Add support for unencrypted description field

When the description field is not encrypted, the resource secrets will contain only a password instead of a JSON containing password and description. Fixes #9 by detecting if the decrypted resource secrets is a JSON or not and act accordingly. The description field will be extracted from the resource secrets if present, otherwise it will be retrieved from the unencrypted resource details.
passbolt · Jan 24, 2024 · 1b1041f · 1b1041f
1 parent 8f8726e
commit 1b1041f
Showing 1 changed file with 15 additions and 11 deletions.
diff --git a/plugins/lookup/passbolt.py b/plugins/lookup/passbolt.py
@@ -171,7 +171,12 @@ def _format_result(self, resource, resource_secrets):
             "uri": resource.get("uri", ""),
             "username": resource.get("username", ""),
             "password": resource_secrets.get("password", ""),
-            "description": resource_secrets.get("description", ""),
+            # description can be encrypted in resource_secrets or unencrypted in resource
+            "description": (
+                "description" in resource_secrets 
+                and resource_secrets.get("description", "")
+                or resource.get("description", "")
+                ),
             "deleted": resource.get("deleted", ""),
             "created": resource.get("created", ""),
             "modified": resource.get("modified", ""),
@@ -293,17 +298,16 @@ def run(self, terms, variables=None, **kwargs):
                 resource = self.get_resource_per_term(term)
             if resource.get("id"):
                 # We got a resource, fetch their secrets
-                resource_secrets = (
-                    self.dict_config.get("gpg_library", "PGPy") == "gnupg"
-                    and json.loads(
-                        self.p.decrypt(
-                            self.p.get_resource_secret(resource.get("id"))
-                        ).data
+                resource_secret_decrypted = self.p.decrypt(self.p.get_resource_secret(resource.get("id")))
+                try:
+                    resource_secrets = (
+                        self.dict_config.get("gpg_library", "PGPy") == "gnupg"
+                        and json.loads(resource_secret_decrypted.data)
+                        or json.loads(resource_secret_decrypted)
                     )
-                    or json.loads(
-                        self.p.decrypt(self.p.get_resource_secret(resource.get("id")))
-                    )
-                )
+                except json.decoder.JSONDecodeError:
+                    # Only password is returned when description field is not encrypted
+                    resource_secrets = { "password": resource_secret_decrypted }
                 ret.append(self._format_result(resource, resource_secrets))
             else:
                 if str(self.dict_config.get("create_new_resource")).lower() == "true":