#! /usr/bin/perl

use strict;
use warnings;
use Getopt::Long();
use English qw( -no_match_vars );
use Firefox::Marionette();
use Firefox::Marionette::Profile();
use Text::CSV_XS();
use File::Temp();
use FileHandle();
use POSIX();
use Encode();
use Term::ReadKey();

our $VERSION = '1.16';

MAIN: {
    my %options;
    Getopt::Long::GetOptions(
        \%options,           'help',
        'version',           'binary:s',
        'import:s',          'export:s',
        'only-host-regex:s', 'only-user:s',
        'visible',           'debug',
        'console',           'profile-name:s',
        'list-profile-names'
    );
    my %parameters = _check_options(%options);
    my @logins;
    if ( defined $options{'list-profile-names'} ) {
        foreach my $name ( Firefox::Marionette::Profile->names() ) {
            print "$name\n"
              or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n";
        }
        exit 0;
    }
    elsif ( defined $options{import} ) {
        @logins = _handle_import(%options);
    }
    elsif ( !$options{export} ) {
        $options{export} = q[];
    }
    my $firefox = Firefox::Marionette->new(%parameters);
    if ( $firefox->pwd_mgr_needs_login() ) {
        my $prompt =
'Firefox requires the primary password to unlock Password Manager from '
          . ( $parameters{profile_copied_from} || $parameters{profile_name} )
          . q[: ];
        print "$prompt" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n";
        Term::ReadKey::ReadMode(2);    # noecho
        my $password;
        my $key = q[];
        while ( $key ne "\n" ) {
            $password .= $key;
            $key = Term::ReadKey::ReadKey(0);
        }
        Term::ReadKey::ReadMode(0);    # restore
        print "\n" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n";
        eval { $firefox->pwd_mgr_login($password); } or do {
            chomp $EVAL_ERROR;
            die "$EVAL_ERROR\n";
        };
    }
    if (@logins) {
        _add_or_modify_logins( $firefox, @logins );
    }
    if ( defined $options{export} ) {
        my $export_handle;
        if ( $options{export} ) {
            open $export_handle, '>:encoding(utf8)', $options{export}
              or die "Failed to open $options{export}:$EXTENDED_OS_ERROR\n";
        }
        else {
            $options{export} = 'STDOUT';
            $export_handle = *{STDOUT};
        }
        _export_logins( $firefox, $export_handle, %options );
        if ( $options{export} ne 'STDOUT' ) {
            close $export_handle
              or die "Failed to close $options{export}:$EXTENDED_OS_ERROR\n";
        }
    }
    $firefox->quit();
}

sub _add_or_modify_logins {
    my ( $firefox, @logins ) = @_;
    my %form_auth_exists;
    my %http_auth_exists;
    foreach my $existing ( $firefox->logins() ) {
        if ( $existing->realm() ) {
            $http_auth_exists{ $existing->host() }{ $existing->realm() }
              { $existing->user() } = $existing;
        }
        else {
            $form_auth_exists{ $existing->host() }{ $existing->user() } =
              $existing;
        }
    }
    foreach my $login (@logins) {
        if ( $login->realm() ) {
            if ( my $existing =
                $http_auth_exists{ $login->host() }{ $login->realm() }
                { $login->user() } )
            {
                $firefox->delete_login($existing);
            }
        }
        else {
            if ( my $existing =
                $form_auth_exists{ $login->host() }{ $login->user() } )
            {
                $firefox->delete_login($existing);
            }
        }
        $firefox->add_login($login);
        use Data::Dumper;
        print STDERR Dumper($login);
    }
    return;
}

sub _read_stdin_into_temp_file {
    my $import_handle = File::Temp::tempfile(
        File::Spec->catfile(
            File::Spec->tmpdir(), 'firefox_password_import_stdin_XXXXXXXXXXX'
        )
    ) or die "Failed to open temporary file for writing:$EXTENDED_OS_ERROR\n";
    while ( my $line = <> ) {
        $import_handle->print($line)
          or die "Failed to write to temporary file:$EXTENDED_OS_ERROR\n";
    }
    seek $import_handle, Fcntl::SEEK_SET(), 0
      or die "Failed to seek to start of file:$EXTENDED_OS_ERROR\n";
    return $import_handle;
}

sub _handle_import {
    my (%options) = @_;
    my @logins;
    my $import_handle;
    if ( $options{import} ) {
        open $import_handle, '<:encoding(utf8)', $options{import}
          or die "Failed to open '$options{import}':$EXTENDED_OS_ERROR\n";
    }
    else {
        $options{import} = 'STDIN';
        $import_handle = _read_stdin_into_temp_file();
    }
    @logins = _read_logins( $options{import}, $import_handle );
    if ( $options{import} ne 'STDIN' ) {
        close $import_handle
          or die "Failed to close '$options{import}':$EXTENDED_OS_ERROR\n";
    }
    return @logins;
}

sub _csv_parameters {
    my ($extra) = @_;
    return {
        binary         => 1,
        empty_is_undef => 1,
        %{$extra},
    };
}

sub _get_extra_parameters {
    my ( $import_path, $import_handle ) = @_;
    my @extra_parameter_sets = (
        {},                                                    # normal
        { escape_char => q[\\], allow_loose_escapes => 1 },    # KeePass
    );
    my $extra_parameters = {};
  SET: foreach my $parameter_set (@extra_parameter_sets) {
        seek $import_handle, Fcntl::SEEK_SET(), 0
          or die "Failed to seek to start of file:$EXTENDED_OS_ERROR\n";
        my $parameters = _csv_parameters($parameter_set);
        $parameters->{auto_diag} = 2;
        my $csv = Text::CSV_XS->new($parameters);
        eval {
            foreach my $key ( $csv->header($import_handle) ) {
            }
            while ( my $row = $csv->getline($import_handle) ) {
            }
            $extra_parameters = $parameter_set;
        } or do {
            next SET;
        };
        last SET;
    }
    seek $import_handle, Fcntl::SEEK_SET(), 0
      or die "Failed to seek to start of file:$EXTENDED_OS_ERROR\n";
    return $extra_parameters;
}

sub _read_logins {
    my ( $import_path, $import_handle ) = @_;
    my $parameters =
      _csv_parameters( _get_extra_parameters( $import_path, $import_handle ) );
    $parameters->{auto_diag} = 1;
    my $csv = Text::CSV_XS->new($parameters);
    my @logins;
    my $count = 0;
    my %import_headers;
    foreach my $key ( $csv->header($import_handle) ) {
        $import_headers{$key} = $count;
        $count += 1;
    }
    my %mapping = (
        'web site'          => 'host',
        'login name'        => 'user',
        login_uri           => 'host',
        login_username      => 'user',
        login_password      => 'password',
        url                 => 'host',
        username            => 'user',
        password            => 'password',
        httprealm           => 'realm',
        formactionorigin    => 'origin',
        guid                => 'guid',
        timecreated         => 'creation_in_ms',
        timelastused        => 'last_used_in_ms',
        timepasswordchanged => 'password_changed_in_ms',
    );
    while ( my $row = $csv->getline($import_handle) ) {
        my %parameters;
        foreach my $key ( sort { $a cmp $b } keys %import_headers ) {
            if (   ( exists $row->[ $import_headers{$key} ] )
                && ( defined $mapping{$key} ) )
            {
                $parameters{ $mapping{$key} } = $row->[ $import_headers{$key} ];
            }
        }
        foreach my $key (qw(host origin)) {
            if ( defined $parameters{$key} ) {
                my $uri = URI->new( $parameters{$key} )->canonical();
                if ( !$uri->has_recognized_scheme() ) {
                    my $default_scheme = 'https://';
                    warn
"$parameters{$key} does not have a recognised scheme.  Prepending '$default_scheme'\n";
                    $uri = URI->new( $default_scheme . $parameters{$key} );
                }
                $parameters{$key} = $uri->scheme() . q[://] . $uri->host();
                if ( $uri->default_port() != $uri->port() ) {
                    $parameters{$key} .= q[:] . $uri->port();
                }
            }
        }
        if (   ( $parameters{host} )
            && ( $parameters{host} eq 'http://sn' )
            && ( $import_headers{extra} )
            && ( $import_headers{extra} =~ /^NoteType:/smx ) )
        {
            warn
"Skipping non-web login for '$parameters{user}' (probably from a LastPass export)\n";
        }
        elsif (( $parameters{host} )
            && ( $parameters{user} )
            && ( $parameters{password} ) )
        {
            push @logins, Firefox::Marionette::Login->new(%parameters);
        }
    }
    return @logins;
}

sub _export_logins {
    my ( $firefox, $export_handle, %options ) = @_;
    my $csv =
      Text::CSV_XS->new( { binary => 1, auto_diag => 1, always_quote => 1 } );
    my $headers = [
        qw(url username password httpRealm formActionOrigin guid timeCreated timeLastUsed timePasswordChanged)
    ];
    my $count = 0;
    foreach my $login ( $firefox->logins() ) {
        if (   ( $options{'only-user'} )
            && ( $login->user() ne $options{'only-user'} ) )
        {
            next;
        }
        if (   ( $options{'only-host-regex'} )
            && ( $login->host() !~ /$options{'only-host-regex'}/smx ) )
        {
            next;
        }
        if ( $count == 0 ) {
            $csv->say( $export_handle, $headers );
        }
        my $row = [
            $login->host(),
            $login->user(),
            $login->password(),
            $login->realm(),
            (
                defined $login->origin()
                ? $login->origin()
                : ( defined $login->realm() ? undef : q[] )
            ),
            $login->guid(),
            $login->creation_in_ms(),
            $login->last_used_in_ms(),
            $login->password_changed_in_ms()
        ];
        $csv->say( $export_handle, $row );
        $count += 1;
    }
    return;
}

sub _check_options {
    my (%options) = @_;
    if ( $options{help} ) {
        require Pod::Simple::Text;
        my $parser = Pod::Simple::Text->new();
        $parser->parse_from_file($PROGRAM_NAME);
        exit 0;
    }
    elsif ( $options{version} ) {
        print "$VERSION\n"
          or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n";
        exit 0;
    }
    my %parameters = ( logins => {} );
    foreach my $key (qw(visible debug console)) {
        if ( $options{$key} ) {
            $parameters{$key} = 1;
        }
    }
    if ( $options{binary} ) {
        $parameters{binary} = $options{binary};
    }
    if ( $options{'profile-name'} ) {
        $parameters{profile_name} = $options{'profile-name'};
    }
    elsif ( !defined $options{import} ) {
        my $profile_name = Firefox::Marionette::Profile->default_name();
        $parameters{profile_copied_from} = $profile_name;
        my $directory = Firefox::Marionette::Profile->directory($profile_name);
        foreach my $name (qw(key3.db key4.db logins.json)) {
            my $path = File::Spec->catfile( $directory, $name );
            if ( my $handle = FileHandle->new( $path, Fcntl::O_RDONLY() ) ) {
                push @{ $parameters{import_profile_paths} }, $path;
            }
            elsif ( $OS_ERROR == POSIX::ENOENT() ) {
            }
            else {
                warn "Skipping $path:$EXTENDED_OS_ERROR\n";
            }
        }
    }
    return %parameters;
}

__END__
=head1 NAME

firefox-passwords - import and export passwords from firefox

=head1 VERSION

Version 1.16

=head1 USAGE

  $ firefox-passwords >logins.csv                                       # export from the default profile

  $ firefox-passwords --export logins.csv                               # same thing but exporting directly to the file

  $ firefox-passwords --list-profile-names                              # print out the available profile names

  $ firefox-passwords --profile new --import logins.csv                 # imports logins from logins.csv into the new profile

  $ firefox-passwords --export | firefox --import --profile-name new    # export from the default profile into the new profile

  $ firefox-passwords --export --only-host-regex "(pause|github)"       # export logins with a host matching qr/(pause|github)/smx from the default profile

  $ firefox-passwords --export --only-user "me@example.org"             # export logins with user "me@example.org" from the default profile

=head1 DESCRIPTION

This program is intended to import and export passwords from firefox.  It uses the L<Marionette protocol|https://developer.mozilla.org/en-US/docs/Mozilla/QA/Marionette/Protocol> and the L<nsILoginManager interface|https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsILoginManager> to access the L<Password Manager|https://support.mozilla.org/en-US/kb/password-manager-remember-delete-edit-logins?redirectslug=password-manager-remember-delete-change-and-import&redirectlocale=en-US>.  This has been tested to work with Firefox 24 and above and has been designed to work with L<Firefox Sync|https://www.mozilla.org/en-US/firefox/sync/>

=head1 REQUIRED ARGUMENTS

Either --export, --import or --list-profile-names must be specified.  If none of these is specified, --export is the assumed default

=head1 OPTIONS

Option names can be abbreviated to uniqueness and can be stated with singe or double dashes, and option values can be separated from the option name by a space or '=' (as with Getopt::Long). Option names are also case-
sensitive.

=over 4

=item * --help - This page.

=item * --version - Print the current version of this binary to STDOUT.

=item * --binary - Use this firefox binary instead of the default firefox instance

=item * --export - export passwords to STDOUT or the file name specified.

=item * --import - import passwords from STDIN or the file name specified.

=item * --list-profile-name - print out the available profile names

=item * --profile-name - specify the name of the profile to work with.

=item * --visible - allow firefox to be visible while exporting or importing logins

=item * --debug - turn on debug to show binary execution and network traffic during exporting or importing logins

=item * --console - make the browser javascript console appear during exporting or importing logins

=item * --only-host-regex - restrict the export of logins to those that have a hostname matching the supplied regex.

=item * --only-user - restrict the export of logins to those that have a user exactly matching the value.

=back

=head1 AUTOMATIC AND MANUAL PROFILE SELECTION

firefox-passwords will automatically work with the default L<Profile|https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data>.  You can select other profiles with the --profile-name option

=head1 PRIMARY PASSWORDS

firefox-passwords will request the L<Primary Password|https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins> if required when importing or exporting from the L<Password Manager|https://support.mozilla.org/en-US/kb/password-manager-remember-delete-edit-logins?redirectslug=password-manager-remember-delete-change-and-import&redirectlocale=en-US>.

=head1 EXPORTING AND IMPORTING TO GOOGLE CHROME OR MICROSOFT EDGE

firefox-passwords will natively read and write login csv files for Google Chrome and Microsoft Edge.

=head1 PASSWORD IMPORT/EXPORT FORMAT

firefox-passwords will export data in CSV with the following column headers

  "url","username","password","httpRealm","formActionOrigin","guid","timeCreated","timeLastUsed","timePasswordChanged"

firefox-passwords will import data in CSV.   It will recognise different formats for importing passwords, including the export format and the others listed below.  Plrease let me know if other formats would be useful.

=head1 PASSWORD IMPORTING FROM BITWARDEN

firefox-passwords will also accept input data in L<Bitwarden csv format|https://bitwarden.com/help/article/condition-bitwarden-import/>, which includes the following column headers;

  ...,"login_uri","login_username","login_password",...

=head1 PASSWORD IMPORTING FROM LASTPASS

firefox-passwords will also accept input data in L<LastPass CSV|https://support.logmeininc.com/lastpass/help/how-do-i-nbsp-export-stored-data-from-lastpass-using-a-generic-csv-file>, which includes the following column headers;

  url,username,password,totp,extra,name,grouping,fav

The LastPass CSV export also can include an unusual "url" value of "http://sn" for server logins, database logins, etc.  All logins with a "url" value of "http://sn" AND an "extra" value matching the regular expression /^NoteType:/ will be skipped (as there is no use for these types of login records in firefox.

=head1 PASSWORD IMPORTING FROM KEEPASS

firefox-passwords will also accept input data in L<KeePass CSV|https://keepass.info/help/base/importexport.html#csv>, which includes the following column headers;

  ...,"Login Name","Password","Web Site",...

=head1 CONFIGURATION

firefox-passwords requires no configuration files or environment variables.

=head1 DEPENDENCIES

firefox-passwords requires the following non-core Perl modules

=over

=item *
L<Pod::Simple::Text|Pod::Simple::Text>

=back

=head1 DIAGNOSTICS

None.

=head1 INCOMPATIBILITIES

None known.

=head1 EXIT STATUS

This program will exit with a zero after successfully completing.

=head1 BUGS AND LIMITATIONS

To report a bug, or view the current list of bugs, please visit L<https://github.com/david-dick/firefox-marionette/issues>

=head1 AUTHOR

David Dick  C<< <ddick@cpan.org> >>

=head1 LICENSE AND COPYRIGHT

Copyright (c) 2021, David Dick C<< <ddick@cpan.org> >>. All rights reserved.

This module is free software; you can redistribute it and/or
modify it under the same terms as Perl itself. See L<perlartistic/perlartistic>.

=head1 DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL,
OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
