From 82c51213b2bf1f49b1c3445207f0b52f7926d5c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Sat, 9 May 2026 13:16:58 -0700 Subject: [PATCH] Loosen API key format assertion to is_binary + byte_size > 0 The assertion locked in a 32-byte API key length. With hexpm now issuing hex_-prefixed v2 tokens (44 bytes) alongside v1 (32 bytes), pinning the exact length makes the integration test brittle to hexpm-side format changes. Check that the secret is a non-empty string and let the rest of the test verify the key actually works for authentication. --- test/hex/api_test.exs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/hex/api_test.exs b/test/hex/api_test.exs index 2e92d094..969cbc6c 100644 --- a/test/hex/api_test.exs +++ b/test/hex/api_test.exs @@ -73,8 +73,8 @@ defmodule Hex.APITest do assert {:ok, {201, _, %{"secret" => key_a}}} = Hex.API.Key.new("key_a", permissions, auth) assert {:ok, {201, _, %{"secret" => key_b}}} = Hex.API.Key.new("key_b", permissions, auth) - assert byte_size(key_a) == 32 - assert byte_size(key_b) == 32 + assert is_binary(key_a) and byte_size(key_a) > 0 + assert is_binary(key_b) and byte_size(key_b) > 0 auth = [key: key_a] Hexpm.new_package("hexpm", "melon", "0.0.1", %{}, %{}, auth) @@ -91,8 +91,8 @@ defmodule Hex.APITest do auth = [user: "user", pass: "hunter42"] assert {:ok, {201, _, %{"secret" => key_c}}} = Hex.API.Key.new("key_c", permissions, auth) assert {:ok, {201, _, %{"secret" => key_d}}} = Hex.API.Key.new("key_d", permissions, auth) - assert byte_size(key_c) == 32 - assert byte_size(key_d) == 32 + assert is_binary(key_c) and byte_size(key_c) > 0 + assert is_binary(key_d) and byte_size(key_d) > 0 auth_c = [key: key_c] auth_d = [key: key_d]