feat: remove force change default pin

2023-03-10 14:29:44 +08:00
4 changed files with 2911 additions and 46 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,10 @@
+.idea/
 # ---> Rust
 # Generated by Cargo
 # will have compiled files and executables
 debug/
 target/

-# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
-# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
-Cargo.lock
-
 # These are backup files generated by rustfmt
 **/*.rs.bk

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/1
+++ b/1
@@ -1 +0,0 @@
-1.60.0
--- a/src/key.rs
+++ b/src/key.rs
@@ -9,7 +9,7 @@ use age_plugin::{identity, Callbacks};
 use bech32::{ToBase32, Variant};
 use dialoguer::Password;
 use log::{debug, error, warn};
-use std::convert::Infallible;
+// use std::convert::Infallible;
 use std::fmt;
 use std::io;
 use std::iter;
@@ -290,7 +290,7 @@ fn request_pin<E>(

 pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
    const DEFAULT_PIN: &str = "123456";
-    const DEFAULT_PUK: &str = "12345678";
+    // const DEFAULT_PUK: &str = "12345678";

    eprintln!();
    let pin = Password::new()
@@ -303,45 +303,45 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
        .interact()?;
    yubikey.verify_pin(pin.as_bytes())?;

-    // If the user is using the default PIN, help them to change it.
-    if pin == DEFAULT_PIN {
-        eprintln!();
-        eprintln!("{}", fl!("mgr-change-default-pin"));
-        eprintln!();
-        let current_puk = Password::new()
-            .with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
-            .interact()?;
-        let new_pin = loop {
-            let pin = request_pin(
-                |prev_error| {
-                    if let Some(err) = prev_error {
-                        eprintln!("{}", err);
-                    }
-                    Password::new()
-                        .with_prompt(fl!("mgr-choose-new-pin"))
-                        .with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
-                        .interact()
-                        .map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin)))
-                },
-                yubikey.serial(),
-            )?
-            .unwrap();
-            if pin.expose_secret() == DEFAULT_PIN {
-                eprintln!("{}", fl!("mgr-nope-default-pin"));
-            } else {
-                break pin;
-            }
-        };
-        let new_pin = new_pin.expose_secret();
-        yubikey
-            .change_puk(current_puk.as_bytes(), new_pin.as_bytes())
-            .map_err(|e| match e {
-                yubikey::Error::PinLocked => Error::PukLocked,
-                yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
-                _ => Error::YubiKey(e),
-            })?;
-        yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
-    }
+    // // If the user is using the default PIN, help them to change it.
+    // if pin == DEFAULT_PIN {
+    //     eprintln!();
+    //     eprintln!("{}", fl!("mgr-change-default-pin"));
+    //     eprintln!();
+    //     let current_puk = Password::new()
+    //         .with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
+    //         .interact()?;
+    //     let new_pin = loop {
+    //         let pin = request_pin(
+    //             |prev_error| {
+    //                 if let Some(err) = prev_error {
+    //                     eprintln!("{}", err);
+    //                 }
+    //                 Password::new()
+    //                     .with_prompt(fl!("mgr-choose-new-pin"))
+    //                     .with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
+    //                     .interact()
+    //                     .map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin)))
+    //             },
+    //             yubikey.serial(),
+    //         )?
+    //         .unwrap();
+    //         if pin.expose_secret() == DEFAULT_PIN {
+    //             eprintln!("{}", fl!("mgr-nope-default-pin"));
+    //         } else {
+    //             break pin;
+    //         }
+    //     };
+    //     let new_pin = new_pin.expose_secret();
+    //     yubikey
+    //         .change_puk(current_puk.as_bytes(), new_pin.as_bytes())
+    //         .map_err(|e| match e {
+    //             yubikey::Error::PinLocked => Error::PukLocked,
+    //             yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
+    //             _ => Error::YubiKey(e),
+    //         })?;
+    //     yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
+    // }

    if let Ok(mgm_key) = MgmKey::get_protected(yubikey) {
        yubikey.authenticate(mgm_key)?;