From 9701946c6e037fabf033f18597f94bf05dfbf09f Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Tue, 11 Nov 2025 17:35:26 -0600 Subject: fix: Resolve Google Calendar password prompts via advice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixed oauth2-auto.el caching bug using Emacs advice system (survives updates). Root Cause: - oauth2-auto version 20250624.1919 has `or nil` on line 206 - This completely disables the internal hash-table cache - Every org-gcal sync requires decrypting oauth2-auto.plist from disk - GPG passphrase prompted every ~15 minutes (violated "Frictionless" value) The Fix (via advice): - Created cj/oauth2-auto--plstore-read-fixed with cache enabled - Applied as :override advice to oauth2-auto--plstore-read - Survives package updates (unlike direct modification) - Can be easily removed if upstream fixes the bug Changes: - modules/auth-config.el: * Added cj/oauth2-auto--plstore-read-fixed (lines 75-93) * Applied advice on package load (lines 96-98) * Added cj/clear-oauth2-auto-cache helper * Documented fix in commentary (lines 16-22) - todo.org: Mark #A priority task as DONE - docs/oauth2-auto-cache-fix.md: Detailed documentation Result: - Passphrase prompted ONCE per Emacs session (on cold start) - Subsequent org-gcal syncs use cached tokens (no prompts) - Workflow now frictionless as intended - Fix persists across package updates Upstream: - Bug acknowledged in code: "Assume cache is invalidated. FIXME" - Should report to: https://github.com/rhaps0dy/emacs-oauth2-auto - Simple fix: Remove `or nil` on line 206 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- modules/auth-config.el | 58 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) (limited to 'modules/auth-config.el') diff --git a/modules/auth-config.el b/modules/auth-config.el index c3000f7f..52032c2a 100644 --- a/modules/auth-config.el +++ b/modules/auth-config.el @@ -7,11 +7,19 @@ ;; • auth-source ;; – Forces use of your default authinfo file -;; – Disable external GPG agent in favor of Emacs’s own prompt +;; – Disable external GPG agent in favor of Emacs's own prompt ;; – Enable auth-source debug messages ;; • Easy PG Assistant (epa) -;; – Force using the ‘gpg2’ executable for encryption/decryption operations +;; – Force using the 'gpg2' executable for encryption/decryption operations + +;; • oauth2-auto cache fix (via advice) +;; – oauth2-auto version 20250624.1919 has caching bug on line 206 +;; – Function oauth2-auto--plstore-read has `or nil` disabling cache +;; – This caused GPG passphrase prompts every ~15 minutes during gcal-sync +;; – Fix: Advice to enable hash-table cache without modifying package +;; – Works across package updates +;; – Fixed 2025-11-11 ;;; Code: @@ -59,6 +67,36 @@ ;; Allow gpg-agent to cache the passphrase (400 days per gpg-agent.conf) (setq plstore-encrypt-to nil)) ;; Use symmetric encryption, not key-based +;; ----------------------------- oauth2-auto Cache Fix ----------------------------- +;; Fix oauth2-auto caching bug that causes repeated GPG passphrase prompts. +;; The package has `or nil` on line 206 that disables its internal cache. +;; This advice overrides the buggy function to enable caching properly. + +(defun cj/oauth2-auto--plstore-read-fixed (username provider) + "Fixed version of oauth2-auto--plstore-read that enables caching. + +This is a workaround for oauth2-auto.el bug where line 206 has: + (or nil ;(gethash id oauth2-auto--plstore-cache) +which completely disables the internal hash-table cache. + +This function re-implements the intended behavior with cache enabled." + (require 'oauth2-auto) ; Ensure package is loaded + (let ((id (oauth2-auto--compute-id username provider))) + ;; Check cache FIRST (this is what the original should do) + (or (gethash id oauth2-auto--plstore-cache) + ;; Cache miss - read from plstore and cache the result + (let ((plstore (plstore-open oauth2-auto-plstore))) + (unwind-protect + (puthash id + (cdr (plstore-get plstore id)) + oauth2-auto--plstore-cache) + (plstore-close plstore)))))) + +;; Apply the fix via advice (survives package updates) +(with-eval-after-load 'oauth2-auto + (advice-add 'oauth2-auto--plstore-read :override #'cj/oauth2-auto--plstore-read-fixed) + (message "✓ oauth2-auto cache fix applied via advice")) + ;; ------------------------ Authentication Reset Utility ----------------------- (defun cj/reset-auth-cache (&optional include-gpg-agent) @@ -112,6 +150,22 @@ The gpg-agent will automatically restart on the next GPG operation." (message "✓ gpg-agent killed. It will restart automatically on next use.") (message "⚠ Warning: Failed to kill gpg-agent")))) +(defun cj/clear-oauth2-auto-cache () + "Clear the oauth2-auto in-memory token cache. + +This forces oauth2-auto to re-read tokens from oauth2-auto.plist on next +access. Useful when OAuth tokens have been manually updated or after +re-authentication. + +Note: This only clears Emacs's in-memory cache. The oauth2-auto.plist +file on disk is not modified." + (interactive) + (if (boundp 'oauth2-auto--plstore-cache) + (progn + (clrhash oauth2-auto--plstore-cache) + (message "✓ oauth2-auto token cache cleared")) + (message "⚠ oauth2-auto not loaded yet"))) + ;; Keybindings (with-eval-after-load 'keybindings (keymap-set cj/custom-keymap "A" #'cj/reset-auth-cache)) -- cgit v1.2.3