From d8c87e3779ebfd77d2f2f4de523825eac9bcc8a0 Mon Sep 17 00:00:00 2001
From: Geoff Lane <geoff@zorched.net>
Date: Thu, 24 Nov 2022 13:31:57 -0500
Subject: [PATCH] Users should be able to change most config values at runtime
 (#715)

---
 CHANGELOG.md                |  5 +++++
 lib/guardian.ex             | 24 ++++++++++++++----------
 lib/guardian/permissions.ex |  2 +-
 mix.exs                     |  2 +-
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27cb60acd..210c0b387 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v2.3.1
+
+* Change compile time loading of configuration to only load permissions
+  allowing the app to change things like ttl or secret key at runtime
+
 ## v2.3.0
 
 * Fix warning about the usage of `Application.get_env` in the module scope
diff --git a/lib/guardian.ex b/lib/guardian.ex
index 6e5529bad..91be6a123 100644
--- a/lib/guardian.ex
+++ b/lib/guardian.ex
@@ -340,16 +340,20 @@ defmodule Guardian do
       the_otp_app = unquote(otp_app)
       the_opts = unquote(opts)
 
-      # Provide a way to get at the configuration during compile time
-      # for other macros that may want to use them
-      @config fn ->
-        the_otp_app |> Application.compile_env(__MODULE__, []) |> Keyword.merge(the_opts)
-      end
-      @config_with_key fn key ->
-        @config.() |> Keyword.get(key) |> Guardian.Config.resolve_value()
-      end
-      @config_with_key_and_default fn key, default ->
-        @config.() |> Keyword.get(key, default) |> Guardian.Config.resolve_value()
+      # Provide a way to get at the permissions during compile time. Uses
+      # permissions from config if they are available and falls back to the
+      # permissins defined on the `use Guardian` implementation
+      #
+      # NOTE: Generally you can't use compile_env for most keys because that
+      # would prevent people from changing them at runtime for differen
+      # environements.And hardcoding secret keys wouldn't be considered a good
+      # practice.
+      @config_permissions fn ->
+        perms =
+          Application.compile_env(the_otp_app, [__MODULE__, :permissions]) ||
+            Keyword.get(the_opts, :permissions, [])
+
+        Guardian.Config.resolve_value(perms)
       end
 
       @doc """
diff --git a/lib/guardian/permissions.ex b/lib/guardian/permissions.ex
index c3b090c52..1db8296bb 100644
--- a/lib/guardian/permissions.ex
+++ b/lib/guardian/permissions.ex
@@ -137,7 +137,7 @@ defmodule Guardian.Permissions do
 
       defdelegate max(), to: Guardian.Permissions
 
-      raw_perms = @config_with_key.(:permissions)
+      raw_perms = @config_permissions.()
 
       unless raw_perms do
         raise "Permissions are not defined for #{to_string(__MODULE__)}"
diff --git a/mix.exs b/mix.exs
index 720ddab2a..0f33c00e0 100644
--- a/mix.exs
+++ b/mix.exs
@@ -2,7 +2,7 @@ defmodule Guardian.Mixfile do
   @moduledoc false
   use Mix.Project
 
-  @version "2.3.0"
+  @version "2.3.1"
   @url "https://github.com/ueberauth/guardian"
   @maintainers [
     "Daniel Neighman",