branch: elpa/mastodon
commit 48acaae37d06e22ebe2c7ed3b5f05a782f33abf7
Author: marty hiatt <martianhia...@disroot.org>
Commit: marty hiatt <martianhia...@disroot.org>
auth/client fixes: #668.
- check if stray access_token found in plstore when using authsource
instead
- move encrypt-access-token to auth from client
---
lisp/mastodon-auth.el | 28 ++++++++++++++++++++++++-
lisp/mastodon-client.el | 56 +++++++++++++++++++++++--------------------------
2 files changed, 53 insertions(+), 31 deletions(-)
diff --git a/lisp/mastodon-auth.el b/lisp/mastodon-auth.el
index 22b8c8428f..0bbed942af 100644
--- a/lisp/mastodon-auth.el
+++ b/lisp/mastodon-auth.el
@@ -59,7 +59,21 @@
"Whether to use auth sources for user credentials.
If t, save and read user access token in the user's auth source
file (see `auth-sources'). If nil, use `mastodon-client--token-file'
-instead.")
+instead.
+If you change the value of this variable, call
+`mastodon-forget-all-logins' and log in again."
+ :type 'boolean)
+
+;; FIXME: remove this! either we auth-source encrypt or plstore encrypt.
+;; the only unencrypted shall be people who don't update.
+;; but fetching from plstore is agnostic, so we don't need to sweat it.
+(defcustom mastodon-auth-encrypt-access-token t
+ "Whether to encrypt the user's authentication token in the plstore.
+If you set this to non-nil, you also likely need to set
+`plstore-encrypt-to' to your GPG key ID for decryption.
+If you change the value of this variable, call
+`mastodon-forget-all-logins' and log in again."
+ :type 'boolean)
(defvar mastodon-auth-source-file nil
"This variable is obsolete.
@@ -195,6 +209,18 @@ Generate/save token if none known yet."
(mastodon-auth--show-notice mastodon-auth--user-unaware
"*mastodon-notice*")
(user-error "Variables not set properly"))
+ ;; if auth source enabled, but we have an access token in plstore,
+ ;; error out, tell user to remove plstore and start over:
+ ((and mastodon-auth-use-auth-source
+ (let* ((plstore (plstore-open mastodon-client--token-file))
+ (entry
+ (plstore-get plstore
+ (format "user-%s" mastodon-active-user))))
+ (plist-get (cdr entry) :access_token)))
+ (user-error "You have enabled auth source, but there is an access token\
+ in your plstore. Call `mastodon-forget-all-logins', and try again.\
+ If you believe this message is in error, please contact us on the\
+ mastodon.el repo."))
(t
;; user access-token needs to fetched from the server and
;; stored and variables initialised.
diff --git a/lisp/mastodon-client.el b/lisp/mastodon-client.el
index 26aec537b2..a401130094 100644
--- a/lisp/mastodon-client.el
+++ b/lisp/mastodon-client.el
@@ -45,14 +45,6 @@
:group 'mastodon
:type 'file)
-(defcustom mastodon-client-encrypt-access-token t
- "Whether to encrypt the user's authentication token in the plstore.
-If you set this to non-nil, you also likely need to set
-`plstore-encrypt-to' to your GPG key ID for decryption.
-If you change the value of this variable, you need to also delete
-`mastodon-client--token-file' and log in again."
- :type 'boolean)
-
(defvar mastodon-client--client-details-alist nil
"An alist of Client id and secrets keyed by the instance url.")
@@ -140,10 +132,13 @@ Return plist without the KEY."
:client_secret ,(plist-get (mastodon-client) :client_secret)))
(defun mastodon-client--store-access-token (token)
- "Save TOKEN as :access_token, encrypted, in plstore of the current user.
-Return the plist after the operation."
+ "Save TOKEN as :access_token in plstore of the current user.
+Return the plist after the operation.
+If `mastodon-auth-encrypt-access-token', encrypt it in the plstore.
+If `mastodon-auth-use-auth-source', encrypt it in auth source file."
(let* ((user-details (mastodon-client--make-user-details-plist))
(plstore (plstore-open (mastodon-client--token-file)))
+ (username (plist-get user-details :username))
(key (concat "user-" username))
(print-length nil)
(print-level nil))
@@ -154,7 +149,7 @@ Return the plist after the operation."
mastodon-instance-url handle token :create)
(plstore-put plstore key user-details nil)))
;; plstore encrypted:
- (mastodon-client-encrypt-access-token
+ (mastodon-auth-encrypt-access-token
(plstore-put plstore key user-details `(:access_token ,token)))
(t ;; plstore sans encryption:
;; (kept only because changing from this disrupts users):
@@ -166,27 +161,28 @@ Return the plist after the operation."
(defun mastodon-client--make-user-active (user-details)
"USER-DETAILS is a plist consisting of user details.
-Save it to plstore under key \"active-user\", with the :access_token
-value encrypted."
- (let ((plstore (plstore-open (mastodon-client--token-file)))
- (handle (plist-get user-details :username))
- (token
- (if mastodon-auth-use-auth-source
- (mastodon-auth-source-token mastodon-instance-url handle)
- (plist-get user-details :access_token)))
- (sans-token (if mastodon-auth-use-auth-source
- user-details
- ;; remove acces_token from user-details:
- (cl-remf user-details :access_token)
- user-details))
- (print-length nil)
- (print-level nil))
- (if (not mastodon-client-encrypt-access-token)
+Save it to plstore under key \"active-user\".
+If `mastodon-auth-use-auth-source' is non-nil, fetch the access token
+from the user's auth source file and add it to the active user entry."
+ (let* ((plstore (plstore-open (mastodon-client--token-file)))
+ (handle (plist-get user-details :username))
+ (token
+ (if mastodon-auth-use-auth-source
+ (mastodon-auth-source-token mastodon-instance-url handle)
+ (plist-get user-details :access_token)))
+ (sans-token (if mastodon-auth-use-auth-source
+ user-details
+ ;; remove acces_token from user-details:
+ (cl-remf user-details :access_token)
+ user-details))
+ (print-length nil)
+ (print-level nil))
+ (if (not mastodon-auth-encrypt-access-token)
(plstore-put plstore "active-user" user-details nil)
(plstore-put plstore "active-user"
- sans-token `(:access_token ,token))))
- (plstore-save plstore)
- (plstore-close plstore))
+ sans-token `(:access_token ,token)))
+ (plstore-save plstore)
+ (plstore-close plstore)))
(defun mastodon-client--form-user-from-vars ()
"Create a username from user variable. Return that username.
