Skip to content

Commit 05edd7f

Browse files
crazy-maxcrazy-max
committed
pass: base64 encoded username with backward compatility
Signed-off-by: CrazyMax <[email protected]>
1 parent cd61327 commit 05edd7f

File tree

2 files changed

+99
-47
lines changed

2 files changed

+99
-47
lines changed

pass/pass.go

Lines changed: 13 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -86,14 +86,9 @@ func (p Pass) Add(creds *credentials.Credentials) error {
8686
return errors.New("missing credentials")
8787
}
8888

89-
encoded := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
90-
91-
username := creds.Username
92-
if strings.Contains(username, "/") {
93-
username = base64.URLEncoding.EncodeToString([]byte(creds.Username))
94-
}
95-
96-
_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encoded, username))
89+
encodedServerURL := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
90+
encodedUsername := base64.URLEncoding.EncodeToString([]byte(creds.Username))
91+
_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encodedServerURL, encodedUsername))
9792
return err
9893
}
9994

@@ -103,8 +98,8 @@ func (p Pass) Delete(serverURL string) error {
10398
return errors.New("missing server url")
10499
}
105100

106-
encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
107-
_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encoded))
101+
encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))
102+
_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encodedServerURL))
108103
return err
109104
}
110105

@@ -146,17 +141,16 @@ func (p Pass) Get(serverURL string) (string, string, error) {
146141
return "", "", errors.New("missing server url")
147142
}
148143

149-
encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
150-
151-
if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encoded)); err != nil {
144+
encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))
145+
if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encodedServerURL)); err != nil {
152146
if os.IsNotExist(err) {
153147
return "", "", credentials.NewErrCredentialsNotFound()
154148
}
155149

156150
return "", "", err
157151
}
158152

159-
usernames, err := listPassDir(encoded)
153+
usernames, err := listPassDir(encodedServerURL)
160154
if err != nil {
161155
return "", "", err
162156
}
@@ -167,11 +161,10 @@ func (p Pass) Get(serverURL string) (string, string, error) {
167161

168162
actual := strings.TrimSuffix(usernames[0].Name(), ".gpg")
169163
username := actual
170-
decodedUsername, err := base64.URLEncoding.DecodeString(actual)
171-
if err == nil {
164+
if decodedUsername, err := base64.URLEncoding.DecodeString(actual); err == nil {
172165
username = string(decodedUsername)
173166
}
174-
secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encoded, actual))
167+
secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encodedServerURL, actual))
175168
return username, secret, err
176169
}
177170

@@ -203,9 +196,9 @@ func (p Pass) List() (map[string]string, error) {
203196
return nil, fmt.Errorf("no usernames for %s", serverURL)
204197
}
205198

206-
resp[string(serverURL)] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
207-
decodedUsername, err := base64.URLEncoding.DecodeString(strings.TrimSuffix(usernames[0].Name(), ".gpg"))
208-
if err == nil {
199+
username := strings.TrimSuffix(usernames[0].Name(), ".gpg")
200+
resp[string(serverURL)] = username
201+
if decodedUsername, err := base64.URLEncoding.DecodeString(username); err == nil {
209202
resp[string(serverURL)] = string(decodedUsername)
210203
}
211204
}

pass/pass_test.go

Lines changed: 86 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
package pass
22

33
import (
4+
"encoding/base64"
5+
"path"
46
"strings"
57
"testing"
68

@@ -10,6 +12,82 @@ import (
1012
func TestPassHelper(t *testing.T) {
1113
helper := Pass{}
1214

15+
tests := []struct {
16+
name string
17+
creds *credentials.Credentials
18+
}{
19+
{
20+
name: "create nothing",
21+
creds: &credentials.Credentials{
22+
ServerURL: "https://foobar.docker.io:2376/v1",
23+
Username: "nothing",
24+
Secret: "isthebestmeshuggahalbum",
25+
},
26+
},
27+
{
28+
name: "create foo/bar",
29+
creds: &credentials.Credentials{
30+
ServerURL: "https://foobar.docker.io:2376/v1",
31+
Username: "foo/bar",
32+
Secret: "foobarbaz",
33+
},
34+
},
35+
}
36+
37+
_ = helper.CheckInitialized()
38+
39+
for _, tc := range tests {
40+
tc := tc
41+
t.Run(tc.name, func(t *testing.T) {
42+
helper.Add(tc.creds)
43+
tc.creds.ServerURL = "https://foobar.docker.io:9999/v2"
44+
helper.Add(tc.creds)
45+
46+
credsList, err := helper.List()
47+
if err != nil {
48+
t.Fatal(err)
49+
}
50+
51+
for server, username := range credsList {
52+
if !(strings.Contains(server, "2376") || strings.Contains(server, "9999")) {
53+
t.Fatalf("invalid url: %s", tc.creds.ServerURL)
54+
}
55+
if username != tc.creds.Username {
56+
t.Fatalf("invalid username: %v", username)
57+
}
58+
u, s, err := helper.Get(server)
59+
if err != nil {
60+
t.Fatal(err)
61+
}
62+
if u != username {
63+
t.Fatalf("invalid username %s", u)
64+
}
65+
if s != tc.creds.Secret {
66+
t.Fatalf("invalid secret: %s", s)
67+
}
68+
if err = helper.Delete(server); err != nil {
69+
t.Fatal(err)
70+
}
71+
if _, _, err = helper.Get(server); !credentials.IsErrCredentialsNotFound(err) {
72+
t.Fatalf("expected credentials not found, actual: %v", err)
73+
}
74+
}
75+
76+
credsList, err = helper.List()
77+
if err != nil {
78+
t.Fatal(err)
79+
}
80+
81+
if len(credsList) != 0 {
82+
t.Fatal("didn't delete all creds?")
83+
}
84+
})
85+
}
86+
}
87+
88+
func TestPassHelperBackwardCompat(t *testing.T) {
89+
helper := Pass{}
90+
1391
creds := &credentials.Credentials{
1492
ServerURL: "https://foobar.docker.io:2376/v1",
1593
Username: "nothing",
@@ -18,58 +96,39 @@ func TestPassHelper(t *testing.T) {
1896

1997
_ = helper.CheckInitialized()
2098

21-
helper.Add(creds)
22-
23-
creds.ServerURL = "https://foobar.docker.io:9999/v2"
24-
helper.Add(creds)
99+
// add a credential with the old format
100+
encodedServerURL := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
101+
_, _ = helper.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encodedServerURL, creds.Username))
25102

26103
credsList, err := helper.List()
27104
if err != nil {
28105
t.Fatal(err)
29106
}
30107

31108
for server, username := range credsList {
32-
if !(strings.Contains(server, "2376") ||
33-
strings.Contains(server, "9999")) {
109+
if !(strings.Contains(server, "2376")) {
34110
t.Fatalf("invalid url: %s", creds.ServerURL)
35111
}
36-
37-
if username != "nothing" {
112+
if username != creds.Username {
38113
t.Fatalf("invalid username: %v", username)
39114
}
40-
41115
u, s, err := helper.Get(server)
42116
if err != nil {
43117
t.Fatal(err)
44118
}
45-
46119
if u != username {
47120
t.Fatalf("invalid username %s", u)
48121
}
49-
50-
if s != "isthebestmeshuggahalbum" {
122+
if s != creds.Secret {
51123
t.Fatalf("invalid secret: %s", s)
52124
}
53-
54-
err = helper.Delete(server)
55-
if err != nil {
125+
if err = helper.Delete(server); err != nil {
56126
t.Fatal(err)
57127
}
58-
59-
_, _, err = helper.Get(server)
60-
if !credentials.IsErrCredentialsNotFound(err) {
128+
if _, _, err = helper.Get(server); !credentials.IsErrCredentialsNotFound(err) {
61129
t.Fatalf("expected credentials not found, actual: %v", err)
62130
}
63131
}
64-
65-
credsList, err = helper.List()
66-
if err != nil {
67-
t.Fatal(err)
68-
}
69-
70-
if len(credsList) != 0 {
71-
t.Fatal("didn't delete all creds?")
72-
}
73132
}
74133

75134
func TestMissingCred(t *testing.T) {

0 commit comments

Comments
 (0)