mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-20 05:13:10 +12:00
improvement: validate signing secret is a string (#163)
This commit is contained in:
parent
dc010ec610
commit
53e6497ab9
1 changed files with 4 additions and 1 deletions
|
@ -126,7 +126,7 @@ defmodule AshAuthentication.Jwt.Config do
|
||||||
with :error <- Keyword.fetch(opts, :signing_secret),
|
with :error <- Keyword.fetch(opts, :signing_secret),
|
||||||
{:ok, {secret_module, secret_opts}} <-
|
{:ok, {secret_module, secret_opts}} <-
|
||||||
Info.authentication_tokens_signing_secret(resource),
|
Info.authentication_tokens_signing_secret(resource),
|
||||||
{:ok, secret} <-
|
{:ok, secret} when is_binary(secret) <-
|
||||||
secret_module.secret_for(
|
secret_module.secret_for(
|
||||||
~w[authentication tokens signing_secret]a,
|
~w[authentication tokens signing_secret]a,
|
||||||
resource,
|
resource,
|
||||||
|
@ -137,6 +137,9 @@ defmodule AshAuthentication.Jwt.Config do
|
||||||
{:ok, secret} when is_binary(secret) ->
|
{:ok, secret} when is_binary(secret) ->
|
||||||
secret
|
secret
|
||||||
|
|
||||||
|
{:ok, secret} when not is_binary(secret) ->
|
||||||
|
raise "Invalid JWT signing secret: #{inspect(secret)}. Please see the documentation for `AshAuthentication.Jwt` for details"
|
||||||
|
|
||||||
_ ->
|
_ ->
|
||||||
raise "Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details"
|
raise "Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details"
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue