bachya Posted December 29, 2014 Author Posted December 29, 2014 Yes, that would help a bit. The thing is that I don't want my passwords to be available straight away. And the "special" passwords which normally require an extra password/security input should require the entering of the master password again. I'll check the lastpass cli to see if I can add some extra security measures (i.e. small activation code for every password like the lastpass android app does). I'm just a tad paranoid I definitely hear your concern! It's good to be paranoid with this stuff. As it stands right now, if you don't set LPASS_AGENT_TIMEOUT to 0, you'll see this every so often: ...which is helpful, maybe? What you're suggesting ("special" vault items that would force a master password re-entry) would definitely require a bit more than what the lpass command offers. If you fork the project and add your suggested fixes, I'd be happy to take a look at utilizing it.
bachya Posted December 30, 2014 Author Posted December 30, 2014 Because, when you're snowed in, there's no better time to code away. 3.1 published and it has some cool features: Entirely new settings/configuration management via `lpsettings`. Added ability to login to LastPass. Added ability to logout from LastPass. Added ability to configure filepath to `lpass`. Added new (and slimmer) icons. Environment-proofed Python path in all scripts and Script Filters. DIRECT DOWNLOAD GITHUB REPO PACKAL PAGE
tommydenton Posted December 31, 2014 Posted December 31, 2014 I am so stoked you have created this. I am on Mac, I have logged into Last Pass from the CLI...I am able to retrieve a password from the CLI..but for the life of me I cannot find a version that has lpass export... $ lpass --version yields LastPass CLI v0.3.0 I tried installing from "Brew" and from GitHub/Make/Make Install... Any clues on a good URL to get the CLI needed. Thanks, T
bachya Posted December 31, 2014 Author Posted December 31, 2014 (edited) I am so stoked you have created this. I am on Mac, I have logged into Last Pass from the CLI...I am able to retrieve a password from the CLI..but for the life of me I cannot find a version that has lpass export... $ lpass --version yields LastPass CLI v0.3.0 I tried installing from "Brew" and from GitHub/Make/Make Install... Any clues on a good URL to get the CLI needed. Thanks, T That's so bizarre. According to their issues page, they added that command about a month ago (https://github.com/lastpass/lastpass-cli/issues/4). When you run `lpass` by itself, what gets output? FYI, I have the same version as you: abach@xxxxx ~ $ lpass --version LastPass CLI v0.3.0 Edited December 31, 2014 by Aaron B.
nycreal Posted January 5, 2015 Posted January 5, 2015 Thanks Aaron, great work, everything seems to be working for me. Happy new year everyone!
tommydenton Posted January 6, 2015 Posted January 6, 2015 That's so bizarre. According to their issues page, they added that command about a month ago (https://github.com/lastpass/lastpass-cli/issues/4). When you run `lpass` by itself, what gets output? FYI, I have the same version as you: abach@xxxxx ~ $ lpass --version LastPass CLI v0.3.0 I am a bit perplexed as well. lpass Usage: lpass {--help|--version} lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME lpass logout [--force, -f] lpass show [--sync=auto|now|no] [--clip, -c] [--all|--username|--password|--url|--notes|--field=FIELD|--id|--name] {UNIQUENAME|UNIQUEID} lpass ls [--sync=auto|now|no] [GROUP] lpass edit [--sync=auto|now|no] [--non-interactive] {--name|--username|--password|--url|--notes|--field=FIELD} {NAME|UNIQUEID} lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH lpass duplicate [--sync=auto|now|no] {UNIQUENAME|UNIQUEID} lpass rm [--sync=auto|now|no] {UNIQUENAME|UNIQUEID} lpass sync [--background, -b]
bachya Posted January 6, 2015 Author Posted January 6, 2015 I am a bit perplexed as well. lpass Usage: lpass {--help|--version} lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME lpass logout [--force, -f] lpass show [--sync=auto|now|no] [--clip, -c] [--all|--username|--password|--url|--notes|--field=FIELD|--id|--name] {UNIQUENAME|UNIQUEID} lpass ls [--sync=auto|now|no] [GROUP] lpass edit [--sync=auto|now|no] [--non-interactive] {--name|--username|--password|--url|--notes|--field=FIELD} {NAME|UNIQUEID} lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH lpass duplicate [--sync=auto|now|no] {UNIQUENAME|UNIQUEID} lpass rm [--sync=auto|now|no] {UNIQUENAME|UNIQUEID} lpass sync [--background, -b] Tommy, I recommend you go to the lastpass-cli Issues Page and report this; something's not right. See what they can do to help?
Eoin Rossney Posted January 8, 2015 Posted January 8, 2015 I'm getting an issue searching & I think it might be to do with my locale (which is en_IE.UTF-8). I can login okay: /usr/local/bin/lpass login *****@***.*** && exit pinentry-curses: no LC_CTYPE known - assuming UTF-8 Success: Logged in as *****@***.***. [Process completed] However I get this when I search (sorry for size): & when I run it from command line I get: ➜ user.workflow.************* /usr/bin/env python lpvm.py search-vault "gmail" pinentry-curses: no LC_CTYPE known - assuming UTF-8 01:22:14 workflow.py:1634 DEBUG Cached data saved at : /Users/xxxxxx/Library/Caches/com.runningwithcrayons.Alfred-2/Workflow Data/org.koffel.alfred.terminal-control/vault_items.cpickle 01:22:14 workflow.py:1951 ERROR 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128) Traceback (most recent call last): File "/Users/xxxxxx/Library/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.*************/workflow/workflow.py", line 1946, in run func(self) File "lpvm.py", line 246, in main search_vault(wf, vault, args.query) File "lpvm.py", line 141, in search_vault results = _search_vault(wf, vault, query) File "lpvm.py", line 40, in _search_vault match_on=MATCH_ALL ^ MATCH_ALLCHARS File "/Users/xxxxxx/Library/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.*************/workflow/workflow.py", line 1780, in filter value = key(item).strip() File "lpvm.py", line 88, in search_item_fields return ' '.join(elements) UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128) 01:22:14 workflow.py:1969 DEBUG Workflow finished in 5.407 seconds.
bachya Posted January 10, 2015 Author Posted January 10, 2015 I'm getting an issue searching & I think it might be to do with my locale (which is en_IE.UTF-8). I can login okay: /usr/local/bin/lpass login *****@***.*** && exit pinentry-curses: no LC_CTYPE known - assuming UTF-8 Success: Logged in as *****@***.***. [Process completed] However I get this when I search (sorry for size): & when I run it from command line I get: ➜ user.workflow.************* /usr/bin/env python lpvm.py search-vault "gmail" pinentry-curses: no LC_CTYPE known - assuming UTF-8 01:22:14 workflow.py:1634 DEBUG Cached data saved at : /Users/xxxxxx/Library/Caches/com.runningwithcrayons.Alfred-2/Workflow Data/org.koffel.alfred.terminal-control/vault_items.cpickle 01:22:14 workflow.py:1951 ERROR 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128) Traceback (most recent call last): File "/Users/xxxxxx/Library/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.*************/workflow/workflow.py", line 1946, in run func(self) File "lpvm.py", line 246, in main search_vault(wf, vault, args.query) File "lpvm.py", line 141, in search_vault results = _search_vault(wf, vault, query) File "lpvm.py", line 40, in _search_vault match_on=MATCH_ALL ^ MATCH_ALLCHARS File "/Users/xxxxxx/Library/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.*************/workflow/workflow.py", line 1780, in filter value = key(item).strip() File "lpvm.py", line 88, in search_item_fields return ' '.join(elements) UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128) 01:22:14 workflow.py:1969 DEBUG Workflow finished in 5.407 seconds. Try the 4.0 pre-release and let me know if it helps? https://github.com/bachya/lp-vault-manager/releases/tag/pre-v4.0
Eoin Rossney Posted January 10, 2015 Posted January 10, 2015 (edited) Thanks for the quick update! I'm getting closer When I run lpbrowser I'm having success: however lpvs still doesn't work for some reason? The funny thing is I'm not sure that I'm able to login properly from the Alfred screen. (edit: i.e. when the text in Alfred changes to lastpass-login and I press enter, nothing happens). I think it only worked when I went to terminal and typed lpass login username@site.com Then when I went back to try lastpass-login it told me I was already logged in. I was then able to confirm I could list sites from the command line, and when I went back to alfred the lpvs display had changed from this: to this: Incidentally, should the 'lpdd' command output anything in the console? It would be helpful if maybe this posted a notification to confirm the metadata downloads. Edited January 10, 2015 by rozling
bachya Posted January 10, 2015 Author Posted January 10, 2015 (edited) The funny thing is I'm not sure that I'm able to login properly from the Alfred screen. (edit: i.e. when the text in Alfred changes to lastpass-login and I press enter, nothing happens). I think it only worked when I went to terminal and typed lpass login username@site.com What is the exact value of Alfred when it comes up after you select "Login To LastPass" (it should be something like >/usr/local/bin/lpass login username@site.com)? Does the prefix character match what you have selected in "Terminal/Shell" in Alfred Preferences. Incidentally, should the 'lpdd' command output anything in the console? It would be helpful if maybe this posted a notification to confirm the metadata downloads. Try highlighting the "Run Script" action connected to the "lpdd" keyword and running `lppd`. Assuming the download happens correctly, you most certainly should see something like this: Starting debug for 'LastPass Vault Manager' [ERROR: alfred.workflow.action.script] Code 0: 13:14:45 workflow.py:1386 DEBUG Reading settings from `/Users/abach/Library/Application Support/Alfred 2/Workflow Data/com.bachya.lpvm/settings.json` ... 13:14:45 lpdd_exec.py:22 DEBUG Exec arguments: [u'download-data'] 13:14:45 lpdd_exec.py:34 DEBUG Parsed command: download-data 13:14:45 lpdd_exec.py:35 DEBUG Parsed argument: None 13:14:45 lpdd_exec.py:36 DEBUG Parsed delimiter: > 13:14:45 lpdd_exec.py:43 DEBUG Executing command: download-data 13:14:50 utilities.py:66 DEBUG Downloaded data: [{'url': 'http://lifehacker.com/people/bachya/', 'hostname': 'Personal/Lifehacker'}, {'url': 'https://www.elevationscu.com/', 'hostname': 'Personal/Elevations Credit Union'}, {'url': 'https://www.facebook.com/', 'hostname': 'Personal/Facebook'}, {'url': 'http://www.geico.com/', 'hostname': 'Personal/Geico'}, {'url': 'https://www.linkedin.com/secure/login?trk=hb_signin', 'hostname': 'Personal/LinkedIn'}, {'url': 'http://espn.go.com/', 'hostname': 'Personal/ESPN'}, {'url': 'https://www.last.fm/login', 'hostname': 'Personal/Last.FM'}, {'url': 'https://secure.newegg.com/NewMyAccount/AccountLogin.aspx', 'hostname': 'Personal/Newegg'}, {'url': 'https://addons.mozilla.org/en-US/firefox/users/login?to=en-US%2Ffirefox%2F', 'hostname': 'Personal/Mozilla'}, {'url': 'https://www.amazon.com/gp/sign-in.html?ie=UTF8&email=&disableCorpSignUp=&path=%2Fgp%2Fyourstore&redirectProtocol=&mode=&useRedirectOnSuccess=1&query=signIn%3D1%26ref%5F%3Dpd%5Firl%5Fgw&pageAction=%2Fgp%2Fyourstore', 'hostname': 'Personal/Amazon'}, {'url': 'https://manage.slicehost.com/login', 'hostname': 'Personal/Slicehost'}, {'url': 'http://www.starwars.com/webapps/registration/sign-in.action?message=You+have+successfully+signed+off.%0A', 'hostname': 'Personal/starwars.com'}, {'url': 'http://wordpress.com', 'hostname': 'Personal/Wordpress'}, {'url': 'http://getsatisfaction.com/session/new', 'hostname': 'Personal/Get Satisfaction'}, {'url': 'https://www.shutterfly.com/signin/signin.sfly', 'hostname': 'Personal/Shutterfly'}, {'url': 'http://www.dyndns.com/', 'hostname': 'Personal/DynDNS'}, {'url': 'https://cart2.barnesandnoble.com/account/op.asp?x=01151712', 'hostname': 'Personal/Barnes & Noble'}, {'url': 'https://www.yelp.com/login?return_url=%2Fdenver', 'hostname': 'Personal/Yelp'}, {'url': 'http://www.macheist.com/loot', 'hostname': 'Personal/MacHeist'}, {'url': 'http://skitch.com/login/', 'hostname': 'Personal/Skitch'}, {'url': 'https://twitter.com/', 'hostname': 'Personal/Twitter'}, {'url': 'http://www.proactiv.com/#sign-in', 'hostname': 'Personal/Proactiv'}, {'url': 'http://musicbrainz.org', 'hostname': 'Personal/MusicBrainz'}, {'url': 'http://www.deviantart.com/users/lost-password/update', 'hostname': 'Personal/deviantART'}, {'url': 'https://reg.sun.com', 'hostname': 'Personal/Sun Microsystems'}, {'url': 'https://www.tiffany.com/Customer/Account/SignIn.aspx', 'hostname': 'Personal/Tiffany'}, {'url': 'https://github.com/login', 'hostname': 'Personal/Github'}, {'url': 'https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=startpage.aol.com&siteState=OrigUrl%3dhttp%3a%2f%2fwww.aol.com%2f&authLev=0〈=en&locale=us', 'hostname': 'Personal/AOL'}, {'url': 'https://www.redbox.com/Account/Login.aspx', 'hostname': 'Personal/Redbox'}, {'url': 'https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1<mpl=default<mplcache=2', 'hostname': 'Personal/Google (bachya1208)'}, {'url': 'http://bit.ly/', 'hostname': 'Personal/bitly'}, {'url': 'http://consumerist.com', 'hostname': 'Personal/Consumerist'}, {'url': 'http://freeimages.com', 'hostname': 'Personal/Free Images'}, {'url': 'https://secure.www.denverpost.com/registration/?rPage=login&url=http%3A%2F%2Fwww.denverpost.com%2Fpremium%2Fbroncos%2Fci_13483974&eRightsSessionExpired=true&forced=true', 'hostname': 'Personal/Denver Post'}, {'url': 'https://www.discover.com/', 'hostname': 'Personal/Discover'}, {'url': 'http://du.edu', 'hostname': 'Personal/University of Denver'}, ... [INFO: alfred.workflow.action.script] Processing output 'alfred.workflow.output.notification' with arg 'LastPass metadata successfully downloaded.' Barring that, what happens if, in Terminal, you run: ls ~/Library/Caches/com.runningwithcrayons.Alfred-2/Workflow\ Data/com.bachya.lpvm/vault_items.cpickle ? Edited January 10, 2015 by Aaron B.
Eoin Rossney Posted January 11, 2015 Posted January 11, 2015 What is the exact value of Alfred when it comes up after you select "Login To LastPass" (it should be something like >/usr/local/bin/lpass login username@site.com)? Does the prefix character match what you have selected in "Terminal/Shell" in Alfred Preferences. It just stays as 'lpsettings lastpass-login', even if I press return. On the previous version when I hit return on that it would display the terminal command (ending in '&&exit'), but as far as I remember it never actually opened the terminal. On that version my prefix character was set to '$' - I did then set it to '>' but I can't remember if it worked then or I had to enter it in Terminal manually. When I run `python lpsettings_exec.py login user@email.com` in Terminal, the Alfred window pops up with /usr/local/bin/lpass login user@email.com && exit When I hit enter that runs and I get prompted for my password and can login successfully. Try highlighting the "Run Script" action connected to the "lpdd" keyword and running `lppd`. Assuming the download happens correctly, you most certainly should see something like this: All I get, even with 'Log All Information' on is: Starting debug for 'LastPass Vault Manager' [INFO: alfred.workflow.input.keyword] Processing output 'alfred.workflow.action.script' with arg '' Barring that, what happens if, in Terminal, you run: ls ~/Library/Caches/com.runningwithcrayons.Alfred-2/Workflow\ Data/com.bachya.lpvm/vault_items.cpickle ? This outputs: /Users/xxxx/Library/Caches/com.runningwithcrayons.Alfred-2/Workflow Data/com.bachya.lpvm/vault_items.cpickle
bachya Posted January 12, 2015 Author Posted January 12, 2015 (edited) When I run `python lpsettings_exec.py login user@email.com` in Terminal, the Alfred window pops up with /usr/local/bin/lpass login user@email.com && exitWhen I hit enter that runs and I get prompted for my password and can login successfully. That's the most concerning part: if it works via Terminal, it should work via Alfred. I simply cannot reproduce it. Because of that, I'm going to see if the Alfred community can help us out: http://www.alfredforum.com/topic/5356-script-filters-via-python-seem-to-sporadically-not-work/ Incidentally, what version of Alfred are you running? Edited January 12, 2015 by Aaron B.
bachya Posted January 15, 2015 Author Posted January 15, 2015 Version 4.1 released: Implemented auto-updating. Fixed a few small path bugs. For those who are having issues with the Script Filters sometimes not working: I've implemented all the advice from this thread, but no visible change to me thus far. Check this version and see if your situation improves at all. Eoin Rossney 1
bachya Posted January 22, 2015 Author Posted January 22, 2015 (edited) Version 4.2 released: Fixed a bug where the full path to /usr/bin/python was not specified. Fixed a settings selection bug. Streamlined some verbiage within notifications. Edited January 22, 2015 by Aaron B.
Chevex Posted June 5, 2015 Posted June 5, 2015 (edited) LOVE this workflow. If any of you have special characters in your master password for lastpass, you might run into an issue where it's hard to login via the lastpass CLI tool that the workflow launches when you try to login. To get around this, don't allow the CLI tool to prompt for your password with pinentry. When you install lastpass-cli via Homebrew don't include the "--with-pinentry" flag and it won't be installed. If you already installed it, either run "brew uninstall pinentry" or temporarily disable the pinentry prompt by running "LPASS_DISABLE_PINENTRY=1 lpass login <username>". Hopefully that helps anyone having issues like I was. I was able to pretty quickly figure out the issue, but others might not. Edited June 5, 2015 by Chevex
vinster Posted June 6, 2015 Posted June 6, 2015 (edited) Looks like a fantastic workflow. For some reason when I type "lpsettings" it seems to default to global search and doesn't bring up the lpsettings list Any ideas on where I am going wrong? https://www.dropbox.com/s/oui7tf4bnd9d84y/Screen%20Shot%202015-06-06%20at%2010.31.46.png?dl=0 Edited June 6, 2015 by vinster
deanishe Posted June 18, 2015 Posted June 18, 2015 (edited) When you see Alfred's fallback results (which is what your screenshot shows), that either means the keyword is wrong or the workflow has failed/crashed. Open Alfred Preferences, select the workflow and open the debugger. Run the workflow and post what you see in the debugger. Edited June 18, 2015 by deanishe
dimitrijet Posted June 25, 2015 Posted June 25, 2015 Alright.. I think I might be going crazy.. It's almost 1 am and I've been at this for 4 hours now. And I simply cannot get this to work.. This same error keeps coming up: Error 13 Permission Denied. Please help.
deanishe Posted June 25, 2015 Posted June 25, 2015 That error usually means you don't have permission to read/write a file you're trying to access. Logging in and out almost certainly won't help. This workflow is based on Alfred-Workflow, so you can try deleting all the cached data and settings by entering lpvs workflow:reset in Alfred. This should completely reset the workflow.
magnotti Posted July 1, 2015 Posted July 1, 2015 Hi guys, I'm getting this error when trying to log into LastPass form this workflow: Funny thing is, I can't find this command: /usr/local/bin/lpass anywhere, so I can't attempt the login from the command line. I'm not tech expert, but I can find my way around terminal. Perhaps a bad install? I tried removing and adding many times. It seems others are having the same issue here: https://github.com/bachya/lp-vault-manager/issues/12 I must be missing something easy. Any fixes?
DJF3 Posted July 28, 2015 Posted July 28, 2015 This appears to be a workflow with huge potential.. The one thing that comes to mind... How safe/secure is this workflow? How safe/secure is this compared to other integrations, other tools, browsers integrated with lastpass, etc. In theory, this workflow has full access to all your passwords, right? Please, convince me to use this! DJ jeet 1
jeet Posted September 14, 2015 Posted September 14, 2015 i am not a technical person and don't know anything about capture:tiny, homebrew etc. But I have installed everything and i am on the stage of logging in pinentry /usr/local/bin/lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME i am hesitant to ask, and you can laugh or beat me to death but I have gathered strength to ask this : is there a risk of my master password or site passwords getting compromised this way? There is a lot going on in CLI and i don't know what all code my MasterPassword would go through and which host/domain these scripts might connect from background. I appreciate this fantastic workflow and don't doubt you at all. its just that i want to know the background work these scripts would do. Apologies if i offended you or anybody. Regards, Jay
deanishe Posted September 15, 2015 Posted September 15, 2015 Well first off, the workflow doesn't do anything stupid like store your passwords. Fundamentally, to use any encrypted data, it first needs to be decrypted. With any password manager, when your encrypted store is unlocked, either the master password/decryption key or the decrypted passwords are now in memory. I don't know exactly how the LastPass CLI program works, or how it differs from the browser-based applications, but your data is fundamentally at risk whenever the password store is accessible (i.e. unlocked). Personally, I'd be more inclined to trust software that isn't directly connected to the browser I'm entering the password in: it insulates your sensitive data better from bugs in the browser or extension. To maximise security, you want the password store to be automatically locked after use. The shorter the time it remains unlocked, the better. In that regard, disabling the agent timeout is not a great idea, but it's no worse than setting the browser extension to never time out. Ultimately, it's always a compromise between security and convenience. If you're happy to enter your master password every time you need a site password, then that will minimise the possibility of your passwords being pilfered from your machine by malware. On the other hand, if you leave your password store unlocked whenever the app is running, that makes it more tolerable to use a longer, stronger master password, which makes the encrypted data stored in the cloud more secure. jeet 1
jeet Posted September 15, 2015 Posted September 15, 2015 Well first off, the workflow doesn't do anything stupid like store your passwords. Fundamentally, to use any encrypted data, it first needs to be decrypted. With any password manager, when your encrypted store is unlocked, either the master password/decryption key or the decrypted passwords are now in memory. I don't know exactly how the LastPass CLI program works, or how it differs from the browser-based applications, but your data is fundamentally at risk whenever the password store is accessible (i.e. unlocked). Personally, I'd be more inclined to trust software that isn't directly connected to the browser I'm entering the password in: it insulates your sensitive data better from bugs in the browser or extension. To maximise security, you want the password store to be automatically locked after use. The shorter the time it remains unlocked, the better. In that regard, disabling the agent timeout is not a great idea, but it's no worse than setting the browser extension to never time out. Ultimately, it's always a compromise between security and convenience. If you're happy to enter your master password every time you need a site password, then that will minimise the possibility of your passwords being pilfered from your machine by malware. On the other hand, if you leave your password store unlocked whenever the app is running, that makes it more tolerable to use a longer, stronger master password, which makes the encrypted data stored in the cloud more secure. Thank you for giving insights. This helped me in understanding it little more.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now