Implement token grabber

When looking at the vaut web UI, you can now grab its token This should help with SSO Vaults like in #30 and #21
mulbc · Nov 14, 2022 · edb584e · edb584e
1 parent 37981ec
commit edb584e
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 10 deletions.
diff --git a/.eslintrc.yml b/.eslintrc.yml
@@ -3,7 +3,7 @@ env:
   es6: true
 extends: 'eslint:recommended'
 parserOptions:
-  ecmaVersion: 2018
+  ecmaVersion: 2019
 rules:
   indent:
     - error

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v1.4.0  # Use the ref you want to point at
+  rev: v4.3.0  # Use the ref you want to point at
   hooks:
   - id: trailing-whitespace
   - id: check-case-conflict
@@ -10,7 +10,7 @@ repos:
   - id: end-of-file-fixer
   - id: check-symlinks
 -   repo: https://github.com/pre-commit/mirrors-eslint
-    rev: v5.11.1  # Use the sha / tag you want to point at
+    rev: v8.27.0  # Use the sha / tag you want to point at
     hooks:
     - id: eslint
       exclude: >

diff --git a/content.js b/content.js
@@ -1,5 +1,5 @@
 /* eslint-disable no-console */
-/* global browser, chrome */
+/* global browser */
 // We can only access the TABs DOM with this script.
 // It will get the credentials via message passing from the popup
 // It is also responsible to copy strings to the clipboard
@@ -12,6 +12,9 @@ browser.runtime.onMessage.addListener((request) => {
     case 'fill_creds':
       handleFillCredits(request);
       break;
+    case 'fetch_token':
+      handleFetchToken();
+      break;
   }
 });
 
@@ -93,8 +96,38 @@ function handleFillCredits(request) {
   fillIn(passwordNode, request.password);
 }
 
+function handleFetchToken() {
+  let element = '';
+  for (const [, value] of Object.entries(window.localStorage)) {
+    try {
+      element = JSON.parse(value);
+    } catch {
+      continue;
+    }
+    if (
+      Object.prototype.hasOwnProperty.call(element,'token') &&
+      Object.prototype.hasOwnProperty.call(element,'ttl') &&
+      Object.prototype.hasOwnProperty.call(element,'policies')
+    ) {
+      browser.runtime.sendMessage({
+        type: 'fetch_token',
+        token: element.token,
+        policies: element.policies,
+        address: window.location.origin,
+      });
+      return;
+    }
+  }
+  browser.runtime.sendMessage({
+    type: 'token_missing',
+    token: element.token,
+    policies: element.policies,
+    address: window.location.origin,
+  });
+}
+
 function fillForm() {
-  chrome.runtime.sendMessage({
+  browser.runtime.sendMessage({
     type: 'auto_fill_secrets',
   });
 }

diff --git a/manifest.json b/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "VaultPass",
   "description": "A Chrome extension to leverage Hashicorp Vault as Credential Storage for teams",
-  "version": "2.3",
+  "version": "2.3.2",
   "action": {
     "default_icon": "icons/logo128.png",
     "default_popup": "popup.html",

diff --git a/options.html b/options.html
@@ -73,6 +73,12 @@ <h1 class="h1 title">VaultPass</h1>
           value="Login to Vault"
           id="authButton"
         />
+        <input
+        type="submit"
+        class="button button--primary"
+        value="Get Token from Vault"
+        id="tokenGrabber"
+      />
       </div>
 
       <div>

diff --git a/options.js b/options.js
@@ -1,5 +1,5 @@
 /* eslint-disable no-console */
-/* global authButtonClick browser Notify */
+/* global browser Notify */
 
 const notify = new Notify(document.querySelector('#notify'));
 async function mainLoaded() {
@@ -11,6 +11,9 @@ async function mainLoaded() {
   document
     .getElementById('authButton')
     .addEventListener('click', authButtonClick, false);
+  document
+    .getElementById('tokenGrabber')
+    .addEventListener('click', tokenGrabberClick, false);
   document
     .getElementById('logoutButton')
     .addEventListener('click', logout, false);
@@ -59,9 +62,7 @@ async function querySecrets(vaultServerAdress, vaultToken, policies) {
   );
   if (!fetchListOfSecretDirs.ok) {
     const returnText = await fetchListOfSecretDirs.text();
-    notify.error(
-      `Fetching list of secret directories failed: ${returnText}`
-    );
+    notify.error(`Fetching list of secret directories failed: ${returnText}`);
     throw new Error(
       `Fetching list of secret directories failed: ${returnText}`
     );
@@ -223,4 +224,32 @@ async function authButtonClick() {
   }
 }
 
+async function tokenGrabberClick() {
+  var tabs = await browser.tabs.query({ active: true, currentWindow: true });
+  for (let tabIndex = 0; tabIndex < tabs.length; tabIndex++) {
+    var tab = tabs[tabIndex];
+    if (tab.url) {
+      browser.tabs.sendMessage(tab.id, {
+        message: 'fetch_token',
+      });
+      break;
+    }
+  }
+}
+
 document.addEventListener('DOMContentLoaded', mainLoaded, false);
+
+browser.runtime.onMessage.addListener( async function (message) {
+  switch (message.type) {
+    case 'fetch_token':
+      await browser.storage.local.set({ vaultToken: message.token });
+      await browser.storage.sync.set({ vaultAddress: message.address });
+      await querySecrets(message.address, message.token, message.policies);
+      break;
+    case 'token_missing':
+      notify.error('Failed to find Vault info from current tab');
+      break;
+    default:
+      break;
+  }
+});