From d9a278395a39e8ddec8443c2536255cebba43a5d Mon Sep 17 00:00:00 2001 From: Zach Daniel Date: Wed, 21 Aug 2024 19:44:50 -0400 Subject: [PATCH] improvement: avoid warning about comparison with `nil` the previous implementation was not a security issue because the actual action would not execute with a `nil` identity --- .../strategies/magic_link/request_preparation.ex | 7 +++++-- .../password/request_password_reset_preparation.ex | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/ash_authentication/strategies/magic_link/request_preparation.ex b/lib/ash_authentication/strategies/magic_link/request_preparation.ex index 61c6167..0313089 100644 --- a/lib/ash_authentication/strategies/magic_link/request_preparation.ex +++ b/lib/ash_authentication/strategies/magic_link/request_preparation.ex @@ -26,8 +26,11 @@ defmodule AshAuthentication.Strategy.MagicLink.RequestPreparation do identity = Query.get_argument(query, identity_field) select_for_senders = Info.authentication_select_for_senders!(query.resource) - query - |> Query.filter(^ref(identity_field) == ^identity) + if is_nil(identity) do + Query.filter(query, false) + else + Query.filter(query, ^ref(identity_field) == ^identity) + end |> Query.before_action(fn query -> Ash.Query.ensure_selected(query, select_for_senders) end) diff --git a/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex b/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex index 14b1068..69cf08f 100644 --- a/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex +++ b/lib/ash_authentication/strategies/password/request_password_reset_preparation.ex @@ -27,8 +27,11 @@ defmodule AshAuthentication.Strategy.Password.RequestPasswordResetPreparation do identity = Query.get_argument(query, identity_field) select_for_senders = Info.authentication_select_for_senders!(query.resource) - query - |> Query.filter(^ref(identity_field) == ^identity) + if is_nil(identity) do + Query.filter(query, false) + else + Query.filter(query, ^ref(identity_field) == ^identity) + end |> Query.before_action(fn query -> Ash.Query.ensure_selected(query, select_for_senders) end)