && result="$("${cmd[@]}" 2>&1)" || ec="$?"
if test "$ec" -ne 0 || [[ $result == '[ERROR]'* ]]; then
if [[ $result == *'signed in'* ]] || [[ $result == *'session expired'* ]]; then
echo-error "Session expired, run [secret login] and try again." $'\n' "$result" # $'\n' "$OP_SESSION"
Expand All @@ -437,17 +460,17 @@ function secret() (
# fetch available values
if test "$op_version" -eq 2; then
# https://developer.1password.com/docs/cli/reference/management-commands/vault#vault-list
ec=0 && opwrap vault list --format=json --session "$OP_SESSION" | jq -r '.[] | (.id, .name)' || ec="$?"
ec=0 && opwrap vault list --format=json | jq -r '.[] | (.id, .name)' || ec="$?"
else
ec=0 && opwrap list vaults --session="$OP_SESSION" | jq -r '.[] | (.uuid, .name)' || ec="$?"
ec=0 && opwrap list vaults | jq -r '.[] | (.uuid, .name)' || ec="$?"
fi
elif is-empty-value "$item"; then
# fetch available items
if test "$op_version" -eq 2; then
# https://developer.1password.com/docs/cli/reference/management-commands/item#item-list
ec=0 && opwrap item list --vault "$vault" --format json --session "$OP_SESSION" | jq -r '.[] | (.id, .title)' || ec="$?"
ec=0 && opwrap item list --vault "$vault" --format json | jq -r '.[] | (.id, .title)' || ec="$?"
else
ec=0 && opwrap list items --vault="$vault" --session="$OP_SESSION" | jq -r '.[] | (.uuid, .overview.title)' || ec="$?"
ec=0 && opwrap list items --vault="$vault" | jq -r '.[] | (.uuid, .overview.title)' || ec="$?"
fi
else
# fetch item
Expand All @@ -456,9 +479,9 @@ function secret() (
# https://stackoverflow.com/a/40321859
# newlines in notes will produces superflous tuples, so replace them four spaces
# cli v2 needs null checks too
ec=0 && opwrap item get "$item" --vault "$vault" --format json --session "$OP_SESSION" | jq -r '.fields[]? | select(.label != "" and .label != null and .value != "" and .value != null) | (.value, .label) | walk(if type == "string" then gsub("\\p{Cc}"; " ") else . end)' || ec="$?"
ec=0 && opwrap item get "$item" --vault "$vault" --format json | jq -r '.fields[]? | select(.label != "" and .label != null and .value != "" and .value != null) | (.value, .label) | walk(if type == "string" then gsub("\\p{Cc}"; " ") else . end)' || ec="$?"
else
ec=0 && data="$(opwrap get item "$item" --vault="$vault" --session="$OP_SESSION")" || ec="$?"
ec=0 && data="$(opwrap get item "$item" --vault="$vault")" || ec="$?"
if test "$ec" -eq 0; then
# section fields
local fields_via_section
Expand Down Expand Up @@ -562,9 +585,9 @@ function secret() (
# fetch
if test "$op_version" -eq 2; then
# [select(.primary = true)] returns multiple urls
ec=0 && website="$(opwrap item get "$item" --vault "$vault" --format json --session "$OP_SESSION" | jq -r '.urls[]? | .href' | echo-first)" || ec="$?"
ec=0 && website="$(opwrap item get "$item" --vault "$vault" --format json | jq -r '.urls[]? | .href' | echo-first)" || ec="$?"
else
ec=0 && website="$(opwrap get item "$item" --vault "$vault" --fields website --session="$OP_SESSION")" || ec="$?"
ec=0 && website="$(opwrap get item "$item" --vault "$vault" --fields website)" || ec="$?"
fi
if test "$ec" -ne 0; then
echo-style --error="[$item] [$website] failed to fetch"
Expand Down Expand Up @@ -594,9 +617,9 @@ function secret() (

# apply
if test "$op_version" -eq 2; then
ec=0 && opwrap item edit "$item" --vault "$vault" --url "$result" --format json --session "$OP_SESSION" >/dev/null || ec="$?"
ec=0 && opwrap item edit "$item" --vault "$vault" --url "$result" --format json >/dev/null || ec="$?"
else
ec=0 && opwrap edit item "$item" --vault "$vault" website="$result" --session="$OP_SESSION" || ec="$?"
ec=0 && opwrap edit item "$item" --vault "$vault" website="$result" || ec="$?"
fi
if test "$ec" -ne 0; then
echo-style --error="[$item] [$website] failed to save"
Expand All @@ -607,19 +630,19 @@ function secret() (
function secret_https {
local last="${1-}" ec vault item
if test "$op_version" -eq 2; then
ec=0 && vaults="$(opwrap vault list --format json --session "$OP_SESSION" | jq -r '.[].id' | sort)" || ec="$?"
ec=0 && vaults="$(opwrap vault list --format json | jq -r '.[].id' | sort)" || ec="$?"
else
ec=0 && vaults="$(opwrap list vaults --session="$OP_SESSION" | jq -r '.[].uuid' | sort)" || ec="$?"
ec=0 && vaults="$(opwrap list vaults | jq -r '.[].uuid' | sort)" || ec="$?"
fi
if test "$ec" -ne 0 -o -z "$vaults"; then
echo-error "Failed to fetch vaults..."
return 1
fi
for vault in $vaults; do
if test "$op_version" -eq 2; then
ec=0 && items="$(opwrap item list --categories Login --vault "$vault" --format json --session "$OP_SESSION" | jq -r '.[].id' | sort)" || ec="$?"
ec=0 && items="$(opwrap item list --categories Login --vault "$vault" --format json | jq -r '.[].id' | sort)" || ec="$?"
else
ec=0 && items="$(opwrap list items --categories Login --vault "$vault" --session="$OP_SESSION" | jq -r '.[].uuid' | sort)" || ec="$?"
ec=0 && items="$(opwrap list items --categories Login --vault "$vault" | jq -r '.[].uuid' | sort)" || ec="$?"
fi
if test "$ec" -ne 0 -o -z "$items"; then
echo-style --warning="Failed to fetch items for vault [$vault]"
Expand Down

0 comments on commit b64716b

Please sign in to comment.