From 7a0c56878bdc3963b4cc815111bf9ee7ede7032d Mon Sep 17 00:00:00 2001 From: Gautam Aggarwal Date: Wed, 2 Apr 2025 10:47:35 +0000 Subject: [PATCH] Applied changes --- borgmatic/config/schema.yaml | 6 +++--- borgmatic/hooks/credential/keepassxc.py | 14 ++++++++++--- tests/unit/hooks/credential/test_keepassxc.py | 20 ++++++++----------- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/borgmatic/config/schema.yaml b/borgmatic/config/schema.yaml index 15c04ee3f..9c12f6c9f 100644 --- a/borgmatic/config/schema.yaml +++ b/borgmatic/config/schema.yaml @@ -2689,10 +2689,10 @@ properties: Path to a key file for unlocking the KeePassXC database. example: /path/to/keyfile yubikey: - type: boolean + type: string description: | - Whether to use a YubiKey for unlocking the KeePassXC database. - example: true + Path or identifier for the YubiKey to use for unlocking the KeePassXC database. + example: /path/to/yubikey description: | Configuration for integration with the KeePassXC password manager. default_actions: diff --git a/borgmatic/hooks/credential/keepassxc.py b/borgmatic/hooks/credential/keepassxc.py index 1a0da572b..0cb9ad12d 100644 --- a/borgmatic/hooks/credential/keepassxc.py +++ b/borgmatic/hooks/credential/keepassxc.py @@ -17,7 +17,6 @@ def load_credential(hook_config, config, credential_parameters): ''' try: database_path, attribute_name = credential_parameters[:2] - extra_args = credential_parameters[2:] # Handle additional arguments like --key-file or --yubikey except ValueError: raise ValueError( f'Invalid KeePassXC credential parameters: {credential_parameters}') @@ -25,7 +24,11 @@ def load_credential(hook_config, config, credential_parameters): if not os.path.exists(expanded_database_path): raise ValueError( f'KeePassXC database path does not exist: {database_path}') - + + # Retrieve key file and Yubikey options from config + key_file = hook_config.get('key_file') + yubikey = hook_config.get('yubikey') + # Build the keepassxc-cli command command = ( tuple(shlex.split((hook_config or {}).get('keepassxc_cli_command', 'keepassxc-cli'))) @@ -37,8 +40,13 @@ def load_credential(hook_config, config, credential_parameters): expanded_database_path, attribute_name, ) - + tuple(extra_args) # Append extra arguments ) + + if key_file: + command += ('--key-file', key_file) + + if yubikey: + command += ('--yubikey', yubikey) try: return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep) diff --git a/tests/unit/hooks/credential/test_keepassxc.py b/tests/unit/hooks/credential/test_keepassxc.py index c7c2306f1..8b21cf08a 100644 --- a/tests/unit/hooks/credential/test_keepassxc.py +++ b/tests/unit/hooks/credential/test_keepassxc.py @@ -143,9 +143,9 @@ def test_load_credential_with_key_file(): assert ( module.load_credential( - hook_config={}, + hook_config={'key_file': '/path/to/keyfile'}, config={}, - credential_parameters=('database.kdbx', 'mypassword', '--key-file', '/path/to/keyfile'), + credential_parameters=('database.kdbx', 'mypassword'), ) == 'password' ) @@ -168,6 +168,7 @@ def test_load_credential_with_yubikey(): 'database.kdbx', 'mypassword', '--yubikey', + '/path/to/yubikey', ) ).and_return( 'password' @@ -175,9 +176,9 @@ def test_load_credential_with_yubikey(): assert ( module.load_credential( - hook_config={}, + hook_config={'yubikey': '/path/to/yubikey'}, config={}, - credential_parameters=('database.kdbx', 'mypassword', '--yubikey'), + credential_parameters=('database.kdbx', 'mypassword'), ) == 'password' ) @@ -202,6 +203,7 @@ def test_load_credential_with_key_file_and_yubikey(): '--key-file', '/path/to/keyfile', '--yubikey', + '/path/to/yubikey', ) ).and_return( 'password' @@ -209,15 +211,9 @@ def test_load_credential_with_key_file_and_yubikey(): assert ( module.load_credential( - hook_config={}, + hook_config={'key_file': '/path/to/keyfile', 'yubikey': '/path/to/yubikey'}, config={}, - credential_parameters=( - 'database.kdbx', - 'mypassword', - '--key-file', - '/path/to/keyfile', - '--yubikey', - ), + credential_parameters=('database.kdbx', 'mypassword'), ) == 'password' )