auth-source-search

auth-source-search

[Richard Riley]

Could some kind soul show me how to get a password using
auth-source-search.

(auth-source-search :host '("myhost"))

returns something, but whats the equivalent of the deprecated 

(auth-source-user-or-password "password" "host" 'imap)

(btw, why would ':host "myhost"' not be valid?)

thanks

r.

Re: auth-source-search

[Richard Riley]

Richard Riley <rileyrg@googlemail.com> writes:

> Could some kind soul show me how to get a password using
> auth-source-search.
>
> (auth-source-search :host '("myhost"))
>
> returns something, but whats the equivalent of the deprecated 
>
> (auth-source-user-or-password "password" "host" 'imap)
>
> (btw, why would ':host "myhost"' not be valid?)
>
> thanks
>
> r.
>

got there in the end

 (add-hook 'org-mobile-pre-push-hook 
              '(lambda()
                 (setq org-mobile-encryption-password (funcall (plist-get (car (auth-source-search :host '("orgmobile"))) ':secret)))))
   

Re: auth-source-search

[Ted Zlatanov]

On Thu, 03 Mar 2011 21:00:57 +0100 Richard Riley <rileyrg@googlemail.com> wrote: 

RR>  (add-hook 'org-mobile-pre-push-hook 
RR>               '(lambda()
RR>                  (setq org-mobile-encryption-password (funcall (plist-get (car (auth-source-search :host '("orgmobile"))) ':secret)))))

I would do it like this:

(let* ((auth (auth-source-search :host "z.lifelogs.com"))
       (secret (plist-get (nth 0 auth) :secret))
       (secret (if (functionp secret) (funcall secret) secret)))
  secret)

The differences with your code:

1) it works if the secret is not returned, or if the secret is not a function

2) it picks the first result safely and works if there's no results

3) quoting :secret is not necessary

4) you can use a string for searching, it doesn't have to be a list

I will fix up auth.texi, I promise.  I was waiting for the API to quiet
down, which I think it has.  I'll add examples of usage including this.

Ted

Re: auth-source-search

[Richard Riley]

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Thu, 03 Mar 2011 21:00:57 +0100 Richard Riley <rileyrg@googlemail.com> wrote: 
>
> RR>  (add-hook 'org-mobile-pre-push-hook 
> RR>               '(lambda()
> RR>                  (setq org-mobile-encryption-password (funcall (plist-get (car (auth-source-search :host '("orgmobile"))) ':secret)))))
>
> I would do it like this:
>
> (let* ((auth (auth-source-search :host "z.lifelogs.com"))
>        (secret (plist-get (nth 0 auth) :secret))
>        (secret (if (functionp secret) (funcall secret) secret)))
>   secret)
>
> The differences with your code:
>
> 1) it works if the secret is not returned, or if the secret is not a function
>
> 2) it picks the first result safely and works if there's no results
>
> 3) quoting :secret is not necessary
>
> 4) you can use a string for searching, it doesn't have to be a list
>
> I will fix up auth.texi, I promise.  I was waiting for the API to quiet
> down, which I think it has.  I'll add examples of usage including this.

Thanks. A more robust solution indeed.

Since this is probably such a required thing for anything needing
passwords (erc, identica, gnus, git etc etc), would not a

"auth-password" function make sense?
 
I struggled for ages to get this to work ;) Its not my code per se above
but the results of collaboration on #emacs where more than one person
other than me was baffled by the complexity of docstring.

Your code above is even more complex from my point of view - and I see
why since you detect the secret type. But the code above would almost
certainly benefit by being part of the API.

cheers

r.

Re: auth-source-search

[Ted Zlatanov]

(btw, you have the list name as "nognus" but that's only the name of the
current Gnus release)

On Fri, 04 Mar 2011 11:10:49 +0100 Richard Riley <rileyrg@googlemail.com> wrote: 

RR> Since this is probably such a required thing for anything needing
RR> passwords (erc, identica, gnus, git etc etc), would not a

RR> "auth-password" function make sense?

That's what `auth-source-user-or-password' did and it was not so good.
A simple API hides the underlying complexity of the multiple backends
and tokens that auth-source.el supports.  Since the consumers of the
auth-source API are other packages and not the end users, it makes sense
to keep the API flexible and powerful.  There is only one (interactive)
function in auth-source.el (`auth-source-forget-all-cached') currently
and that's intentional.

In your example with org-mode, it's better to add the auth-source query
in org-mode itself instead of asking the user to do the query.  The
complexity can then be hidden and abstracted in whatever way makes sense
for org-mode specifically.  org-mode should not require you, the user,
to do an auth-source query.

So maybe for user convenience I can provide a wrapper like
`auth-source-pick-first-secret' but I am seriously concerned that such a
wrapper will grow in complexity and "convenience" until its complexity
overwhelms its utility.  I would like some more feedback.
 
RR> I struggled for ages to get this to work ;) Its not my code per se above
RR> but the results of collaboration on #emacs where more than one person
RR> other than me was baffled by the complexity of docstring.

Most of the complexity has to do with creation and not searching.  I
will, as I said, provide examples of the common searches.

The #emacs crowd should feel free to submit bug reports or improvement
suggestions/patches.  I promise to consider them carefully, but can't
help anyone if their complaints are on an IRC channel.

RR> Your code above is even more complex from my point of view - and I see
RR> why since you detect the secret type. But the code above would almost
RR> certainly benefit by being part of the API.

My code is also more complex because it doesn't assume anything will
work properly :) It belongs in a package instead of at the user level.

Ted

Re: auth-source-search

[Lars Magne Ingebrigtsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> So maybe for user convenience I can provide a wrapper like
> `auth-source-pick-first-secret' but I am seriously concerned that such a
> wrapper will grow in complexity and "convenience" until its complexity
> overwhelms its utility.

I think it would make sense to add that, otherwise all the auth-source
consumers will just implement their own, buggier versions of the same,
probably.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: auth-source-search

[Ted Zlatanov]

On Sat, 05 Mar 2011 11:21:12 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>> So maybe for user convenience I can provide a wrapper like
>> `auth-source-pick-first-secret' but I am seriously concerned that such a
>> wrapper will grow in complexity and "convenience" until its complexity
>> overwhelms its utility.

LMI> I think it would make sense to add that, otherwise all the auth-source
LMI> consumers will just implement their own, buggier versions of the same,
LMI> probably.  :-)

Are you thinking of a wrapper around `auth-source-search' that gets
:secret from the first result and evaluates it if it's a function?  That
seems OK.  Or do you mean we need a separate query syntax?

Ted

Re: auth-source-search

[Ted Zlatanov]

On Fri, 04 Mar 2011 08:55:11 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> Most of the complexity has to do with creation and not searching.  I
TZ> will, as I said, provide examples of the common searches.

I added a pretty full example to auth.texi using nnimap's code.

Ted

Re: auth-source-search

[Ted Zlatanov]

On Mon, 07 Mar 2011 11:44:16 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> On Sat, 05 Mar 2011 11:21:12 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 
LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>>> So maybe for user convenience I can provide a wrapper like
>>> `auth-source-pick-first-secret' but I am seriously concerned that such a
>>> wrapper will grow in complexity and "convenience" until its complexity
>>> overwhelms its utility.

LMI> I think it would make sense to add that, otherwise all the auth-source
LMI> consumers will just implement their own, buggier versions of the same,
LMI> probably.  :-)

TZ> Are you thinking of a wrapper around `auth-source-search' that gets
TZ> :secret from the first result and evaluates it if it's a function?  That
TZ> seems OK.  Or do you mean we need a separate query syntax?

How about this implementation:

(defun auth-source-pick-first-secret (spec)
  "Pick the first secret found from applying SPEC to `auth-source-search'."
  (let* ((result (nth 0 (apply 'auth-source-search spec)))
         (secret (plist-get result :secret)))

    (if (functionp secret)
        (funcall secret)
      secret)))

Is that OK with you?

Ted

Re: auth-source-search

[Ted Zlatanov]

(Richard, I'd prefer keeping the discussion on the list.  I hope that's
OK with you.)

On Wed, 09 Mar 2011 16:56:33 +0100 Richard Riley <rileyrg@googlemail.com> wrote: 
RR> Ted Zlatanov <tzz@lifelogs.com> writes:
RR> If not already done, How about an auth-get-password function?

I'm OK with naming it `auth-source-pick-first-password' but just
`auth-get-password' is misleading.

RR> it makes it so much clearer and easier for third party apps to use
RR> without having to understand the rather complex API to
RR> auth-search. e.g I would then use it to get my erc, identica,
RR> bitblbee etc passwords from a single .authinfo.gpg.
...
RR> (auth-get-password "orgmobile") for example where the corresponding
RR> .authinfo line is

RR> ,----
RR> | machine orgmobile login rgr password mypassword
RR> `----

I'd rather not make it a host lookup only so you can say
(auth-source-pick-first-password :host "orgmobile" :user rgr) as well.

So you'll have to use 
(auth-source-pick-first-password :host "orgmobile") which I think is
just as simple and IMHO better in every way because it's clear what the
parameters mean.  So, with a bug fix on the function parameters, I
committed it.

Ted

Re: auth-source-search

[Lars Magne Ingebrigtsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> How about this implementation:
>
> (defun auth-source-pick-first-secret (spec)
>   "Pick the first secret found from applying SPEC to `auth-source-search'."
>   (let* ((result (nth 0 (apply 'auth-source-search spec)))
>          (secret (plist-get result :secret)))
>
>     (if (functionp secret)
>         (funcall secret)
>       secret)))
>
> Is that OK with you?

Yes; looks good.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen