pass: base64 encoded username with backward compatility

crazy-max · crazy-max · commit 5a3e1bb040d5 · 2023-05-29T19:55:13.000+02:00
Signed-off-by: CrazyMax &lt;crazy-max@users.noreply.github.com&gt;
diff --git a/pass/pass.go b/pass/pass.go
@@ -87,14 +87,9 @@ func (p Pass) Add(creds *credentials.Credentials) error {
 		return errors.New("missing credentials")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
-
-	username := creds.Username
-	if strings.Contains(username, "/") {
-		username = base64.URLEncoding.EncodeToString([]byte(creds.Username))
-	}
-
-	_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encoded, username))
+	encodedServerURL := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
+	encodedUsername := base64.URLEncoding.EncodeToString([]byte(creds.Username))
+	_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encodedServerURL, encodedUsername))
 	return err
 }
 
@@ -104,8 +99,8 @@ func (p Pass) Delete(serverURL string) error {
 		return errors.New("missing server url")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
-	_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encoded))
+	encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))
+	_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encodedServerURL))
 	return err
 }
 
@@ -147,17 +142,16 @@ func (p Pass) Get(serverURL string) (string, string, error) {
 		return "", "", errors.New("missing server url")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
-
-	if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encoded)); err != nil {
+	encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))
+	if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encodedServerURL)); err != nil {
 		if os.IsNotExist(err) {
 			return "", "", credentials.NewErrCredentialsNotFound()
 		}
 
 		return "", "", err
 	}
 
-	usernames, err := listPassDir(encoded)
+	usernames, err := listPassDir(encodedServerURL)
 	if err != nil {
 		return "", "", err
 	}
@@ -168,11 +162,10 @@ func (p Pass) Get(serverURL string) (string, string, error) {
 
 	actual := strings.TrimSuffix(usernames[0].Name(), ".gpg")
 	username := actual
-	decodedUsername, err := base64.URLEncoding.DecodeString(actual)
-	if err == nil {
+	if decodedUsername, err := base64.URLEncoding.DecodeString(actual); err == nil {
 		username = string(decodedUsername)
 	}
-	secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encoded, actual))
+	secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encodedServerURL, actual))
 	return username, secret, err
 }
 
@@ -204,9 +197,9 @@ func (p Pass) List() (map[string]string, error) {
 			return nil, fmt.Errorf("no usernames for %s", serverURL)
 		}
 
-		resp[string(serverURL)] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
-		decodedUsername, err := base64.URLEncoding.DecodeString(strings.TrimSuffix(usernames[0].Name(), ".gpg"))
-		if err == nil {
+		username := strings.TrimSuffix(usernames[0].Name(), ".gpg")
+		resp[string(serverURL)] = username
+		if decodedUsername, err := base64.URLEncoding.DecodeString(username); err == nil {
 			resp[string(serverURL)] = string(decodedUsername)
 		}
 	}
diff --git a/pass/pass_test.go b/pass/pass_test.go
@@ -3,13 +3,76 @@
 package pass
 
 import (
+	"encoding/base64"
+	"path"
 	"strings"
 	"testing"
 
 	"github.com/docker/docker-credential-helpers/credentials"
 )
 
+func TestPassHelperCheckInit(t *testing.T) {
+	helper := Pass{}
+	if v := helper.CheckInitialized(); !v {
+		t.Errorf("expected true, actual: %v", v)
+	}
+}
+
 func TestPassHelper(t *testing.T) {
+	tests := []struct {
+		name  string
+		creds *credentials.Credentials
+	}{
+		{
+			name: "create nothing",
+			creds: &credentials.Credentials{
+				ServerURL: "https://foobar.docker.io:2376/v1",
+				Username:  "nothing",
+				Secret:    "isthebestmeshuggahalbum",
+			},
+		},
+		{
+			name: "create foo/bar",
+			creds: &credentials.Credentials{
+				ServerURL: "https://foobar.docker.io:2376/v1",
+				Username:  "foo/bar",
+				Secret:    "foobarbaz",
+			},
+		},
+	}
+
+	helper := Pass{}
+	if err := helper.checkInitialized(); err != nil {
+		t.Error(err)
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			if err := helper.Add(tc.creds); err != nil {
+				t.Error(err)
+			}
+			u, s, err := helper.Get(tc.creds.ServerURL)
+			if err != nil {
+				t.Error(err)
+			}
+			if u != tc.creds.Username {
+				t.Errorf("invalid username %s", u)
+			}
+			if s != tc.creds.Secret {
+				t.Errorf("invalid secret: %s", s)
+			}
+			if err := helper.Delete(tc.creds.ServerURL); err != nil {
+				t.Error(err)
+			}
+			if _, _, err := helper.Get(tc.creds.ServerURL); !credentials.IsErrCredentialsNotFound(err) {
+				t.Errorf("expected credentials not found, actual: %v", err)
+			}
+		})
+	}
+}
+
+func TestPassHelperBackwardCompat(t *testing.T) {
 	creds := &credentials.Credentials{
 		ServerURL: "https://foobar.docker.io:2376/v1",
 		Username:  "nothing",
@@ -21,7 +84,9 @@ func TestPassHelper(t *testing.T) {
 		t.Error(err)
 	}
 
-	if err := helper.Add(creds); err != nil {
+	// add a credential with the old format
+	encodedServerURL := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
+	if _, err := helper.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encodedServerURL, creds.Username)); err != nil {
 		t.Error(err)
 	}
 
@@ -44,13 +109,6 @@ func TestPassHelper(t *testing.T) {
 	}
 }
 
-func TestPassHelperCheckInit(t *testing.T) {
-	helper := Pass{}
-	if v := helper.CheckInitialized(); !v {
-		t.Errorf("expected true, actual: %v", v)
-	}
-}
-
 func TestPassHelperList(t *testing.T) {
 	creds := []*credentials.Credentials{
 		{

Original file line number	Diff line number	Diff line change
`@@ -87,14 +87,9 @@ func (p Pass) Add(creds *credentials.Credentials) error {`
`87`	`87`	`return errors.New("missing credentials")`
`88`	`88`	`}`
`89`	`89`
`90`		`- encoded := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))`
`91`		`-`
`92`		`- username := creds.Username`
`93`		`- if strings.Contains(username, "/") {`
`94`		`- username = base64.URLEncoding.EncodeToString([]byte(creds.Username))`
`95`		`- }`
`96`		`-`
`97`		`- _, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encoded, username))`
	`90`	`+ encodedServerURL := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))`
	`91`	`+ encodedUsername := base64.URLEncoding.EncodeToString([]byte(creds.Username))`
	`92`	`+ _, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encodedServerURL, encodedUsername))`
`98`	`93`	`return err`
`99`	`94`	`}`
`100`	`95`
`@@ -104,8 +99,8 @@ func (p Pass) Delete(serverURL string) error {`
`104`	`99`	`return errors.New("missing server url")`
`105`	`100`	`}`
`106`	`101`
`107`		`- encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))`
`108`		`- _, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encoded))`
	`102`	`+ encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))`
	`103`	`+ _, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encodedServerURL))`
`109`	`104`	`return err`
`110`	`105`	`}`
`111`	`106`
`@@ -147,17 +142,16 @@ func (p Pass) Get(serverURL string) (string, string, error) {`
`147`	`142`	`return "", "", errors.New("missing server url")`
`148`	`143`	`}`
`149`	`144`
`150`		`- encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))`
`151`		`-`
`152`		`- if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encoded)); err != nil {`
	`145`	`+ encodedServerURL := base64.URLEncoding.EncodeToString([]byte(serverURL))`
	`146`	`+ if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encodedServerURL)); err != nil {`
`153`	`147`	`if os.IsNotExist(err) {`
`154`	`148`	`return "", "", credentials.NewErrCredentialsNotFound()`
`155`	`149`	`}`
`156`	`150`
`157`	`151`	`return "", "", err`
`158`	`152`	`}`
`159`	`153`
`160`		`- usernames, err := listPassDir(encoded)`
	`154`	`+ usernames, err := listPassDir(encodedServerURL)`
`161`	`155`	`if err != nil {`
`162`	`156`	`return "", "", err`
`163`	`157`	`}`
`@@ -168,11 +162,10 @@ func (p Pass) Get(serverURL string) (string, string, error) {`
`168`	`162`
`169`	`163`	`actual := strings.TrimSuffix(usernames[0].Name(), ".gpg")`
`170`	`164`	`username := actual`
`171`		`- decodedUsername, err := base64.URLEncoding.DecodeString(actual)`
`172`		`- if err == nil {`
	`165`	`+ if decodedUsername, err := base64.URLEncoding.DecodeString(actual); err == nil {`
`173`	`166`	`username = string(decodedUsername)`
`174`	`167`	`}`
`175`		`- secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encoded, actual))`
	`168`	`+ secret, err := p.runPass("", "show", path.Join(PASS_FOLDER, encodedServerURL, actual))`
`176`	`169`	`return username, secret, err`
`177`	`170`	`}`
`178`	`171`
`@@ -204,9 +197,9 @@ func (p Pass) List() (map[string]string, error) {`
`204`	`197`	`return nil, fmt.Errorf("no usernames for %s", serverURL)`
`205`	`198`	`}`
`206`	`199`
`207`		`- resp[string(serverURL)] = strings.TrimSuffix(usernames[0].Name(), ".gpg")`
`208`		`- decodedUsername, err := base64.URLEncoding.DecodeString(strings.TrimSuffix(usernames[0].Name(), ".gpg"))`
`209`		`- if err == nil {`
	`200`	`+ username := strings.TrimSuffix(usernames[0].Name(), ".gpg")`
	`201`	`+ resp[string(serverURL)] = username`
	`202`	`+ if decodedUsername, err := base64.URLEncoding.DecodeString(username); err == nil {`
`210`	`203`	`resp[string(serverURL)] = string(decodedUsername)`
`211`	`204`	`}`
`212`	`205`	`}`