From 425445f4430ebaacf6da23534eab969ed85b50d6 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Fri, 10 Jan 2020 19:35:55 +0100
Subject: [PATCH] Add Session.SetHTTPBasicAuth

This is not 100% idiot-proof, but still makes it mroe difficult for
plugins to steal credentials.
---
 session.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/session.go b/session.go
index e753d84..743cbf7 100644
--- a/session.go
+++ b/session.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"sync"
 	"time"
+	"net/http"
 
 	imapclient "github.com/emersion/go-imap/client"
 	"github.com/emersion/go-sasl"
@@ -104,6 +105,13 @@ func (s *Session) DoSMTP(f func(*smtp.Client) error) error {
 	return nil
 }
 
+// SetHTTPBasicAuth adds an Authorization header field to the request with
+// this session's credentials.
+func (s *Session) SetHTTPBasicAuth(req *http.Request) {
+	// TODO: find a way to make it harder for plugins to steal credentials
+	req.SetBasicAuth(s.username, s.password)
+}
+
 // Close destroys the session. This can be used to log the user out.
 func (s *Session) Close() {
 	select {