go-pkgz / auth / 26203179848 / 1
85%
master: 85%

DEFAULT BRANCH: master
Ran
Files 25
Run time 0s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.425% (+0.03%) from 85.395%
26203179848.1

push

github

umputun 
docs: package-wide comment sweep (non-security)

Pre-existing comment drift in files unrelated to the recent security fix —
unrelated docstrings that misled, said the wrong thing, or were copy-paste
leftovers. Mirrored across v1 and v2.

The security-fix docstring fixes (avatar/avatar.go security comments and
auth.go withSecurityHeaders) live in PR #291 and are intentionally NOT
included here so the two PRs stay independent.

Findings:

  * avatar/gridfs.go — ID doc claimed MD5 sourced from gridfs; metadata.hash
    is the sha1 written at Put time.
  * avatar/bolt.go, avatar/gridfs.go — Put docs and BoltDB type doc claimed
    these layers "resize" the image; they only copy bytes. Resize happens
    in Proxy.resize upstream.
  * avatar/store.go — Migrate doc didn't mention that per-avatar Get/Put/Close
    errors are logged and skipped, and that the returned count is "ids
    attempted", not "ids stored".
  * provider/oauth1.go — initOauth1Handler doc and DEBUG log both said
    "oauth2".
  * provider/service.go — Service.Handler doc said "returns auth routes";
    it dispatches login/callback/logout.
  * provider/telegram.go — processUpdates claimed to return an offset (no
    return value); checkToken doc described an "address or empty string"
    return shape but the signature is (*token.User, error).
  * provider/verify.go — Sender interface doc locked the contract to "send
    emails", contradicting the broader "email, IM, or anything else" on
    VerifyHandler. AuthHandler comment was copy-pasted from direct.
  * provider/dev_provider.go — NewDev doc said "for admin user"; just makes
    the dev oauth2 provider.
  * middleware/user_updater.go — UserUpdFunc adapter doc said result "is a
    Handler"; implements UserUpdater.
  * logger/interface.go — Func adapter doc said "Logf calls f(id)"; actually
    calls f(format, args...).
  * token/jwt.go — SendJWTHeader option doc said "instead of cookie"; Set
    sends header AND cookie. Set doc referenc... (continued)

3042 of 3561 relevant lines covered (85.43%)

8.3 hits per line

Source Files on job 26203179848.1