Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve docs/validation around customizing strategy actions #664

Open
felixbr opened this issue May 1, 2024 · 0 comments
Open

Improve docs/validation around customizing strategy actions #664

felixbr opened this issue May 1, 2024 · 0 comments

Comments

@felixbr
Copy link

felixbr commented May 1, 2024
edited
Loading

Hi, I've been playing around with ash_authentication in a hobby project and I'm really impressed and happy with it so far.

However, I hit some roadblocks and weird (to me) error messages and was asked in discord to post about it here:

I was following the docs for the password strategy and it worked fine. Then I wanted to make a small customization. The docs told me:

By default the password strategy will automatically generate the register, sign-in, reset-request and reset actions for you, however you're free to define them yourself. If you do, then the action will be validated to ensure that all the needed configuration is present.

Awesome, so I tried exactly that and indeed I was told not to forget sensitive?: true flags and other things which is great! After all the validations passed I had the following code (before adding my customizations):

create :register_with_password do
  argument :email, :ci_string, allow_nil?: false, public?: true
  argument :password, :string, allow_nil?: false, sensitive?: true

  validate AshAuthentication.Strategy.Password.PasswordConfirmationValidation

  change AshAuthentication.Strategy.Password.HashPasswordChange
  change AshAuthentication.GenerateTokenChange
end

To me it looked like it would be the same as the "generated" one but my test failed with:

    ** (Ash.Error.Invalid) Invalid Error

     * attribute email is required

The confusing part was that my test is passing an email to the changeset and it worked with the generated action before. In discord I've learned that argument alone is not enough and I need something like change set_attribute(:email, arg(:email)) or use accept [:email] as a shortcut.
Also, if you add the latter but don't remove the explicit argument you get the same error but that's probably more of a thing in ash core.

Another thing was that public?: true on :email just looks very wrong to me as PII is basically never allowed to be public in applications I'm working on.

I understand that for someone experienced with Ash it's probably fairly obvious what I did wrong. But I think a lot of people trying out Ash might start with the authentication part to get it "out of the way" like me and hit the same roadblock.

So I think there are two things to consider here:

  • Improve the docs with sections/guides on how to customize these actions properly
  • Maybe also explain what public?: true means while we're at it and that it's not as bad as it looks
  • Improve the validations to make sure not only the argument is correct but it's also used in change or accept

Let me know if you need more details to reproduce it or if I can help in any way with it.

Thank you for your time and work on ash_authentication 🙂

~ Felix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@felixbr