From b5cf1e68778afae58849c2970ded80878f2b75b8 Mon Sep 17 00:00:00 2001
From: eliasjpr <eliasjpr@gmail.com>
Date: Sat, 12 Oct 2024 08:18:17 -0400
Subject: [PATCH] Switch default challenge method to S256

Updated the code challenge implementation to set "S256" as the default method instead of "Empty". Removed the unused "Empty" challenge variant and added error handling for unsupported methods. These changes enhance security by defaulting to the stronger S256 challenge method, aligning with best practices.
---
 spec/code_challenge_builder_spec.cr  |  4 ++--
 src/authly/code_challenge_builder.cr | 19 ++++++++-----------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/spec/code_challenge_builder_spec.cr b/spec/code_challenge_builder_spec.cr
index d215628..c1173bd 100644
--- a/spec/code_challenge_builder_spec.cr
+++ b/spec/code_challenge_builder_spec.cr
@@ -30,8 +30,8 @@ module Authly
       challenge = CodeChallengeBuilder.build
 
       it "is a valid code challenge" do
-        challenge.should be_a CodeChallengeBuilder::Empty
-        challenge.valid?("").should be_true
+        challenge.should be_a CodeChallengeBuilder::S256
+        challenge.valid?("").should be_false
       end
     end
   end
diff --git a/src/authly/code_challenge_builder.cr b/src/authly/code_challenge_builder.cr
index 40f7e44..d3f54fd 100644
--- a/src/authly/code_challenge_builder.cr
+++ b/src/authly/code_challenge_builder.cr
@@ -1,7 +1,7 @@
 require "digest/sha256"
 
 module Authly
-  alias CodeChallenge = CodeChallengeBuilder::Plain | CodeChallengeBuilder::S256 | CodeChallengeBuilder::Empty
+  alias CodeChallenge = CodeChallengeBuilder::Plain | CodeChallengeBuilder::S256
 
   module CodeChallengeBuilder
     record Plain, code : String do
@@ -16,17 +16,14 @@ module Authly
       end
     end
 
-    record Empty, code : String do
-      def valid?(code_verifier)
-        true
-      end
-    end
-
-    def self.build(challenge : String = "", method : String = "")
+    def self.build(challenge : String = "", method : String = "S256")
       case method
-      when "plain" then Plain.new(challenge)
-      when "S256"  then S256.new(challenge)
-      else              Empty.new(challenge)
+      when "plain"
+        Plain.new(challenge)
+      when "S256"
+        S256.new(challenge)
+      else
+        raise ArgumentError.new("Unsupported code challenge method: #{method}. Only 'plain' and 'S256' are supported.")
       end
     end
   end