• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

tecnickcom / gogen / 28938710952
100%

Build:
DEFAULT BRANCH: main
Ran 08 Jul 2026 11:25AM UTC
Jobs 1
Files 184
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

08 Jul 2026 11:18AM UTC coverage: 99.987%. Remained the same
28938710952

push

github

nicolaasuni
feat(passwordhash)!: parameter envelope, rehash API, sentinel errors, and hardening

Harden the Argon2id password hashing package against misconfiguration, forged input, and operational foot-guns, add a verifier-based rehash API and a complete sentinel-error taxonomy, and make hashing parameters machine-independent.

- Guarantee that any hash the package can mint it can also verify: the cost options (WithTime, WithMemory, WithKeyLen, WithSaltLen) now clamp to the same [floor, ceiling] range the verification path accepts, and hashing rejects out-of-envelope configurations — previously a value such as WithTime(2000) minted hashes that no verification could ever accept.
- Replace panics with errors: hashing validates its configuration and returns ErrInvalidParams for a zero-value or mutated Params (missing random source, out-of-range cost, non-argon2id algorithm or version) instead of panicking inside argon2; verification and the rehash checks reject an uninitialized receiver the same way.
- Harden verification against forged or corrupt blobs: reject encoded hash strings larger than 16 KiB before any decoding, validate the deserialized parameters against their accepted bounds, and cross-check that the salt and key byte lengths match their declared sizes.
- Add a complete sentinel-error taxonomy matchable with errors.Is: ErrPasswordTooShort, ErrPasswordTooLong, ErrInvalidParams, ErrInvalidHashData (including decode, decrypt, and oversize failures), ErrAlgoMismatch, ErrVersionMismatch, and ErrInvalidPepperKey.
- Add PasswordNeedsRehash and EncryptPasswordNeedsRehash to detect hashes minted with outdated parameters, enabling transparent re-hashing on the next successful login.
- Default parallelism is now a flat 4 lanes (RFC 9106 §4) instead of runtime.NumCPU(), so minted hashes are reproducible across heterogeneous hardware and a mixed fleet cannot enter a rehash loop; the key and salt minimums for new hashes are raised to 16 and 8 bytes.
- Enforce the min... (continued)

170 of 170 new or added lines in 2 files covered. (100.0%)

15038 of 15040 relevant lines covered (99.99%)

976.87 hits per line

Jobs
ID Job ID Ran Files Coverage
1 28938710952.1 08 Jul 2026 11:25AM UTC 184
99.99
GitHub Action Run
Source Files on build 28938710952
  • Tree
  • List 184
  • Changed 2
  • Source Changed 2
  • Coverage Changed 2
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • Github Actions Build #28938710952
  • 18c9cc5a on github
  • Prev Build on main (#28934407441)
  • Next Build on main (#28939272207)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc