forked from gopasspw/gopass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
recipients.go
115 lines (100 loc) · 3.02 KB
/
recipients.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package action
import (
"fmt"
"strings"
"github.com/fatih/color"
"github.com/urfave/cli"
)
var (
removalWarning = `
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOVING A USER WILL NOT REVOKE ACCESS FROM OLD REVISONS! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
THE USER %s WILL STILL BE ABLE TO ACCESS ANY OLD COPY OF THE STORE AND
ANY OLD REVISION HE HAD ACCESS TO.
ANY CREDENTIALS THIS USER HAD ACCESS TO NEED TO BE CONSIDERED COMPROMISED
AND SHOULD BE REVOKED.
This feature is only meant from revoking access to any added or changed
credentials.
`
)
// RecipientsPrint prints all recipients per store
func (s *Action) RecipientsPrint(c *cli.Context) error {
if err := s.Store.ImportMissingPublicKeys(); err != nil {
fmt.Println(color.RedString("Failed to import missing public keys: %s", err))
}
if err := s.Store.SaveRecipients(); err != nil {
fmt.Println(color.RedString("Failed to export missing public keys: %s", err))
}
tree, err := s.Store.RecipientsTree(true)
if err != nil {
return err
}
fmt.Println(tree.Format(0))
return nil
}
// RecipientsComplete will print a list of recipients for bash
// completion
func (s *Action) RecipientsComplete(*cli.Context) {
tree, err := s.Store.RecipientsTree(false)
if err != nil {
fmt.Println(err)
return
}
for _, v := range tree.List(0) {
fmt.Println(v)
}
}
// RecipientsAdd adds new recipients
func (s *Action) RecipientsAdd(c *cli.Context) error {
store := c.String("store")
added := 0
for _, r := range c.Args() {
keys, err := s.gpg.FindPublicKeys(r)
if err != nil {
fmt.Println(color.CyanString("Failed to list public key '%s': %s", r, err))
continue
}
keys = keys.UseableKeys()
if len(keys) < 1 {
fmt.Println(color.CyanString("Warning: No matching valid key found. If the key is in your keyring you may need to validate it."))
fmt.Println(color.CyanString("If this is your key: gpg --edit-key %s; trust (set to ultimate); quit", r))
fmt.Println(color.CyanString("If this is not your key: gpg --edit-key %s; lsign; save; quit", r))
continue
}
if !s.askForConfirmation(fmt.Sprintf("Do you want to add '%s' as an recipient?", keys[0].OneLine())) {
continue
}
if err := s.Store.AddRecipient(store, keys[0].Fingerprint); err != nil {
return err
}
added++
}
if added < 1 {
return fmt.Errorf("no key added")
}
fmt.Printf("Added %d recipients\n", added)
return nil
}
// RecipientsRemove removes recipients
func (s *Action) RecipientsRemove(c *cli.Context) error {
store := c.String("store")
removed := 0
for _, r := range c.Args() {
kl, err := s.gpg.FindPrivateKeys(r)
if err == nil {
if len(kl) > 0 {
if !s.askForConfirmation(fmt.Sprintf("Do you want to remove yourself (%s) from the recipients?", r)) {
continue
}
}
}
if err := s.Store.RemoveRecipient(store, strings.TrimPrefix(r, "0x")); err != nil {
return err
}
fmt.Printf(removalWarning, r)
removed++
}
fmt.Printf("Removed %d recipients\n", removed)
return nil
}