updated readme and small cleanup

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "plexpass"
-version = "0.2.0"
+version = "0.3.0"
 authors = ["bhatti"]
 edition = "2021"
 

README.md

@@ -78,6 +78,8 @@ Symmetric keys are employed for the encryption and decryption of data, while asy
 
 The following section delineates the domain model crafted for implementing a password manager:
 
+![](https://raw.githubusercontent.com/bhatti/PlexPass/main/docs/class_diagram.png)
+
 ### 4.1 User
 
 A user refers to any individual utilizing the password manager, which may include family members or other users. The accounts information corresponding to each user is secured with a unique key, generated by combining the user’s master password with a device-specific pepper key.
@@ -248,10 +250,10 @@ Data repositories act as the intermediary layer between the underlying database
 
 Each repository typically adheres to a common Repository interface, ensuring consistency and predictability across different data models. Additionally, they may include bespoke methods that cater to specific requirements of the data they handle. Leveraging Rust’s Diesel library, these repositories enable seamless interactions with relational databases like SQLite, facilitating the efficient execution of complex queries and ensuring the integrity and performance of data operations within the system.
 
-### 6.1 Encryption Implementation with Repositories
-
 ## 7.0 Domain Services
 -------------------
+Following diagram illustrates major components of the PlexPass application:
+![](https://raw.githubusercontent.com/bhatti/PlexPass/main/docs/components.png)
 
 The heart of the password manager’s functionality is orchestrated by domain services, each tailored to execute a segment of the application’s core business logic by interacting with data repository interfaces. These services encompass a diverse range of operations integral to the password manager such as:
 
@@ -827,9 +829,6 @@ PlexPass supports multi-factor authentication using [One-Time-Password](https://
 Once you registered the security key, you will be prompted for multi-factor authentication as follows:
 ![](https://raw.githubusercontent.com/bhatti/PlexPass/main/docs/signin_mfa.png)
 
-Note: When registering a security key, PlexPass will also display recovery codes to reset multi-factor authentication if you lose your security key and multi-factor authentication will allow you to enter those instead, e.g:
-![](https://raw.githubusercontent.com/bhatti/PlexPass/main/docs/signin_recover.png)
-
 When you have activated multi-factor authenticaion, the command-line tools and REST API will require passing an OTP code that can viewed in the Settings section of the Web application. Alternatively, you 
 can capture the secret key from the Web application and then generate OTP code as follows:
 ```bash
@@ -2135,7 +2134,7 @@ You can generate otp for a particular account using based on CLI as follows:
 or using secret as follows:
 
 ```bash
-./target/release/plexpass -j true --master-username eddie --master-password *** generate-account-otp --otp-secret "JBSWY3DPEHPK3PXP"
+./target/release/plexpass -j true --master-username eddie --master-password *** generate-otp --otp-secret "JBSWY3DPEHPK3PXP"
 ```
 
 An OTP is also defined automatically for each user and You can generate otp for the user using based on CLI as follows:
@@ -2154,6 +2153,15 @@ curl -v -k --header "Content-Type: application/json; charset=UTF-8"
     https://localhost:8443/api/v1/vaults/$vault_id/accounts/$account_id
 ```
 
+
+You can generate an otp for a specific account using:
+
+```bash
+curl -v -k --header "Content-Type: application/json; charset=UTF-8" 
+	--header "Authorization: Bearer $AUTH_TOKEN" 
+    https://localhost:8443/api/v1/accounts/{account-id}/otp/generate 
+```
+
 or, generate otp using a secret
 
 ```bash
@@ -2185,7 +2193,74 @@ docker run -e DEVICE_PEPPER_KEY=$DEVICE_PEPPER_KEY -e RUST_BACKTRACE=1
 	-e DATA_DIR=/data -v $PARENT_DIR/PlexPassData:/data plexpass -j true  --master-username eddie --master-password *** generate-user-otp
 ```
 
-### 11.33 Security Dashboad and Auditing
+### 11.33 Resetting multi-factor authentication
+
+PlexPass Web application allows registering security keys for multi-factor authentication but you can reset it using recovery codes as follows:
+
+#### 11.33.1 Command Line
+
+You can reset multi-factor authentication using based on CLI as follows:
+
+First retrieve otp-code based on user's otp-secret (that can be viewed in the Web UI or from previous API/CLI):
+```bash
+otp=`./target/release/plexpass -j true generate-otp --otp-secret ***|jq '.otp_code'`
+```
+
+Then use the otp and recovery-code to reset the multi-factor-authentication as follows
+
+```bash
+./target/release/plexpass -j true --master-username charlie --master-password *** --otp-code $otp reset-multi-factor-authentication --recovery-code ***
+```
+
+#### 11.33.2 REST API
+
+First generate OTP with otp-secret such as:
+
+```bash
+curl -k --header "Content-Type: application/json; charset=UTF-8" https://localhost:8443/api/v1/otp/generate -d '{"otp_secret": "**"}'
+```
+which would return otp, e.g.,
+```json
+{"otp_code":361509}
+```
+
+Then signin with username, password and otp-code:
+```bash
+curl -v -k https://localhost:8443/api/v1/auth/signin 
+	--header "Content-Type: application/json; charset=UTF-8" 
+    -d '{"username": "bob", "master_password": "**", "otp_code": 123}'
+```
+
+The signin API will return access token in the response header and you can then use it for resetting multi-factor settings:
+```bash
+curl -v -k --header "Content-Type: application/json; charset=UTF-8" 
+	--header "Authorization: Bearer $AUTH_TOKEN" 
+    https://localhost:8443/api/v1/auth/reset_mfa -d '{"recovery_code": "***"}'
+```
+
+#### 11.33.3 Docker CLI
+
+First retrieve otp-code based on user's otp-secret (that can be viewed in the Web UI or from previous API/CLI):
+
+```bash
+otp=`docker run -e DEVICE_PEPPER_KEY=$DEVICE_PEPPER_KEY -e RUST_BACKTRACE=1 
+	-e DATA_DIR=/data -v $PARENT_DIR/PlexPassData:/data plexpass -j true generate-otp --otp-secret ***|jq '.otp_code'`
+```
+
+Then use the otp and recovery-code to reset the multi-factor-authentication as follows
+
+```bash
+docker run -e DEVICE_PEPPER_KEY=$DEVICE_PEPPER_KEY -e RUST_BACKTRACE=1 \
+	-e DATA_DIR=/data -v $PARENT_DIR/PlexPassData:/data plexpass -j true --master-username charlie --master-password *** \
+    --otp-code $otp reset-multi-factor-authentication --recovery-code ***
+```
+
+#### 11.33.4 Web UI
+When registering a security key, PlexPass will display recovery codes to reset multi-factor authentication if you lose your security key and you can reset in the Web application upon signin, e.g.,
+![](https://raw.githubusercontent.com/bhatti/PlexPass/main/docs/signin_recover.png)
+
+
+### 11.34 Security Dashboad and Auditing
 
 The PlexPass web application includes a security dashboard to monitor health of all passwords and allows users to view audit logs for all changes to their accounts, e.g.,
 
@@ -2217,4 +2292,5 @@ The design principles and architectural framework outlined above showcase PlexPa
 15.  **Control over Data**: Users have complete control over their data, including how it’s stored and backed up.
 16.  **Potentially Lower Risk of Service Shutdown**: Since the data is stored locally, the user’s access to their passwords is not contingent on the continued operation of a third-party service.
 17.  **Multi-Factor and Local Authentication**: PlexPass supports Multi-Factor Authentication based on One-Time-Passwords (OTP), FIDO, WebAuthN, and YubiKey for authentication.
+
 In summary, PlexPass, with its extensive features, represents a holistic and advanced approach to password management while adhering to the latest industry standards for secure access.