aerogramme/src/main.rs

#![feature(async_fn_in_trait)]

mod timestamp;
mod bayou;
mod config;
mod cryptoblob;
mod imap;
mod k2v_util;
mod lmtp;
mod login;
mod mail;
mod server;
mod storage;

use std::path::PathBuf;

use anyhow::{bail, Result, Context};
use clap::{Parser, Subcommand};

use config::*;
use server::Server;
use login::{static_provider::*, *};

#[derive(Parser, Debug)]
#[clap(author, version, about, long_about = None)]
struct Args {
    #[clap(subcommand)]
    command: Command,

    #[clap(short, long, env = "CONFIG_FILE", default_value = "aerogramme.toml")]
    config_file: PathBuf,
}

#[derive(Subcommand, Debug)]
enum Command {
    #[clap(subcommand)]
    /// A daemon to be run by the end user, on a personal device
    Companion(CompanionCommand),

    #[clap(subcommand)]
    /// A daemon to be run by the service provider, on a server
    Provider(ProviderCommand),

    #[clap(subcommand)]
    /// Specific tooling, should not be part of a normal workflow, for debug & experimenting only
    Tools(ToolsCommand),
    //Test,
}

#[derive(Subcommand, Debug)]
enum ToolsCommand {
    /// Manage crypto roots
    #[clap(subcommand)]
    CryptoRoot(CryptoRootCommand),
}

#[derive(Subcommand, Debug)]
enum CryptoRootCommand {
    /// Generate a new crypto-root protected with a password
    New {
        #[clap(env = "AEROGRAMME_PASSWORD")]
        maybe_password: Option<String>,
    },
    /// Generate a new clear text crypto-root, store it securely!
    NewClearText,
    /// Change the password of a crypto key
    ChangePassword {
        #[clap(env = "AEROGRAMME_OLD_PASSWORD")]
        maybe_old_password: Option<String>,

        #[clap(env = "AEROGRAMME_NEW_PASSWORD")]
        maybe_new_password: Option<String>,

        #[clap(short, long, env = "AEROGRAMME_CRYPTO_ROOT")]
        crypto_root: String,
    },
    /// From a given crypto-key, derive one containing only the public key
    DeriveIncoming {
        #[clap(short, long, env = "AEROGRAMME_CRYPTO_ROOT")]
        crypto_root: String,
    },
}

#[derive(Subcommand, Debug)]
enum CompanionCommand {
    /// Runs the IMAP proxy
    Daemon,
    Reload {
        #[clap(short, long, env = "AEROGRAMME_PID")]
        pid: Option<u64>,
    },
    Wizard,
    #[clap(subcommand)]
    Account(AccountManagement),
}

#[derive(Subcommand, Debug)]
enum ProviderCommand {
    /// Runs the IMAP+LMTP server daemon
    Daemon,
    /// Reload the daemon
    Reload,
    /// Manage static accounts
    #[clap(subcommand)]
    Account(AccountManagement),
}

#[derive(Subcommand, Debug)]
enum AccountManagement {
    /// Add an account
    Add {
        #[clap(short, long)]
        login: String,
        #[clap(short, long)]
        setup: PathBuf,
    },
    /// Delete an account
    Delete {
        #[clap(short, long)]
        login: String,
    },
    /// Change password for a given account
    ChangePassword {
        #[clap(env = "AEROGRAMME_OLD_PASSWORD")]
        maybe_old_password: Option<String>,

        #[clap(env = "AEROGRAMME_NEW_PASSWORD")]
        maybe_new_password: Option<String>,

        #[clap(short, long)]
        login: String
    },
}

#[tokio::main]
async fn main() -> Result<()> {
    if std::env::var("RUST_LOG").is_err() {
        std::env::set_var("RUST_LOG", "main=info,aerogramme=info,k2v_client=info")
    }

    // Abort on panic (same behavior as in Go)
    std::panic::set_hook(Box::new(|panic_info| {
        eprintln!("{}", panic_info);
        eprintln!("{:?}", backtrace::Backtrace::new());
        std::process::abort();
    }));

    tracing_subscriber::fmt::init();

    let args = Args::parse();
    let any_config = read_config(args.config_file)?;

    match (&args.command, any_config) {
        (Command::Companion(subcommand), AnyConfig::Companion(config)) => match subcommand {
            CompanionCommand::Daemon => {
                let server = Server::from_companion_config(config).await?;
                server.run().await?;
            },
            CompanionCommand::Reload { pid: _pid } => {
                unimplemented!();
            },
            CompanionCommand::Wizard => {
                unimplemented!();
            },
            CompanionCommand::Account(cmd) => {
                let user_file = config.users.user_list;
                account_management(&args.command, cmd, user_file)?;
            }
        },
        (Command::Provider(subcommand), AnyConfig::Provider(config)) => match subcommand {
            ProviderCommand::Daemon => {
                let server = Server::from_provider_config(config).await?;
                server.run().await?;
            },
            ProviderCommand::Reload => {
                unimplemented!();
            },
            ProviderCommand::Account(cmd) => {
                let user_file = match config.users {
                    UserManagement::Static(conf) => conf.user_list,
                    UserManagement::Ldap(_) => panic!("LDAP account management is not supported from Aerogramme.")
                };
                account_management(&args.command, cmd, user_file)?;
            }
        },
        (Command::Provider(_), AnyConfig::Companion(_)) => {
            bail!("Your want to run a 'Provider' command but your configuration file has role 'Companion'.");
        },
        (Command::Companion(_), AnyConfig::Provider(_)) => {
            bail!("Your want to run a 'Companion' command but your configuration file has role 'Provider'.");
        },
        (Command::Tools(subcommand), _) => match subcommand {
            ToolsCommand::CryptoRoot(crcommand) => {
                match crcommand {
                    CryptoRootCommand::New { maybe_password } => {
                        let password = match maybe_password {
                            Some(pwd) => pwd.clone(),
                            None => {
                                let password = rpassword::prompt_password("Enter password: ")?;
                                let password_confirm = rpassword::prompt_password("Confirm password: ")?;
                                if password != password_confirm {
                                    bail!("Passwords don't match.");
                                }
                                password
                            }
                        };
                        let crypto_keys = CryptoKeys::init();
                        let cr =  CryptoRoot::create_pass(&password, &crypto_keys)?;
                        println!("{}", cr.0);
                    },
                    CryptoRootCommand::NewClearText => {
                        let crypto_keys = CryptoKeys::init();
                        let cr = CryptoRoot::create_cleartext(&crypto_keys);
                        println!("{}", cr.0);
                    },
                    CryptoRootCommand::ChangePassword { maybe_old_password, maybe_new_password, crypto_root } => {
                        let old_password = match maybe_old_password {
                            Some(pwd) => pwd.to_string(),
                            None => rpassword::prompt_password("Enter old password: ")?,
                        };

                        let new_password = match maybe_new_password {
                            Some(pwd) => pwd.to_string(),
                            None => {
                                let password = rpassword::prompt_password("Enter new password: ")?;
                                let password_confirm = rpassword::prompt_password("Confirm new password: ")?;
                                if password != password_confirm {
                                    bail!("Passwords don't match.");
                                }
                                password
                            }
                        };

                        let keys = CryptoRoot(crypto_root.to_string()).crypto_keys(&old_password)?;
                        let cr = CryptoRoot::create_pass(&new_password, &keys)?;
                        println!("{}", cr.0);
                    },
                    CryptoRootCommand::DeriveIncoming { crypto_root } => {
                        let pubkey = CryptoRoot(crypto_root.to_string()).public_key()?;
                        let cr = CryptoRoot::create_incoming(&pubkey);
                        println!("{}", cr.0);
                    },
                }
            },
        }
    }

    Ok(())
}

fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -> Result<()> {
    let mut ulist: UserList = read_config(users.clone()).context(format!("'{:?}' must be a user database", users))?;

    match cmd {
        AccountManagement::Add { login, setup } => {
            tracing::debug!(user=login, "will-create");
            let stp: SetupEntry = read_config(setup.clone()).context(format!("'{:?}' must be a setup file", setup))?;
            tracing::debug!(user=login, "loaded setup entry");

            let password = match stp.clear_password {
                Some(pwd) => pwd,
                None => {
                    let password = rpassword::prompt_password("Enter password: ")?;
                    let password_confirm = rpassword::prompt_password("Confirm password: ")?;
                    if password != password_confirm {
                        bail!("Passwords don't match.");
                    }
                    password
                }
            };

            let crypto_keys = CryptoKeys::init();
            let crypto_root = match root {
                Command::Provider(_) => CryptoRoot::create_pass(&password, &crypto_keys)?,
                Command::Companion(_) => CryptoRoot::create_cleartext(&crypto_keys),
                _ => unreachable!(),
            };

            let hash = hash_password(password.as_str()).context("unable to hash password")?;

            ulist.insert(login.clone(), UserEntry {
                email_addresses: stp.email_addresses,
                password: hash,
                crypto_root: crypto_root.0,
                storage: stp.storage,
            });

            write_config(users.clone(), &ulist)?;
        },
        AccountManagement::Delete { login } => {
            tracing::debug!(user=login, "will-delete");
            ulist.remove(login);
            write_config(users.clone(), &ulist)?;
        },
        AccountManagement::ChangePassword { maybe_old_password, maybe_new_password, login } => {
            let mut user = ulist.remove(login).context("user must exist first")?;

            let old_password = match maybe_old_password {
                Some(pwd) => pwd.to_string(),
                None => rpassword::prompt_password("Enter old password: ")?,
            };

            if !verify_password(&old_password, &user.password)? {
                bail!(format!("invalid password for login {}", login));
            }

            let crypto_keys = CryptoRoot(user.crypto_root).crypto_keys(&old_password)?;

            let new_password = match maybe_new_password {
                Some(pwd) => pwd.to_string(),
                None => {
                    let password = rpassword::prompt_password("Enter new password: ")?;
                    let password_confirm = rpassword::prompt_password("Confirm new password: ")?;
                    if password != password_confirm {
                        bail!("Passwords don't match.");
                    }
                    password
                }
            };  
            let new_hash = hash_password(&new_password)?;
            let new_crypto_root = CryptoRoot::create_pass(&new_password, &crypto_keys)?;
            
            user.password = new_hash;
            user.crypto_root = new_crypto_root.0;

            ulist.insert(login.clone(), user);
            write_config(users.clone(), &ulist)?;
        },
    };

    Ok(())
}
a first naive version of the storage interface 2023-11-01 08:20:36 +00:00			`#![feature(async_fn_in_trait)]`

WIP refactor storage (new timestamp.rs file) 2023-11-15 14:56:43 +00:00			`mod timestamp;`
Skeleton for some stuff 2022-05-18 10:24:37 +00:00			`mod bayou;`
More construction of things 2022-05-19 10:10:48 +00:00			`mod config;`
Skeleton for some stuff 2022-05-18 10:24:37 +00:00			`mod cryptoblob;`
WIP Refactor, code is broken 2022-06-17 16:39:36 +00:00			`mod imap;`
Begin add watch mechanism to Bayou 2022-07-13 10:30:35 +00:00			`mod k2v_util;`
Implementn basic LMTP server 2022-05-31 15:07:34 +00:00			`mod lmtp;`
More construction of things 2022-05-19 10:10:48 +00:00			`mod login;`
Refactor files in a "mail" crate 2022-06-27 14:56:20 +00:00			`mod mail;`
CLI skeleton 2022-05-19 13:14:36 +00:00			`mod server;`
WIP traits for the storage 2023-10-30 17:07:40 +00:00			`mod storage;`
Skeleton for some stuff 2022-05-18 10:24:37 +00:00
CLI skeleton 2022-05-19 13:14:36 +00:00			`use std::path::PathBuf;`
sync() and push() seems to be working, todo checkpoint() 2022-05-18 12:54:48 +00:00
implement account create 2023-12-08 18:06:12 +00:00			`use anyhow::{bail, Result, Context};`
CLI skeleton 2022-05-19 13:14:36 +00:00			`use clap::{Parser, Subcommand};`

More construction of things 2022-05-19 10:10:48 +00:00			`use config::*;`
Some refactoring 2022-05-19 12:33:49 +00:00			`use server::Server;`
implement account create 2023-12-08 18:06:12 +00:00			`use login::{static_provider::, };`
Skeleton for some stuff 2022-05-18 10:24:37 +00:00
CLI skeleton 2022-05-19 13:14:36 +00:00			`#[derive(Parser, Debug)]`
			`#[clap(author, version, about, long_about = None)]`
			`struct Args {`
			`#[clap(subcommand)]`
			`command: Command,`
WIP refactor 2023-12-06 19:57:25 +00:00
			`#[clap(short, long, env = "CONFIG_FILE", default_value = "aerogramme.toml")]`
			`config_file: PathBuf,`
CLI skeleton 2022-05-19 13:14:36 +00:00			`}`

			`#[derive(Subcommand, Debug)]`
			`enum Command {`
WIP refactor 2023-12-06 19:57:25 +00:00			`#[clap(subcommand)]`
CLI tools 2023-12-13 17:04:04 +00:00			`/// A daemon to be run by the end user, on a personal device`
WIP refactor 2023-12-06 19:57:25 +00:00			`Companion(CompanionCommand),`

			`#[clap(subcommand)]`
CLI tools 2023-12-13 17:04:04 +00:00			`/// A daemon to be run by the service provider, on a server`
WIP refactor 2023-12-06 19:57:25 +00:00			`Provider(ProviderCommand),`
CLI tools 2023-12-13 17:04:04 +00:00
			`#[clap(subcommand)]`
			`/// Specific tooling, should not be part of a normal workflow, for debug & experimenting only`
			`Tools(ToolsCommand),`
WIP refactor 2023-12-06 19:57:25 +00:00			`//Test,`
			`}`

CLI tools 2023-12-13 17:04:04 +00:00			`#[derive(Subcommand, Debug)]`
			`enum ToolsCommand {`
			`/// Manage crypto roots`
			`#[clap(subcommand)]`
			`CryptoRoot(CryptoRootCommand),`
			`}`

			`#[derive(Subcommand, Debug)]`
			`enum CryptoRootCommand {`
			`/// Generate a new crypto-root protected with a password`
			`New {`
			`#[clap(env = "AEROGRAMME_PASSWORD")]`
			`maybe_password: Option<String>,`
			`},`
			`/// Generate a new clear text crypto-root, store it securely!`
			`NewClearText,`
			`/// Change the password of a crypto key`
			`ChangePassword {`
			`#[clap(env = "AEROGRAMME_OLD_PASSWORD")]`
			`maybe_old_password: Option<String>,`

			`#[clap(env = "AEROGRAMME_NEW_PASSWORD")]`
			`maybe_new_password: Option<String>,`

			`#[clap(short, long, env = "AEROGRAMME_CRYPTO_ROOT")]`
			`crypto_root: String,`
			`},`
			`/// From a given crypto-key, derive one containing only the public key`
			`DeriveIncoming {`
			`#[clap(short, long, env = "AEROGRAMME_CRYPTO_ROOT")]`
			`crypto_root: String,`
			`},`
			`}`

WIP refactor 2023-12-06 19:57:25 +00:00			`#[derive(Subcommand, Debug)]`
			`enum CompanionCommand {`
			`/// Runs the IMAP proxy`
			`Daemon,`
			`Reload {`
			`#[clap(short, long, env = "AEROGRAMME_PID")]`
			`pid: Option<u64>,`
reworked configuration file 2023-11-24 10:44:42 +00:00			`},`
WIP refactor 2023-12-06 19:57:25 +00:00			`Wizard,`
			`#[clap(subcommand)]`
			`Account(AccountManagement),`
CLI skeleton 2022-05-19 13:14:36 +00:00			`}`

WIP refactor 2023-12-06 19:57:25 +00:00			`#[derive(Subcommand, Debug)]`
			`enum ProviderCommand {`
			`/// Runs the IMAP+LMTP server daemon`
			`Daemon,`
implement account create 2023-12-08 18:06:12 +00:00			`/// Reload the daemon`
WIP refactor 2023-12-06 19:57:25 +00:00			`Reload,`
implement account create 2023-12-08 18:06:12 +00:00			`/// Manage static accounts`
WIP refactor 2023-12-06 19:57:25 +00:00			`#[clap(subcommand)]`
			`Account(AccountManagement),`
			`}`

			`#[derive(Subcommand, Debug)]`
			`enum AccountManagement {`
implement account create 2023-12-08 18:06:12 +00:00			`/// Add an account`
WIP refactor 2023-12-06 19:57:25 +00:00			`Add {`
			`#[clap(short, long)]`
			`login: String,`
			`#[clap(short, long)]`
			`setup: PathBuf,`
			`},`
implement account create 2023-12-08 18:06:12 +00:00			`/// Delete an account`
WIP refactor 2023-12-06 19:57:25 +00:00			`Delete {`
			`#[clap(short, long)]`
			`login: String,`
			`},`
implement account create 2023-12-08 18:06:12 +00:00			`/// Change password for a given account`
WIP refactor 2023-12-06 19:57:25 +00:00			`ChangePassword {`
CLI tools 2023-12-13 17:04:04 +00:00			`#[clap(env = "AEROGRAMME_OLD_PASSWORD")]`
			`maybe_old_password: Option<String>,`

			`#[clap(env = "AEROGRAMME_NEW_PASSWORD")]`
			`maybe_new_password: Option<String>,`

WIP refactor 2023-12-06 19:57:25 +00:00			`#[clap(short, long)]`
			`login: String`
			`},`
Add user secret in mix to encrypt keys with password 2022-05-23 15:31:53 +00:00			`}`

Skeleton for some stuff 2022-05-18 10:24:37 +00:00			`#[tokio::main]`
CLI skeleton 2022-05-19 13:14:36 +00:00			`async fn main() -> Result<()> {`
Fix things 2022-05-20 11:36:45 +00:00			`if std::env::var("RUST_LOG").is_err() {`
Rename mailrage to aerogramme in missing places 2022-06-30 08:50:03 +00:00			`std::env::set_var("RUST_LOG", "main=info,aerogramme=info,k2v_client=info")`
Fix things 2022-05-20 11:36:45 +00:00			`}`
Working server 2022-06-02 15:59:29 +00:00
Fetch ENVELOPE works \o/ 2022-06-29 18:00:38 +00:00			`// Abort on panic (same behavior as in Go)`
			`std::panic::set_hook(Box::new(\|panic_info\| {`
clippy lint fix 2023-05-15 16:23:23 +00:00			`eprintln!("{}", panic_info);`
Some more FETCH things work 2022-07-15 14:15:48 +00:00			`eprintln!("{:?}", backtrace::Backtrace::new());`
Fetch ENVELOPE works \o/ 2022-06-29 18:00:38 +00:00			`std::process::abort();`
			`}));`

Working server 2022-06-02 15:59:29 +00:00			`tracing_subscriber::fmt::init();`
Fix things 2022-05-20 11:36:45 +00:00
CLI skeleton 2022-05-19 13:14:36 +00:00			`let args = Args::parse();`
WIP refactor 2023-12-06 19:57:25 +00:00			`let any_config = read_config(args.config_file)?;`
CLI skeleton 2022-05-19 13:14:36 +00:00
implement account create 2023-12-08 18:06:12 +00:00			`match (&args.command, any_config) {`
WIP refactor 2023-12-06 19:57:25 +00:00			`(Command::Companion(subcommand), AnyConfig::Companion(config)) => match subcommand {`
			`CompanionCommand::Daemon => {`
			`let server = Server::from_companion_config(config).await?;`
			`server.run().await?;`
			`},`
CLI tools 2023-12-13 17:04:04 +00:00			`CompanionCommand::Reload { pid: _pid } => {`
WIP refactor 2023-12-06 19:57:25 +00:00			`unimplemented!();`
			`},`
			`CompanionCommand::Wizard => {`
			`unimplemented!();`
			`},`
			`CompanionCommand::Account(cmd) => {`
			`let user_file = config.users.user_list;`
implement account create 2023-12-08 18:06:12 +00:00			`account_management(&args.command, cmd, user_file)?;`
WIP refactor 2023-12-06 19:57:25 +00:00			`}`
			`},`
			`(Command::Provider(subcommand), AnyConfig::Provider(config)) => match subcommand {`
			`ProviderCommand::Daemon => {`
			`let server = Server::from_provider_config(config).await?;`
			`server.run().await?;`
			`},`
			`ProviderCommand::Reload => {`
			`unimplemented!();`
			`},`
			`ProviderCommand::Account(cmd) => {`
			`let user_file = match config.users {`
			`UserManagement::Static(conf) => conf.user_list,`
			`UserManagement::Ldap(_) => panic!("LDAP account management is not supported from Aerogramme.")`
			`};`
implement account create 2023-12-08 18:06:12 +00:00			`account_management(&args.command, cmd, user_file)?;`
WIP refactor 2023-12-06 19:57:25 +00:00			`}`
			`},`
			`(Command::Provider(_), AnyConfig::Companion(_)) => {`
use bail! instead of panic! 2023-12-13 17:06:18 +00:00			`bail!("Your want to run a 'Provider' command but your configuration file has role 'Companion'.");`
WIP refactor 2023-12-06 19:57:25 +00:00			`},`
			`(Command::Companion(_), AnyConfig::Provider(_)) => {`
use bail! instead of panic! 2023-12-13 17:06:18 +00:00			`bail!("Your want to run a 'Companion' command but your configuration file has role 'Provider'.");`
WIP refactor 2023-12-06 19:57:25 +00:00			`},`
CLI tools 2023-12-13 17:04:04 +00:00			`(Command::Tools(subcommand), _) => match subcommand {`
			`ToolsCommand::CryptoRoot(crcommand) => {`
			`match crcommand {`
			`CryptoRootCommand::New { maybe_password } => {`
			`let password = match maybe_password {`
			`Some(pwd) => pwd.clone(),`
			`None => {`
			`let password = rpassword::prompt_password("Enter password: ")?;`
			`let password_confirm = rpassword::prompt_password("Confirm password: ")?;`
			`if password != password_confirm {`
			`bail!("Passwords don't match.");`
			`}`
			`password`
			`}`
			`};`
			`let crypto_keys = CryptoKeys::init();`
			`let cr = CryptoRoot::create_pass(&password, &crypto_keys)?;`
			`println!("{}", cr.0);`
			`},`
			`CryptoRootCommand::NewClearText => {`
			`let crypto_keys = CryptoKeys::init();`
			`let cr = CryptoRoot::create_cleartext(&crypto_keys);`
			`println!("{}", cr.0);`
			`},`
			`CryptoRootCommand::ChangePassword { maybe_old_password, maybe_new_password, crypto_root } => {`
			`let old_password = match maybe_old_password {`
			`Some(pwd) => pwd.to_string(),`
			`None => rpassword::prompt_password("Enter old password: ")?,`
			`};`

			`let new_password = match maybe_new_password {`
			`Some(pwd) => pwd.to_string(),`
			`None => {`
			`let password = rpassword::prompt_password("Enter new password: ")?;`
			`let password_confirm = rpassword::prompt_password("Confirm new password: ")?;`
			`if password != password_confirm {`
			`bail!("Passwords don't match.");`
			`}`
			`password`
			`}`
			`};`

			`let keys = CryptoRoot(crypto_root.to_string()).crypto_keys(&old_password)?;`
			`let cr = CryptoRoot::create_pass(&new_password, &keys)?;`
			`println!("{}", cr.0);`
			`},`
			`CryptoRootCommand::DeriveIncoming { crypto_root } => {`
			`let pubkey = CryptoRoot(crypto_root.to_string()).public_key()?;`
			`let cr = CryptoRoot::create_incoming(&pubkey);`
			`println!("{}", cr.0);`
			`},`
			`}`
			`},`
			`}`
More construction of things 2022-05-19 10:10:48 +00:00			`}`
CLI skeleton 2022-05-19 13:14:36 +00:00
			`Ok(())`
Skeleton for some stuff 2022-05-18 10:24:37 +00:00			`}`

implement account create 2023-12-08 18:06:12 +00:00			`fn account_management(root: &Command, cmd: &AccountManagement, users: PathBuf) -> Result<()> {`
CLI tools 2023-12-13 17:04:04 +00:00			`let mut ulist: UserList = read_config(users.clone()).context(format!("'{:?}' must be a user database", users))?;`
implement account create 2023-12-08 18:06:12 +00:00
WIP refactor 2023-12-06 19:57:25 +00:00			`match cmd {`
implement account create 2023-12-08 18:06:12 +00:00			`AccountManagement::Add { login, setup } => {`
			`tracing::debug!(user=login, "will-create");`
CLI tools 2023-12-13 17:04:04 +00:00			`let stp: SetupEntry = read_config(setup.clone()).context(format!("'{:?}' must be a setup file", setup))?;`
implement account create 2023-12-08 18:06:12 +00:00			`tracing::debug!(user=login, "loaded setup entry");`

			`let password = match stp.clear_password {`
			`Some(pwd) => pwd,`
			`None => {`
			`let password = rpassword::prompt_password("Enter password: ")?;`
			`let password_confirm = rpassword::prompt_password("Confirm password: ")?;`
			`if password != password_confirm {`
			`bail!("Passwords don't match.");`
			`}`
			`password`
			`}`
			`};`
it compiles again! 2023-12-13 15:09:01 +00:00
			`let crypto_keys = CryptoKeys::init();`
			`let crypto_root = match root {`
			`Command::Provider(_) => CryptoRoot::create_pass(&password, &crypto_keys)?,`
			`Command::Companion(_) => CryptoRoot::create_cleartext(&crypto_keys),`
CLI tools 2023-12-13 17:04:04 +00:00			`_ => unreachable!(),`
it compiles again! 2023-12-13 15:09:01 +00:00			`};`

implement account create 2023-12-08 18:06:12 +00:00			`let hash = hash_password(password.as_str()).context("unable to hash password")?;`

			`ulist.insert(login.clone(), UserEntry {`
			`email_addresses: stp.email_addresses,`
			`password: hash,`
it compiles again! 2023-12-13 15:09:01 +00:00			`crypto_root: crypto_root.0,`
implement account create 2023-12-08 18:06:12 +00:00			`storage: stp.storage,`
			`});`

			`write_config(users.clone(), &ulist)?;`
WIP refactor 2023-12-06 19:57:25 +00:00			`},`
implement account create 2023-12-08 18:06:12 +00:00			`AccountManagement::Delete { login } => {`
WIP 2023-12-12 08:17:59 +00:00			`tracing::debug!(user=login, "will-delete");`
it compiles again! 2023-12-13 15:09:01 +00:00			`ulist.remove(login);`
WIP 2023-12-12 08:17:59 +00:00			`write_config(users.clone(), &ulist)?;`
WIP refactor 2023-12-06 19:57:25 +00:00			`},`
CLI tools 2023-12-13 17:04:04 +00:00			`AccountManagement::ChangePassword { maybe_old_password, maybe_new_password, login } => {`
			`let mut user = ulist.remove(login).context("user must exist first")?;`

			`let old_password = match maybe_old_password {`
			`Some(pwd) => pwd.to_string(),`
			`None => rpassword::prompt_password("Enter old password: ")?,`
			`};`

			`if !verify_password(&old_password, &user.password)? {`
			`bail!(format!("invalid password for login {}", login));`
			`}`

			`let crypto_keys = CryptoRoot(user.crypto_root).crypto_keys(&old_password)?;`

			`let new_password = match maybe_new_password {`
			`Some(pwd) => pwd.to_string(),`
			`None => {`
			`let password = rpassword::prompt_password("Enter new password: ")?;`
			`let password_confirm = rpassword::prompt_password("Confirm new password: ")?;`
			`if password != password_confirm {`
			`bail!("Passwords don't match.");`
			`}`
			`password`
			`}`
			`};`
			`let new_hash = hash_password(&new_password)?;`
			`let new_crypto_root = CryptoRoot::create_pass(&new_password, &crypto_keys)?;`

			`user.password = new_hash;`
			`user.crypto_root = new_crypto_root.0;`

			`ulist.insert(login.clone(), user);`
			`write_config(users.clone(), &ulist)?;`
WIP refactor 2023-12-06 19:57:25 +00:00			`},`
implement account create 2023-12-08 18:06:12 +00:00			`};`

			`Ok(())`
WIP refactor 2023-12-06 19:57:25 +00:00			`}`