summaryrefslogtreecommitdiff
path: root/modules/auth-config.el
blob: 5dbce2ef00321717578c69e6ce0fa66ae05c98be (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
;; auth-config.el --- Configuration for Authentication Utilities -*- lexical-binding: t; -*-
;; author Craig Jennings <c@cjennings.net>

;;; Commentary:
;;
;; Configuration for Emacs authentication and GPG integration:

;; • auth-source
;;   – Forces use of your default authinfo file
;;   – Disable external GPG agent in favor of Emacs’s own prompt
;;   – Enable auth-source debug messages

;; • Easy PG Assistant (epa)
;;   – Force using the ‘gpg2’ executable for encryption/decryption operations

;;; Code:

(require 'user-constants) ;; defines authinfo-file location

;; -------------------------------- Auth Sources -------------------------------
;; auth sources settings

(use-package auth-source
  :ensure nil                   ;; built in
  :demand t                     ;; load this package immediately
  :config
  (setq auth-sources `(,authinfo-file))
  (setenv "GPG_AGENT_INFO" nil) ;; emacs use internal prompt, not gpg agent
  (setq auth-source-debug t))   ;; echo debug info to Messages

;; ----------------------------- Easy PG Assistant -----------------------------
;; Key management, cryptographic operations on regions and files, dired
;; integration, and automatic encryption/decryption of *.gpg files.

(use-package epa
  :ensure nil                    ;; built-in
  :defer .5
  :config
  (setq epg-gpg-program "gpg2")) ;; force use gpg2 (not gpg v.1)

;; ----------------------------- Ensure-Auth-Before ----------------------------

(defun cj/ensure-auth-before (&rest _args)
  "Ensure .authinfo.gpg is unlocked before calling the real function."
  (cj/ensure-auth))

(defun cj/ensure-auth ()
  "Make sure .authinfo.gpg is decrypted (loops on failure)."
  (interactive)
  (auth-source-search :max 1))

(with-eval-after-load 'auth-source
  (defun cj/auth-source-search-retry (orig-fun &rest args)
    "Advice around `auth-source-search' to loop until we get non-nil."
    (let (res)
      (while (not (setq res (apply orig-fun args)))
        ;; user hit RET or wrong passphrase → kill agent & retry
        (message "Auth failed or cancelled; killing gpg-agent and retrying…")
        (start-process "gpgconf-kill-gpg-agent" nil
                       "gpgconf" "--kill" "gpg-agent")
        (sleep-for 0.5))
      res))

  (advice-add 'auth-source-search :around #'cj/auth-source-search-retry))

;; Example: run it before your GPT toggle
;;(advice-add 'cj/toggle-gptel :before #'cj/ensure-auth-before)

;; Example: before mu4e actually sends a message
;;(advice-add 'smtpmail-send-it    ; or `mu4e~proc-send` if you prefer
;;            :before #'cj/ensure-auth-before)

;; Example: before Tramp prompts for a password
;; (advice-add 'tramp-read-passwd   ; wherever Tramp reads your passphrase
;;             :before #'cj/ensure-auth-before)

;; ;; Example: before Dirvish opens a remote directory
;; (advice-add 'dirvish-find-file    ; or the exact entry-point you use
;;             :before #'cj/ensure-auth-before)


(provide 'auth-config)
;;; auth-config.el ends here.

;; --------------------------------- ERT Tests ---------------------------------
;; Run these tests with M-x ert RET t RET

(require 'ert)
(require 'cl-lib)

(ert-deftest auth-config/authinfo-file-exists ()
  "Verify that `authinfo-file` actually exists on disk."
  (should (and (stringp authinfo-file)
               (file-exists-p authinfo-file))))

(ert-deftest auth-config/gpg2-is-on-path ()
  "Verify that the `gpg2` executable is on the user’s PATH."
  (should (executable-find "gpg2")))