Add `auth-info-password' and use it instead of ad hoc code

* lisp/auth-source.el (auth-info-password):
  Extract from `auth-source-pick-first-password'.
(auth-source-pick-first-password, auth-source-secrets-create)
(auth-source-user-and-password): Use `auth-info-password'.
* lisp/erc/erc-services.el (erc-nickserv-get-password):
  Use `auth-source-pick-first-password'.
* lisp/erc/erc.el (erc-open, erc-server-join-channel): Likewise.
* lisp/gnus/mail-source.el (mail-source-set-1): Add a comment.
* lisp/gnus/nnimap.el (nnimap-credentials): Use `auth-info-password'.
* lisp/gnus/nntp.el (nntp-send-authinfo): Likewise.
* lisp/mail/rmail.el (rmail-get-remote-password): Likewise.
* lisp/mail/smtpmail.el (smtpmail-try-auth-methods): Likewise.
* lisp/net/sieve-manage.el (sieve-sasl-auth): Likewise.
* lisp/net/tramp.el (tramp-read-passwd): Likewise.
* lisp/net/rcirc.el (rcirc): Likewise (fixes a bug: the possibility
  that password might be a function was not handled).

lisp/auth-source.el

@@ -853,15 +853,17 @@ while \(:host t) would find all host entries."
               (cl-return 'no)))
           'no))))
 
-(defun auth-source-pick-first-password (&rest spec)
+(defun auth-info-password (auth-info)
-  "Pick the first secret found from applying SPEC to `auth-source-search'."
+  "Return the :secret password from the AUTH-INFO."
-  (let* ((result (nth 0 (apply #'auth-source-search (plist-put spec :max 1))))
+  (let ((secret (plist-get auth-info :secret)))
-         (secret (plist-get result :secret)))
-
     (if (functionp secret)
         (funcall secret)
       secret)))
 
+(defun auth-source-pick-first-password (&rest spec)
+  "Pick the first secret found from applying SPEC to `auth-source-search'."
+  (auth-info-password (car (apply #'auth-source-search (plist-put spec :max 1)))))
+
 (defun auth-source-format-prompt (prompt alist)
   "Format PROMPT using %x (for any character x) specifiers in ALIST.
 Remove trailing \": \"."
@@ -1800,10 +1802,9 @@ authentication tokens:
       (plist-put
        artificial
        :save-function
-       (let* ((collection collection)
+       (let ((collection collection)
-              (item (plist-get artificial :label))
+             (item (plist-get artificial :label))
-              (secret (plist-get artificial :secret))
+             (secret (auth-info-password artificial)))
-              (secret (if (functionp secret) (funcall secret) secret)))
          (lambda ()
 	   (auth-source-secrets-saver collection item secret args)))))
 
@@ -2410,9 +2411,7 @@ MODE can be \"login\" or \"password\"."
                         :require '(:user :secret)
                         :create nil))))
          (user (plist-get auth-info :user))
-         (password (plist-get auth-info :secret)))
+         (password (auth-info-password auth-info)))
-    (when (functionp password)
-      (setq password (funcall password)))
     (list user password auth-info)))
 
 ;;; Tiny mode for editing .netrc/.authinfo modes (that basically just

lisp/erc/erc-services.el

@@ -444,15 +444,12 @@ it returns nil."
                           (cl-second (assoc network
                                             erc-nickserv-passwords)))))
             (when erc-use-auth-source-for-nickserv-password
-              (let ((secret (cl-first (auth-source-search
+              (auth-source-pick-first-password
-                                       :max 1 :require '(:secret)
+               :require '(:secret)
-                                       :host server
+               :host server
-                                       ;; Ensure a string for :port
+               ;; Ensure a string for :port
-                                       :port (format "%s" port)
+               :port (format "%s" port)
-                                       :user nick))))
+               :user nick))
-                (when secret
-                  (let ((passwd (plist-get secret :secret)))
-                    (if (functionp passwd) (funcall passwd) passwd)))))
             (when erc-prompt-for-nickserv-password
               (read-passwd
                (format "NickServ password for %s on %s (RET to cancel): "

lisp/erc/erc.el

@@ -2062,19 +2062,12 @@ Returns the buffer for the given server or channel."
     ;; password stuff
     (setq erc-session-password
           (or passwd
-              (let ((secret
+              (auth-source-pick-first-password
-                     (plist-get
+               :host server
-                      (nth 0
+               :user nick
-                           (auth-source-search :host server
+               ;; secrets.el wouldn’t accept a number
-                                               :max 1
+               :port (if (numberp port) (number-to-string port) port)
-                                               :user nick
+               :require '(:secret))))
-                                               ;; secrets.el wouldn’t accept a number
-                                               :port (if (numberp port) (number-to-string port) port)
-                                               :require '(:secret)))
-                      :secret)))
-                (if (functionp secret)
-                    (funcall secret)
-                  secret))))
     ;; client certificate (only useful if connecting over TLS)
     (setq erc-session-client-certificate client-certificate)
     ;; debug output buffer
@@ -3187,16 +3180,12 @@ For a list of user commands (/join /part, ...):
 (put 'erc-cmd-HELP 'process-not-needed t)
 
 (defun erc-server-join-channel (server channel &optional secret)
-  (let* ((secret (or secret
+  (let ((password
-		     (plist-get (nth 0 (auth-source-search
+         (or secret
-					:max 1
+             (auth-source-pick-first-password
-					:host server
+	      :host server
-					:port "irc"
+	      :port "irc"
-					:user channel))
+	      :user channel))))
-				:secret)))
-	 (password (if (functionp secret)
-		       (funcall secret)
-		     secret)))
     (erc-log (format "cmd: JOIN: %s" channel))
     (erc-server-send (concat "JOIN " channel
 			     (if password

lisp/gnus/mail-source.el

@@ -454,7 +454,7 @@ the `mail-source-keyword-map' variable."
                                                   search))))
                     :user)))
              user-auth)
-            ((and
+            ((and               ; cf. 'auth-source-pick-first-password'
               (eq keyword :password)
               (setq pass-auth
                     (plist-get

lisp/gnus/nnimap.el

@@ -40,6 +40,7 @@
 
 (autoload 'auth-source-forget+ "auth-source")
 (autoload 'auth-source-search "auth-source")
+(autoload 'auth-info-password "auth-source")
 
 (nnoo-declare nnimap)
 
@@ -407,10 +408,7 @@ during splitting, which may be slow."
                                            :create t))))
     (if found
         (list (plist-get found :user)
-	      (let ((secret (plist-get found :secret)))
+	      (auth-info-password found)
-		(if (functionp secret)
-		    (funcall secret)
-		  secret))
 	      (plist-get found :save-function))
       nil)))
 

lisp/gnus/nntp.el

@@ -36,6 +36,7 @@
 (eval-when-compile (require 'cl-lib))
 
 (autoload 'auth-source-search "auth-source")
+(autoload 'auth-info-password "auth-source")
 
 (defgroup nntp nil
   "NNTP access for Gnus."
@@ -1175,10 +1176,7 @@ If SEND-IF-FORCE, only send authinfo to the server if the
 			  "563" "nntps" "snews"))))
          (auth-user (plist-get auth-info :user))
          (auth-force (plist-get auth-info :force))
-         (auth-passwd (plist-get auth-info :secret))
+         (auth-passwd (auth-info-password auth-info))
-         (auth-passwd (if (functionp auth-passwd)
-                          (funcall auth-passwd)
-                        auth-passwd))
 	 (force (or (netrc-get alist "force")
                     nntp-authinfo-force
                     auth-force))

lisp/mail/rmail.el

@@ -4489,10 +4489,7 @@ password."
                                    :max 1 :user user :host host
                                    :require '(:secret)))))
                 (if found
-                    (let ((secret (plist-get found :secret)))
+                    (auth-info-password found)
-                      (if (functionp secret)
-                          (funcall secret)
-                        secret))
                   (read-passwd (if imap
                                    "IMAP password: "
                                  "POP password: "))))))

lisp/mail/smtpmail.el

@@ -554,11 +554,9 @@ for `smtpmail-try-auth-method'.")
 		      :create ask-for-password)))
          (mech (or (plist-get auth-info :smtp-auth) (car mechs)))
          (user (plist-get auth-info :user))
-         (password (plist-get auth-info :secret))
+         (password (auth-info-password auth-info))
 	 (save-function (and ask-for-password
 			     (plist-get auth-info :save-function))))
-    (when (functionp password)
-      (setq password (funcall password)))
     (when (and user
 	       (not password))
       ;; The user has stored the user name, but not the password, so
@@ -573,9 +571,7 @@ for `smtpmail-try-auth-method'.")
 	      :user smtpmail-smtp-user
 	      :require '(:user :secret)
 	      :create t))
-	    password (plist-get auth-info :secret)))
+	    password (auth-info-password auth-info)))
-    (when (functionp password)
-      (setq password (funcall password)))
     (let ((result (catch 'done
                     (if (and mech user password)
 		        (smtpmail-try-auth-method process mech user password)

lisp/net/rcirc.el

@@ -560,8 +560,8 @@ If ARG is non-nil, instead prompt for connection parameters."
                      (auth (auth-source-search :host server
                                                :user user-name
                                                :port port))
-                     (fn (plist-get (car auth) :secret)))
+                     (pwd (auth-info-password (car auth))))
-            (setq password (funcall fn)))
+            (setq password pwd))
 	  (when server
 	    (let (connected)
 	      (dolist (p (rcirc-process-list))

lisp/net/sieve-manage.el

@@ -79,6 +79,7 @@
 (require 'sasl)
 (autoload 'sasl-find-mechanism "sasl")
 (autoload 'auth-source-search "auth-source")
+(autoload 'auth-info-password "auth-source")
 
 ;; User customizable variables:
 
@@ -230,10 +231,7 @@ Return the buffer associated with the connection."
                                           :max 1
                                           :create t))
            (user-name (or (plist-get (nth 0 auth-info) :user) ""))
-           (user-password (or (plist-get (nth 0 auth-info) :secret) ""))
+           (user-password (or (auth-info-password (nth 0 auth-info)) ""))
-           (user-password (if (functionp user-password)
-                              (funcall user-password)
-                            user-password))
            (client (sasl-make-client (sasl-find-mechanism (list mech))
                                      user-name "sieve" sieve-manage-server))
            (sasl-read-passphrase

lisp/net/tramp.el

@@ -5756,10 +5756,7 @@ Invokes `password-read' if available, `read-passwd' else."
 			      :create t))
 			    tramp-password-save-function
 			    (plist-get auth-info :save-function)
-			    auth-passwd (plist-get auth-info :secret)))
+			    auth-passwd (auth-info-password auth-info))))
-		 (while (functionp auth-passwd)
-		   (setq auth-passwd (funcall auth-passwd)))
-		 auth-passwd)
 
 	       ;; Try the password cache.
 	       (progn