From 267821d95857ed51e2e5e23556884c383d94ca24 Mon Sep 17 00:00:00 2001
From: Shulhan <ms@kilabit.info>
Date: Tue, 30 Jan 2024 02:08:55 +0700
Subject: cli: ask for passphrase when removing or renaming label

Even though rename does not read the encrypted secret, as long as the
private key is in use, it should ask for passphrase.

The remove operation allow only the one that know the private key can
modify the issuer.
---
 cli.go      | 10 ++++++++++
 cli_test.go |  6 ++++++
 2 files changed, 16 insertions(+)

diff --git a/cli.go b/cli.go
index e3b6d77..34127ca 100644
--- a/cli.go
+++ b/cli.go
@@ -205,6 +205,11 @@ func (cli *Cli) Remove(label string) (err error) {
 		return fmt.Errorf(`%s: %q not exist`, logp, label)
 	}
 
+	err = cli.cfg.loadPrivateKey()
+	if err != nil {
+		return fmt.Errorf(`%s: %w`, logp, err)
+	}
+
 	delete(cli.cfg.Issuers, label)
 
 	err = cli.cfg.save()
@@ -285,6 +290,11 @@ func (cli *Cli) Rename(label, newLabel string) (err error) {
 		ok       bool
 	)
 
+	err = cli.cfg.loadPrivateKey()
+	if err != nil {
+		return fmt.Errorf(`%s: %w`, logp, err)
+	}
+
 	label = strings.TrimSpace(label)
 	label = strings.ToLower(label)
 	rawValue, ok = cli.cfg.Issuers[label]
diff --git a/cli_test.go b/cli_test.go
index 9b24196..2c57d58 100644
--- a/cli_test.go
+++ b/cli_test.go
@@ -415,6 +415,9 @@ func testGetWithPassphrase(t *testing.T, tdata *test.Data, cli *Cli) {
 }
 
 func testRemoveWithPassphrase(t *testing.T, tdata *test.Data, cli *Cli) {
+	var pass = string(tdata.Input[`gotp.pass`]) + "\r\n"
+	mockTermrw.BufRead.WriteString(pass)
+
 	var err = cli.Remove(`test-sha512`)
 	if err != nil {
 		t.Fatal(err)
@@ -427,6 +430,9 @@ func testRemoveWithPassphrase(t *testing.T, tdata *test.Data, cli *Cli) {
 
 // The Rename method does not require private key.
 func testRenameWithPassphrase(t *testing.T, tdata *test.Data, cli *Cli) {
+	var pass = string(tdata.Input[`gotp.pass`]) + "\r\n"
+	mockTermrw.BufRead.WriteString(pass)
+
 	var err = cli.Rename(`test-sha1`, `renamed-sha1`)
 	if err != nil {
 		t.Fatal(err)
-- 
cgit v1.3