Feature/headless pw mgmt (#17)

Author: Juliya Smith

CHANGELOG.md

@@ -8,6 +8,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 The intended audience of this file is for py42 consumers -- as such, changes that don't affect
 how a consumer would use the library (e.g. adding unit tests, updating documentation, etc) are not captured here.
 
+## 0.4.3 - 2020-03-16
+
+### Added
+
+- Support for storing passwords when keying is not available.
+
+### Fixed
+
+- Bug where keyring caused errors on certain operating systems when not supported.
 
 ## 0.4.2 - 2020-03-13
 

README.md

@@ -130,3 +130,9 @@ To learn more about acceptable arguments, add the `-h` flag to `code42` or any o
 # Known Issues
 
 Only the first 10,000 of each set of events containing the exact same insertion timestamp is reported.
+
+
+# Troubleshooting
+
+If you keep getting prompted for your password, try resetting with `code42 profile reset-pw`.
+If that doesn't work, delete your credentials file located at ~/.code42cli or the entry in keychain.

src/code42cli/__version__.py

@@ -1 +1 @@
-__version__ = "0.4.2"
+__version__ = "0.4.3"

src/code42cli/compat.py

@@ -15,7 +15,9 @@
     from urlparse import urljoin, urlparse
 
     str = unicode
+
     import io
+
     open = io.open
 
     import repr as reprlib

src/code42cli/profile/config.py

@@ -115,7 +115,7 @@ def _create_profile_section(self, name):
             self._internal[self.DEFAULT_PROFILE] = name
 
     def _save(self):
-        util.open_file(self.path, u"w+", lambda f: self.parser.write(f))
+        util.open_file(self.path, u"w+", lambda file: self.parser.write(file))
 
     def _try_complete_setup(self, profile):
         if self._internal.getboolean(self.DEFAULT_PROFILE_IS_COMPLETE):

src/code42cli/profile/password.py

@@ -1,21 +1,21 @@
 from __future__ import print_function
 
+import os
+import stat
 from getpass import getpass
 
 import keyring
 
 from code42cli.profile.config import get_config_accessor, ConfigAccessor
+from code42cli.util import does_user_agree, open_file, get_user_project_path, print_error
 
 _ROOT_SERVICE_NAME = u"code42cli"
 
 
 def get_stored_password(profile_name):
     """Gets your currently stored password for the given profile name."""
     profile = _get_profile(profile_name)
-    service_name = _get_service_name(profile.name)
-    username = _get_username(profile)
-    password = keyring.get_password(service_name, username)
-    return password
+    return _get_stored_password(profile)
 
 
 def get_password_from_prompt():
@@ -26,20 +26,94 @@ def get_password_from_prompt():
 def set_password(profile_name, new_password):
     """Sets your password for the given profile name."""
     profile = _get_profile(profile_name)
-    service_name = _get_service_name(profile.name)
+    service_name = _get_keyring_service_name(profile.name)
     username = _get_username(profile)
-    keyring.set_password(service_name, username, new_password)
-    print(u"'Code42 Password' updated.")
+    if _store_password(profile, service_name, username, new_password):
+        print(u"'Code42 Password' updated.")
 
 
 def _get_profile(profile_name):
     accessor = get_config_accessor()
     return accessor.get_profile(profile_name)
 
 
-def _get_service_name(profile_name):
+def _get_stored_password(profile):
+    password = _get_password_from_keyring(profile) or _get_password_from_file(profile)
+    return password
+
+
+def _get_keyring_service_name(profile_name):
     return u"{}::{}".format(_ROOT_SERVICE_NAME, profile_name)
 
 
+def _get_password_from_keyring(profile):
+    try:
+        service_name = _get_keyring_service_name(profile.name)
+        username = _get_username(profile)
+        return keyring.get_password(service_name, username)
+    except:
+        return None
+
+
+def _get_password_from_file(profile):
+    path = _get_password_file_path(profile)
+
+    def read_password(file):
+        try:
+            return file.readline().strip()
+        except Exception:
+            return None
+
+    try:
+        return open_file(path, u"r", lambda file: read_password(file))
+    except Exception:
+        return None
+
+
+def _store_password(profile, service_name, username, new_password):
+    return _store_password_using_keyring(
+        service_name, username, new_password
+    ) or _store_password_using_file(profile, new_password)
+
+
+def _store_password_using_keyring(service_name, username, new_password):
+    try:
+        keyring.set_password(service_name, username, new_password)
+        was_successful = keyring.get_password(service_name, username) is not None
+        return was_successful
+    except:
+        return False
+
+
+def _store_password_using_file(profile, new_password):
+    save_to_file = _prompt_for_alternative_store()
+    if save_to_file:
+        path = _get_password_file_path(profile)
+
+        def write_password(file):
+            try:
+                file.truncate(0)
+                line = u"{0}\n".format(new_password)
+                file.write(line)
+                os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
+                return True
+            except Exception as ex:
+                print_error(str(ex))
+                return False
+
+        return open_file(path, u"w+", lambda file: write_password(file))
+    return False
+
+
+def _get_password_file_path(profile):
+    project_path = get_user_project_path()
+    return u"{0}.{1}".format(project_path, profile.name.lower())
+
+
 def _get_username(profile):
     return profile[ConfigAccessor.USERNAME_KEY]
+
+
+def _prompt_for_alternative_store():
+    prompt = u"keyring is unavailable. Would you like to store in secure flat file? (y/n): "
+    return does_user_agree(prompt)

src/code42cli/profile/profile.py

@@ -4,13 +4,13 @@
 import code42cli.profile.password as password
 from code42cli.compat import str
 from code42cli.profile.config import get_config_accessor, ConfigAccessor
+from code42cli.sdk_client import validate_connection
 from code42cli.util import (
-    get_input,
+    does_user_agree,
     print_error,
     print_set_profile_help,
     print_no_existing_profile_message,
 )
-from code42cli.sdk_client import validate_connection
 
 
 class Code42Profile(object):
@@ -112,6 +112,7 @@ def prompt_for_password_reset(args):
     """Securely prompts for your password and then stores it using keyring."""
     profile = get_profile(args.profile_name)
     new_password = password.get_password_from_prompt()
+
     if not validate_connection(profile.authority_url, profile.username, new_password):
         print_error(
             "Your password was not saved because your credentials failed to validate. "
@@ -254,8 +255,7 @@ def _default_profile_exist():
 
 
 def _prompt_for_allow_password_set(args):
-    answer = get_input(u"Would you like to set a password? (y/n): ")
-    if answer.lower() == u"y":
+    if does_user_agree(u"Would you like to set a password? (y/n): "):
         prompt_for_password_reset(args)
 
 

src/code42cli/sdk_client.py

@@ -24,5 +24,4 @@ def validate_connection(authority_url, username, password):
         SDK.create_using_local_account(authority_url, username, password)
         return True
     except:
-        print(username, password, authority_url)
         return False

src/code42cli/securitydata/extraction.py

@@ -12,14 +12,14 @@
 
 from code42cli.compat import str
 from code42cli.profile.profile import get_profile
+from code42cli.sdk_client import create_sdk
 from code42cli.securitydata import date_helper as date_helper
 from code42cli.securitydata.arguments.main import IS_INCREMENTAL_KEY
 from code42cli.securitydata.arguments.search import SearchArguments
 from code42cli.securitydata.cursor_store import FileEventCursorStore
 from code42cli.securitydata.logger_factory import get_error_logger
 from code42cli.securitydata.options import ExposureType as ExposureTypeOptions
 from code42cli.util import print_error, print_bold, is_interactive
-from code42cli.sdk_client import create_sdk
 
 _EXCEPTIONS_OCCURRED = False
 

src/code42cli/securitydata/logger_factory.py

@@ -68,9 +68,13 @@ def get_logger_for_server(hostname, protocol, output_format):
         if not _logger_has_handlers(logger):
             url_parts = get_url_parts(hostname)
             port = url_parts[1] or 514
-            handler = NoPrioritySysLogHandlerWrapper(
-                url_parts[0], port=port, protocol=protocol
-            ).handler
+            try:
+                handler = NoPrioritySysLogHandlerWrapper(
+                    url_parts[0], port=port, protocol=protocol
+                ).handler
+            except:
+                print_error(u"Unable to connect to {0}.".format(hostname))
+                exit(1)
             return _init_logger(logger, handler, output_format)
     return logger