Skip to content

Loosen API key format assertion to is_binary + byte_size > 0#1151

Merged
ericmj merged 1 commit into
mainfrom
ericmj/api-key-format-test-permissive
May 9, 2026
Merged

Loosen API key format assertion to is_binary + byte_size > 0#1151
ericmj merged 1 commit into
mainfrom
ericmj/api-key-format-test-permissive

Conversation

@ericmj
Copy link
Copy Markdown
Member

@ericmj ericmj commented May 9, 2026

The integration test asserted `byte_size(key) == 32`, which pinned the
hexpm response to a specific format. Hexpm is rolling out `hex_`-prefixed
v2 tokens (44 bytes, see hexpm/hexpm#1536) so the strict length check
now fails for any hexpm version that issues them.

Loosening to `is_binary/1` + `byte_size/1 > 0`. The remaining test
assertions (auth still works, key list still contains it, deletion
still works) cover whether the returned secret is functionally usable.
This avoids re-pinning to a different exact length and stays
forward-compatible with future hexpm token format changes.

Plan: once main is green, the same change will be applied to v2.4,
v2.3, v2.2, v2.1 maintenance branches.

@ericmj
Loosen API key format assertion to is_binary + byte_size > 0
82c5121 
The assertion locked in a 32-byte API key length. With hexpm now
issuing hex_-prefixed v2 tokens (44 bytes) alongside v1 (32 bytes),
pinning the exact length makes the integration test brittle to
hexpm-side format changes. Check that the secret is a non-empty
string and let the rest of the test verify the key actually works
for authentication.
@ericmj ericmj merged commit 115e4cc into main May 9, 2026
20 checks passed
@ericmj ericmj deleted the ericmj/api-key-format-test-permissive branch May 9, 2026 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericmj