2 files changed, 13 insertions, 8 deletions

diff --git a/src/actions.rs b/src/actions.rs
index 0402a10..10ce357 100644
--- a/src/actions.rs
+++ b/src/actions.rs
@@ -3,7 +3,7 @@ use crate::prelude::*;
 pub async fn login(
     email: &str,
     password: &crate::locked::Password,
-) -> Result<(String, u32, String)> {
+) -> Result<(String, u32, String, crate::locked::Keys)> {
     let client =
         crate::api::Client::new_self_hosted("https://bitwarden.tozt.net");
 
@@ -14,8 +14,16 @@ pub async fn login(
     let (access_token, _refresh_token, protected_key) = client
         .login(&identity.email, &identity.master_password_hash)
         .await?;
-
-    Ok((access_token, iterations, protected_key))
+    let protected_key_cs =
+        crate::cipherstring::CipherString::new(&protected_key)?;
+    let master_keys = protected_key_cs.decrypt_locked(&identity.keys)?;
+
+    Ok((
+        access_token,
+        iterations,
+        protected_key,
+        crate::locked::Keys::new(master_keys),
+    ))
 }
 
 pub async fn unlock(
diff --git a/src/bin/agent.rs b/src/bin/agent.rs
index d56e5a0..262a826 100644
--- a/src/bin/agent.rs
+++ b/src/bin/agent.rs
@@ -41,14 +41,11 @@ async fn login(
     let email = "bitwarden@tozt.net"; // XXX read from config
     let password =
         rbw::pinentry::getpin("prompt", "desc", tty).await.unwrap();
-    let (access_token, iterations, protected_key) =
+    let (access_token, iterations, protected_key, keys) =
         rbw::actions::login(email, &password).await.unwrap();
     state.access_token = Some(access_token);
     state.iterations = Some(iterations);
-    let keys =
-        rbw::actions::unlock(email, &password, iterations, protected_key)
-            .await
-            .unwrap();
+    state.protected_key = Some(protected_key);
     state.priv_key = Some(keys);
 
     send_response(sock, &rbw::agent::Response::Ack).await;