mirror/emacs
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-11-21 06:55:39 +00:00
Code Issues Releases Activity

Disable auth-source-pass-extra-query-keywords by default

Browse Source 
* doc/misc/auth.texi: Mention subdomain matching in
`auth-source-pass-extra-query-keywords' section.
* etc/NEWS: Mention the loss of traditional auth-source-pass features
when `auth-source-pass-extra-query-keywords' is enabled.
* lisp/auth-source-pass (auth-source-pass-extra-query-keywords): Set
default to nil.  Mention domain matching in doc string.
(auth-source-pass--match-regexp): Allow username to contain "@".
* lisp/erc/erc-compat.el:
(erc-compat--29-auth-source-pass--retrieve-parsed): Adjust regexp.
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-extra-query-keywords--suffixed-user): make plain
username more email-like.
(Bug#58985.)
This commit is contained in:
F. Jason Park 2022-11-24 21:03:03 -08:00
parent 94a8a8c4fe
commit 3d02c8aabf
5 changed files with 26 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/misc/auth.texi
View File

@ -560,11 +560,12 @@ favors the @samp{rms@@gnu.org.gpg} form for usernames over the
param was provided.
In general, if you prefer idiosyncrasies traditionally exhibited by
this backend, such as prioritizing field count in a filename, try
setting this option to @code{nil}. But, if you experience problems
predicting the outcome of searches relative to other auth-source
backends or encounter code expecting to query multiple backends
uniformly, try flipping it back to @code{t} (the default).
this backend, such as prioritizing field count in a filename or
matching against subdomain labels, keep this option set to @code{nil}
(the default). But, if you experience problems predicting the outcome
of searches relative to other auth-source backends or encounter code
expecting to query multiple backends uniformly, try flipping it to
@code{t}.
@end defvar
@node Help for developers

3
etc/NEWS
View File

@ -1410,7 +1410,8 @@ database stored on disk.
*** New user option 'auth-source-pass-extra-query-keywords'.
Whether to recognize additional keyword params, like ':max' and
':require', as well as accept lists of query terms paired with
applicable keywords.
applicable keywords. This disables most known behavioral quirks
unique to auth-source-pass, such as wildcard subdomain matching.
** Dired

9
lisp/auth-source-pass.el
View File

@ -55,12 +55,13 @@
:type 'string
:version "27.1")
(defcustom auth-source-pass-extra-query-keywords t
(defcustom auth-source-pass-extra-query-keywords nil
"Whether to consider additional keywords when performing a query.
Specifically, when the value is t, recognize the `:max' and
`:require' keywords and accept lists of query parameters for
certain keywords, such as `:host' and `:user'. Also, wrap all
returned secrets in a function and forgo any further results
certain keywords, such as `:host' and `:user'. Beyond that, wrap
all returned secrets in a function and don't bother considering
subdomains when matching hosts. Also, forgo any further results
filtering unless given an applicable `:require' argument. When
this option is nil, do none of that, and enact the narrowing
behavior described toward the bottom of the Info node `(auth) The
@ -110,7 +111,7 @@ HOSTS can be a string or a list of strings."
(defun auth-source-pass--match-regexp (s)
(rx-to-string ; autoloaded
`(: (or bot "/")
(or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@")
(or (: (? (group-n 20 (+ (not (in ?\ ?/ ,s)))) "@")
(group-n 10 (+ (not (in ?\ ?/ ?@ ,s))))
(? ,s (group-n 30 (+ (not (in ?\ ?/ ,s))))))
(: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s))))

2
lisp/erc/erc-compat.el
View File

@ -176,7 +176,7 @@ If START or END is negative, it counts from the end."
;; This hard codes `auth-source-pass-port-separator' to ":"
(defun erc-compat--29-auth-source-pass--retrieve-parsed (seen e port-number-p)
(when (string-match (rx (or bot "/")
(or (: (? (group-n 20 (+ (not (in " /@")))) "@")
(or (: (? (group-n 20 (+ (not (in " /:")))) "@")
(group-n 10 (+ (not (in " /:@"))))
(? ":" (group-n 30 (+ (not (in " /:"))))))
(: (group-n 11 (+ (not (in " /:@"))))

24
test/lisp/auth-source-pass-tests.el
View File

@ -697,29 +697,29 @@ machine Libera.Chat password b
;; with slightly more realistic and less legible values.
(ert-deftest auth-source-pass-extra-query-keywords--suffixed-user ()
(let ((store (sort (copy-sequence '(("x.com:42/bar" (secret . "a"))
("bar@x.com" (secret . "b"))
(let ((store (sort (copy-sequence '(("x.com:42/b@r" (secret . "a"))
("b@r@x.com" (secret . "b"))
("x.com" (secret . "?"))
("bar@y.org" (secret . "c"))
("b@r@y.org" (secret . "c"))
("fake.com" (secret . "?"))
("fake.com/bar" (secret . "d"))
("y.org/bar" (secret . "?"))
("bar@fake.com" (secret . "e"))))
("fake.com/b@r" (secret . "d"))
("y.org/b@r" (secret . "?"))
("b@r@fake.com" (secret . "e"))))
(lambda (&rest _) (zerop (random 2))))))
(auth-source-pass--with-store store
(auth-source-pass-enable)
(let* ((auth-source-pass-extra-query-keywords t)
(results (auth-source-search :host '("x.com" "fake.com" "y.org")
:user "bar"
:user "b@r"
:require '(:user) :max 5)))
(dolist (result results)
(setf (plist-get result :secret) (auth-info-password result)))
(should (equal results
'((:host "x.com" :user "bar" :secret "b")
(:host "x.com" :user "bar" :port "42" :secret "a")
(:host "fake.com" :user "bar" :secret "e")
(:host "fake.com" :user "bar" :secret "d")
(:host "y.org" :user "bar" :secret "c"))))))))
'((:host "x.com" :user "b@r" :secret "b")
(:host "x.com" :user "b@r" :port "42" :secret "a")
(:host "fake.com" :user "b@r" :secret "e")
(:host "fake.com" :user "b@r" :secret "d")
(:host "y.org" :user "b@r" :secret "c"))))))))
;; This is a more distilled version of `suffixed-user', above. It
;; better illustrates that search order takes precedence over "/user"