steve
a837b25d73
Adds the admin/diagnostics surface from SPEC §7.2: - doctor [--account]: per-account IMAP + (RW) SMTP connectivity/auth checks via new mail.CheckIMAP/CheckSMTP (connect+auth only, no mail). Exit non-zero on any failure; secrets never printed. - store.UpdateAccount: partial edit, re-encrypts password/secrets only when a non-empty value is supplied (blank keeps existing). RecentAuditFor(account). - config set/get (validates audit_retention_days), audit list [--account][--limit], account edit (flag partial-update) / remove [--yes]. - internal/tui: bubbletea AccountForm with pure, fully-tested Fields (validation + store.Account assembly + edit prefill). init / bare `account add` / `account edit --name X` drop into the TUI; flag forms remain for scripting. Built test-first; full suite green incl -race. Validated live against the mxlogin (password) and Gmail (app-password) accounts. Live validation caught a real bug: doctor authenticated with empty passwords because it iterated ListAccounts (which strips secrets) — fixed to re-fetch via GetAccount, locked in by a regression test. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package mail
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
|
|
"github.com/emersion/go-sasl"
|
|
"github.com/emersion/go-smtp"
|
|
)
|
|
|
|
// CheckIMAP verifies that the IMAP endpoint connects and the credentials
|
|
// authenticate, then logs out. It transfers no mail. A nil return means the
|
|
// account can read.
|
|
func CheckIMAP(cfg IMAPConfig) error {
|
|
c, err := Dial(cfg) // Dial connects and logs in
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return c.Logout()
|
|
}
|
|
|
|
// CheckSMTP verifies that the SMTP endpoint connects and the credentials
|
|
// authenticate (SASL PLAIN), then quits. It sends no mail. A nil return means
|
|
// the account can send.
|
|
func CheckSMTP(cfg SMTPConfig) error {
|
|
addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
|
|
tlsConf := &tls.Config{ServerName: cfg.Host}
|
|
|
|
var (
|
|
c *smtp.Client
|
|
err error
|
|
)
|
|
switch cfg.Security {
|
|
case "tls":
|
|
c, err = smtp.DialTLS(addr, tlsConf)
|
|
case "starttls":
|
|
c, err = smtp.DialStartTLS(addr, tlsConf)
|
|
default:
|
|
return fmt.Errorf("unknown smtp security %q", cfg.Security)
|
|
}
|
|
if err != nil {
|
|
return fmt.Errorf("smtp connect: %w", err)
|
|
}
|
|
defer c.Close()
|
|
|
|
if err := c.Auth(sasl.NewPlainClient("", cfg.Username, cfg.Password)); err != nil {
|
|
return fmt.Errorf("smtp auth: %w", err)
|
|
}
|
|
return c.Quit()
|
|
}
|