SUP(1) General Commands Manual SUP(1)

supsingle-use password

sup service [email]

The sup utility sets a random single-use password for a service using the “forgot password” or “password reset” flow. The password is copied to the clipboard and the service login page is opened. For passwordless services with email-based authentication, the emailed login link is opened.

The following services are supported: asciinema, discogs, freebsdbugzilla, liberapay, lobsters, lwn, patreon, tildegit, tildenews.

The sup utility requires curl(1), git-fetch-email(1), openssl(1), pbcopy(1) and open(1).

January 12, 2022 OpenBSD 7.4

sup.sh in git

#!/bin/sh
set -eu

service=$1
email=${2:-$(git config fetchemail.imapUser)}

generate() {
	openssl rand -base64 33
}
copy() {
	printf '%s' "$1" | pbcopy
}
unwrap() {
	sed '
		:x
		/=$/ {
			N
			s/=\n//g
			bx
		}
	'
}

asciinema() {
	echo 'Fetching CSRF token...'
	jar=$(mktemp -t sup)
	trap 'rm "${jar}"' EXIT
	csrf=$(
		curl -Ss -c "${jar}" 'https://asciinema.org/login/new' |
		sed -n 's/.*name="_csrf_token".*value="\([^"]*\)".*/\1/p'
	)
	echo 'Submitting form...'
	curl -Ss -X POST -b "${jar}" \
		-F "_csrf_token=${csrf}" -F "login[email]=${email}" \
		'https://asciinema.org/login' \
		>/dev/null
	echo 'Waiting for email...'
	url=$(
		git fetch-email -i -M Trash \
			-F 'hello@asciinema.org' -T "${email}" \
			-S 'Login to asciinema.org' |
		grep -m 1 '^https://asciinema\.org/session/new'
	)
	open "${url}"
}

bugzilla() {
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss "${bugzillaBase}/" |
		sed -n '
			/name="token"/N
			s/.*name="token"[[:space:]]*value="\([^"]*\)".*/\1/p
		' | head -n 1
	)
	echo 'Submitting form...'
	curl -Ss -X POST \
		-F "loginname=${email}" -F "token=${csrf}" -F 'a=reqpw' \
		"${bugzillaBase}/token.cgi" \
		>/dev/null
	echo 'Waiting for email...'
	token=$(
		git fetch-email -i -M Trash \
			-F "${bugzillaFrom}" -T "${email}" \
			-S 'Bugzilla Change Password Request' |
		sed -n 's/.*t=3D\([^&]*\).*/\1/p' |
		head -n 1
	)
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST \
		-F "t=${token}" -F 'a=chgpw' \
		-F "password=${password}" -F "matchpassword=${password}" \
		"${bugzillaBase}/token.cgi" \
		>/dev/null
	copy "${password}"
	open "${bugzillaBase}/"
}

freebsdbugzilla() {
	bugzillaBase='https://bugs.freebsd.org/bugzilla'
	bugzillaFrom='bugzilla-noreply@freebsd.org'
	bugzilla
}

discogs() {
	echo 'Submitting form...'
	curl -Ss -X POST \
		-F "email=${email}" -F 'Action.EmailResetInstructions=submit' \
		'https://www.discogs.com/users/forgot_password' \
		>/dev/null
	echo 'Waiting for email...'
	url=$(
		git fetch-email -i -M Trash \
			-F 'noreply@discogs.com' -T "${email}" \
			-S 'Discogs Account Password Reset Instructions' |
		sed -n 's/^To proceed, follow the instructions here: \(.*\)/\1/p'
	)
	echo 'Fetching token...'
	token=$(curl -ISs --url "${url}" | sed -n 's/.*[?]token=\([^&]*\).*/\1/p')
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST \
		-F "token=${token}" \
		-F "password0=${password}" -F "password1=${password}" \
		-F 'Action.ChangePassword=submit' \
		'https://www.discogs.com/users/forgot_password' \
		>/dev/null
	copy "${password}"
	open 'https://discogs.com/login'
}

gitea() {
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss "${giteaBase}/user/forgot_password" |
		sed -n 's/.*name="_csrf" value="\([^"]*\)".*/\1/p'
	)
	echo 'Submitting form...'
	curl -Ss -X POST \
		-F "email=${email}" -F "_csrf=${csrf}" \
		"${giteaBase}/user/forgot_password" \
		>/dev/null
	echo 'Waiting for email...'
	code=$(
		git fetch-email -i -M Trash \
			-F "${giteaFrom}" -T "${email}" -S 'Recover your account' |
		unwrap | sed -n 's/.*code=3D\(.*\)/\1/p' | head -n 1
	)
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss "${giteaBase}/user/recover_account" |
		sed -n 's/.*name="_csrf" value="\([^"]*\)".*/\1/p'
	)
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST \
		-F "_csrf=${csrf}" -F "code=${code}" \
		-F "password=${password}" \
		"${giteaBase}/user/recover_account" \
		>/dev/null
	copy "${password}"
	open "${giteaBase}/user/login"
}

liberapay() {
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss 'https://liberapay.com/sign-in' |
		sed -n 's/.*name="csrf_token".*value="\([^"]*\)".*/\1/p'
	)
	echo 'Submitting form...'
	curl -Ss -X POST \
		-b "csrf_token=${csrf}" -F "csrf_token=${csrf}" \
		-F "log-in.id=${email}" \
		'https://liberapay.com/sign-in' \
		>/dev/null
	echo 'Waiting for email...'
	url=$(
		git fetch-email -i -M Trash \
			-F 'support@liberapay.com' -T "${email}" \
			-S 'Log in to Liberapay' |
		grep -m 1 '^https://liberapay\.com/'
	)
	open "${url}"
}

lobsters() {
	: ${lobstersBase:=https://lobste.rs}
	: ${lobstersFrom:=nobody@lobste.rs}
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss "${lobstersBase}/login/forgot_password" |
		sed -n 's/.*name="authenticity_token" value="\([^"]*\)".*/\1/p'
	)
	echo 'Submitting form...'
	curl -Ss -X POST \
		-F "authenticity_token=${csrf}" \
		-F "email=${email}" -F 'commit=submit' \
		"${lobstersBase}/login/reset_password" \
		>/dev/null
	echo 'Waiting for email...'
	token=$(
		git fetch-email -i -M Trash \
			-F "${lobstersFrom}" -T "${email}" \
			-S 'Reset your password' |
		sed -n 's|^https://.*[?]token=\([^&]*\).*|\1|p'
	)
	echo 'Fetching CSRF token...'
	csrf=$(
		curl -Ss "${lobstersBase}/login/set_new_password?token=${token}" |
		sed -n 's/.*name="authenticity_token" value="\([^"]*\)".*/\1/p'
	)
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST \
		-F "authenticity_token=${csrf}" -F "token=${token}" \
		-F "password=${password}" -F "password_confirmation=${password}" \
		-F 'commit=submit' \
		"${lobstersBase}/login/set_new_password" \
		>/dev/null
	copy "${password}"
	open "${lobstersBase}/login"
}

lwn() {
	username=$email
	echo 'Submitting form...'
	curl -Ss -X POST -F "username=${username}" \
		'https://lwn.net/Login/MailPWLink' \
		>/dev/null
	echo 'Waiting for email...'
	key=$(
		git fetch-email -i -M Trash \
			-F 'lwn@lwn.net' -S 'A link to set your LWN.net password' |
		sed -n 's|.*/Login/SetPassword/.*/\(.*\)|\1|p'
	)
	echo 'Retrieving UID...'
	uid=$(
		curl -Ss "https://lwn.net/Login/SetPassword/${username}/${key}" |
		sed -n 's/.*name="uid" value="\([^"]*\)".*/\1/p'
	)
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST \
		-F "uid=${uid}" -F "key=${key}" \
		-F "new1=${password}" -F "new2=${password}" \
		'https://lwn.net/Login/DoSetPassword' \
		>/dev/null
	copy "${password}"
	open 'https://lwn.net/Login/'
}

patreon() {
	readonly patreonAPI='https://www.patreon.com/api'
	echo 'Submitting form...'
	curl -Ss -X POST -d @- \
		-H 'Content-Type: application/vnd.api+json' \
		"${patreonAPI}/auth/forgot-password?json-api-version=1.0" <<-EOF
		{"data":{"email":"${email}"}}
		EOF
	echo 'Waiting for email...'
	url=$(
		git fetch-email -i -M Trash \
			-F 'password@patreon.com' -T "${email}" \
			-S 'Patreon Password Reset' |
		unwrap |
		grep -o -m 1 'https://email[.]mailgun[.]patreon[.]com/.*'
	)
	echo 'Fetching token...'
	location=$(curl -ISs --url "${url}" | grep -i '^Location: ' | tr -d '\r')
	u=$(echo "${location}" | sed 's/.*[?&]u=\([^&]*\).*/\1/')
	sec=$(echo "${location}" | sed 's/.*[?&]sec=\([^&]*\).*/\1/')
	password=$(generate)
	echo 'Setting password...'
	curl -Ss -X POST -d @- \
		-H 'Content-Type: application/vnd.api+json' \
		"${patreonAPI}/auth/forgot-password/change?json-api-version=1.0" <<-EOF
		{
			"data":{
				"user_id":"${u}",
				"security_token":"${sec}",
				"password":"${password}"
			}
		}
		EOF
	copy "${password}"
	open 'https://www.patreon.com/login'
}

tildegit() {
	giteaBase='https://tildegit.org'
	giteaFrom='git@tildegit.org'
	gitea
}

tildenews() {
	lobstersBase='https://tilde.news'
	lobstersFrom='nobody@tilde.news'
	lobsters
}

$service