pow icon indicating copy to clipboard operation
pow copied to clipboard

Published 20 hours ago verified publisher icon pow-auth

Error when password is nil

Open LandonSchropp opened this issue 3 years ago • 1 comments

If I set my password field to nil on my schema, and the current_password field to the current password, I get this error:

** (ArgumentError) argument error
      (argon2_elixir 2.4.0) Argon2.Base.hash_nif(8, 17, 4, nil, <<167, 52, 54, 240, 152, 27, 100, 149, 31, 169, 82, 113, 244, 32, 231, 88>>, 0, 32, 99, 2, 0)
      (argon2_elixir 2.4.0) lib/argon2/base.ex:110: Argon2.Base.hash_password/3
      (pow 1.0.24) lib/pow/ecto/schema/changeset.ex:251: Pow.Ecto.Schema.Changeset.maybe_put_password_hash/2
      (pow 1.0.24) lib/pow/ecto/schema/changeset.ex:88: Pow.Ecto.Schema.Changeset.new_password_changeset/3
      (chessercise 0.1.0) lib/chessercise/schemas/user_schema.ex:24: Chessercise.UserSchema.changeset/2
      (espec 1.8.3) lib/espec/let/let_impl.ex:12: ESpec.Let.Impl.let_eval/2
      spec/chessercise/schemas/user_schema_spec.exs:72: Chessercise.UserSchemaSpec.example_is_not_valid_rmpodqwjxfhcgizsbeyvnltauk/1
      (espec 1.8.3) lib/espec/example_runner.ex:86: ESpec.ExampleRunner.try_run/3

Here's what my schema looks like:

defmodule Chessercise.UserSchema do
  use Chessercise.Schema
  use Pow.Ecto.Schema, password_hash_methods: {&Argon2.hash_pwd_salt/1, &Argon2.verify_pass/2}
  import Ecto.Changeset
  import Pow.Ecto.Schema.Changeset, only: [new_password_changeset: 3]

  @primary_key {:id, :binary_id, autogenerate: true}
  @foreign_key_type :binary_id

  @minimum_password_length 6
  @minimum_password_score 3

  schema "users" do
    field :username, :string
    pow_user_fields()

    timestamps()
  end

  def changeset(user, attributes) do
    user
    |> pow_user_id_field_changeset(attributes)
    |> pow_current_password_changeset(attributes)
    |> new_password_changeset(attributes, @pow_config)
    |> cast(attributes, [:username])
    |> validate_required([:email, :password, :username])
    |> validate_length(:password, min: @minimum_password_length)
    |> validate_password
  end

  defp validate_password(changeset) do
    validate_change(changeset, :password, fn (:password, password) ->
      if ZXCVBN.zxcvbn(password).score < @minimum_password_score do
        [password: "is not strong enough"]
      else
        []
      end
    end)
  end
end

Here's the code that produces this error:

Chessercise.UserSchema.changeset(
  %Chessercise.UserSchema{
    email: "[email protected]",
    password: "a8f730fc-fbec-462e-bf75-89e20a404d5b",
    password_hash: "$argon2id$...",
    username: "Username2"
  },
  %{current_password: "a8f730fc-fbec-462e-bf75-89e20a404d5b", password: nil}
)

Shound Pow be handling this use case? Thanks!

LandonSchropp avatar Jul 12 '21 23:07 LandonSchropp

@danschultzer Bump.

LandonSchropp avatar Jul 27 '21 21:07 LandonSchropp