2021-05-21 23:46:07 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
AUTO_LOCK=900 # 15min timeout by default
|
|
|
|
|
|
|
|
usage() {
|
|
|
|
printf '%s\n' "Usage: bw-pass [directory name] <account name>" >&2
|
|
|
|
}
|
|
|
|
|
|
|
|
prompt_pass() {
|
|
|
|
rofi -dmenu -password -no-fixed-num-lines -p "$1"
|
|
|
|
}
|
|
|
|
|
|
|
|
error_out() {
|
2021-07-31 20:17:37 +02:00
|
|
|
printf '%s\n' "$1" >&2
|
2021-05-21 23:46:07 +02:00
|
|
|
rofi -dmenu -no-fixed-num-lines -p "$1"
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
login() {
|
|
|
|
local PASSWORD
|
2021-07-03 21:42:45 +02:00
|
|
|
PASSWORD="$(prompt_pass "Bitwarden Password")" || error_out "Cannot prompt password"
|
2021-05-21 23:46:07 +02:00
|
|
|
export BW_SESSION
|
|
|
|
BW_SESSION="$(bw unlock "$PASSWORD" --raw)" || error_out "Cannot unlock"
|
|
|
|
}
|
|
|
|
|
|
|
|
ensure_logged_in() {
|
|
|
|
# Use the same keyring as bitwarden-rofi for this
|
|
|
|
|
|
|
|
local KEY_ID
|
|
|
|
keyctl link @u @s
|
|
|
|
if ! KEY_ID="$(keyctl request user bw_session 2>/dev/null)"; then
|
|
|
|
login
|
|
|
|
KEY_ID="$(keyctl add user bw_session "$BW_SESSION" @u)"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$AUTO_LOCK" -gt 0 ]; then
|
|
|
|
keyctl timeout "$KEY_ID" "$AUTO_LOCK"
|
|
|
|
fi
|
|
|
|
export BW_SESSION
|
|
|
|
BW_SESSION="$(keyctl pipe "$KEY_ID")"
|
|
|
|
keyctl unlink @u @s
|
|
|
|
}
|
|
|
|
|
|
|
|
query_password() {
|
|
|
|
# Either use with `query_password <directory> <account name>
|
|
|
|
# Or `query_password <account name>` when the account has no directory
|
|
|
|
|
|
|
|
local FOLDER_ID
|
|
|
|
local PASSWORD
|
|
|
|
|
|
|
|
if [ $# -eq 2 ]; then
|
|
|
|
FOLDER_ID="$(bw list folders |
|
|
|
|
jq '.[] | select(.name == "'"$1"'") | .id' |
|
|
|
|
cut -d'"' -f2)"
|
|
|
|
shift
|
|
|
|
else
|
|
|
|
FOLDER_ID=null
|
|
|
|
fi
|
|
|
|
PASSWORD="$(bw list items --folderid "$FOLDER_ID" |
|
|
|
|
jq '.[] | select(.name == "'"$1"'") | .login.password' |
|
|
|
|
cut -d'"' -f2)"
|
|
|
|
|
|
|
|
if [ -z "$PASSWORD" ]; then
|
|
|
|
error_out "Did not find password for '$1'"
|
|
|
|
fi
|
|
|
|
printf '%s\n' "$PASSWORD"
|
|
|
|
}
|
|
|
|
|
|
|
|
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
|
|
|
|
usage
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
ensure_logged_in
|
|
|
|
query_password "$@"
|