Add support for authentification and history

[Fumesover]

No description provided.

[pirate]

Awesome work, thanks for contributing these features!

You should be able to accept most of the suggestions from the Github UI without having to commit manually, but make sure to double check that it works as expected after making the suggested changes.

[Fumesover]

I corrected the spelling issues, but I'm not sure that leaving cookie in a static file by default is a good idea @pirate

[fbartels]

@Fumesover then maybe use mktemp to avoid conflicts on multi user systems?

[Fumesover]

@fbartels and how do we save the path ?
However, using the username can be the solution (ex: /tmp/codimd-cookies-$USER.txt)

[fbartels]

yes, you would still need to have a config file in ~ which would have the path to the cookie. not really elegant indeed.

btw. I did a checkout of your repo and for me the login fails. I setup a user with a less complex password, but even here it fails. the file ~/.codimd-key.conf is not created by running codimd-cli

13:50 $ env CODIMD_SERVER='https://codimd.9wd.eu' bash -x bin/codimd login test test1234
++ basename bin/codimd
+ codi_cli=codimd
+ help_str='
Options:
    $ codimd import /path/to/your/content.md
    qhmNmwmxSmK1H2oJmkKBQQ       # returns note id on success

    $ codimd publish qhmNmwmxSmK1H2oJmkKBQQ
    /s/S1ok9no3f                 # returns published note url

    $ codimd export --pdf qhmNmwmxSmK1H2oJmkKBQQ output.pdf
    $ codimd export --md qhmNmwmxSmK1H2oJmkKBQQ output.md
    $ codimd export --html qhmNmwmxSmK1H2oJmkKBQQ output.html
    $ codimd export --slides qhmNmwmxSmK1H2oJmkKBQQ output.zip

    $ codimd login email@example.net p4sW0rD
    $ codimd profile
    You are logged in as email with id x[...]x.
    $ codimd history
    ID                      Name
    0nAp3YRyTlyQ-N3N7lCk-w  Note_1
    qhmNmwmxSmK1H2oJmkKBQQ  Note_2
    $ codimd delete 0nAp3YRyTlyQ-N3N7lCk-w
    $ codimd logout

Example:
    $ env CODIMD_SERVER='\''https://codimd.example.com'\'' codimd import /path/to/your/content.md
'
+ CODIMD_SERVER=https://codimd.9wd.eu
+ CODIMD_COOKIES_FILE='~/.codimd-key.conf'
+ [[ login == \i\m\p\o\r\t ]]
+ [[ login == \p\u\b\l\i\s\h ]]
+ [[ login == \e\x\p\o\r\t ]]
+ [[ login == \l\o\g\i\n ]]
+ authenticate test test1234
+ [[ -z test ]]
+ [[ -z test1234 ]]
+ curl -c '~/.codimd-key.conf' -XPOST -d 'email=test&password=test1234' https://codimd.9wd.eu/login
++ is_authenticated
+++ curl -b '~/.codimd-key.conf' https://codimd.9wd.eu/me
++ STATUS='{"status":"forbidden"}'
+++ echo '{"status":"forbidden"}'
+++ jq -r .status
++ '[' forbidden == ok ']'
++ echo 1
+ [[ -n 1 ]]
+ echo 'Logged in https://codimd.9wd.eu as test successfully.'
Logged in https://codimd.9wd.eu as test successfully.

[Fumesover]

@fbartels using $HOME instead of ~ seems to correct it

[fbartels]

now that file is actually filled, but login still fails:

14:21 $ env CODIMD_SERVER='https://codimd.9wd.eu' bash -x bin/codimd login test test1234
++ basename bin/codimd
+ codi_cli=codimd
+ help_str='
Options:
    $ codimd import /path/to/your/content.md
    qhmNmwmxSmK1H2oJmkKBQQ       # returns note id on success

    $ codimd publish qhmNmwmxSmK1H2oJmkKBQQ
    /s/S1ok9no3f                 # returns published note url

    $ codimd export --pdf qhmNmwmxSmK1H2oJmkKBQQ output.pdf
    $ codimd export --md qhmNmwmxSmK1H2oJmkKBQQ output.md
    $ codimd export --html qhmNmwmxSmK1H2oJmkKBQQ output.html
    $ codimd export --slides qhmNmwmxSmK1H2oJmkKBQQ output.zip

    $ codimd login email@example.net p4sW0rD
    $ codimd profile
    You are logged in as email with id x[...]x.
    $ codimd history
    ID                      Name
    0nAp3YRyTlyQ-N3N7lCk-w  Note_1
    qhmNmwmxSmK1H2oJmkKBQQ  Note_2
    $ codimd delete 0nAp3YRyTlyQ-N3N7lCk-w
    $ codimd logout

Example:
    $ env CODIMD_SERVER='\''https://codimd.example.com'\'' codimd import /path/to/your/content.md
'
+ CODIMD_SERVER=https://codimd.9wd.eu
+ CODIMD_COOKIES_FILE=/home/fbartels/.codimd-key.conf
+ [[ login == \i\m\p\o\r\t ]]
+ [[ login == \p\u\b\l\i\s\h ]]
+ [[ login == \e\x\p\o\r\t ]]
+ [[ login == \l\o\g\i\n ]]
+ authenticate test test1234
+ [[ -z test ]]
+ [[ -z test1234 ]]
+ curl -c /home/fbartels/.codimd-key.conf -XPOST -d 'email=test&password=test1234' https://codimd.9wd.eu/login
++ is_authenticated
+++ curl -b /home/fbartels/.codimd-key.conf https://codimd.9wd.eu/me
++ STATUS='{"status":"forbidden"}'
+++ echo '{"status":"forbidden"}'
+++ jq -r .status
++ '[' forbidden == ok ']'
++ echo 1
+ [[ -n 1 ]]
+ echo 'Logged in https://codimd.9wd.eu as test successfully.'
Logged in https://codimd.9wd.eu as test successfully.

[Fumesover]

Oh ! It's because you are using ldap @fbartels, my code only works for email login actually
But replacing email by username in line 79 and /login by /auth/ldap in line 80 make the trick
Maybe it will be possible to add something like --ldap option for this kind of login

[fbartels]

Yes, it is indeed an ldap backend. I did not expect that this will lead to different auth endpoints.

Maybe there could be an automatic fallback?

[Fumesover]

This is a 3rd party integration, I don't think integrating it as an automatic fallback is relevant

[pirate]

I agree that leaving a cookie in a local file is less ideal than somewhere like a keychain, but I also don't think it's the end of the world, as it's a pattern used by other tools for sensitive keys.

E.g. It's common to store AWS keys in ~/.aws/credentials and SSH private keys in ~/.ssh/id_rsa.key, and those are arguably much more critical from a security standpoint than a codimd cookie.

As long as the permissions limit the cookie file to only the current user (I think we should add that to the bash script), I'm ok with it.

[fbartels]

yes, looking at the code again, a better option would be to have a dedicated "ldap" parameter and a dedicated auth function for it.

since all the other stuff is just checking with the stored cookie if the session is still valid you could have multiple auth functions

Fumesover#1

[Fumesover]

Now there is support for email & ldap and it will be easy to add other protocols

Sorry @fbartels, I hadn't seen your PR, and I think making it modular as I did would be easier to maintain

[ccoenen]

Having a text file somewhere in your filesystem is also exactly what browsers were doing for years. Today Firefox and Chrome store this in an SQLite database - still in your profile folder. No difference at all with regard to security. (Firefox: Profile directory cookies.sqlite / Chrome: User Data/Default/cookies (no extension) if you want to take a look)

[Fumesover]

Okay so actually the default is ~/.codimd-key.conf
@pirate is that okay for merge ?

[ccoenen]

I would like to propose something like the XDG Base Directory Spec, in this case ~/.config/codimd-cli/key.conf ($XDG_CONFIG_HOME (many unixoids) or %APPDATA% (Win)).

Base reason is, that I don't particularly like all that clutter in my home directory.

[pirate]

Yeah, I'd be fine with either of ~/.config/codimd-cli/api-key.conf, ~/.config/codimd-cli/key.conf, or ~/.codimd-key.conf as the default.

[Fumesover]

So, now the default is ~/.config/codimd-cli/key.conf