Centralise load and save of password into functions #141

Read and write password with new `load_password()` and `save_password()` functions.
This makes it easier for others to override password handling with minimal changes.

transcrypt

@@ -23,6 +23,21 @@ readonly DEFAULT_CIPHER='aes-256-cbc'
 
 ##### FUNCTIONS
 
+# load encryption password
+# by default is stored in git config, modify this function to move elsewhere
+load_password() {
+	local password
+	password=$(git config --get --local transcrypt.password)
+	echo "$password"
+}
+
+# save encryption password
+# by default is stored in git config, modify this function to move elsewhere
+save_password() {
+	local password=$1
+	git config transcrypt.password "$password"
+}
+
 # print a canonicalized absolute pathname
 realpath() {
 	local path=$1
@@ -136,7 +151,7 @@ git_clean() {
 		cat "$tempfile"
 	else
 		cipher=$(git config --get --local transcrypt.cipher)
-		password=$(git config --get --local transcrypt.password)
+		password=$(load_password)
 		openssl_path=$(git config --get --local transcrypt.openssl-path)
 		salt=$("${openssl_path}" dgst -hmac "${filename}:${password}" -sha256 "$tempfile" | tr -d '\r\n' | tail -c16)
 
@@ -160,7 +175,7 @@ git_smudge() {
 	tempfile=$(mktemp 2>/dev/null || mktemp -t tmp)
 	trap 'rm -f "$tempfile"' EXIT
 	cipher=$(git config --get --local transcrypt.cipher)
-	password=$(git config --get --local transcrypt.password)
+	password=$(load_password)
 	openssl_path=$(git config --get --local transcrypt.openssl-path)
 	tee "$tempfile" | ENC_PASS=$password "$openssl_path" enc -d "-${cipher}" -md MD5 -pass env:ENC_PASS -a 2>/dev/null || cat "$tempfile"
 }
@@ -172,7 +187,7 @@ git_textconv() {
 		return
 	fi
 	cipher=$(git config --get --local transcrypt.cipher)
-	password=$(git config --get --local transcrypt.password)
+	password=$(load_password)
 	openssl_path=$(git config --get --local transcrypt.openssl-path)
 	ENC_PASS=$password "$openssl_path" enc -d "-${cipher}" -md MD5 -pass env:ENC_PASS -a -in "$filename" 2>/dev/null || cat "$filename"
 }
@@ -511,7 +526,7 @@ save_configuration() {
 	# write the encryption info
 	git config transcrypt.version "$VERSION"
 	git config transcrypt.cipher "$cipher"
-	git config transcrypt.password "$password"
+	save_password "$password"
 	git config transcrypt.openssl-path "$openssl_path"
 
 	# write the filter settings. Sorry for the horrific quote escaping below...
@@ -538,7 +553,7 @@ display_configuration() {
 	local current_cipher
 	current_cipher=$(git config --get --local transcrypt.cipher)
 	local current_password
-	current_password=$(git config --get --local transcrypt.password)
+	current_password=$(load_password)
 	local escaped_password=${current_password//\'/\'\\\'\'}
 
 	printf 'The current repository was configured using transcrypt version %s\n' "$CONFIGURED"
@@ -743,7 +758,7 @@ upgrade_transcrypt() {
 
 	# Keep current cipher and password
 	cipher=$(git config --get --local transcrypt.cipher)
-	password=$(git config --get --local transcrypt.password)
+	password=$(load_password)
 	# Keep current openssl-path, or set to default if no existing value
 	openssl_path=$(git config --get --local transcrypt.openssl-path 2>/dev/null || printf '%s' "$openssl_path")
 
@@ -822,7 +837,7 @@ export_gpg() {
 	local current_cipher
 	current_cipher=$(git config --get --local transcrypt.cipher)
 	local current_password
-	current_password=$(git config --get --local transcrypt.password)
+	current_password=$(load_password)
 	mkdir -p "${CRYPT_DIR}"
 
 	local gpg_encrypt_cmd="gpg --batch --recipient $gpg_recipient --trust-model always --yes --armor --quiet --encrypt -"