git-credential-bw-shell/git-credential-bw at master · AZMCode/git-credential-bw-shell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/env bash
trap 'exit 1' SIGINT
help(){
	echo "
Bitwarden Git Credential Helper

Usage:
  git-credential-bw get
  git-credential-bw [-h|--help]

Options:
  -h --help     Show this screen."
}
get(){
	# You can configure these settings

	#Path to temporarily store the bitwarden session key.
	#Recommended to put in a temp folder.
	#Note that this session key can be invalidated at any moment by running 'bw lock'
	declare -r sessionFilePath="/tmp/git-credential-bw.key"

	#String to give to bw to search the correct item
	declare -r itemSearchString="git"

	#Max number of times to prompt the user before failing.
	#-1 makes this limit infinite
	declare -r maxAttempts=3

	logInStatus(){
		declare bwReturn="$(bw status)"
		declare statusObj="$(echo $bwReturn | grep -oP "{.*" )"
		declare statusString="$(echo $statusObj | jq -r .status)"
		echo $statusString
	}

	if [ ! -f "$sessionFilePath" ]; then
		touch "$sessionFilePath"
	fi
	export BW_SESSION="$(cat "$sessionFilePath")"

	declare attemptNum=0
	declare currStatus="$(logInStatus)"
	while [ "$currStatus" != "unlocked" ] && [ $attemptNum -ne $maxAttempts ]; do
		case "$currStatus" in
			"locked")
				echo "Your Bitwarden vault is locked, please unlock ($((attemptNum + 1))/$maxAttempts): " >&2
				export BW_SESSION="$(bw unlock --raw < /dev/tty)"
				;;
			"unlocked")
				;;
			"unauthenticated")
				echo "You're not logged into Bitwarden, please log in ($((attemptNum + 1))/$maxAttempts):" >&2
				export BW_SESSION="$(bw login --raw < /dev/tty)"
				;;
		esac
		currStatus="$(logInStatus)"
		if [ "$attemptNum" -ne -1 ]; then
			attemptNum=$((attemptNum + 1))
		fi
	done

	if [ "$currStatus" != "unlocked" ]; then
		echo "Could not authenticate" >&2
		exit 1
	fi

	bw sync > /dev/null
	echo "$BW_SESSION" > "$sessionFilePath"

	if [ "$1" == "raw" ]; then
		echo "$BW_SESSION"
	else
		declare loginOut="$(bw get item "$itemSearchString" | jq .login)"
		declare username="$(echo $loginOut | jq -r .username)"
		declare password="$(echo $loginOut | jq -r .password)"
		echo "username=$username"
		echo "password=$password"
	fi
}


if [ "$#" -eq 0 ]; then
	help;
	exit;
else
	declare isRaw=false
	declare isHelp=false
	declare command
	while [ $# -gt 0 ]; do
		case "$1" in
			-h|--help)
				isHelp=true
				exit
				;;
			-r|--raw)
				isRaw=true
				;;
			*)
				if [ -z "$(echo "$1" | grep -o "-")" ]; then
					if [ -z "$command" ]; then
						command="$1"
					else
						echo "Unknown Argument $1" >&2
						exit 1
					fi
				else
					echo "Unknown Argument $1" >&2
					exit 1
				fi
				;;
		esac
		shift
	done
	if $isHelp; then
		help
		exit
	elif [ -n "$command" ]; then
		case "$command" in
			get)
				get
				exit $?
				;;
			*)
				exit 1
		esac
	fi
fi