Raise explicit error when `hmac_secret` is not set but is required

jeremyevans / rodauth

Ruby's Most Advanced Authentication Framework

http://rodauth.jeremyevans.net

MIT License

1.67k stars 95 forks source link

Raise explicit error when `hmac_secret` is not set but is required #271

Closed janko closed 1 year ago

janko commented 1 year ago

Some features such as webauthn and active sessions require hmac_secret to be set, but raise a cryptic error when it's missing:

TypeError: no implicit conversion of nil into String

Since it's not clear from this error that the issue is in hmac_secret not being set, we change this to raise an explicit ArgumentError (like the JWT feature does for jwt_secret).

jeremyevans commented 1 year ago

Thanks for the patch. I agree this is a good way to fix the issue.