test(axum): cover builder methods, rotation phases, and middleware reject paths#709
Conversation
…ject paths
Adds 17 integration tests to `uselesskey-axum/tests/accessors.rs` that
close coverage gaps surfaced by the test-grid:
- `AuthExpectations::{with_issuer, with_audience, with_kid}` builders
each replace only their target field and leave the others intact
- Builder chaining round-trips to an equivalent `AuthExpectations::new`
- `AuthExpectations` `Clone` + `PartialEq` derives detect single-field
mutation
- `RotationPhase::Next` derives a kid distinct from `Primary` while
preserving issuer/audience, and is deterministic across phase rebuilds
- `verify_bearer_token` middleware reject paths: missing `Authorization`
header, non-`Bearer` scheme, empty bearer token, malformed JWT header,
and `kid` mismatch (token signed by `Next` phase against a `Primary`
verifier) each return `401` with the documented message bytes
- `MockJwtVerifierState::oidc_json` trims a single trailing slash from
`base_url` but preserves intermediate path segments, and the same
result is served by `oidc_router`
- `jwks_router` serves `MockJwtVerifierState::jwks_json` verbatim
- `inject_auth_context_layer` makes `TestAuthContext` extractable in
handler bodies
No production code changes. All new tests return `TestResult<()>` and
use `uselesskey_test_support::{ensure, ensure_eq, require_ok}` so they
add no new no-panic-family debt.
https://claude.ai/code/session_TODO
Co-authored-by: Claude <noreply@anthropic.com>
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Summary
Adds 17 integration tests in a new
crates/uselesskey-axum/tests/accessors.rsfile to close coverage gaps inuselesskey-axum. No production code changes — tests only, plus the dev-dependency onuselesskey-test-support.Gaps closed
AuthExpectations::{with_issuer, with_audience, with_kid}builder methods (previously unexercised — each replaces only its target field and leaves the others intact).AuthExpectations::new.AuthExpectationsClone+PartialEqderives (single-field mutation breaks equality).RotationPhase::Nextderives akiddistinct fromPrimarywhile preserving the configured issuer/audience, and is deterministic across phase rebuilds.verify_bearer_tokenmiddleware reject paths each return401with the documented message bytes:Authorizationheader (missing authorization header)Bearerscheme (invalid authorization scheme)empty bearer token)invalid jwt header)kidmismatch — token signed byNextphase against aPrimaryverifier (unexpected kid)MockJwtVerifierState::oidc_jsontrims a single trailing slash frombase_url(with/without slash produces an identical body) and preserves intermediate path segments; the same payload is served byoidc_router.jwks_routerservesMockJwtVerifierState::jwks_jsonverbatim.inject_auth_context_layermakesTestAuthContextextractable in handler bodies.Policy compliance
All new tests return
TestResult<()>and useuselesskey_test_support::{ensure, ensure_eq, require_ok}per the no-panic-family policy — no.unwrap()/.expect()in new test code. Existing inline tests insrc/lib.rsandtests/integration.rsare unchanged.Test plan
cargo test -p uselesskey-axum— 17 new + existing passcargo clippy -p uselesskey-axum --all-targets -- -D warningscargo fmt -p uselesskey-axum -- --checkhttps://claude.ai/code/session_TODO
Generated by Claude Code