diff options
author | Markus Blöchl <markus@blochl.de> | 2021-11-27 19:44:17 +0100 |
---|---|---|
committer | Markus Blöchl <markus@blochl.de> | 2022-05-21 22:45:27 +0200 |
commit | 6c1d6dd2c55299f348dc512fb1943b0afdf7d7cc (patch) | |
tree | fe5ddfcfc98b9383f42fdb9c4db714662682fc6f | |
parent | f738ca3b0c05b6467e86c6612e8ea832f508423b (diff) | |
download | qutebrowser-6c1d6dd2c55299f348dc512fb1943b0afdf7d7cc.tar.gz qutebrowser-6c1d6dd2c55299f348dc512fb1943b0afdf7d7cc.zip |
qute-keepassxc: Add support for TOTP
-rwxr-xr-x | misc/userscripts/qute-keepassxc | 61 |
1 files changed, 58 insertions, 3 deletions
diff --git a/misc/userscripts/qute-keepassxc b/misc/userscripts/qute-keepassxc index f5fa2ce26..61a6c7bce 100755 --- a/misc/userscripts/qute-keepassxc +++ b/misc/userscripts/qute-keepassxc @@ -67,6 +67,26 @@ Therefore you need to have a public-key-pair readily set up. GPG might then ask for your private-key password whenever you query the database for login credentials. +# TOTP + +This script recently received experimental TOTP support. +To use it, you need to have working TOTP authentication within KeepassXC. +Then call `qute-keepassxc` with the `--totp` flags. + +For example, I have the following line in my `config.py`: + +```python +config.bind('pt', 'spawn --userscript qute-keepassxc --key ABC1234 --totp', mode='normal') +``` + +For now this script will simply insert the TOTP-token into the currently selected +input field, since I have not yet found a reliable way to identify the correct field +within all existing login forms. +Thus you need to manually select the TOTP input field, press escape to leave input +mode and then enter `pt` to fill in the token (or configure another key-binding for +insert mode if you prefer that). + + [1]: https://keepassxc.org/ [2]: https://qutebrowser.org/ [3]: https://gnupg.org/ @@ -90,6 +110,8 @@ import nacl.public def parse_args(): parser = argparse.ArgumentParser(description="Full passwords from KeepassXC") parser.add_argument('url', nargs='?', default=os.environ.get('QUTE_URL')) + parser.add_argument('--totp', action='store_true', + help="Fill in current TOTP field instead of username/password") parser.add_argument('--socket', '-s', default='/run/user/{}/org.keepassxc.KeePassXC.BrowserServer'.format(os.getuid()), help='Path to KeepassXC browser socket') parser.add_argument('--key', '-k', default='alice@example.com', @@ -182,6 +204,16 @@ class KeepassXC: )) return self.recv_msg()['entries'] + def get_totp(self, uuid): + self.send_msg(dict( + action = 'get-totp', + uuid = uuid + )) + response = self.recv_msg() + if response['success'] != 'true' or not response['totp']: + return None + return response['totp'] + def send_raw_msg(self, msg): self.sock.send( json.dumps(msg).encode('utf-8') ) @@ -361,6 +393,21 @@ def make_js_code(username, password): """.splitlines()) % (json.dumps(username), json.dumps(password)) +def make_js_totp_code(totp): + return ' '.join(""" + (function () { + var input = document.activeElement; + if (!input || input.tagName !== "INPUT") { + alert("No TOTP input field selected"); + return; + } + input.value = %s; + input.dispatchEvent(new Event('input', { 'bubbles': true })); + input.dispatchEvent(new Event('change', { 'bubbles': true })); + })(); + """.splitlines()) % (json.dumps(totp),) + + def main(): if 'QUTE_FIFO' not in os.environ: print(f"No QUTE_FIFO found - {sys.argv[0]} must be run as a qutebrowser userscript") @@ -381,9 +428,17 @@ def main(): if not cred: error('No credentials selected') return - name, pw = cred['login'], cred['password'] - if name and pw: - qute('jseval -q ' + make_js_code(name, pw)) + if args.totp: + uuid = cred['uuid'] + totp = kp.get_totp(uuid) + if not totp: + error('No TOTP key found') + return + qute('jseval -q ' + make_js_totp_code(totp)) + else: + name, pw = cred['login'], cred['password'] + if name and pw: + qute('jseval -q ' + make_js_code(name, pw)) except Exception as e: error(str(e)) |