ash-project/ash_authentication
1
0
Fork 0
mirror of https://github.com/team-alembic/ash_authentication.git synced 2024-09-20 05:13:10 +12:00
Code Issues Projects Releases Packages Wiki Activity

improvement: validate signing secret is a string (#163)

Browse source
This commit is contained in:
Zach Daniel 2023-01-29 19:18:15 -05:00 committed by GitHub
parent dc010ec610
commit 53e6497ab9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/ash_authentication/jwt/config.ex
View file

@ -126,7 +126,7 @@ defmodule AshAuthentication.Jwt.Config do
with :error <- Keyword.fetch(opts, :signing_secret),
{:ok, {secret_module, secret_opts}} <-
Info.authentication_tokens_signing_secret(resource),
{:ok, secret} <-
{:ok, secret} when is_binary(secret) <-
secret_module.secret_for(
~w[authentication tokens signing_secret]a,
resource,
@ -137,6 +137,9 @@ defmodule AshAuthentication.Jwt.Config do
{:ok, secret} when is_binary(secret) ->
secret
{:ok, secret} when not is_binary(secret) ->
raise "Invalid JWT signing secret: #{inspect(secret)}. Please see the documentation for `AshAuthentication.Jwt` for details"
_ ->
raise "Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details"
end