improvement: avoid warning about comparison with nil

the previous implementation was not a security issue because the actual action would not execute with a `nil` identity
2024-09-17 03:43:04 +12:00 · 2024-08-21 19:44:50 -04:00 · 2024-08-21 19:44:50 -04:00 · d9a278395a
commit d9a278395a
parent c4f570380f
2 changed files with 10 additions and 4 deletions
--- a/lib/ash_authentication/strategies/magic_link/request_preparation.ex
+++ b/lib/ash_authentication/strategies/magic_link/request_preparation.ex
@ -26,8 +26,11 @@ defmodule AshAuthentication.Strategy.MagicLink.RequestPreparation do
    identity = Query.get_argument(query, identity_field)
    select_for_senders = Info.authentication_select_for_senders!(query.resource)

-    query
-    |> Query.filter(^ref(identity_field) == ^identity)
+    if is_nil(identity) do
+      Query.filter(query, false)
+    else
+      Query.filter(query, ^ref(identity_field) == ^identity)
+    end
    |> Query.before_action(fn query ->
      Ash.Query.ensure_selected(query, select_for_senders)
    end)
--- a/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex
+++ b/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex
@ -27,8 +27,11 @@ defmodule AshAuthentication.Strategy.Password.RequestPasswordResetPreparation do
      identity = Query.get_argument(query, identity_field)
      select_for_senders = Info.authentication_select_for_senders!(query.resource)

-      query
-      |> Query.filter(^ref(identity_field) == ^identity)
+      if is_nil(identity) do
+        Query.filter(query, false)
+      else
+        Query.filter(query, ^ref(identity_field) == ^identity)
+      end
      |> Query.before_action(fn query ->
        Ash.Query.ensure_selected(query, select_for_senders)
      end)