From 8c2714a9d6a04857142ded986c020a61e5c11f8e Mon Sep 17 00:00:00 2001
From: John Gaunt <jgaunt@johnhgaunt.com>
Date: Mon, 6 Jun 2022 20:22:22 -0400
Subject: [PATCH] updated to work with api keys

---
 bitwardenBackup.ps1 | 48 ++++++++++++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 18 deletions(-)

diff --git a/bitwardenBackup.ps1 b/bitwardenBackup.ps1
index 67020b8..41a9495 100644
--- a/bitwardenBackup.ps1
+++ b/bitwardenBackup.ps1
@@ -21,26 +21,38 @@ $sdelete = "$PSScriptRoot\lib\sdelete.exe"
 
 # begin while loop to login, if login is incorrect, ask user again
 while ($true) {
-    # ask for username, password, and auth 2fa code
-    $username = Read-Host "Please enter your bitwarden email"
-    $password = Read-Host -assecurestring "Please enter your bitwarden password"
-    $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
-    $code = Read-Host "Please enter your 2fa code (hit enter if not used)"
-    # logic for no code, code
-    if ($code -eq "") {
-        $sessionKey = $(& $bw login $username $password --raw --nointeraction)
-    } else {
-        $sessionKey = $(& $bw login $username $password --method 0 --code $code --raw --nointeraction)
-    }
-    # get the bw status to see if the login was successfull and inform user
+    # ask for api client id/secret and password
+    $clientID = Read-Host "Please enter your Bitwarden API client_id"
+    $env:BW_CLIENTID = "$clientID"
+    $clientSecret = Read-Host -assecurestring "Please enter your bitwarden API client_secret"
+    $clientSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($clientSecret))
+    $env:BW_CLIENTSECRET = "$clientSecret"
+    # test login
+    & $bw login --apikey --raw
     $bwStatus = $(ConvertFrom-Json $(& $bw status))
-    if ($bwStatus.Status -ne "locked") {
-        # just writing a new line
-        Write-Host " "
-        Write-Warning "Unable to login, please try agian."
-    } else {
+    if ($bwStatus."Status" -eq "locked") {
+        # Authentication was successful 
+        # start new loop for password unlock
+        while ($true) {
+            $password = Read-Host -assecurestring "Please enter your Bitwarden password"
+            $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
+            $sessionKey = $(& $bw unlock $password --raw --nointeraction)
+            # get the bw status to see if the login was successfull and inform user
+            $bwStatus = $(ConvertFrom-Json $(& $bw status --session $sessionKey))
+            if ($bwStatus."Status" -eq "unlocked") {
+                $username = $bwStatus."userEmail"
+                break
+            } else {
+                # just writing a new line
+                Write-Host " "
+                Write-Warning "Unable to unlock your vault, please try agian."
+            }
+        }
         break
-    }
+    } else {
+        Write-Host " "
+        Write-Warning "Unable to authenticate, please try agian."
+    }  
 }
 
 # Export the vault to both CSV and JSON files, this allows best compatibility to import again or switch managers.