File: qute-lastpass

package info (click to toggle)
qutebrowser 3.6.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 21,432 kB
  • sloc: python: 72,411; javascript: 31,862; sh: 874; xml: 149; makefile: 52
file content (189 lines) | stat: -rwxr-xr-x 6,984 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
#!/usr/bin/env python3

# SPDX-FileCopyrightText: Chris Braun (cryzed) <cryzed@googlemail.com>
#
# SPDX-License-Identifier: GPL-3.0-or-later

"""
Insert login information using lastpass CLI and a dmenu-compatible application (e.g. dmenu, rofi -dmenu, ...).
A short demonstration can be seen here: https://i.imgur.com/zA61NrF.gifv.
"""

USAGE = """The domain of the site has to be in the name of the LastPass entry, for example: "github.com/cryzed" or
"websites/github.com".  The login information is inserted by emulating key events using qutebrowser's fake-key command in this manner:
[USERNAME]<Tab>[PASSWORD], which is compatible with almost all login forms.

You must log into LastPass CLI using `lpass login <email>` prior to use of this script. The LastPass CLI agent only holds your master password for an hour by default. If you wish to change this, please see `man lpass`.

To use in qutebrowser, run: `spawn --userscript qute-lastpass`
"""

EPILOG = """Dependencies: tldextract (Python 3 module), LastPass CLI (1.3 or newer)

WARNING: The login details are viewable as plaintext in qutebrowser's debug log (qute://log) and might be shared if
you decide to submit a crash report!"""

import argparse
import enum
import functools
import json
import os
import re
import shlex
import subprocess
import sys

import tldextract

argument_parser = argparse.ArgumentParser(
    description=__doc__, usage=USAGE, epilog=EPILOG)
argument_parser.add_argument('url', nargs='?', default=os.getenv('QUTE_URL'))
argument_parser.add_argument('--dmenu-invocation', '-d', default='rofi -dmenu',
                             help='Invocation used to execute a dmenu-provider')
argument_parser.add_argument('--no-insert-mode', '-n', dest='insert_mode', action='store_false',
                             help="Don't automatically enter insert mode")
argument_parser.add_argument('--io-encoding', '-i', default='UTF-8',
                             help='Encoding used to communicate with subprocesses')
argument_parser.add_argument('--merge-candidates', '-m', action='store_true',
                             help='Merge pass candidates for fully-qualified and registered domain name')
argument_parser.add_argument('--no-tld-download', action='store_true',
                             help="Don't download TLD list")
group = argument_parser.add_mutually_exclusive_group()
group.add_argument('--username-only', '-e',
                   action='store_true', help='Only insert username')
group.add_argument('--password-only', '-w',
                   action='store_true', help='Only insert password')

stderr = functools.partial(print, file=sys.stderr)

class ExitCodes(enum.IntEnum):
    SUCCESS = 0
    FAILURE = 1
    # 1 is automatically used if Python throws an exception
    NO_PASS_CANDIDATES = 2
    COULD_NOT_MATCH_USERNAME = 3
    COULD_NOT_MATCH_PASSWORD = 4

def qute_command(command):
    with open(os.environ['QUTE_FIFO'], 'w') as fifo:
        fifo.write(command + '\n')
        fifo.flush()

def pass_(domain, encoding):
    domain = re.escape(domain)
    args = ['lpass', 'show', '-x', '-j', '-G', '\\b{:s}'.format(domain)]
    process = subprocess.run(args, capture_output=True)

    candidates = json.loads(process.stdout.decode(encoding).strip() or '[]')
    err = process.stderr.decode(encoding).strip()
    if 'could not find specified account' in err.lower():
        return candidates, ''

    return candidates, err


def dmenu(items, invocation, encoding):
    command = shlex.split(invocation)
    process = subprocess.run(command, input='\n'.join(
        items).encode(encoding), stdout=subprocess.PIPE)
    return process.stdout.decode(encoding).strip()


def fake_key_raw(text):
    # Escape all characters by default, space, '<' and '>' requires special handling
    special_escapes = {
        ' ': '" "',
        '<': '<less>',
        '>': '<greater>',
    }
    sequence = ''.join([special_escapes.get(c, '\\{}'.format(c)) for c in text])
    qute_command(f'fake-key {sequence}')


def main(arguments):
    if not arguments.url:
        argument_parser.print_help()
        return ExitCodes.FAILURE

    if arguments.no_tld_download:
        extract = tldextract.TLDExtract(suffix_list_urls=None)
    else:
        extract = tldextract.extract

    extract_result = extract(arguments.url)

    # Try to find candidates using targets in the following order: fully-qualified domain name (includes subdomains),
    # the registered domain name and finally: the IPv4 address if that's what
    # the URL represents
    candidates = []
    seen_id = set()
    for target in filter(
        None,
        [
            extract_result.fqdn,
            (
                extract_result.top_domain_under_public_suffix
                if hasattr(extract_result, "top_domain_under_public_suffix")
                else extract_result.registered_domain
            ),
            extract_result.subdomain + extract_result.domain,
            extract_result.domain,
            extract_result.ipv4,
        ],
    ):
        target_candidates, err = pass_(target, arguments.io_encoding)
        if err:
            stderr("LastPass CLI returned for {:s} - {:s}".format(target, err))
            return ExitCodes.FAILURE

        if not target_candidates:
            continue

        for candidate in target_candidates:
            if candidate["id"] not in seen_id:
                seen_id.add(candidate["id"])
                candidates.append(candidate)
        if not arguments.merge_candidates:
            break
    else:
        if not candidates:
            stderr('No pass candidates for URL {!r} found!'.format(
                arguments.url))
            return ExitCodes.NO_PASS_CANDIDATES

    if len(candidates) == 1:
        selection = candidates.pop()
    else:
        choices = ["{:s} | {:s} | {:s} | {:s}".format(c["id"], c["name"], c["url"], c["username"]) for c in candidates]
        choice = dmenu(choices, arguments.dmenu_invocation, arguments.io_encoding)
        choiceId = choice.split("|")[0].strip()
        selection = next((c for (i, c) in enumerate(candidates) if c["id"] == choiceId), None)

    # Nothing was selected, simply return
    if not selection:
        return ExitCodes.SUCCESS

    username = selection["username"]
    password = selection["password"]

    if arguments.username_only:
        fake_key_raw(username)
    elif arguments.password_only:
        fake_key_raw(password)
    else:
        # Enter username and password using fake-key and <Tab> (which seems to work almost universally), then switch
        # back into insert-mode, so the form can be directly submitted by
        # hitting enter afterwards
        fake_key_raw(username)
        qute_command('fake-key <Tab>')
        fake_key_raw(password)

    if arguments.insert_mode:
        qute_command('mode-enter insert')

    return ExitCodes.SUCCESS


if __name__ == '__main__':
    arguments = argument_parser.parse_args()
    sys.exit(main(arguments))