Fully automated login and serving process with 2FA

As mentioned in #35 , I'd like to change the current workflow (initialize -> input login, start again -> serve) to get it working without human input after deployment.

To achieve this, my quick guess is: if you always use the same pgp key, the protonmail-bridge will always provide the same smtp settings, but I haven't tried, since it will change the usage of this project completely.

Any other idea to achieve this?

[shenxn]

I've been planned this for a longer time but didn't have time to work on it. The main problem of the automatic workflow is 2FA. The docker pull and gpg key generation can take a long time and 2FA code will expire. Also, it does not make much sense to set 2FA code as an environmental variable. So my plan is actually provide automatic login for users without 2FA and keep the current option for users with 2FA. It'll be great if you're willing to work on it.

@shenxn Yes, 2FA is a thing, but can be handled in the login.exp script by waiting for user input, so we do not have to maintain two different login flow, wdyt?

[shenxn]

I have zero experience in except. It'll be great if you can have both handled in login.exp.

re: 2FA login

How about building a totp generator program (Its implementation is fairly simple, see code from totp-cli), and save it in the container image, when running the container, user just need to provide their totp-token as a environment variable, the totp generator will give expect script a otp code for login.

By this way we can achieve fully automated login for 2fa users, but the totp procedure is degraded as token not being stored in somewhere secure, there might be security concerns.

wdyt?

[simonfelding]

Cool idea, please make a PR if you can