Commit graph

86 commits

Author SHA1 Message Date
dependabot[bot]
a9e39b4215
Bump rustix from 0.37.22 to 0.37.25 (#336)
Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.37.22
to 0.37.25.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="00b84d6aac"><code>00b84d6</code></a>
chore: Release rustix version 0.37.25</li>
<li><a
href="cad15a7076"><code>cad15a7</code></a>
Fixes for <code>Dir</code> on macOS, FreeBSD, and WASI.</li>
<li><a
href="df3c3a192c"><code>df3c3a1</code></a>
Merge pull request from GHSA-c827-hfw6-qwvm</li>
<li><a
href="b78aeff1a2"><code>b78aeff</code></a>
chore: Release rustix version 0.37.24</li>
<li><a
href="c0c3f01d7c"><code>c0c3f01</code></a>
Add GNU/Hurd support (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/852">#852</a>)</li>
<li><a
href="f416b6b27b"><code>f416b6b</code></a>
Fix the <code>test_ttyname_ok</code> test when /dev/stdin is
inaccessable. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/821">#821</a>)</li>
<li><a
href="aee5b0954e"><code>aee5b09</code></a>
Downgrade dependencies and disable tests to compile under Rust
1.48.</li>
<li><a
href="6d42c38311"><code>6d42c38</code></a>
Disable MIPS in CI. (<a
href="https://redirect.github.com/bytecodealliance/rustix/issues/793">#793</a>)</li>
<li><a
href="7cdacb1145"><code>7cdacb1</code></a>
chore: Release rustix version 0.37.23</li>
<li><a
href="c6b1d4e690"><code>c6b1d4e</code></a>
Pin Rust nightly to 2023-07-03.</li>
<li>Additional commits viewable in <a
href="https://github.com/bytecodealliance/rustix/compare/v0.37.22...v0.37.25">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustix&package-manager=cargo&previous-version=0.37.22&new-version=0.37.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dyc3/steamguard-cli/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 16:19:03 -04:00
dependabot[bot]
6d4915a39c
Bump webpki from 0.22.1 to 0.22.2 (#330)
Bumps [webpki](https://github.com/briansmith/webpki) from 0.22.1 to
0.22.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/briansmith/webpki/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpki&package-manager=cargo&previous-version=0.22.1&new-version=0.22.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dyc3/steamguard-cli/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 18:51:05 -04:00
Carson McManus
47894cc217 Bump steamguard v0.12.2, steamguard-cli v0.12.2 2023-09-28 18:08:33 -04:00
Carson McManus
04295dc742
update rpassword to 7.2.0 and add some debug logs (#325)
related: #324
2023-09-28 21:12:50 +00:00
dependabot[bot]
4fb0e4cfcd
Bump phonenumber from 0.3.2+8.13.9 to 0.3.3+8.13.9 (#323)
Bumps [phonenumber](https://github.com/whisperfish/rust-phonenumber)
from 0.3.2+8.13.9 to 0.3.3+8.13.9.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/whisperfish/rust-phonenumber/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumber&package-manager=cargo&previous-version=0.3.2+8.13.9&new-version=0.3.3+8.13.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dyc3/steamguard-cli/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-22 10:04:11 -04:00
dependabot[bot]
e032008fdb
Bump webpki from 0.22.0 to 0.22.1 (#321)
Bumps [webpki](https://github.com/briansmith/webpki) from 0.22.0 to
0.22.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/briansmith/webpki/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpki&package-manager=cargo&previous-version=0.22.0&new-version=0.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dyc3/steamguard-cli/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 10:29:08 -04:00
Carson McManus
90ba3b64b5 Bump steamguard v0.12.1, steamguard-cli v0.12.1 2023-09-13 10:17:20 -04:00
Carson McManus
9f26e6b241 update version numbers 2023-09-04 13:43:05 -04:00
Carson McManus
84993dedae Bump steamguard-cli v0.11.0 2023-08-23 17:37:26 -04:00
dependabot[bot]
40d81f360b
Bump rustls-webpki from 0.100.1 to 0.100.2 (#306)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.100.1 to
0.100.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>v/0.100.2</h2>
<h2>Release notes</h2>
<ul>
<li>certificate path building and verification is now capped at 100
signature validation operations to avoid the risk of CPU usage
denial-of-service attack when validating crafted certificate chains
producing quadratic runtime. This risk affected both clients, as well as
servers that verified client certificates.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>v0.100.2 prep by <a
href="https://github.com/cpu"><code>@​cpu</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/154">rustls/webpki#154</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c8b821450b"><code>c8b8214</code></a>
Bump MSRV to 1.60</li>
<li><a
href="855752292e"><code>8557522</code></a>
Avoid testing MSRV of dev-dependencies</li>
<li><a
href="73a7f0c7d7"><code>73a7f0c</code></a>
Cargo: version 0.100.1 -&gt; 0.100.2</li>
<li><a
href="4ea052366f"><code>4ea0523</code></a>
verify_cert: enforce maximum number of signatures.</li>
<li>See full diff in <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustls-webpki&package-manager=cargo&previous-version=0.100.1&new-version=0.100.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dyc3/steamguard-cli/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-22 14:29:36 -04:00
Carson McManus
34d17a2462 Bump steamguard v0.10.3, steamguard-cli v0.10.5 2023-08-10 09:15:11 -04:00
Carson McManus
8bd0079ffc Bump steamguard-cli v0.10.4 2023-08-09 13:56:09 -04:00
Carson McManus
2114d0a98d Bump steamguard v0.10.2, steamguard-cli v0.10.3 2023-08-09 09:59:57 -04:00
Carson McManus
96f342137a
upgrade base64 crate to 0.21 (#289) 2023-07-10 15:41:36 +00:00
Carson McManus
d1ff150cbf
replace crates hmac-sha1 and hmac-sha256 with equivalent crates from RustCrypto (#288) 2023-07-10 14:53:31 +00:00
Carson McManus
942ac6f35f Bump steamguard v0.10.1, steamguard-cli v0.10.2 2023-07-09 11:07:25 -04:00
Carson McManus
7c985f62ff
zeroize more stuff during runtime (#282)
- add zeroize features to some dependencies
- zeroize protobuf messages when they are dropped
2023-07-05 14:25:03 +00:00
Carson McManus
b98cd2d4c7 Bump steamguard-cli v0.10.1 2023-07-05 06:59:44 -04:00
Carson McManus
06af8c2219 Bump steamguard v0.10.0, steamguard-cli v0.10.0, safety bump steamguard-cli v0.10.0 2023-07-03 12:26:35 -04:00
Carson McManus
8f4ec79144
parallelize account loading and saving (#273)
- parallelize account loading
- parallelize account saving
2023-07-03 16:25:43 +00:00
Carson McManus
969baeed4c
upgrade some dependencies (#272)
- upgrade `rsa`, `zeroize` crates, closes #268
- switch to parrallelized pbkdf2, closes #271
- cargo update
2023-07-03 15:42:10 +00:00
Carson McManus
d5218d770e
add a new, faster encryption scheme (Argon2idAes256) and make it the default (#270)
- move legacy scheme to new module
- add argon2 crate
- mvoe test
- add argon2id aes encryption scheme
- refactor encryption to be less shit
- fix all the errors
- fix lints
2023-07-03 10:23:56 -04:00
Carson McManus
7e94f76653
Add support for storing encryption passkey in system keyring (#265)
- add keyring package
- add keyring id field to manifest
- automatically attempt to load encryption passkey from keyring
- have decrypt delete the passkey on decrypt
- have encrypt command ask if it should store the passkey in the keyring
- fix lints

closes #117
2023-07-02 14:44:18 +00:00
Carson McManus
e25ab17fd6 Bump steamguard v0.9.5, steamguard-cli v0.9.7 2023-07-02 07:39:57 -04:00
Carson McManus
f05f423d23 Bump steamguard v0.9.4, steamguard-cli v0.9.6 2023-06-30 11:11:09 -04:00
Carson McManus
71d399f645 Bump steamguard v0.9.3, steamguard-cli v0.9.5 2023-06-29 19:04:11 -04:00
Carson McManus
b30eb050de update log crate 2023-06-29 17:58:48 -04:00
Carson McManus
09fd78a5a5 Bump steamguard v0.9.2, steamguard-cli v0.9.4 2023-06-26 20:22:31 -04:00
Carson McManus
7d39da8213 Bump steamguard v0.9.1, steamguard-cli v0.9.3 2023-06-26 19:12:07 -04:00
Carson McManus
4fed9486de
trade: adjust logging for deserializing confirmations (#237) 2023-06-26 23:11:15 +00:00
Carson McManus
f8ae7d4e0e
fix SDA encryption compatibility (#236)
fixes #233
2023-06-26 23:02:48 +00:00
Carson McManus
fdf54e6498 Bump steamguard-cli v0.9.2 2023-06-25 20:27:47 -04:00
Carson McManus
ac7717bde8 Bump steamguard-cli v0.9.1 2023-06-25 19:53:12 -04:00
Carson McManus
93a5fe643c Bump steamguard v0.9.0, steamguard-cli v0.9.0, safety bump steamguard-cli v0.9.0 2023-06-25 13:15:00 -04:00
Carson McManus
1632e2f10e
add PhoneLinker, and the ability to add a phone number to the account during setup (#223)
- add proto for IPhoneService
- add PhoneClient
- add PhoneLinker
- fix lints and such
- add comments
- update phone linker
- use phonenumber crate for phone linker
- adjust errors for account linker
- update setup command to be able to add phone numbers
- adjust logging in the setup command
- update account linker
2023-06-25 17:11:24 +00:00
Carson McManus
d87caa06f6
add an update checker (#222) 2023-06-25 09:24:53 -04:00
Carson McManus
a5be7b26bb
Add qr-login command to be able to approve qr code logins on other devices (#214)
- add QrApprover
- implement qr-login subcommand

closes #197
2023-06-24 13:45:03 -04:00
Carson McManus
2dc6376533
print better errors when deserializing json (#218)
- print stripped json whenever there is a type mismatch when
deserializing
- Revert "print stripped json whenever there is a type mismatch when
deserializing"
- print better errors when deserializing json
2023-06-24 16:06:12 +00:00
Carson McManus
2d180f0209 Bump steamguard-cli v0.8.2 2023-06-24 08:25:56 -04:00
Carson McManus
fe0d6e9aca Bump steamguard v0.8.1, steamguard-cli v0.8.1 2023-06-23 15:22:51 -04:00
Carson McManus
cbc46ad8eb
Dead code cleanup, subcommand refactor (#206)
- clean up dead code
- fix lints
- move Session type to legacy module
- refactor service names into constants
- refactor build_url to be less restrictive for service names
- refactor most commands into their own modules
2023-06-23 17:36:23 +00:00
Carson McManus
e4eabdcdd3 Bump steamguard v0.8.0, steamguard-cli v0.8.0, safety bump steamguard-cli v0.8.0 2023-06-22 17:01:58 -04:00
Carson McManus
bfd0667f3a
Use IAuthenticationService for login, account migrations, other major refactors (#194)
fixes #193
fixes #192  
fixes #107

- [x] Implement the new login process
    - [x] Tested
- [x] Update the authenticator setup process
    - [x] Tested
- [x] Update the authenticator remove process
    - [x] Tested
- [x] Manifest format migrator
    - [x] Tested
- [x] Make it possible to import SDA accounts
- [x] Make sure confirmations still work
    - [x] Fetching
    - [x] Responding
- [x] Make it so that the login process doesn't prompt for which method
to use
- [x] Make it so that device confirmation and email confirmation auth
session guards work
2023-06-22 20:20:15 +00:00
Carson McManus
b277e53099 Bump steamguard v0.7.1, steamguard-cli v0.7.1 2023-03-18 10:52:41 -04:00
dependabot[bot]
b4e5574815
Bump tokio from 1.19.2 to 1.20.3
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.19.2 to 1.20.3.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.19.2...tokio-1.20.3)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 21:46:32 +00:00
Carson McManus
9def58a39c Release steamguard v0.7.0, steamguard-cli v0.7.0, safety bump steamguard-cli v0.7.0 2022-12-05 11:58:57 -05:00
Carson McManus
c86eedd63c increment to v0.6.0 so smart-release increments it again 2022-12-05 11:58:27 -05:00
Carson McManus
5599e28c9f add the ability to generate a QR code for 2fa secrets 2022-12-05 08:47:33 -05:00
Carson McManus
9657ea6822 Release steamguard v0.5.0, steamguard-cli v0.5.0, safety bump steamguard-cli v0.5.0 2022-06-25 11:24:43 -04:00
Carson McManus
15349156db remove termion 2022-06-25 11:04:12 -04:00