diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-03 19:40:17 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-03 19:40:17 -0500 |
| commit | e646995e940281e0ef575abc71532ac17f1b4fa9 (patch) | |
| tree | 57d9a63a073428a503eccb3e04823bca64cf741e /tests/test-auth-config-debug.el | |
| parent | 6a2539951416fd1ee2ad744090faf255031b71e7 (diff) | |
| download | dotemacs-e646995e940281e0ef575abc71532ac17f1b4fa9.tar.gz dotemacs-e646995e940281e0ef575abc71532ac17f1b4fa9.zip | |
fix: default auth-source debug logging to disabled
`auth-config.el` was setting `auth-source-debug` to t at startup. That meant every credential lookup printed verbose context to *Messages*. The flag was useful while debugging GPG flow but not appropriate for steady state, since the same config handles Slack, AI, REST, mail, and transcription credentials.
I added a `cj/auth-source-debug-enabled` defcustom (default nil) and wired the use-package block to read its value. For temporary troubleshooting I added two commands: `cj/set-auth-source-debug` (prompted on / off via `y-or-n-p`) and `cj/toggle-auth-source-debug` (M-x convenience).
I also scanned the nearby auth callers. The visible failure messages name hosts and logins but don't print secret values directly. So this change closes the practical exposure path without losing useful diagnostics.
I added `tests/test-auth-config-debug.el` covering the disabled-by-default invariant and the setter wiring through both public variables.
Diffstat (limited to 'tests/test-auth-config-debug.el')
| -rw-r--r-- | tests/test-auth-config-debug.el | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/test-auth-config-debug.el b/tests/test-auth-config-debug.el new file mode 100644 index 00000000..9b45f3fc --- /dev/null +++ b/tests/test-auth-config-debug.el @@ -0,0 +1,41 @@ +;;; test-auth-config-debug.el --- Tests for auth-source debug defaults -*- lexical-binding: t; -*- + +;;; Commentary: +;; Ensures credential lookup debug logging is opt-in. + +;;; Code: + +(require 'ert) +(require 'cl-lib) +(require 'auth-source) + +(add-to-list 'load-path (expand-file-name "modules" user-emacs-directory)) + +(defun test-auth-config-debug--load () + "Load auth-config while stubbing external process calls." + (setq cj/auth-source-debug-enabled nil) + (setq auth-source-debug :before-load) + (cl-letf (((symbol-function 'call-process) + (lambda (&rest _args) 0))) + (load (expand-file-name "modules/auth-config.el" user-emacs-directory) + nil t))) + +(ert-deftest test-auth-config-debug-defaults-to-disabled () + "Loading auth-config should leave auth-source debug logging disabled." + (test-auth-config-debug--load) + (should-not cj/auth-source-debug-enabled) + (should-not auth-source-debug)) + +(ert-deftest test-auth-config-debug-toggle-updates-auth-source () + "The troubleshooting toggle should update both public debug variables." + (test-auth-config-debug--load) + (cl-letf (((symbol-function 'message) (lambda (&rest _args) nil))) + (cj/set-auth-source-debug t) + (should cj/auth-source-debug-enabled) + (should auth-source-debug) + (cj/set-auth-source-debug nil) + (should-not cj/auth-source-debug-enabled) + (should-not auth-source-debug))) + +(provide 'test-auth-config-debug) +;;; test-auth-config-debug.el ends here |