diff --git a/src/cli.rs b/src/cli.rs index 0f09b3d..75fbc7c 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -9,6 +9,7 @@ use std::borrow::Cow; use std::collections::HashSet; use std::io::Write; use std::iter::FromIterator; +use std::path::Path; use std::str::FromStr; use std::thread; use std::time::Duration; @@ -133,6 +134,20 @@ pub fn read_password_pin_prefixed( Ok((pin, util::sha256(&[password.as_bytes()]))) } +/// generate an more readable name from common paths +pub fn derive_credential_name(path: &Path) -> String { + match path.file_name() { + Some(name) + if path + .iter() + .any(|p| p == "by-label" || p == "by-partlabel" || p == "by-uuid") => + { + name.to_string_lossy().as_ref().to_string() + } + _ => path.display().to_string(), + } +} + pub fn parse_cmdline() -> Args { Args::from_args() } @@ -303,9 +318,22 @@ pub fn run_cli() -> Fido2LuksResult<()> { let (existing_secret, _) = other_secret("Current password", false)?; let (new_secret, cred) = if *auto_credential && luks2 { let cred = make_credential_id( - Some(luks.device.display().to_string().as_str()), - None, - )?; //TODO: do ask for PIN + Some(derive_credential_name(luks.device.as_path()).as_str()), + (if authenticator.pin { + //TODO: not ideal since it ignores pin-prefixed + Some(read_pin()?) + } else { + None + }) + .as_deref(), + )?; + log(&|| { + format!( + "generated credential: {}\ncredential username: {:?}", + hex::encode(&cred.id), + derive_credential_name(luks.device.as_path()) + ) + }); let creds = vec![HexEncoded(cred.id)]; secret(true, &creds) } else {