From 768fd0a247bb679fbbeb840fd7b6c736264e96cf Mon Sep 17 00:00:00 2001
From: Yann Herklotz <git@yannherklotz.com>
Date: Fri, 2 Jun 2023 13:09:55 +0100
Subject: Anonymise mail authentication

---
 notmuch/.local/bin/mutt_oauth2.py | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/notmuch/.local/bin/mutt_oauth2.py b/notmuch/.local/bin/mutt_oauth2.py
index a4a8872..2f02560 100755
--- a/notmuch/.local/bin/mutt_oauth2.py
+++ b/notmuch/.local/bin/mutt_oauth2.py
@@ -44,8 +44,18 @@ import subprocess
 # encryption and decryption pipes you prefer. They should read from standard
 # input and write to standard output. The example values here invoke GPG,
 # although won't work until an appropriate identity appears in the first line.
-ENCRYPTION_PIPE = ['gpg', '--default-key', '6C6BA068183138B0', '--encrypt', '--recipient', '6C6BA068183138B0']
-DECRYPTION_PIPE = ['gpg', '--default-key', '6C6BA068183138B0', '--decrypt']
+
+CURRENT_SERVER_NAME = socket.gethostname()
+CURRENT_LOCAL_GPG_KEY = os.environ['MAIL_GPG_KEY']
+
+ENCRYPTION_PIPE = ['gpg', '--default-key', CURRENT_LOCAL_GPG_KEY, '--encrypt', '--recipient', CURRENT_LOCAL_GPG_KEY]
+DECRYPTION_PIPE = ['gpg', '--default-key', CURRENT_LOCAL_GPG_KEY, '--decrypt']
+
+CURRENT_KEYS = subprocess.run(['pass', 'show', 'imperial/' + CURRENT_SERVER_NAME + '-keys'], capture_output=True, text=True).stdout.splitlines()
+
+CURRENT_KEY_SECRET = CURRENT_KEYS[0]
+CURRENT_KEY_ID = CURRENT_KEYS[2]
+CURRENT_KEY_DIR = CURRENT_KEYS[3]
 
 registrations = {
     'google': {
@@ -62,9 +72,9 @@ registrations = {
         'client_secret': '',
     },
     'microsoft': {
-        'authorize_endpoint': 'https://login.microsoftonline.com/2b897507-ee8c-4575-830b-4f8267c3d307/oauth2/v2.0/authorize',
+        'authorize_endpoint': 'https://login.microsoftonline.com/' + CURRENT_KEY_DIR + '/oauth2/v2.0/authorize',
         'devicecode_endpoint': 'https://login.microsoftonline.com/common/oauth2/v2.0/devicecode',
-        'token_endpoint': 'https://login.microsoftonline.com/2b897507-ee8c-4575-830b-4f8267c3d307/oauth2/v2.0/token',
+        'token_endpoint': 'https://login.microsoftonline.com/' + CURRENT_KEY_DIR + '/oauth2/v2.0/token',
 #        'redirect_uri': 'https://login.microsoftonline.com/common/oauth2/nativeclient',
         'redirect_uri': 'http://localhost:5000/getToken',
         'tenant': 'common',
@@ -75,8 +85,8 @@ registrations = {
         'scope': ('offline_access https://outlook.office.com/IMAP.AccessAsUser.All '
                   'https://outlook.office.com/POP.AccessAsUser.All '
                   'https://outlook.office.com/SMTP.Send'),
-        'client_id': '',
-        'client_secret': '',
+        'client_id': CURRENT_KEY_ID,
+        'client_secret': CURRENT_KEY_SECRET,
     },
 }
 
-- 
cgit