5 files changed, 123 insertions, 1 deletions

diff --git a/bin/.gitignore b/bin/.gitignore
index 0bf030a8..024588e6 100644
--- a/bin/.gitignore
+++ b/bin/.gitignore
@@ -28,6 +28,7 @@ relay
 scheme
 scheme.h
 shotty
+sup
 tags
 title
 up
diff --git a/bin/Makefile b/bin/Makefile
index 42165827..d37aeb1b 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -38,6 +38,7 @@ BINS += psf2png
 BINS += ptee
 BINS += scheme
 BINS += shotty
+BINS += sup
 BINS += title
 BINS += up
 BINS += when
diff --git a/bin/README.7 b/bin/README.7
index 723845e2..d83eafe7 100644
--- a/bin/README.7
+++ b/bin/README.7
@@ -1,4 +1,4 @@
-.Dd January 19, 2021
+.Dd February 16, 2021
 .Dt BIN 7
 .Os "Causal Agency"
 .
@@ -66,6 +66,8 @@ IRC relay bot
 color scheme
 .It Xr shotty 1
 terminal capture
+.It Xr sup 1
+single-use passwords
 .It Xr title 1
 page titles
 .It Xr up 1
diff --git a/bin/man1/sup.1 b/bin/man1/sup.1
new file mode 100644
index 00000000..3607df11
--- /dev/null
+++ b/bin/man1/sup.1
@@ -0,0 +1,39 @@
+.Dd February 16, 2021
+.Dt SUP 1
+.Os
+.
+.Sh NAME
+.Nm sup
+.Nd single-use password
+.
+.Sh SYNOPSIS
+.Nm
+.Ar service
+.Op Ar email
+.
+.Sh DESCRIPTION
+The
+.Nm
+utility
+sets a random single-use password
+for a service using the
+.Dq forgot password
+or
+.Dq password reset
+flow.
+The password is copied to the clipboard
+and the service login page is opened.
+The
+.Nm
+utility requires
+.Xr curl 1 ,
+.Xr git-fetch-email 1 ,
+.Xr openssl 1 ,
+.Xr pbcopy 1
+and
+.Xr open 1 .
+.
+.Pp
+The following services are supported:
+.Cm discogs ,
+.Cm lobsters .
diff --git a/bin/sup.sh b/bin/sup.sh
new file mode 100644
index 00000000..457f9047
--- /dev/null
+++ b/bin/sup.sh
@@ -0,0 +1,79 @@
+#!/bin/sh
+set -eu
+
+service=$1
+email=${2:-$(git config fetchemail.imapUser)}
+
+generate() {
+	openssl rand -base64 33
+}
+copy() {
+	printf '%s' "$1" | pbcopy
+}
+
+discogs() {
+	echo 'Submitting form...'
+	curl -Ss -X POST \
+		-F "email=${email}" -F 'Action.EmailResetInstructions=submit' \
+		'https://www.discogs.com/users/forgot_password' \
+		>/dev/null
+	echo 'Waiting for email...'
+	url=$(
+		git fetch-email -i -M Trash \
+			-F 'noreply@discogs.com' -T "${email}" \
+			-S 'Discogs Account Password Reset Instructions' |
+		sed -n 's/^To proceed, follow the instructions here: \(.*\)/\1/p'
+	)
+	echo 'Fetching token...'
+	token=$(curl -ISs "${url}" | sed -n 's/.*[?]token=\([^&]*\).*/\1/p')
+	password=$(generate)
+	echo 'Setting password...'
+	curl -Ss -X POST \
+		-F "token=${token}" \
+		-F "password0=${password}" -F "password1=${password}" \
+		-F 'Action.ChangePassword=submit' \
+		'https://www.discogs.com/users/forgot_password' \
+		>/dev/null
+	copy "${password}"
+	open 'https://discogs.com/login'
+}
+
+lobsters() {
+	: ${lobstersBase:=https://lobste.rs}
+	: ${lobstersFrom:=nobody@lobste.rs}
+	echo 'Fetching CSRF token...'
+	csrf=$(
+		curl -Ss "${lobstersBase}/login/forgot_password" |
+		sed -n 's/.*name="authenticity_token" value="\([^"]*\)".*/\1/p'
+	)
+	echo 'Submitting form...'
+	curl -Ss -X POST \
+		-F "authenticity_token=${csrf}" \
+		-F "email=${email}" -F 'commit=submit' \
+		"${lobstersBase}/login/reset_password" \
+		>/dev/null
+	echo 'Waiting for email...'
+	token=$(
+		git fetch-email -i -M Trash \
+			-F "${lobstersFrom}" -T "${email}" \
+			-S 'Reset your password' |
+		sed -n 's|^https://.*[?]token=\(.*\)|\1|p'
+	)
+	echo 'Fetching CSRF token...'
+	csrf=$(
+		curl -Ss "${lobstersBase}/login/set_new_password?token=${token}" |
+		sed -n 's/.*name="authenticity_token" value="\([^"]*\)".*/\1/p'
+	)
+	password=$(generate)
+	echo 'Setting password...'
+	curl -Ss -X POST \
+		-F "authenticity_token=${csrf}" -F "token=${token}" \
+		-F "password=${password}" -F "password_confirmation=${password}" \
+		-F 'commit=submit' \
+		"${lobstersBase}/login/set_new_password" \
+		>/dev/null
+	copy "${password}"
+	open "${lobstersBase}/login"
+}
+
+$service