summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/ai-config.el14
-rw-r--r--modules/calendar-sync.el11
-rw-r--r--modules/slack-config.el11
-rw-r--r--modules/system-lib.el14
-rw-r--r--modules/transcription-config.el12
-rw-r--r--tests/test-ai-config-auth-source-secret.el27
-rw-r--r--tests/test-system-lib-auth-source-secret-value.el67
7 files changed, 123 insertions, 33 deletions
diff --git a/modules/ai-config.el b/modules/ai-config.el
index 8cf70ee4..fad43584 100644
--- a/modules/ai-config.el
+++ b/modules/ai-config.el
@@ -29,6 +29,7 @@
;;; Code:
(require 'keybindings) ;; provides cj/custom-keymap
+(require 'system-lib) ;; provides cj/auth-source-secret-value
(autoload 'cj/gptel-save-conversation "ai-conversations" "Save the AI conversation to a file." t)
(autoload 'cj/gptel-load-conversation "ai-conversations" "Load a saved AI conversation." t)
@@ -100,15 +101,12 @@ tools are reported with `message' and do not signal."
(cj/gptel-load-local-tools))
(defun cj/auth-source-secret (host user)
- "Fetch a secret from auth-source for HOST and USER.
+ "Fetch a required secret from auth-source for HOST and USER.
-HOST and USER must be strings that identify the credential to return."
- (let* ((found (auth-source-search :host host :user user :require '(:secret) :max 1))
- (secret (plist-get (car found) :secret)))
- (cond
- ((functionp secret) (funcall secret))
- ((stringp secret) secret)
- (t (error "No usable secret found for host %s and user %s" host user)))))
+HOST and USER must be strings that identify the credential to return.
+Errors when no secret is found."
+ (or (cj/auth-source-secret-value host user)
+ (error "No usable secret found for host %s and user %s" host user)))
(defun cj/anthropic-api-key ()
"Return the Anthropic API key, caching the result after first retrieval."
diff --git a/modules/calendar-sync.el b/modules/calendar-sync.el
index 9379b427..4ccb0917 100644
--- a/modules/calendar-sync.el
+++ b/modules/calendar-sync.el
@@ -71,7 +71,7 @@
(require 'cl-lib)
(require 'subr-x)
-(require 'auth-source)
+(require 'system-lib) ;; provides cj/auth-source-secret-value (leaf; no ai-config dep)
(require 'cj-org-text-lib)
(defun calendar-sync--log-silently (format-string &rest args)
@@ -1509,13 +1509,8 @@ An explicit :url wins. Otherwise :secret-host names an auth-source host
whose stored secret is the URL (kept in auth-source because the .ics URL
is itself a token)."
(or (plist-get calendar :url)
- (let ((host (plist-get calendar :secret-host)))
- (when host
- (let ((secret (plist-get (car (auth-source-search :host host :max 1))
- :secret)))
- ;; auth-source's netrc backend returns the secret as a function
- (cond ((functionp secret) (funcall secret))
- (secret secret)))))))
+ (when-let* ((host (plist-get calendar :secret-host)))
+ (cj/auth-source-secret-value host))))
(defun calendar-sync--sync-calendar-ics (calendar)
"Sync a single CALENDAR from its .ics feed asynchronously.
diff --git a/modules/slack-config.el b/modules/slack-config.el
index b51db444..e63b720a 100644
--- a/modules/slack-config.el
+++ b/modules/slack-config.el
@@ -34,7 +34,7 @@
;;; Code:
-(require 'auth-source)
+(require 'system-lib) ;; provides cj/auth-source-secret-value
(require 'cl-lib)
(defvar slack-current-buffer)
@@ -65,14 +65,7 @@
(defun cj/slack--get-credential (login-key)
"Look up LOGIN-KEY credential for the Slack workspace from auth-source."
- (let ((entry (car (auth-source-search :host cj/slack-workspace
- :user login-key
- :max 1))))
- (when entry
- (let ((secret (plist-get entry :secret)))
- (if (functionp secret)
- (funcall secret)
- secret)))))
+ (cj/auth-source-secret-value cj/slack-workspace login-key))
(defun cj/slack-start ()
"Connect to Slack, registering the team if needed."
diff --git a/modules/system-lib.el b/modules/system-lib.el
index 96159179..80175958 100644
--- a/modules/system-lib.el
+++ b/modules/system-lib.el
@@ -106,5 +106,19 @@ This does so without echoing in the minibuffer."
(insert (apply #'format format-string args))
(unless (bolp) (insert "\n")))))
+;; ------------------------------ Auth Source ----------------------------------
+
+(declare-function auth-source-search "auth-source")
+
+(defun cj/auth-source-secret-value (host &optional user)
+ "Return the auth-source secret for HOST, or nil when none is found.
+With USER, also match on the login. Resolves a function-valued secret
+\(the netrc backend returns the secret as a function\) by calling it.
+Callers that must have a secret layer their own error on top."
+ (let* ((spec (append (list :host host :require '(:secret) :max 1)
+ (when user (list :user user))))
+ (secret (plist-get (car (apply #'auth-source-search spec)) :secret)))
+ (if (functionp secret) (funcall secret) secret)))
+
(provide 'system-lib)
;;; system-lib.el ends here
diff --git a/modules/transcription-config.el b/modules/transcription-config.el
index d81ccba0..344ec473 100644
--- a/modules/transcription-config.el
+++ b/modules/transcription-config.el
@@ -38,7 +38,7 @@
(require 'dired)
(require 'notifications)
-(require 'auth-source)
+(require 'system-lib) ; provides cj/auth-source-secret-value
(require 'user-constants) ; For cj/audio-file-extensions
;; Declare keymap defined in keybindings.el
@@ -121,14 +121,10 @@ SUCCESS-P indicates whether transcription succeeded."
(expand-file-name (concat "scripts/" script-name) user-emacs-directory)))
(defun cj/--auth-source-password (host)
- "Retrieve password for HOST from authinfo.gpg.
-Expects entry like: machine HOST login api password <key>.
+ "Retrieve the auth-source secret for HOST from authinfo.gpg.
+Expects an entry like: machine HOST login api password <key>.
Returns the password string, or nil if no matching entry exists."
- (when-let* ((auth-info (car (auth-source-search :host host :require '(:secret))))
- (secret (plist-get auth-info :secret)))
- (if (functionp secret)
- (funcall secret)
- secret)))
+ (cj/auth-source-secret-value host))
(defun cj/--build-process-environment (backend)
"Return `process-environment' augmented with BACKEND's API-key env var.
diff --git a/tests/test-ai-config-auth-source-secret.el b/tests/test-ai-config-auth-source-secret.el
new file mode 100644
index 00000000..bab506e5
--- /dev/null
+++ b/tests/test-ai-config-auth-source-secret.el
@@ -0,0 +1,27 @@
+;;; test-ai-config-auth-source-secret.el --- Tests for the required-secret wrapper -*- lexical-binding: t; -*-
+
+;;; Commentary:
+;; `cj/auth-source-secret' is the required-secret layer over the shared
+;; `cj/auth-source-secret-value' primitive: it returns the secret, or errors
+;; when none is found. These tests stub the primitive to exercise both paths.
+
+;;; Code:
+
+(require 'ert)
+(require 'cl-lib)
+
+(add-to-list 'load-path (expand-file-name "modules" user-emacs-directory))
+(require 'ai-config)
+
+(ert-deftest test-ai-config-auth-source-secret-returns-value ()
+ "Normal: returns the value the primitive resolves."
+ (cl-letf (((symbol-function 'cj/auth-source-secret-value) (lambda (&rest _) "sk-x")))
+ (should (equal "sk-x" (cj/auth-source-secret "api.example.com" "apikey")))))
+
+(ert-deftest test-ai-config-auth-source-secret-errors-on-miss ()
+ "Error: signals when the primitive finds no secret."
+ (cl-letf (((symbol-function 'cj/auth-source-secret-value) (lambda (&rest _) nil)))
+ (should-error (cj/auth-source-secret "api.example.com" "apikey"))))
+
+(provide 'test-ai-config-auth-source-secret)
+;;; test-ai-config-auth-source-secret.el ends here
diff --git a/tests/test-system-lib-auth-source-secret-value.el b/tests/test-system-lib-auth-source-secret-value.el
new file mode 100644
index 00000000..ec526cec
--- /dev/null
+++ b/tests/test-system-lib-auth-source-secret-value.el
@@ -0,0 +1,67 @@
+;;; test-system-lib-auth-source-secret-value.el --- Tests for the auth-source secret primitive -*- lexical-binding: t; -*-
+
+;;; Commentary:
+;; `cj/auth-source-secret-value' is the shared low-level accessor that the
+;; calendar-sync, ai-config, transcription, and slack helpers all delegate to.
+;; It searches authinfo for HOST (and optional USER), resolves a
+;; function-valued secret by calling it, and returns the value or nil. These
+;; tests stub `auth-source-search' (the external boundary) and capture its args.
+
+;;; Code:
+
+(require 'ert)
+(require 'cl-lib)
+
+(add-to-list 'load-path (expand-file-name "modules" user-emacs-directory))
+(require 'system-lib)
+
+(defvar test-ass--args nil "Captured args of the stubbed `auth-source-search'.")
+
+(defmacro test-ass--with-search (return-value &rest body)
+ "Run BODY with `auth-source-search' stubbed to return RETURN-VALUE.
+Captures the call args in `test-ass--args'."
+ (declare (indent 1))
+ `(let ((test-ass--args nil))
+ (cl-letf (((symbol-function 'auth-source-search)
+ (lambda (&rest args) (setq test-ass--args args) ,return-value)))
+ ,@body)))
+
+;;; Normal
+
+(ert-deftest test-auth-source-secret-value-returns-string-secret ()
+ "Normal: a string :secret is returned as-is."
+ (test-ass--with-search (list (list :secret "sk-abc"))
+ (should (equal "sk-abc" (cj/auth-source-secret-value "api.example.com")))))
+
+(ert-deftest test-auth-source-secret-value-calls-function-secret ()
+ "Normal: a function :secret is funcalled (the netrc backend returns one)."
+ (test-ass--with-search (list (list :secret (lambda () "from-fn")))
+ (should (equal "from-fn" (cj/auth-source-secret-value "api.example.com")))))
+
+(ert-deftest test-auth-source-secret-value-passes-user-when-given ()
+ "Normal: USER and HOST are forwarded to `auth-source-search'."
+ (test-ass--with-search (list (list :secret "x"))
+ (cj/auth-source-secret-value "h" "apikey")
+ (should (equal "h" (plist-get test-ass--args :host)))
+ (should (equal "apikey" (plist-get test-ass--args :user)))))
+
+;;; Boundary
+
+(ert-deftest test-auth-source-secret-value-omits-user-when-absent ()
+ "Boundary: with no USER, :user is not added to the search spec."
+ (test-ass--with-search (list (list :secret "x"))
+ (cj/auth-source-secret-value "h")
+ (should-not (plist-member test-ass--args :user))))
+
+(ert-deftest test-auth-source-secret-value-nil-on-no-match ()
+ "Boundary: no matching entry yields nil."
+ (test-ass--with-search nil
+ (should (null (cj/auth-source-secret-value "h")))))
+
+(ert-deftest test-auth-source-secret-value-nil-on-entry-without-secret ()
+ "Boundary: a matching entry with no :secret yields nil."
+ (test-ass--with-search (list (list :host "h"))
+ (should (null (cj/auth-source-secret-value "h")))))
+
+(provide 'test-system-lib-auth-source-secret-value)
+;;; test-system-lib-auth-source-secret-value.el ends here