search

lcpojr / watcher_ex

An Oauth2 server interelly in elixir.
Apache License 2.0
10 stars 3 forks source link

Policies validation #69

Open dcdourado opened 3 years ago

dcdourado commented 3 years ago

I was reading the policies on authorizer app and something came into my mind when I read the validation part. Shouldn't we catch all on validation failure? I mean, when the first function clause doesn't match.

  def validate(%Conn{private: %{session: session}} = context) when is_map(session) do
    case session do
      %{subject_id: id, subject_type: type} when is_binary(id) and type in @subject_types ->
        Logger.debug("Policity #{__MODULE__} validated with success")
        {:ok, context}

      _any ->
        Logger.error("Policy #{__MODULE__} failed on validation because session is invalid")
        {:error, :unauthorized}
    end
  end

  def validate(%Conn{private: %{session: _}}) do
    Logger.error("Policy #{__MODULE__} failed on validation because session was not found")
    {:error, :unauthorized}
  end

The difference is that it returns a 50x instead of 403 because the process dies (right?)

lcpojr commented 3 years ago

I don't get it. Could please give me an example of how would you do it?