From f0aa2e7a93cc51cde0f394bdc567db435ce73779 Mon Sep 17 00:00:00 2001
From: Zach Daniel <zach@zachdaniel.dev>
Date: Thu, 12 Jan 2023 23:22:40 -0500
Subject: [PATCH] fix: don't call `hash_provider.valid?` on `nil` values (#135)

fix: use configured hashed_password_field
---
 .../strategies/password/sign_in_preparation.ex        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/ash_authentication/strategies/password/sign_in_preparation.ex b/lib/ash_authentication/strategies/password/sign_in_preparation.ex
index db7376e..ee9dfbc 100644
--- a/lib/ash_authentication/strategies/password/sign_in_preparation.ex
+++ b/lib/ash_authentication/strategies/password/sign_in_preparation.ex
@@ -28,12 +28,15 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do
     query
     |> Query.filter(ref(^identity_field) == ^identity)
     |> Query.after_action(fn
-      query, [record] ->
+      query, [record] when is_binary(:erlang.map_get(strategy.hashed_password_field, record)) ->
         password = Query.get_argument(query, strategy.password_field)
 
-        if strategy.hash_provider.valid?(password, record.hashed_password),
-          do: {:ok, [maybe_generate_token(record)]},
-          else: auth_failed(query)
+        if strategy.hash_provider.valid?(
+             password,
+             Map.get(record, strategy.hashed_password_field)
+           ),
+           do: {:ok, [maybe_generate_token(record)]},
+           else: auth_failed(query)
 
       _, _ ->
         strategy.hash_provider.simulate()