Fixing merge conflicts after master merge

Dinesh Kumar · Dinesh Kumar · commit 5780d0bee998 · 2018-11-13T21:06:01.000+05:30
diff --git a/README.md b/README.md
@@ -4,29 +4,27 @@ Shell function to fuzzy search an IPSec VPN by name and connect to it automatica
 
 ## Prerequisite
 
-1. [fzf](https://github.com/junegunn/fzf)
-2. [OATH Toolkit](https://www.nongnu.org/oath-toolkit/index.html)
+1.  [fzf](https://github.com/junegunn/fzf)
+2.  [OATH Toolkit](https://www.nongnu.org/oath-toolkit/index.html)
 
 ```
 brew install oath-toolkit fzf
 ```
 
 ## Install
 
-```
-git clone https://github.com/arunvelsriram/lazy-connect.git ~/.lazy-connect
-```
+### Using Homebrew
 
 ```
-# zsh users
-echo "[ -f ~/.lazy-connect/lazy-connect.sh ] && source ~/.lazy-connect/lazy-connect.sh" >> ~/.zshrc
-source ~/.zshrc
+brew tap arunvelsriram/stable
+brew install lazy-connect
 ```
 
+### Manual
+
 ```
-# bash users
-echo "[ -f ~/.lazy-connect/lazy-connect.sh ] && source ~/.lazy-connect/lazy-connect.sh" >> ~/.bashrc
-source ~/.bashrc
+git clone https://github.com/arunvelsriram/lazy-connect.git ~/.lazy-connect
+sudo ln -s ~/.lazy-connect/lazy-connect /usr/local/bin/lazy-connect
 ```
 
 ### Usage
@@ -54,7 +52,7 @@ When disabled, the password is copied to clipboard, and you can use it manually
 
 #### Prerequisite
 
-1. [yubikey-manager](https://github.com/Yubico/yubikey-manager)
+1.  [yubikey-manager](https://github.com/Yubico/yubikey-manager)
 
 To use `TOTP` from YubiKey set the following environment variable
 
@@ -63,9 +61,10 @@ export LAZY_CONNECT_TOTP_GENERATOR=yubikey
 export LAZY_CONNECT_TOTP_QUERY=<name of the issuer>
 ```
 
-### Warning
+### Note
 
-- The secret key to generate TOTP is stored as plain text in `~/.config/lazy-connect/secret`
+- The secret key to generate TOTP is stored in Keychain on Mac under default `login` keychain. You may need to
+  enter your login password to allow access to Keychain.
 - You need to add your Termainal emulator app that invokes the function to `Security & Privacy -> Accessibility`. It is
   necesssary because the script interacts with the UI. There are other ways via CLI to avoid UI interaction but
   they are all broken in OS X 10.12+.
diff --git a/lazy-connect b/lazy-connect
@@ -11,14 +11,19 @@ function _lazy_connect_init() {
     echo -n "Secret Key: "
     read -s secret_key
     echo "**********"
-    echo $secret_key >$_lazy_connect_config_dir/secret
+
+    echo 'Storing secret in keychain...'
+    old_secret=~/.config/lazy-connect/secret
+    [ -f "$old_secret" ] && rm "$old_secret"
+    security delete-generic-password -a lazy-connect -s lazy-connect &>/dev/null
+    security add-generic-password -a lazy-connect -p "$secret_key" -s lazy-connect
     ;;
   esac
   _lazy_connect_vpn_refresh
 }
 
 function _lazy_connect_vpn_refresh() {
-  local backup_file=/tmp/lazy-connect-vpns-`date +%-H-%M-%S-%F`
+  local backup_file=/tmp/lazy-connect-vpns-$(date +%-H-%M-%S-%F)
   [ -f $_lazy_connect_config_dir/vpns ] && cp $_lazy_connect_config_dir/vpns $backup_file
   osascript <<EOF |
     tell application "System Events"
@@ -40,8 +45,9 @@ function _lazy_connect_vpn_refresh() {
       end tell
     end tell
 EOF
-tr ',' '\n' | sed 's/^[[:space:]]//g' > $_lazy_connect_config_dir/vpns
+    tr ',' '\n' | sed 's/^[[:space:]]//g' >$_lazy_connect_config_dir/vpns
 
+  echo "Storing the VPN list..."
   if [ -f $backup_file ]; then
     echo -e "\nDiff:\n$(diff -y $backup_file $_lazy_connect_config_dir/vpns)"
   else
@@ -59,8 +65,7 @@ lazy-connect - Shell function to fuzzy search an IPSec VPN by name
                and connect to it automatically.
 
 -n    - Connect to VPN by autofilling password
--i    - Initialize lazy-connect.
-        Stores the secret and VPN list to ~/.config/lazy-connect/
+-i    - Initialize lazy-connect. Stores the TOTP secret and VPN list
 -u    - Update lazy-connect
 -r    - Refresh vpn list in ~/.config/lazy-connect
 -h    - Show this help
@@ -80,7 +85,7 @@ function _lazy_connect_get_totp() {
       exit 1
     fi
     if [ -z "$LAZY_CONNECT_TOTP_QUERY" ]; then
-      echo "Error: LAZY_CONNECT_TOTP_QUERY not set"
+      echo "Error: LAZY_CONNECT_TOTP_QUERY not set."
       exit 1
     else
       password=$(ykman oath code $LAZY_CONNECT_TOTP_QUERY 2>/dev/null | awk '{print $2}')
@@ -96,11 +101,11 @@ function _lazy_connect() {
   if [ -z "$password" ]; then
     case $TOTP_MODE in
     oathtool)
-      echo "Error: Unable to generate otp using oathtool"
+      echo "Error: Unable to generate otp using oathtool."
       return 1
       ;;
     yubikey)
-      echo "Error: No YubiKey found"
+      echo "Error: No YubiKey found."
       return 1
       ;;
     esac
@@ -187,8 +192,15 @@ function lazy-connect() {
     esac
   done
 
-  secret=$(cat $_lazy_connect_config_dir/secret)
-  vpn_name=$(cat $_lazy_connect_config_dir/vpns \
-    | fzf --height=10 --ansi --reverse --query "$*" --select-1)
+  local secret=$(security find-generic-password -a lazy-connect -w 2>/dev/null | tr -d '\n')
+  if [ -z "$secret" ]; then
+    echo "Secret not found in keychain. Initialize lazy-connect and try again."
+    return 1
+  fi
+
+  vpn_name=$(cat $_lazy_connect_config_dir/vpns |
+    fzf --height=10 --ansi --reverse --query "$*" --select-1)
   [ -z "$vpn_name" ] || _lazy_connect "$vpn_name" "$secret"
 }
+
+lazy-connect "$@"
