test(token): cover negative_value JWT variants and isolation invariants#737
Conversation
Adds 11 integration tests in
`crates/uselesskey-token/tests/negative_value_variants.rs` that close gaps
in `TokenFixture::negative_value` coverage. Previously
`negative_fixtures.rs` exercised only 5 of the 12 `NegativeToken` variants
at the public-fixture layer; the JWT-shaped variants were only tested via
the internal `generate_negative_token` helper.
New coverage:
- All 7 previously untested JWT variants via the public `negative_value`
surface: `MalformedJwtSegmentCount`, `BadBase64UrlSegment`,
`InvalidJwtHeaderShape`, `MissingAlg`, `AlgNone`, `MismatchedKid`,
`NotYetValidClaims`.
- Per-variant cross-factory determinism: same seed yields the same
negative value across separate `Factory` instances for every JWT
variant.
- Isolation: calling `negative_value` for any variant does not perturb
the positive token value (cache-by-identity invariant).
- Debug redaction: `Debug` does not leak either the positive or the
cached negative value.
- Distinctness: the 7 JWT negative variants yield mutually distinct
outputs and each differs from the positive token.
Tests use `Factory::deterministic_from_str` and
`uselesskey_test_support::{ensure, ensure_eq, require_some, require_ok}`
plus explicit `match` patterns instead of `.unwrap()` / `.expect()` so no
new no-panic-family debt is introduced. The only non-test change is
adding `uselesskey-test-support` to `[dev-dependencies]`.
https://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Summary
Adds 11 focused integration tests in
crates/uselesskey-token/tests/negative_value_variants.rsthat close gaps inTokenFixture::negative_valuecoverage.Previously
tests/negative_fixtures.rsexercised only 5 of the 12NegativeTokenvariants at the public-fixture layer:ExpiredClaims,BadIssuer,BadAudience,MalformedBearer,NearMissApiKeygenerate_negative_tokenhelper:MalformedJwtSegmentCount,BadBase64UrlSegment,InvalidJwtHeaderShape,MissingAlg,AlgNone,MismatchedKid,NotYetValidClaimsGaps closed
public
TokenFixture::negative_valuesurface, validating shape and keypayload/header fields that match what a downstream JWT validator would
reject on.
negative value across separate
Factoryinstances for every JWTvariant.
negative_valuefor any variantdoes not perturb the cached positive token value.
Debugdoes not leak either the positive or thecached negative value.
outputs and each differs from the positive token.
Notes
Factory::deterministic_from_strfor reproducibility.uselesskey_test_support::{ensure, ensure_eq, require_some, require_ok}plus explicit
matchinstead of.unwrap()/.expect()so no newno-panic-family debt is introduced (
cargo xtask check-no-panic-familyflags no new sites in this file).
uselesskey-test-supportto[dev-dependencies].Test plan
cargo test -p uselesskey-token --test negative_value_variants(11 passed)cargo test -p uselesskey-token(full crate, all passed includingdoctests and inline tests)
cargo clippy -p uselesskey-token --all-targets -- -D warnings(clean)cargo xtask check-no-panic-familydoes not flag the new filehttps://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM
Generated by Claude Code