[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 3d02c8aabf: Disable auth-source-pass-extra-query-keywords by defa
From: |
F. Jason Park |
Subject: |
master 3d02c8aabf: Disable auth-source-pass-extra-query-keywords by default |
Date: |
Fri, 25 Nov 2022 08:37:27 -0500 (EST) |
branch: master
commit 3d02c8aabfde88219dd8b6053a59de261308bc2f
Author: F. Jason Park <jp@neverwas.me>
Commit: F. Jason Park <jp@neverwas.me>
Disable auth-source-pass-extra-query-keywords by default
* doc/misc/auth.texi: Mention subdomain matching in
`auth-source-pass-extra-query-keywords' section.
* etc/NEWS: Mention the loss of traditional auth-source-pass features
when `auth-source-pass-extra-query-keywords' is enabled.
* lisp/auth-source-pass (auth-source-pass-extra-query-keywords): Set
default to nil. Mention domain matching in doc string.
(auth-source-pass--match-regexp): Allow username to contain "@".
* lisp/erc/erc-compat.el:
(erc-compat--29-auth-source-pass--retrieve-parsed): Adjust regexp.
* test/lisp/auth-source-pass-tests.el
(auth-source-pass-extra-query-keywords--suffixed-user): make plain
username more email-like.
(Bug#58985.)
---
doc/misc/auth.texi | 11 ++++++-----
etc/NEWS | 3 ++-
lisp/auth-source-pass.el | 9 +++++----
lisp/erc/erc-compat.el | 2 +-
test/lisp/auth-source-pass-tests.el | 24 ++++++++++++------------
5 files changed, 26 insertions(+), 23 deletions(-)
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index 872e5f88f5..83728be0a5 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -560,11 +560,12 @@ favors the @samp{rms@@gnu.org.gpg} form for usernames
over the
param was provided.
In general, if you prefer idiosyncrasies traditionally exhibited by
-this backend, such as prioritizing field count in a filename, try
-setting this option to @code{nil}. But, if you experience problems
-predicting the outcome of searches relative to other auth-source
-backends or encounter code expecting to query multiple backends
-uniformly, try flipping it back to @code{t} (the default).
+this backend, such as prioritizing field count in a filename or
+matching against subdomain labels, keep this option set to @code{nil}
+(the default). But, if you experience problems predicting the outcome
+of searches relative to other auth-source backends or encounter code
+expecting to query multiple backends uniformly, try flipping it to
+@code{t}.
@end defvar
@node Help for developers
diff --git a/etc/NEWS b/etc/NEWS
index 7b64752f46..0ffc849fec 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1410,7 +1410,8 @@ database stored on disk.
*** New user option 'auth-source-pass-extra-query-keywords'.
Whether to recognize additional keyword params, like ':max' and
':require', as well as accept lists of query terms paired with
-applicable keywords.
+applicable keywords. This disables most known behavioral quirks
+unique to auth-source-pass, such as wildcard subdomain matching.
** Dired
diff --git a/lisp/auth-source-pass.el b/lisp/auth-source-pass.el
index dc274843e1..74d3808448 100644
--- a/lisp/auth-source-pass.el
+++ b/lisp/auth-source-pass.el
@@ -55,12 +55,13 @@
:type 'string
:version "27.1")
-(defcustom auth-source-pass-extra-query-keywords t
+(defcustom auth-source-pass-extra-query-keywords nil
"Whether to consider additional keywords when performing a query.
Specifically, when the value is t, recognize the `:max' and
`:require' keywords and accept lists of query parameters for
-certain keywords, such as `:host' and `:user'. Also, wrap all
-returned secrets in a function and forgo any further results
+certain keywords, such as `:host' and `:user'. Beyond that, wrap
+all returned secrets in a function and don't bother considering
+subdomains when matching hosts. Also, forgo any further results
filtering unless given an applicable `:require' argument. When
this option is nil, do none of that, and enact the narrowing
behavior described toward the bottom of the Info node `(auth) The
@@ -110,7 +111,7 @@ HOSTS can be a string or a list of strings."
(defun auth-source-pass--match-regexp (s)
(rx-to-string ; autoloaded
`(: (or bot "/")
- (or (: (? (group-n 20 (+ (not (in ?\ ?/ ?@ ,s)))) "@")
+ (or (: (? (group-n 20 (+ (not (in ?\ ?/ ,s)))) "@")
(group-n 10 (+ (not (in ?\ ?/ ?@ ,s))))
(? ,s (group-n 30 (+ (not (in ?\ ?/ ,s))))))
(: (group-n 11 (+ (not (in ?\ ?/ ?@ ,s))))
diff --git a/lisp/erc/erc-compat.el b/lisp/erc/erc-compat.el
index 66a9a615e3..abbaafcd93 100644
--- a/lisp/erc/erc-compat.el
+++ b/lisp/erc/erc-compat.el
@@ -176,7 +176,7 @@ If START or END is negative, it counts from the end."
;; This hard codes `auth-source-pass-port-separator' to ":"
(defun erc-compat--29-auth-source-pass--retrieve-parsed (seen e port-number-p)
(when (string-match (rx (or bot "/")
- (or (: (? (group-n 20 (+ (not (in " /@")))) "@")
+ (or (: (? (group-n 20 (+ (not (in " /:")))) "@")
(group-n 10 (+ (not (in " /:@"))))
(? ":" (group-n 30 (+ (not (in " /:"))))))
(: (group-n 11 (+ (not (in " /:@"))))
diff --git a/test/lisp/auth-source-pass-tests.el
b/test/lisp/auth-source-pass-tests.el
index 6e6671efca..1107e09b51 100644
--- a/test/lisp/auth-source-pass-tests.el
+++ b/test/lisp/auth-source-pass-tests.el
@@ -697,29 +697,29 @@ machine Libera.Chat password b
;; with slightly more realistic and less legible values.
(ert-deftest auth-source-pass-extra-query-keywords--suffixed-user ()
- (let ((store (sort (copy-sequence '(("x.com:42/bar" (secret . "a"))
- ("bar@x.com" (secret . "b"))
+ (let ((store (sort (copy-sequence '(("x.com:42/b@r" (secret . "a"))
+ ("b@r@x.com" (secret . "b"))
("x.com" (secret . "?"))
- ("bar@y.org" (secret . "c"))
+ ("b@r@y.org" (secret . "c"))
("fake.com" (secret . "?"))
- ("fake.com/bar" (secret . "d"))
- ("y.org/bar" (secret . "?"))
- ("bar@fake.com" (secret . "e"))))
+ ("fake.com/b@r" (secret . "d"))
+ ("y.org/b@r" (secret . "?"))
+ ("b@r@fake.com" (secret . "e"))))
(lambda (&rest _) (zerop (random 2))))))
(auth-source-pass--with-store store
(auth-source-pass-enable)
(let* ((auth-source-pass-extra-query-keywords t)
(results (auth-source-search :host '("x.com" "fake.com" "y.org")
- :user "bar"
+ :user "b@r"
:require '(:user) :max 5)))
(dolist (result results)
(setf (plist-get result :secret) (auth-info-password result)))
(should (equal results
- '((:host "x.com" :user "bar" :secret "b")
- (:host "x.com" :user "bar" :port "42" :secret "a")
- (:host "fake.com" :user "bar" :secret "e")
- (:host "fake.com" :user "bar" :secret "d")
- (:host "y.org" :user "bar" :secret "c"))))))))
+ '((:host "x.com" :user "b@r" :secret "b")
+ (:host "x.com" :user "b@r" :port "42" :secret "a")
+ (:host "fake.com" :user "b@r" :secret "e")
+ (:host "fake.com" :user "b@r" :secret "d")
+ (:host "y.org" :user "b@r" :secret "c"))))))))
;; This is a more distilled version of `suffixed-user', above. It
;; better illustrates that search order takes precedence over "/user"
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- master 3d02c8aabf: Disable auth-source-pass-extra-query-keywords by default,
F. Jason Park <=