Fix: raise clear error when signing without api_secret#442
Merged
Conversation
Add guards to cloudinary_url() and api_sign_request() to raise
ValueError("Must supply api_secret") instead of opaque TypeError when
attempting to sign without a configured secret. This matches the behavior
of other signing paths (sign_request, Search.to_url, etc.) and provides
clear guidance to OAuth-only configurations.
Changes:
- cloudinary_url(): Guard signing block to validate api_secret before use
- api_sign_request(): Guard function entry to validate api_secret parameter
- Add 7 comprehensive test cases covering all scenarios
Fixes spec: cloudinary-url-sign-without-secret.md
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Prevent workflow from running twice (once on push, once on PR) by adding a condition that skips push events when they have an associated PR. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
The previous condition (github.event.pull_request == null) did not work: github.event.pull_request is always null on push events regardless of whether a PR exists, so the redundant run was never skipped. Correct condition keeps on: [push, pull_request] and runs tests on every branch push while avoiding the duplicate when a same-repo PR exists: - push event: always runs (push to any branch, PR or not). On a push event github.event.pull_request.head.repo.fork dereferences to an empty string (falsy, no error), so the negation is true. - same-repo PR: skipped, since that push already triggered a run. - fork PR: runs via pull_request, since forks can't trigger a push here. Verified against GitHub docs: dereferencing a missing context property yields an empty string rather than an error. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add guards to
cloudinary_url()andapi_sign_request()to raiseValueError("Must supply api_secret")instead of opaqueTypeErrorwhen attempting to sign without a configured secret.This matches the behavior of other signing paths (
sign_request,Search.to_url, etc.) and provides clear guidance to OAuth-only configurations.Changes
cloudinary_url()to validate api_secret before computing signatureapi_sign_request()to validate api_secret parameterTest Results
Related
Implements spec:
cloudinary-url-sign-without-secret.md🤖 Generated with Claude Code