go-pkgz / auth / 25611934022 / 1
85%
master: 85%

LAST BUILD BRANCH: refs/tags/v2.1.3
DEFAULT BRANCH: master
Ran
Files 25
Run time 0s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.291% (+0.09%) from 85.199%
25611934022.1

Pull #289

github

paskal 
fix(verify): close service-level typed-nil store + adapter-author guidance

Followups to #281 (verify replay protection) raised on the post-merge
review. None blocking, all small.

1. Service-level typed-nil VerifConfirmationStoreFunc guard. The
   handler-level guard added in round 2 normalizes a typed-nil func to
   nil, but the AddVerifProvider check at auth.go was still a plain
   `s.opts.VerifConfirmationStore != nil` test. A typed-nil
   VerifConfirmationStoreFunc is a non-nil interface wrapping a nil
   func, so it survived that check, the in-memory default was skipped,
   and at redemption the handler's typed-nil guard normalized it to
   nil — net result: a user who wrote
   `Opts{VerifConfirmationStore: VerifConfirmationStoreFunc(nil)}`
   got neither their func nor the default, and replay protection was
   silently disabled for that exact configuration.

   Same shape as the *avatar.Proxy typed-nil case fixed in #286 with a
   different consequence (silent loss of protection vs panic). Apply
   the same shape of guard one layer up. New regression test
   TestService_AddVerifProvider_TypedNilStoreFuncFallsBackToDefault in
   both v1 and v2.

2. gofmt -w on auth.go / v2/auth.go. The verifConfirmStoreO ->
   verifConfirmStoreOnce rename in #281 made the field longer than the
   surrounding column alignment. Cosmetic; CI doesn't enforce gofmt
   but a noisy IDE-on-save diff for the next contributor.

3. scrubTokenFromRequest unit test (TestScrubTokenFromRequest) in both
   v1 and v2 — covers the defensive early-return that coveralls flagged
   as uncovered after #281 (token-missing returns r unchanged, nil r
   returns nil, token-present returns redacted clone with other query
   params preserved).

4. Adapter-author guidance on VerifConfirmationStore.MarkUsed godoc:
   tells external Redis/DB adapter authors not to embed the supplied
   key in returned errors, since the handler logs err on the
   fail-closed branch and the key is the SHA-256 o... (continued)
Pull Request #289: fix(verify): close service-level typed-nil store + adapter-author guidance

2963 of 3474 relevant lines covered (85.29%)

8.07 hits per line

Source Files on job 25611934022.1