ash-project/ash_authentication
1
0
Fork 0
mirror of https://github.com/team-alembic/ash_authentication.git synced 2024-09-19 21:03:23 +12:00
Code Issues Projects Releases Packages Wiki Activity

fix: don't call hash_provider.valid? on nil values (#135)

Browse source 
fix: use configured hashed_password_field
This commit is contained in:
Zach Daniel 2023-01-12 23:22:40 -05:00 committed by GitHub
parent 948298ac1c
commit f0aa2e7a93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/ash_authentication/strategies/password/sign_in_preparation.ex
View file

@ -28,12 +28,15 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do
query
|> Query.filter(ref(^identity_field) == ^identity)
|> Query.after_action(fn
query, [record] ->
query, [record] when is_binary(:erlang.map_get(strategy.hashed_password_field, record)) ->
password = Query.get_argument(query, strategy.password_field)
if strategy.hash_provider.valid?(password, record.hashed_password),
do: {:ok, [maybe_generate_token(record)]},
else: auth_failed(query)
if strategy.hash_provider.valid?(
password,
Map.get(record, strategy.hashed_password_field)
),
do: {:ok, [maybe_generate_token(record)]},
else: auth_failed(query)
_, _ ->
strategy.hash_provider.simulate()