share-record: add --contacts-only option for allowing search for contacts with alternate domains; minor fix for secrets app share

Author: aaunario-keeper

keepercommander/api.py

@@ -30,6 +30,7 @@
 from .error import KeeperApiError
 from .params import KeeperParams, PublicKeys, LAST_RECORD_UID
 from .proto import APIRequest_pb2, record_pb2, enterprise_pb2
+from .proto.record_pb2 import GetShareObjectsRequest, GetShareObjectsResponse
 from .record import Record
 from .recordv3 import RecordV3
 from .shared_folder import SharedFolder
@@ -293,6 +294,32 @@ def get_shared_folder(params, shared_folder_uid):   # type: (KeeperParams, str)
     sf.load(cached_sf, cached_sf['revision'])
     return sf
 
+def get_share_objects(params):  # type: (KeeperParams) -> Dict[str, Dict[str, Any]]
+    if not params.share_object_cache:
+        rq = GetShareObjectsRequest()
+        rs = communicate_rest(params, rq, 'vault/get_share_objects', rs_type=GetShareObjectsResponse)
+        users_by_type = dict(
+            relationship=rs.shareRelationships,
+            family= rs.shareFamilyUsers,
+            enterprise=rs.shareEnterpriseUsers,
+            mc=rs.shareMCEnterpriseUsers,
+        )
+        get_users = lambda rs_data, cat: {su.username: dict(name=su.fullname, is_sa=su.isShareAdmin, enterprise_id=su.enterpriseId, status=su.status, category=cat) for su in rs_data}
+        users = [get_users(users, cat) for cat, users in users_by_type.items()]
+        users = list(itertools.chain.from_iterable(users))
+        enterprises = {se.enterpriseId: se.enterprisename for se in rs.shareEnterpriseNames}
+        get_teams = lambda rs_data: {utils.base64_url_encode(st.teamUid): dict(name=st.teamname, enterprise_id=st.enterpriseId) for st in rs_data}
+        teams = get_teams(rs.shareTeams)
+        teams_mc = get_teams(rs.shareMCTeams)
+
+        share_objects = dict(
+            users=users,
+            enterprises=enterprises,
+            teams=teams,
+            teams_mc=teams_mc
+        )
+        params.share_object_cache = share_objects
+    return params.share_object_cache
 
 def load_user_public_keys(params, emails, send_invites=False):  # type: (KeeperParams, List[str], bool) -> Optional[List[str]]
     s = set((x.casefold() for x in emails))

keepercommander/commands/ksm.py

@@ -332,13 +332,14 @@ def share_app(params, app_name_or_uid, email, is_admin=False, unshare=False):
             return
         app_uid = app_rec.get('record_uid', '')
         app_info = KSMCommand.get_app_info(params, app_uid)
-        share_action = unshare and 'remove' or 'grant'
+        sf_action = 'remove' if unshare else 'grant'
+        sr_action = 'revoke' if unshare else 'grant'
         sf_perm_keys = ('manage_users', 'manage_records', 'can_edit', 'can_share')
         sf_perms = {k: is_admin and not unshare and 'on' or 'off' for k in sf_perm_keys}
         rec_perms = dict(can_edit=is_admin and not unshare, can_share=is_admin and not unshare)
         users = [email]
-        share_folder_args = dict(**sf_perms, action=share_action, user=users)
-        share_rec_args = dict(**rec_perms, action=share_action, email=users)
+        share_folder_args = dict(**sf_perms, action=sf_action, user=users)
+        share_rec_args = dict(**rec_perms, action=sr_action, email=users)
 
         from keepercommander.commands.register import ShareRecordCommand
         from keepercommander.commands.register import ShareFolderCommand

keepercommander/commands/register.py

@@ -27,7 +27,7 @@
 
 from . import base
 from .base import dump_report_data, field_to_title, fields_to_titles, raise_parse_exception, suppress_exit, Command, \
-    GroupCommand, FolderMixin
+    GroupCommand, FolderMixin, user_choice
 from .helpers.record import get_record_uids
 from .helpers.timeout import parse_timeout
 from .record import RecordRemoveCommand
@@ -42,6 +42,7 @@
 from ..sox.sox_types import Record
 from ..subfolder import BaseFolderNode, SharedFolderNode, SharedFolderFolderNode, try_resolve_path, get_folder_path, \
     get_folder_uids, get_contained_record_uids
+from ..utils import is_email
 
 
 def register_commands(commands):
@@ -71,6 +72,9 @@ def register_command_info(aliases, command_info):
 
 share_record_parser = argparse.ArgumentParser(prog='share-record', description='Change the sharing permissions of an individual record')
 share_record_parser.add_argument('-e', '--email', dest='email', action='append', required=True, help='account email')
+share_record_parser.add_argument('--contacts-only', action='store_true', help="Share only to known targets; Allows routing to"
+                                                                                  " alternate domains with matching usernames if needed")
+share_record_parser.add_argument('-f', '--force', action='store_true', help='Skip confirmation prompts')
 share_record_parser.add_argument('-a', '--action', dest='action', choices=['grant', 'revoke', 'owner', 'cancel'],
                                  default='grant', action='store', help='user share action. \'grant\' if omitted')
 share_record_parser.add_argument('-s', '--share', dest='can_share', action='store_true', help='can re-share record')
@@ -651,7 +655,31 @@ def execute(self, params, **kwargs):
             raise CommandError('share-record', '\'email\' parameter is missing')
 
         dry_run = kwargs.get('dry_run') is True
+        force = kwargs.get('force') is True
         action = kwargs.get('action') or 'grant'
+        use_contacts = kwargs.get('contacts_only')
+
+        def get_contact(user, contacts):
+            get_username = lambda addr: next(iter(addr.split('@')), '')
+            matches = [c for c in contacts if get_username(user) == get_username(c)]
+            if len(matches) > 1:
+                raise CommandError('More than 1 matching usernames found. Aborting')
+            return next(iter(matches), None)
+
+        if use_contacts:
+            known_users = api.get_share_objects(params).get('users', {})
+            is_unknown = lambda e: e not in known_users and is_email(e)
+            unknowns = [e for e in emails if is_unknown(e)]
+            if unknowns:
+                username_map = {e: get_contact(e, known_users) for e in unknowns}
+                table = [[k, v] for k, v in username_map.items()]
+                logging.info(f'{len(unknowns)} unrecognized share recipient(s) and closest matching contact(s)')
+                dump_report_data(table, ['Username', 'From Contacts'])
+                confirmed = force or user_choice('\tReplace with known matching contact(s)?', 'yn', default='n') == 'y'
+                if confirmed:
+                    good_emails = [e for e in emails if e not in unknowns]
+                    replacements = [e for e in username_map.values() if e]
+                    emails = [*good_emails, *replacements]
 
         if action == 'cancel':
             answer = base.user_choice(

keepercommander/params.py

@@ -115,6 +115,7 @@ def __init__(self, config_filename='', config=None, server='keepersecurity.com')
         self.non_shared_data_cache = {}
         self.shared_folder_cache = {}
         self.team_cache = {}
+        self.share_object_cache = {}
         self.record_link_cache = {}
         self.record_rotation_cache = {}
         self.record_owner_cache = {}   # type: Dict[str, RecordOwner]
@@ -189,6 +190,7 @@ def clear_session(self):
         self.non_shared_data_cache.clear()
         self.shared_folder_cache.clear()
         self.team_cache.clear()
+        self.share_object_cache.clear()
         self.record_link_cache.clear()
         self.record_rotation_cache.clear()
         self.record_owner_cache.clear()