lastpass package - github.com/ansd/lastpass-go - Go Packages (original) (raw)

Package lastpass implements a LastPass client.

View Source

const ( EndpointLogin = "/login.php" EndpointTrust = "/trust.php" EndpointLoginCheck = "/login_check.php" EndpointGetAccts = "/getaccts.php" EndpointShowWebsite = "/show_website.php" EndpointLogout = "/logout.php" )

LastPass API endpoints used by this client.

MaxLoginRetries determines the maximum number of login retries if the login fails with cause "outofbandrequired". This increases the user's time to approve the out-of-band (2nd) factor (e.g. approving a push notification sent to their mobile phone).

This section is empty.

NewContextWithLogger returns a new context with logging enabled.

NewContextWithLogger logs only for a specific method (request scope). In the following example, it emits logs for only the NewClient method.

logger := log.New(os.Stderr, "lastpass: ", log.LstdFlags)

_, _ = lastpass.NewClient( lastpass.NewContextWithLogger(context.Background(), logger), "user name", "master password")

Account represents a LastPass item. An item can be a password, payment card, bank account, etc., or a custom item type.

type AccountNotFoundError struct {

ID [string](/builtin#string)

}

AccountNotFoundError indicates that no account with AccountNotFoundError.ID exists on LastPass.

type AuthenticationError struct {

}

AuthenticationError indicates that the Client is not logged in.

Client represents a LastPass client. A Client can be logged in to a single account at a given time.

NewClient authenticates with the LastPass servers.

The following authentication schemes are supported: single-factor authentication via master password, two-factor authentication via out-of-band mechanism (e.g. LastPass Authenticator Push Notification, Duo Security Push Notification), and two-factor authentication via one-time password (e.g. one-time verification code of LastPass Authenticator, Google Authenticator, Microsoft Authenticator, YubiKey, Transakt, Duo Security, or Sesame)

If authentication fails, an *AuthenticationError is returned.

Login with two-factor authentication: 1st factor is master passord, 2nd factor is one-time password (e.g. one-time verification code of LastPass Authenticator, Google Authenticator, Microsoft Authenticator, YubiKey, Transakt, Duo Security, or Sesame).

If an invalid user name, master password, or one-time password is supplied, NewClient returns an error of type *AuthenticationError.

_, _ = lastpass.NewClient(context.Background(), "user name", "master password", lastpass.WithOneTimePassword("123456"), )

Login with two-factor authentication: 1st factor is master passord, 2nd factor is out-of-band mechanism (e.g. LastPass Authenticator Push Notification or Duo Security Push Notification).

Below code is the same as the login without two-factor authentication. Once the NewClient function got invoked, the user has around 90 seconds to accept the out-of-band mechanism (e.g. by selecting "Approve" in the LastPass Authenticator or Duo Security app.)

If the user does not accept the out-of-band mechanism within the 90 seconds, NewClient returns an error of type *AuthenticationError.

_, _ = lastpass.NewClient(context.Background(), "user name", "master password")

Login with master password (without two-factor authentication).

If an invalid user name or master password is supplied, NewClient returns an error of type *AuthenticationError.

_, _ = lastpass.NewClient(context.Background(), "user name", "master password")

Login with two-factor authentication and trust:

The WithTrust option will cause subsequent logins to not require multifactor authentication. It will create a trust label with the format ` lastpass-go` which will show up in the LastPass Web Browser Extension under Account Settings => Trusted Devices.

// On first login, the 2nd factor must be provided. _, _ = lastpass.NewClient(context.Background(), "user name", "master password", lastpass.WithOneTimePassword("123456"), lastpass.WithTrust(), ) // Thereafter, within the next 30 days, the 2nd factor can be omitted. // (If you want to disable the default limit of 30 days, in the LastPass Web Browser Extension select the checkbox // Account Settings => General => Show Advanced Settings => Don't end trust period after 30 days.) _, _ = lastpass.NewClient(context.Background(), "user name", "master password")

Accounts lists all LastPass accounts.

If Client is not logged in, an *AuthenticationError is returned.

Add adds the account to LastPass. Since LastPass generates a new account ID, account.ID is ignored. When this method returns (without an error), account.ID is set to the newly generated account ID. If Client is not logged in, an *AuthenticationError is returned. To add an account to a shared folder, account.Share must be prefixed with "Shared-".

Delete deletes the LastPass Account with the given account.ID. If account.ID does not exist in LastPass, an *AccountNotFoundError is returned. If Client is not logged in, an *AuthenticationError is returned. If Client is not logged in, an *AuthenticationError is returned.

All Account fields other than account.ID and account.Share are ignored.

FetchEncryptedAccounts fetches the user's encrypted accounts from LastPass. The returned []byte can be parsed using the ParseEncryptedAccounts method.

Logout invalidates the session cookie.

ParseEncryptedAccounts parses encrypted accounts into a []*Account. The original encrypted accounts data can be obtained from LastPass using the FetchEncryptedAccounts method.

Update updates the account with the given account.ID. If account.ID does not exist in LastPass, an *AccountNotFoundError is returned. If Client is not logged in, an *AuthenticationError is returned.

Updating an account within a shared folder is supported unless field account.Share itself is modified: To move an account to / from a shared folder, use Delete() and Add() functions instead.

type ClientOption func(c *Client)

ClientOption is the type of constructor options for NewClient(...).

WithBaseURL overwrites the Client's default base URL https://lastpass.com/. This function is used for unit testing.

WithConfigDir sets the path of this library's cofiguration directory to persist user specific configuration. If this option is not specified, the configuration directory defaults to /lastpass-go where is the path returned by method UserConfigDir, see https://golang.org/pkg/os/#UserConfigDir. The only user specific configuration currently supported by this library is a file called `trusted_id`.

func WithHTTPClient(httpClient HTTPClient) ClientOption

WithHTTPClient optionally specifies a custom HTTPClient to use.

A new instance of a http.Client is used if this option is not specified.

func WithLogger(logger Logger) ClientOption

WithLogger enables logging.

WithLogger enables logging for all methods on lastpass.Client.

logger := log.New(os.Stderr, "lastpass: ", log.LstdFlags)

_, _ = lastpass.NewClient(context.Background(), "user name", "master password", lastpass.WithLogger(logger))

func WithTrust() ClientOption

WithTrust will cause subsequent logins to not require multifactor authentication. It behaves like the `lpass login --trust` option of the LastPass CLI. If not already present, it will create a file `trusted_id` with a random trust ID in the configuration directory set by WithConfigDir. It will create a trust label with the format ` lastpass-go` which will show up in the LastPass Web Browser Extension under Account Settings => Trusted Devices.

HTTPClient abstracts a Go http.Client with the Do method.

type Logger interface { Printf(format string, v ...interface{}) }

Logger is the interface which wraps the Printf method.