Tomáš Faikl 7 місяці тому
committed by GitHub
джерело
коміт
62014eda39
Не вдалося знайти GPG ключ що відповідає даному підпису Ідентифікатор GPG ключа: B5690EEEBB952194
5 змінених файлів з 86 додано та 16 видалено
  1. +1
    -0
      README.md
  2. +52
    -12
      bin/mw
  3. +29
    -0
      mw.1
  4. +2
    -2
      share/mbsync-temp
  5. +2
    -2
      share/msmtp-temp

+ 1
- 0
README.md Переглянути файл

@@ -54,6 +54,7 @@ A user of Arch-based distros can also install the current mutt-wizard release fr

### Optional Dependencies

- `cyrus-sasl-xoauth2-git` - Support for OAUTH2.
- `pam-gnupg` - Automatically logs you into your GPG key on login so you will
never need to input your password once logged on to your system. Check the
repo and directions out [here](https://github.com/cruegge/pam-gnupg).


+ 52
- 12
bin/mw Переглянути файл

@@ -88,6 +88,7 @@ prepmutt() {
}

getprofiles() {
# TODO: oauth2 only for mbsync right now
safename="$(echo $fulladdr | sed 's/@/_/g')"
case "$type" in
online)
@@ -173,11 +174,30 @@ askinfo() {
[ -z "$passprefix" ] && passprefix=""
hostname="${fulladdr#*@}"
login="${login:-$fulladdr}"
if [ -n "${password+x}" ]; then
insertpass
else
getpass
fi
[ -f "$oauthtokenfile" ] ||
printf "If you want to use OAUTH2 (for Microsoft or Google), input path to pre-created token file (see help). Otherwise, leave empty: " &&
read -r oauthtokenfile

if [ -f "$oauthtokenfile" ]; then
authtype_msmtp=xoauth2
authtype_mbsync=XOAUTH2
printf "Token will be moved to '%s', do you want to remove the original token file [y/N]? " "$PASSWORD_STORE_DIR/$passprefix$fulladdr.tokens"
read -r prompt
case "$prompt" in
y|Y) mv "$oauthtokenfile" "$PASSWORD_STORE_DIR/$passprefix$fulladdr.tokens" ;;
*) cp "$oauthtokenfile" "$PASSWORD_STORE_DIR/$passprefix$fulladdr.tokens" ;;
esac
else
[ -n "$oauthtokenfile" ] && echo "Token file not found"
authtype_msmtp=on
authtype_mbsync=LOGIN
if [ -n "${password+x}" ]; then
insertpass
else
getpass
fi
fi
pass_cmdline="$(pass_cmdline)"
}

insertpass() {
@@ -187,10 +207,6 @@ insertpass() {
errorexit() {
echo "Log-on not successful."
case "$imap" in
imap.gmail.com)
echo "This account with $service is using Google's Gmail servers, which disable all third-party applications without an application-specific password.
Please be sure you are using OAUTH with your Gmail account, or better yet, stop using Gmail."
;;
imap.mail.me.com)
echo "This account with $service is using Apple's iCloud servers, which disable all non-Apple applications by default.
Please be sure you either enable third-party applications, or create an app-specific password, or best of all, stop using Apple."
@@ -199,16 +215,35 @@ Please be sure you either enable third-party applications, or create an app-spec
exit 1
}

pass_cmdline() {
if [ -f "$oauthtokenfile" ]; then
# do not use pass insert to not clutter pass git history with token updates
encrypt_pipe="$GPG -qe $(printf -- " -r %s" $(cat "$PASSWORD_STORE_DIR/.gpg-id"))"
printf '%s ' /usr/share/neomutt/oauth2/mutt_oauth2.py --encryption-pipe "$encrypt_pipe" "$passprefix$fulladdr.tokens"
else
printf '%s ' pass "$passprefix$fulladdr"
fi
}

getpass() { while :; do
pass rm -f "$passprefix$fulladdr" >/dev/null 2>&1
pass insert -f "$passprefix$fulladdr" && break
done; }

getboxes() {
if [ -n "${force+x}" ]; then
# TODO: add oauth2 curl
# in the meantime, get box names after syncing from folder structure:
#for d in "$maildir"/*
#do
# echo "$(basename "$d"):"
# mailboxes="$(find "$d" -mindepth 1 -type d -not -name 'cur' -not -name 'new' -not -name 'tmp' -printf '="%P" ')"
# printf "\tmailboxes %s\n\n" "$mailboxes"
#done

if [ -f "$oauthtokenfile" ] || [ -n "${force+x}" ]; then
mailboxes="$(printf "INBOX\\nDrafts\\nJunk\\nTrash\\nSent\\nArchive")"
else
info="$(curl --location-trusted -s -m 5 --user "$login:$(pass "$passprefix$fulladdr")" --url "${protocol:-imaps}://$imap:${iport:-993}")"
info="$(curl --location-trusted -s -m 5 --user "$login:$(pass show "$passprefix$fulladdr")" --url "${protocol:-imaps}://$imap:${iport:-993}")"
[ -z "$info" ] && errorexit
mailboxes="$(echo "$info" | grep -v HasChildren | sed "s/.*\" //;s/\"//g" | tr -d '\r')"
fi
@@ -283,6 +318,7 @@ Options allowed with -a:
-s SMTP server address
-S SMTP server port
-x Password for account (recommended to be in double quotes)
-o Registered OAUTH2 token file path. See mw(1) for more info.
-p Add for a POP server instead of IMAP.
-P Pass Prefix (prefix of the file where password is stored)
-X Delete an account's local email too when deleting.
@@ -320,7 +356,7 @@ reorder() {
' "$tempfile" >>"$muttrc"
}

while getopts "rfpXlhodTYD:y:i:I:s:S:u:a:n:P:x:m:t:" o; do case "${o}" in
while getopts "rfpXlhodTYD:y:i:I:s:S:u:a:n:P:x:O:m:t:" o; do case "${o}" in
l) setact list ;;
r) setact reorder ;;
d) setact delete ;;
@@ -387,6 +423,10 @@ while getopts "rfpXlhodTYD:y:i:I:s:S:u:a:n:P:x:m:t:" o; do case "${o}" in
setact add
password="$OPTARG"
;;
O)
setact add
oauthtokenfile="$OPTARG"
;;
X)
setact delete
purge=True


+ 29
- 0
mw.1 Переглянути файл

@@ -67,6 +67,35 @@ SMTP server address
.TP
.B -S
SMTP server port (assumed to be 465 if not specified)
.TP
.B -O path
Path to registered OAUTH2 token file. The file has to be first created using external scripts, see for example
.I https://wiki.archlinux.org/title/Isync#mutt_oauth2.py
for more information. If you already have
.B neomutt
installed, the script should be located in
.I /usr/share/neomutt/oauth2/mutt_oauth2.py
and you need to first create the token by specifying your authorization credentials. If your organization does not permit any new registrations, use Mozilla Thunderbird Client ID, for example, from
.I https://hg.mozilla.org/comm-central/file/tip/mailnews/base/src/OAuth2Providers.jsm
and pick your provider (Google or Microsoft).
Then you can use the script as
.IP
.EX
\&$ /usr/share/neomutt/oauth2/mutt_oauth2.py -v -t \\
\& --authorize --client-id "9e5f94bc-e8a4-4e73-b8be-63364c29d753" --client-secret "" \\
\& --email "<your email>" --provider microsoft \\
\& --encryption-pipe "gpg --encrypt --recipient <your_gpg_key>" \\
\& token_path
.EE
.
.XP

The token file is then decrypted by
.B mw
and saved to password store as
.I <passprefix><email>.tokens
encrypted using gpg. The file will not be tracked by git history by default.

.TP
.B -x
Account password. You will be prompted for the password interactively if this option is not given.


+ 2
- 2
share/mbsync-temp Переглянути файл

@@ -2,8 +2,8 @@ IMAPStore $fulladdr-remote
Host $imap
Port $iport
User $login
PassCmd "pass $passprefix$fulladdr"
AuthMechs LOGIN
PassCmd "$pass_cmdline"
AuthMechs $authtype_mbsync
SSLType $imapssl
CertificateFile $sslcert



+ 2
- 2
share/msmtp-temp Переглянути файл

@@ -3,8 +3,8 @@ host $smtp
port $sport
from $fulladdr
user $login
passwordeval "pass $passprefix$fulladdr"
auth on
passwordeval "$pass_cmdline"
auth $authtype_msmtp
tls on
tls_trust_file $sslcert
logfile $msmtplog


Завантаження…
Відмінити
Зберегти