From a59d1ca2c60fbfeb18857938ad1f651f9cde7e74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20DOUIN?= <clement.douin@posteo.net>
Date: Sat, 30 Dec 2023 22:38:25 +0100
Subject: [PATCH] refactor imap and smtp encryption options

---
 CHANGELOG.md       | 18 +++++++++++++-----
 Cargo.lock         |  2 +-
 config.sample.toml | 18 +++++++++---------
 src/imap/wizard.rs | 24 +++++++++++-------------
 src/smtp/wizard.rs | 24 +++++++++++-------------
 5 files changed, 45 insertions(+), 41 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe1eb00..000fc65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -62,11 +62,19 @@ Few major concepts changed:
 - Moved `sync` config option to `sync.enable`.
 - Moved `sync-dir` config option to `sync.dir`.
 - Moved `sync-folders-strategy` config option to `sync.strategy`.
-- Moved `maildir-*` config option to `maildir.*`.
-- Moved `imap-*` config option to `imap.*`.
-- Moved `notmuch-*` config option to `notmuch.*`.
-- Moved `sendmail-*` config option to `sendmail.*`.
-- Moved `smtp-*` config option to `smtp.*`.
+- Moved `maildir-*` config options to `maildir.*`.
+- Moved `imap-*` config options to `imap.*`.
+- Moved `notmuch-*` config options to `notmuch.*`.
+- Moved `sendmail-*` config options to `sendmail.*`.
+- Moved `smtp-*` config options to `smtp.*`.
+- Replaced options `imap-ssl`, `imap-starttls` and `imap-insecure` by `imap.encryption`:
+  - `imap.encryption = "tls" | true`: use required encryption (SSL/TLS)
+  - `imap.encryption = "start-tls"`: use opportunistic encryption (StartTLS)
+  - `imap.encryption = "none" | false`: do not use any encryption
+- Replaced options `smtp-ssl`, `smtp-starttls` and `smtp-insecure` by `smtp.encryption`:
+  - `smtp.encryption = "tls" | true`: use required encryption (SSL/TLS)
+  - `smtp.encryption = "start-tls"`: use opportunistic encryption (StartTLS)
+  - `smtp.encryption = "none" | false`: do not use any encryption
 
 ### Removed
 
diff --git a/Cargo.lock b/Cargo.lock
index 3df4646..dc5dddc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1217,7 +1217,7 @@ dependencies = [
 [[package]]
 name = "email-lib"
 version = "0.18.5"
-source = "git+https://git.sr.ht/~soywod/pimalaya#42b67fa72d4010c8b2ec6b89a8c2498ae7a53637"
+source = "git+https://git.sr.ht/~soywod/pimalaya#39833ce0d2c4b3a99977419dd0211f62dcb4a0bd"
 dependencies = [
  "advisory-lock",
  "anyhow",
diff --git a/config.sample.toml b/config.sample.toml
index 021dcfb..e61c902 100644
--- a/config.sample.toml
+++ b/config.sample.toml
@@ -61,18 +61,20 @@ message.send.save-copy = true
 imap.host = "localhost"
 imap.port = 3143
 imap.login = "example@localhost"
-imap.ssl = false
-imap.starttls = false
-imap.insecure = true
-imap.auth = "passwd" # or oauth2
 
-# Get password from the raw string (not safe)
+# Encryption can be either "tls" (or true), "start-tls" or "none" (or false).
+imap.encryption = "none"
+
+# Authentication can be either "passwd" or "oauth2"
+imap.auth = "passwd"
+
+# Get password from a raw string (not safe)
 imap.passwd.raw = "password"
 
 # Get password from a shell command
 # imap.passwd.cmd = "echo password"
 
-# Get password from your system keyring using secret service
+# Get password from your global system keyring using secret service
 # Keyring secrets can be (re)set with the command `account configure example`
 # imap.passwd.keyring = "example-imap-password"
 
@@ -84,9 +86,7 @@ imap.passwd.raw = "password"
 smtp.host = "localhost"
 smtp.port = 3025
 smtp.login = "example@localhost"
-smtp.ssl = false
-smtp.starttls = false
-smtp.insecure = true
+smtp.encryption = false
 smtp.auth = "passwd"
 smtp.passwd.raw = "password"
 
diff --git a/src/imap/wizard.rs b/src/imap/wizard.rs
index 75674eb..bd6c951 100644
--- a/src/imap/wizard.rs
+++ b/src/imap/wizard.rs
@@ -5,7 +5,7 @@ use email::{
         oauth2::{OAuth2Config, OAuth2Method, OAuth2Scopes},
         passwd::PasswdConfig,
     },
-    imap::config::{ImapAuthConfig, ImapConfig},
+    imap::config::{ImapAuthConfig, ImapConfig, ImapEncryptionKind},
 };
 use oauth::v2_0::{AuthorizationCodeGrant, Client};
 use secret::Secret;
@@ -16,10 +16,11 @@ use crate::{
     wizard_log, wizard_prompt,
 };
 
-const SSL_TLS: &str = "SSL/TLS";
-const STARTTLS: &str = "STARTTLS";
-const NONE: &str = "None";
-const PROTOCOLS: &[&str] = &[SSL_TLS, STARTTLS, NONE];
+const PROTOCOLS: &[ImapEncryptionKind] = &[
+    ImapEncryptionKind::Tls,
+    ImapEncryptionKind::StartTls,
+    ImapEncryptionKind::None,
+];
 
 const PASSWD: &str = "Password";
 const OAUTH2: &str = "OAuth 2.0";
@@ -49,19 +50,16 @@ pub(crate) async fn configure(account_name: &str, email: &str) -> Result<Backend
         .interact_opt()?;
 
     let default_port = match protocol {
-        Some(idx) if PROTOCOLS[idx] == SSL_TLS => {
-            config.ssl = Some(true);
-            config.starttls = Some(false);
+        Some(idx) if PROTOCOLS[idx] == ImapEncryptionKind::Tls => {
+            config.encryption = Some(ImapEncryptionKind::Tls);
             993
         }
-        Some(idx) if PROTOCOLS[idx] == STARTTLS => {
-            config.ssl = Some(false);
-            config.starttls = Some(true);
+        Some(idx) if PROTOCOLS[idx] == ImapEncryptionKind::StartTls => {
+            config.encryption = Some(ImapEncryptionKind::StartTls);
             143
         }
         _ => {
-            config.ssl = Some(false);
-            config.starttls = Some(false);
+            config.encryption = Some(ImapEncryptionKind::None);
             143
         }
     };
diff --git a/src/smtp/wizard.rs b/src/smtp/wizard.rs
index bbc199b..5043a36 100644
--- a/src/smtp/wizard.rs
+++ b/src/smtp/wizard.rs
@@ -5,7 +5,7 @@ use email::{
         oauth2::{OAuth2Config, OAuth2Method, OAuth2Scopes},
         passwd::PasswdConfig,
     },
-    smtp::config::{SmtpAuthConfig, SmtpConfig},
+    smtp::config::{SmtpAuthConfig, SmtpConfig, SmtpEncryptionKind},
 };
 use oauth::v2_0::{AuthorizationCodeGrant, Client};
 use secret::Secret;
@@ -16,10 +16,11 @@ use crate::{
     wizard_log, wizard_prompt,
 };
 
-const SSL_TLS: &str = "SSL/TLS";
-const STARTTLS: &str = "STARTTLS";
-const NONE: &str = "None";
-const PROTOCOLS: &[&str] = &[SSL_TLS, STARTTLS, NONE];
+const PROTOCOLS: &[SmtpEncryptionKind] = &[
+    SmtpEncryptionKind::Tls,
+    SmtpEncryptionKind::StartTls,
+    SmtpEncryptionKind::None,
+];
 
 const PASSWD: &str = "Password";
 const OAUTH2: &str = "OAuth 2.0";
@@ -49,19 +50,16 @@ pub(crate) async fn configure(account_name: &str, email: &str) -> Result<Backend
         .interact_opt()?;
 
     let default_port = match protocol {
-        Some(idx) if PROTOCOLS[idx] == SSL_TLS => {
-            config.ssl = Some(true);
-            config.starttls = Some(false);
+        Some(idx) if PROTOCOLS[idx] == SmtpEncryptionKind::Tls => {
+            config.encryption = Some(SmtpEncryptionKind::Tls);
             465
         }
-        Some(idx) if PROTOCOLS[idx] == STARTTLS => {
-            config.ssl = Some(false);
-            config.starttls = Some(true);
+        Some(idx) if PROTOCOLS[idx] == SmtpEncryptionKind::StartTls => {
+            config.encryption = Some(SmtpEncryptionKind::StartTls);
             587
         }
         _ => {
-            config.ssl = Some(false);
-            config.starttls = Some(false);
+            config.encryption = Some(SmtpEncryptionKind::None);
             25
         }
     };