Jump to content
blacs30

Bitwarden CLI - Get passwords, username and TOTP from Bitwarden

Recommended Posts

Simple Bitwarden Workflow for Alfred

https://github.com/blacs30/bitwarden-alfred-workflow

 

Simple yet powerful integration with the Bitwarden CLI so you can now get your passwords out of your Bitwarden vault and straight into the clipboard from within Alfred.

 

**Note**: Passwords with spaces at the beginning or end are _NOT_ supported

 

## Version 1.2.4 update - Please Read

-----
* Uses utf-8 decoding now which fixes an issue where the json object could not be decoded and alfred bw would fail

-----

##Version 1.2.3 update - Please Read


  • Fixes an issue where spaces within the item name causes the workflow to being unable to get the password/username/totp
  • Removes newline at the end of the output

Thank you, @rasmusbe, for contributing.

 

##Version 1.2.2 update - Please Read

-----
Fixes an issue where spaces within the password prevent a user from login / unlock of the vault.

 

##Version 1.2.1 update - Please Read

 

Fixes an issue where the login is successful but the workflow doesn't set the marker to save it but instead returns that the vault is locked.

 

## Version 1.2.0 update - Please Read

Ladies and gents, I am happy to present v1.2.0 of the workflow. As this workflow was originally a fork from the LastPass CLI it is now almost completely a rewritten codebase without using AppleScript calling an external applescript file to ask for the password. That is done now via inline AppleScript in Python.

All perl and main AppleScripts have been rewritten in Python.

If you haven't used Bitwarden before... you are crazy and you should! Say bye to LastPass and hello to selfhosting. It is the single greatest password manager package out there :D so check it out at https://bitwarden.com.

 

## Version 1.1.0 update - Please Read


Ladies and gents, I am happy to present v1.0.0 of the workflow. Before I continue, this workflow has not been developed from scratch. The LastPass CLI workflow was the start and was remodeled to fit the Bitwarden CLI. Nonetheless it was a SIGNIFICANT amount of work for me so if you like it and use it, please say thank you by donating towards my organic food. Any amount will do, whatever you feel the value is for you/your business/your time :)

I have never used LastPass, I prefer to selfhost my applications. From the day I heard about Bitwarden I loved it - that was at the beginning of this year (2018).

If you haven't used Bitwarden before... you are crazy and you should! Say bye to LastPass and hello to selfhosting. It is the single greatest password manager package out there :D so check it out at https://bitwarden.com.


Donations

This workflow represents many many hours effort of development and testing. So if you love the workflow, and get use out of it every day, if you would like to donate as a thank you to buy me some healthy organic food (or organic coffee), or to put towards a shiny new gadget you can donate to me via Paypal.

PayPal — The safer, easier way to pay online.

Installation

  1. Ensure you have Alfred installed with the Alfred Powerpack License
  2. Install Homebrew (if you do not have it already installed)
    1. You should be able to just run the command in a terminal window (as your own user account NOT with sudo)
    2. ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
    3. Alternatively visit http://brew.sh/for further instructions.
  3. Install Bitwarden CLI command line interface
    1. In a terminal window run brew install bitwarden-cli
  4. Download the .alfredworkflow file
  5. Open the .alfredworkflow file to import into Alfred
  6. Run 'bwsetemail yourloginemail@yourdomain.com' in Alfred to set your Bitwarden username.
  7. Run 'bwsetserver https://bitwarden.example.com' in Alfred to set your Bitwarden URL. Use https://bitwarden.comfor the hosted bitwarden.

Usage

  • bwsetemail yourname@example.com- must be run when you first install/upgrade to version 1.0 or higher
  • bwsetemail - Set the Bitwarden user account email
  • bwsetserver - Set the Bitwarden server to connect to
  • bwset2fa - Enable 2FA for Bitwarden login
  • bwset2famethod - Set the method for the Bitwarden 2FA login (optional)
  • bwlogin - Log in to Bitwarden
  • bwlogout - Log out of Bitwarden
  • bwunlock - Unlock the Bitwarden vault in case in case it is locked
  • bwsync - Syncronize bitwarden with the remote server
  • bw Search Bitwarden vault for item containing , press return to copy the password to clipboard.
  • Shift modifier can be used on bw to copy the username.
  • Alt modifier can be used on bw to copy the totp (if available).

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

History

  • Version 1.0.0 - Initial Release
  • Version 1.0.1 - Fixed logout / not logged in warning
  • Version 1.0.2 - Fixed erroring in case no username exist, catch the error correctly now.
  • Version 1.1.0
  • Version 1.2.0
  • Version 1.2.1
  • Version 1.2.2
  • Version 1.2.3
  • Version 1.2.4

Credits

Created by Claas Lisowski If you would like to get into contact you can do so via:

License

Released under the GNU GENERAL PUBLIC LICENSE Version 2, June 1991

Notes

NOTE: This Alfred Workflow is not affiliated in any way with Bitwarden. The Bitwarden trademark and logo are owned by Bitwarden.com. The Bitwarden logo and product name have been used with permission of the Bitwarden team.

My thanks go out to Bitwarden for their awesome product and the new CLI!

Bitwarden.png

Edited by blacs30
Version 1.2.4 released

Share this post


Link to post

Hi Claas,

 

Thanks for a great workflow.

 

Unfortunately, I get the  "Permission denied" error when trying to 'bwlogin'  after I srtup my email and bitwarden server to https://bitwarden.com .

 

Any ideas what could cause that?

 

Thank you,

Andrey

Share this post


Link to post

Hi Andrey,

 

could you send me a screenshot of the error please?

Do you get a pop-up which asks you for the password?

 

If not then it might be that Alfred 3 or Script Editor have to be allowed in the Accessibility settings.

 

Regards

Claas

Screen Shot 2018-08-09 at 23.30.17.png

Screen Shot 2018-08-09 at 23.29.14.png

Share this post


Link to post

Hey Claas,

 

I've checked the Accessibility settings and both Alfred and Script editor wasn't there so I've added them manually.

But the problem still persists.

 

Here's the screenshot with the error.

 

My guess is there's something with the path escaping, because the whole path to the workflow is "/Volumes/320GB/Cloud/Resilio Sync/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.1FD14E1C-2721-438B-9A2E-9E449F4D8E88"

 

I'm on Mac OS X 10.11.6 just in case.

 

Cheers,

Andrey

Screen Capture 2018-08-12 at 13.43.14.jpg

Edited by Andrey Ivanov

Share this post


Link to post

Thanks Andrey,

that is indeed an issue in the code (which is currently still a mixture of old and new).

I will look into it this week.

Share this post


Link to post

Hi Claas,

 

Thanks for an update.

 

I can log in now, at least I get a notification that 'login is successful'

 

But the Vault keeps locked for me when I try to make a search. Unlock command doesn't make any difference... ?

 

Best.

Andrey

Share this post


Link to post

Hi Andrey,

 

oh, I am sorry. It could be now some issue with keychain.

Can you please do the following:

Check in the keychain if a session-key entry exist.

 

And could you please also enable debug (the bug in the top right corner) in Alfred and post the result, shouldn't contain complete secrets.

 

Thanks a lot.

 

 

Edit:

Please see version 1.2.1. I hope this fixes your issue.

Thanks for your patience.

 

 

 

 

Screen Shot 2018-08-21 at 17.26.24.png

Screen Shot 2018-08-21 at 17.26.39.png

Edited by blacs30
add edit section with a link to a new version.

Share this post


Link to post

Doesn't work for me, keeps saying my master password is incorrect :(. Might have something to do with my master password -- it contains spaces. Looking at the login python code, it seems to call bw --raw unlock {password}, and so I added quotes to my password like 

"password with spaces"

but it still does not work. Calling the command directly in the cli does work, so I'm not sure how it's being processed by the script.

 

EDIT: Tracing the code, it seems like calling split is causing the issue, will try to change the delimiter and test

 

EDIT2: Fixed by changing the delimiter to something else, make sure you call rstrip() on cmd to remove the newline too.

def login(login_mail, mfa_enabled=None, mfa_method=None):
    ........

    if not mfa_enabled:
        # NOTE: DELIMITER CHANGED TO [[[, replace all spaces in cmd with [[[
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}".format(login_mail=login_mail, password=password)
    elif mfa_enabled and not mfa_method:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}[[[--code[[[{mfa_code}".format(login_mail=login_mail, password=password, mfa_code=mfa_code)
    else:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}[[[--method[[[{mfa_method}[[[--code[[[{mfa_code}".format(login_mail=login_mail, password=password, mfa_method=mfa_method, mfa_code=mfa_code)
    # NOTE: Since delimiter is not default, need to strip new line
    cmd = cmd.rstrip()
    proc = Popen(cmd.split("[[["), env=my_env, stdout=PIPE, stderr=PIPE)
    out, err = proc.communicate()
    ........

 

Edited by springles

Share this post


Link to post

Hi @springles,

 

thanks for reporting this issue and fixing it. 

Version 1.2.2 supports spaces in passwords now.

 

I've used shlex.split() and double quotes around the password.

https://github.com/blacs30/bitwarden-alfred-workflow/releases/tag/1.2.2

 


def login(login_mail, mfa_enabled=None, mfa_method=None):
[...]

    if not mfa_enabled:
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\"".format(login_mail=login_mail.strip(), password=password.strip())
    elif mfa_enabled and not mfa_method:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_code=mfa_code.strip())
    else:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --method {mfa_method} --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_method=mfa_method.strip(), mfa_code=mfa_code.strip())

    split_cmd = shlex.split(cmd)
    proc = Popen(split_cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

Share this post


Link to post

YAY! I've been keeping my eye on this for a while waiting for those little bugs to get worked out. Super excited to start using this. Thanks for working on it

Share this post


Link to post
On 8/26/2018 at 5:47 PM, blacs30 said:

 


def login(login_mail, mfa_enabled=None, mfa_method=None):
[...]
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --method {mfa_method} --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_method=mfa_method.strip(), mfa_code=mfa_code.strip())

[...]
    split_cmd = shlex.split(cmd)
    proc = Popen(split_cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

 

If you don't mind my saying, that's a bit of an odd way to go about it. Precisely because Popen takes a list of arguments, not a string, you don't have to bugger about with all the formatting and  escaping. It should look more like this:

from pipes import quote
cmd = ['/usr/local/bin/bw',
       '--raw', 'login %s %s' % (quote(login_mail.strip()), quote(password.strip())),
       '--method', mfa_method.strip(),
       '--code', mfa_code.strip()]

proc = Popen(cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

Share this post


Link to post

Just had a question, how do I login if 2fa is already turned on for my account, I didn't see an option to add a 2fa code when trying to login in via alfred

 

Share this post


Link to post

Hi @andresm1126

for 2fa please enable 2fa in the Alfred workflow with `bwset2fa on`

In case you were already logged in in Alfred (which I think is not the case for you) logout first `bwlogout` and then login again with `bwlogin`

Share this post


Link to post
3 hours ago, blacs30 said:

Hi @andresm1126

for 2fa please enable 2fa in the Alfred workflow with `bwset2fa on`

In case you were already logged in in Alfred (which I think is not the case for you) logout first `bwlogout` and then login again with `bwlogin`

Hi @blacs30 The issue in my case is that I already had 2fa enabled form the website, so when I try bwlogin I get an error message since there's no option to enter the 2fa code

 

Share this post


Link to post

@andresm1126

I understand, I have it the same way. The bitwarden alfred workflow will ask you for the 2fa code (6 digits) - but for this you need to use the command `bwset2fa on` in Alfred. That will tell the workflow when you login via alfred to ask 1. for the password and then 2. for the 6 digit 2fa code.

 

Screenshot attached, hope that helps.

Screenshot 2019-03-07 at 15.56.15.png

Share this post


Link to post
5 minutes ago, blacs30 said:

@andresm1126

I understand, I have it the same way. The bitwarden alfred workflow will ask you for the 2fa code (6 digits) - but for this you need to use the command `bwset2fa on` in Alfred. That will tell the workflow when you login via alfred to ask 1. for the password and then 2. for the 6 digit 2fa code.

 

Screenshot attached, hope that helps.

Screenshot 2019-03-07 at 15.56.15.png

 

@blacs30 Gotcha, thank you so much!!!

Share this post


Link to post
On 8/8/2019 at 3:13 PM, llityslife said:

it sames not work now! please check it.

Which version is your bitwarden cli? With the latest version 1.7.4 it is still running.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...