corpusops / bitwardentools Goto Github PK
View Code? Open in Web Editor NEWbitwarden python api client and additional tools like for migrating from vaultier to bitwarden (bitwarden_rs)
License: Other
bitwarden python api client and additional tools like for migrating from vaultier to bitwarden (bitwarden_rs)
License: Other
Issue when login in with the client.
self.bitwarden_client = client = Client(
server="https://vault.bitwarden.com",
email=self.BITWARDEN_EMAIL,
password=self.BITWARDEN_PASSWORD
)
←[31mERROR←[0m:
Traceback (most recent call last):
File "c:\users\sarah\pycharmprojects\stella_manager\venv\lib\site-packages\starlette\routing.py", line 635, in lifespan
async with self.lifespan_context(app):
File "c:\users\sarah\pycharmprojects\stella_manager\venv\lib\site-packages\starlette\routing.py", line 530, in __aenter__
await self._router.startup()
File "c:\users\sarah\pycharmprojects\stella_manager\venv\lib\site-packages\starlette\routing.py", line 612, in startup
await handler()
File "C:\Users\sarah\PycharmProjects\stella_manager\.\main.py", line 10, in starter
await api.startup()
File "C:\Users\sarah\PycharmProjects\stella_manager\.\core\models.py", line 41, in startup
await asyncio.to_thread(self.startup_sync)
File "C:\Users\sarah\AppData\Local\Programs\Python\Python310\lib\asyncio\threads.py", line 25, in to_thread
return await loop.run_in_executor(None, func_call)
File "C:\Users\sarah\AppData\Local\Programs\Python\Python310\lib\concurrent\futures\thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "C:\Users\sarah\PycharmProjects\stella_manager\.\core\models.py", line 30, in startup_sync
self.bitwarden_client = client = Client(
File "c:\users\sarah\pycharmprojects\stella_manager\venv\lib\site-packages\bitwardentools\client.py", line 719, in __init__
self.login()
File "c:\users\sarah\pycharmprojects\stella_manager\venv\lib\site-packages\bitwardentools\client.py", line 798, in login
iterations = jdata["KdfIterations"]
KeyError: 'KdfIterations'
After investigating, the dictionary in jdata outputs the following
{'kdf': 0, 'kdfIterations': 5000}
So it seems like they changed the key capitalization.
As the title mentions, any function that calls the adminr
function always results in a 404 not found, as the request is not properly authenticated. The admin page on vaultwarden uses cookies to authenticate the admin, but the adminr
function does not do so. I wrote a quick fix for this problem:
res = requests.post(
f'{self.server}/admin',
data=f'token={admin_password}',
headers={
"content-type": "application/x-www-form-urlencoded"
},
allow_redirects=False
)
headers = {
'cookie': res.headers.get('set-cookie')
}
We then need to pass these headers into the call.
One problem with this approach is timeouts, requesting too many tokens very quickly leads to a timeout, which I think can be fixed by only updating the cookie if the request is a 404 and then retrying the request.
Recently I noticed I got some credentials in vaultwarden which were not accessible using bitwardentools.
bitwardentools been logging
passwords Cant decrypt cipher 5bc9ae26-b873-4261-8d7e-a739088b39f4, broken ? (client.py:1710)
I've tracked it down to:
bitwardentools/src/bitwardentools/crypto.py
Lines 213 to 217 in cd8748c
The credentiala are part of a collection, other credentials of the same collection work fine.
New credentials created using the bitwarden browser plugin or vaultwardenweb are unreadable by bitwardentools, fine to use in browser plugin.
Hello,
After installing bitwardentools
module on freshly installed RHEL 8 VM with Python 3.9, following error appears during bitwardentools
python module import:
$ python3
Python 3.9.2 (default, May 20 2021, 01:29:22)
[GCC 8.4.1 20200928 (Red Hat 8.4.1-1.0.1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from bitwardentools import Client;
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.9/site-packages/bitwardentools/__init__.py", line 1, in <module>
from bitwardentools.client import * # noqa
File "/usr/local/lib/python3.9/site-packages/bitwardentools/client.py", line 22, in <module>
import requests
ModuleNotFoundError: No module named 'requests'
>>>
Installation of py39-requests
RPM package resolves this issue, so I guess that requests
module is missing in bitwardentools
dependencies.
It looks like bitwardentools needs packaging
, which is not installed after a pip install bitwardentools
.
Would be nice to have an option to edit/update existing items. Here https://pypi.org/project/bitwardentools/ it does not say if edit itmes/logins is possible, but I can see in the pyton code edit_login = edit_item
. Is this supported already?
I am able to add items, logins, collections and get ciphers, but not edit or update.
I have tried to update the password of a login with JSON payload like this:
>>> payload = {
... "login": {
... "username": "root", "password": "password2"
... }
... }
>>> client.edit_login("server1", orga="organization1", collections=["collection1"], **payload)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/user/.local/lib/python3.10/site-packages/bitwardentools/client.py", line 1297, in edit_item
return self.create_item(*a, **kw)
File "/home/user/.local/lib/python3.10/site-packages/bitwardentools/client.py", line 1265, in create_item
u = f'/api/ciphers/{data["id"]}'
KeyError: 'id'
>>> client.edit_login(name="server1", orga="organization1", collection="collection1", **payload)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/user/.local/lib/python3.10/site-packages/bitwardentools/client.py", line 1297, in edit_item
return self.create_item(*a, **kw)
File "/home/user/.local/lib/python3.10/site-packages/bitwardentools/client.py", line 1265, in create_item
u = f'/api/ciphers/{data["id"]}'
KeyError: 'id'
>>>
OS: Fedora 35
Python: 3.10
Hello!
I was wondering, why do you have requirements marked as dev in requirements.txt
?
https://github.com/corpusops/bitwardentools/blob/main/requirements/requirements.txt#L10
I'm asking because I'd rather not install ipython and jedi when I install bitwardentools
in pipelines and such :)
When attempting to login to a vaultwarden instance using argon2id the program crashes with a invalid username or password.
from bitwardentools import Client
client = Client(SERVER, EMAIL, PASSWORD)
client.sync()
Traceback (most recent call last):
File "E:\Users\Garulf\Projects\Garulf\bitwarden-flow\src\plugin.py", line 11, in <module>
client = Client(SERVER, EMAIL, PASSWORD)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "E:\Users\Garulf\Projects\Garulf\bitwarden-flow\.venv\Lib\site-packages\bitwardentools\client.py", line 728, in __init__
self.login()
File "E:\Users\Garulf\Projects\Garulf\bitwarden-flow\.venv\Lib\site-packages\bitwardentools\client.py", line 829, in login
raise exc
bitwardentools.client.LoginError: Failed login for *****@****.com ()
This is the text response from the server:
{"ErrorModel":{"Message":"Username or password is incorrect. Try again","Object":"error"},"ExceptionMessage":null,"ExceptionStackTrace":null,"InnerExceptionMessage":null,"Message":"Username or password is incorrect. Try again","Object":"error","ValidationErrors":{"":["Username or password is incorrect. Try again"]},"error":"","error_description":""}
Thanks for this tool - I have used it to automate updating http:// to https:// (I will upload python script and link back to this repository), but where there is a passkey saved on the login, the resulting vault item remains useable, but not editable.
This has been tested against vaultwarden 1.30.1 (https://github.com/dani-garcia/vaultwarden/releases/tag/1.30.1) using server version 2023.12.1 browser plug in, vaultwarden web Version 2023.10.0, and Bitwarden windows client 2023.12.0 against the latest vaultwarden server version which is 2023.9.1.
I don't have a bitwarden subscription to test against, but I'm happy to set one up to test if this also occurs against bitwarden.
A visual inspection of the passkey component of the login via vscode debugging shows no obvious difference between the working and non-working versions. Partially redacted versions are included below.
The error displayed is:
An error has occurred.
Invalid time value
It is apparent that it is the passkey that has the invalid time value as the field that displays the passkey normally displays the create date of the passkey. Instead it is variously blank (vaultwarden web application) or just shows Created (browser plugin, windows app).
Grabbing the fido2Credentials from the login in the cipher before and after the update that makes the passkey creation date apparently invalid shows the following:
In each case, I've redacted credentialId, keyValue, userDisplayName, userHandle, and UserName, and single quotes with double quotes, and None is quoted, for better display on github.
All other items are as copied.
{
"counter": "0",
"creationDate": "2023-12-21T23:22:09.074Z",
"credentialId": "guid-ending-in-ef19",
"discoverable": "true",
"keyAlgorithm": "ECDSA",
"keyCurve": "P-256",
"keyType": "public-key",
"keyValue": "MIGHA-I've-checked-it's-the-same-OZNTAd7",
"response": "None",
"rpId": "amazon.com", "rpName": "Amazon",
"userDisplayName": "BJReplay",
"userHandle": "again-its-the-same",
"userName": "[email protected]"
}
{
"counter": "0",
"creationDate": "2023-12-21T23:22:09.074Z",
"credentialId": "guid-ending-in-ef19",
"discoverable": "true", "keyAlgorithm": "ECDSA",
"keyCurve": "P-256",
"keyType": "public-key",
"keyValue": "MIGHA-I've-checked-it's-the-same-OZNTAd7",
"response": "None",
"rpId": "amazon.com",
"rpName": "Amazon",
"userDisplayName": "BJReplay",
"userHandle": "again-its-the-same",
"userName": "[email protected]"
}
Saving a new passkey over the top works, and makes the item editable again.
vaultwarden docker logs don't report any errors while attempting to edit / save the corrupted items.
Hi,
I tried to use bitwardentools and found out, that when being logged in, bw always asks for the master password again.
Could someone explain me?
Best regards,
Ronny Forberger
Due to the use of the name as variable name in the signature of the create_item method
bitwardentools/src/bitwardentools/client.py
Lines 1207 to 1218 in 04ed026
updating an item name by passing name in the **jsond is not possible.
We would like to use bitwardentools with TOTP as we require all users to have 2FA with Google Authenticator, Authy or other. Would be nice to have the option to use the Authenticator Key in the client. Something like this:
client = Client('https://bitwarden.example.com', '[email protected]', 'user_password', 'authenticator_key');
Hello,
We've upgraded our Vaultwarden server from 1.30.5 to 1.31.0 and some of our python scripts that rely on bitwardentools stopped working. Further investigation showed that it cannot fetch organizations from Vaultwarden anymore.
Steps to reproduce:
Example script:
#!/usr/bin/env python3
from bitwardentools import Client
from pprint import pprint
client = Client('https://bitwarden.example.com', '[email protected]', 'password')
client.sync()
organizations = client.get_organizations()
pprint(organizations)
org = client.get_organization('test')
pprint(vars(org))
Vaultwarden 1.30.5:
$ /tmp/bitwardentools_org.py
{'externalId': OrderedDict(),
'id': {'ffbc564f-18f1-4f26-a1a2-cf021f3901cb': <bitwardentools.client.Organization object at 0x6827b8738d0>},
'name': {'test': OrderedDict([('ffbc564f-18f1-4f26-a1a2-cf021f3901cb',
<bitwardentools.client.Organization object at 0x6827b8738d0>)])},
'sync': True,
'vaultiersecretid': OrderedDict()}
{'_client': <bitwardentools.client.Client object at 0x6827b2c4f10>,
'_complete': False,
'broken_objs': OrderedDict(),
'enabled': True,
'hasPublicAndPrivateKeys': True,
'id': 'ffbc564f-18f1-4f26-a1a2-cf021f3901cb',
'identifier': None,
'json': {'enabled': True,
'hasPublicAndPrivateKeys': True,
'id': 'ffbc564f-18f1-4f26-a1a2-cf021f3901cb',
'identifier': None,
'key': '4.GKxLgtXqrvG2k1elOb74V9Jr2QGZGPE1JImeZEyFn9pwbSklaWbtIXMcddq2dhxk0sYiQV+yd610Hcy7pMmu8rr5yoUyVQ6wVqiU1a1EYCZbGFLzjYnZT1Kugd5ezjYi6UfRwF32gKs3e0Iipoi2HIXF4EbSjonGEAeVooki2Emx25PysC391M1nZr4/Y4tbaWDfoc06VyAIgTgK7lNpH7XYWNWJ4IQU4ao3qmFNtJqu17OHMhbn8e+08X45omH8KcYDsiezLc3G+T7/pfAexGOSsWEkRG05WPxB9bSDcJstAq5esu2ugFSexJ7BTibHUUKf4mEp7Qhb23b5nFerXw==',
'maxCollections': 10,
'maxStorageGb': 10,
'name': 'test',
'object': 'organization',
'providerId': None,
'providerName': None,
'resetPasswordEnrolled': False,
'seats': 10,
'selfHost': True,
'ssoBound': False,
'status': 2,
'type': 0,
'use2fa': True,
'useApi': True,
'useDirectory': False,
'useEvents': True,
'useGroups': False,
'usePolicies': True,
'useResetPassword': True,
'useSso': False,
'useTotp': True,
'userId': '2fc62d7b-9fae-4d3b-9afd-1f359e0c048b',
'usersGetPremium': True},
'key': '4.GKxLgtXqrvG2k1elOb74V9Jr2QGZGPE1JImeZEyFn9pwbSklaWbtIXMcddq2dhxk0sYiQV+yd610Hcy7pMmu8rr5yoUyVQ6wVqiU1a1EYCZbGFLzjYnZT1Kugd5ezjYi6UfRwF32gKs3e0Iipoi2HIXF4EbSjonGEAeVooki2Emx25PysC391M1nZr4/Y4tbaWDfoc06VyAIgTgK7lNpH7XYWNWJ4IQU4ao3qmFNtJqu17OHMhbn8e+08X45omH8KcYDsiezLc3G+T7/pfAexGOSsWEkRG05WPxB9bSDcJstAq5esu2ugFSexJ7BTibHUUKf4mEp7Qhb23b5nFerXw==',
'maxCollections': 10,
'maxStorageGb': 10,
'name': 'test',
'object': 'organization',
'providerId': None,
'providerName': None,
'resetPasswordEnrolled': False,
'seats': 10,
'selfHost': True,
'ssoBound': False,
'status': 2,
'type': 0,
'use2fa': True,
'useApi': True,
'useDirectory': False,
'useEvents': True,
'useGroups': False,
'usePolicies': True,
'useResetPassword': True,
'useSso': False,
'useTotp': True,
'userId': '2fc62d7b-9fae-4d3b-9afd-1f359e0c048b',
'usersGetPremium': True,
'vaultier': None,
'vaultiersecretid': None}
Vaultwarden 1.31.0:
$ /tmp/bitwardentools_org.py
{'id': {}, 'name': {}, 'sync': True}
Traceback (most recent call last):
File "/tmp/bitwardentools_org.py", line 13, in <module>
org = client.get_organization('test')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/username/.local/lib/python3.11/site-packages/bitwardentools/client.py", line 1056, in get_organization
raise exc
bitwardentools.client.OrganizationNotFound: No such organization found test
$ python3 --version
Python 3.11.9
$ pip list | grep bitwardentools
bitwardentools 1.0.57
We also tried upgrading to the latest Vaultwarden version 1.32.0, but this issue persists.
When after installing bitwardentools in an empty 3.12 venv
>>> import bitwardentools
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/tmp/demo/lib/python3.12/site-packages/bitwardentools/__init__.py", line 1, in <module>
from bitwardentools.client import * # noqa
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/demo/lib/python3.12/site-packages/bitwardentools/client.py", line 24, in <module>
from packaging import version as _version
ModuleNotFoundError: No module named 'packaging'
installing packaging from pip helped.
First of all, thx a lot for this library.
I'm trying to use it on self hosted vaultwarden instance and faced an issue.
code
cipher = client.get_cipher(item_or_id_or_name="elk", collection=col, orga=orga)
error
Traceback (most recent call last): File "main.py", line 21, in <module> cipher = client.get_cipher(item_or_id_or_name="elk", collection=col, orga=orga) File "/home/vscode/.local/lib/python3.8/site-packages/bitwardentools/client.py", line 1883, in get_cipher ret = ret[0] TypeError: 'odict_values' object is not subscriptable
Can u help me?
Hi,
I'm trying to edit the username but I have no idea what I'm doing wrong. I looked at the test_client.py code and I read a closed issue on this topic. Successfully edited the note, but I can't edit the username and password. I've been struggling with it for 2 days.
WORKING GREAT
secitem = client.search_objects({"name": 'sv_admin'}, sync=True)[0]
client.edit_item(secitem, notes="its test only")
DON'T WORK
secitem = client.search_objects({"name": 'sv_admin'}, sync=True)[0]
client.edit_login(secitem, username="svroot")
client.edit_login(secitem, password="qwe321")
Additionally, could you tell me how I can delete the collection? Removing ciphers works great, but when I want to delete the collection, the script does not show any error, but the collection is not deleted.
I tried to do it the same way as deleting the cipher.
secitem = client.search_objects({"name": 'COLLECTION2'}, sync=True)[0]
client.delete(secitem)
Thank you! :)
Hello,
I've looked into documentation and couldn't really find an answer, does bitwardentools
support authentication via API keys? Recent version of Vaultwarden has added support for them and I was wondering if it is possible to use API keys instead of password for authentication.
Thanks!
Trying to create a secret in a organization results in a error tested against a Bitwarden_RS instance
Here It's the code to reproduce the error
from bitwardentools import client as bwclient
from variables import email,password,server,organization
client = bwclient.Client(server, email, password)
client.sync()
orga = client.get_organization(organization)
cipherp = {
"object": "item",
"name": "testitp",
"organizationId": orga.id,
"notes": "supernote",
"login": {"username": "alice", "password": "rabbit"},
}
cipher = client.create(**cipherp)
Here It's the traceback
Traceback (most recent call last):
File "/home/manu/Documents/Cloudsphere/DevOps/tools/bitwarden-restapi/teste.py", line 9, in <module>
cipher = client.create(**{
File "/home/manu/.local/lib/python3.9/site-packages/bitwardentools/client.py", line 1551, in create
return BWFactory.create(self, *args, **kw)
File "/home/manu/.local/lib/python3.9/site-packages/bitwardentools/client.py", line 368, in create
return kls.patch("create", client, *args, **kw)
File "/home/manu/.local/lib/python3.9/site-packages/bitwardentools/client.py", line 363, in patch
ret = api_method(**jsond)
File "/home/manu/.local/lib/python3.9/site-packages/bitwardentools/client.py", line 976, in create_item
obj = self._upload_object(u, method=method, data=data, key=key, log=log)
File "/home/manu/.local/lib/python3.9/site-packages/bitwardentools/client.py", line 876, in _upload_object
assert resp.status_code == 200
AssertionError
First, thanks a lot for this quite excellent Bitwarden Python API implementation, it spared me insane lots of rewriting!
While implementing an automated synchronization tool between our employee directory and a (1.22.2) Vaultwarden server, I stumbled upon the requirement of the server private key to confirm users in organizations.
bitwardentools/src/bitwardentools/client.py
Line 3114 in 9f29017
bitwardentools/src/bitwardentools/client.py
Line 2088 in 9f29017
But as far as I could quick patch, I can correctly confirm users by going this way:
bwcli = Client(…)
orga = bwcli.get_organization("My Org")
# Get organization-level accesses
accesses = bwcli.get_accesses(orga)["daccess"]
for email, access in orga_accesses.items():
if access["status"] == 1: # 1: Accepted
bwcli.confirm_invitation(orga=orga, email=email, id=access["userId"])
… with confirm_invitation patched as follows:
--- a/src/bitwardentools/client.py
+++ b/src/bitwardentools/client.py
@@ -3111,12 +3111,9 @@ class Client(object):
def confirm_invitation(
self, orga, email, id=None, name=None, sync=None, token=None
):
- self.ensure_private_key()
token = self.get_token(token=token)
orga = self.get_organization(orga, token=token)
orgkey = self.get_organization_key(orga, token=token)
- user = self.get_user(email=email, name=name, id=id, sync=sync)
- email = user.email
oaccess = self.get_accesses(orga, token=token)
try:
acl = oaccess["daccess"][email]
@@ -3138,7 +3135,7 @@ class Client(object):
exc = AlreadyConfirmedError(log)
exc.orga, exc.email = orga, email
raise exc
- resp = self.r(f"/api/users/{user.id}/public-key", method="get")
+ resp = self.r(f"/api/users/{id}/public-key", method="get")
self.assert_bw_response(resp)
userorgkey = b64decode(resp.json()["PublicKey"])
In other words, it seems that confirm_invitation
relies on get_users
having access to /admin/users
to "just" get the userId; but that's now directly accessible in organization access lists.
Feel free to integrate any variation of my patch. Alternatively, I'd be happy to provide a more precise patch if you'd be interested in shipping something like that! Guidance might be needed to avoid wreaking havoc!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.