Skip to content

Commit 0588031

Browse files
autofix-ci[bot]autofix-ci[bot]
authored
[autofix.ci] apply automated fixes
1 parent e52a87d commit 0588031

File tree

9 files changed

+192
-45
lines changed

9 files changed

+192
-45
lines changed

crates/api-keys-simplified/src/generator.rs

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -373,8 +373,13 @@ mod tests {
373373

374374
#[test]
375375
fn test_verify_checksum_dos_protection() {
376-
let generator =
377-
ApiKeyManagerV0::init("sk", KeyConfig::balanced(), HashConfig::default(), std::time::Duration::ZERO).unwrap();
376+
let generator = ApiKeyManagerV0::init(
377+
"sk",
378+
KeyConfig::balanced(),
379+
HashConfig::default(),
380+
std::time::Duration::ZERO,
381+
)
382+
.unwrap();
378383

379384
// Test oversized key rejection
380385
let huge_key = SecureString::from("a".repeat(1000));

crates/api-keys-simplified/src/token_parser.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,8 @@ mod tests {
161161
HashConfig::default()
162162
};
163163

164-
let generator = ApiKeyManagerV0::init("text", config, hash_config, std::time::Duration::ZERO).unwrap();
164+
let generator =
165+
ApiKeyManagerV0::init("text", config, hash_config, std::time::Duration::ZERO).unwrap();
165166
let ts = Utc::now();
166167
let key = if with_expiry {
167168
generator

crates/api-keys-simplified/src/validator.rs

Lines changed: 32 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -47,16 +47,21 @@ impl KeyValidator {
4747
})
4848
}
4949

50-
fn verify_expiry(&self, parts: Parts, expiry_grace_period: std::time::Duration) -> Result<KeyStatus> {
50+
fn verify_expiry(
51+
&self,
52+
parts: Parts,
53+
expiry_grace_period: std::time::Duration,
54+
) -> Result<KeyStatus> {
5155
if let Some(expiry) = parts.expiry_b64 {
5256
let decoded = URL_SAFE_NO_PAD
5357
.decode(expiry)
5458
.or(Err(Error::InvalidFormat))?;
55-
let expiry_timestamp = i64::from_be_bytes(decoded.try_into().or(Err(Error::InvalidFormat))?);
59+
let expiry_timestamp =
60+
i64::from_be_bytes(decoded.try_into().or(Err(Error::InvalidFormat))?);
5661

5762
let current_time = chrono::Utc::now().timestamp();
5863
let grace_seconds = expiry_grace_period.as_secs() as i64;
59-
64+
6065
// Key is invalid if it expired more than grace_period ago
6166
// This ensures once a key expires beyond the grace period, it stays expired
6267
// even if the clock goes backwards
@@ -156,25 +161,29 @@ mod tests {
156161
let hash = hasher.hash(&key).unwrap();
157162

158163
let (dummy_key, dummy_hash) = dummy_key_and_hash();
159-
let validator =
160-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
164+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
161165
assert_eq!(
162166
validator
163-
.verify(key.expose_secret(), hash.as_ref(), std::time::Duration::ZERO)
167+
.verify(
168+
key.expose_secret(),
169+
hash.as_ref(),
170+
std::time::Duration::ZERO
171+
)
164172
.unwrap(),
165173
KeyStatus::Valid
166174
);
167175
assert_eq!(
168-
validator.verify("wrong_key", hash.as_ref(), std::time::Duration::ZERO).unwrap(),
176+
validator
177+
.verify("wrong_key", hash.as_ref(), std::time::Duration::ZERO)
178+
.unwrap(),
169179
KeyStatus::Invalid
170180
);
171181
}
172182

173183
#[test]
174184
fn test_invalid_hash_format() {
175185
let (dummy_key, dummy_hash) = dummy_key_and_hash();
176-
let validator =
177-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
186+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
178187
let result = validator.verify("any_key", "invalid_hash", std::time::Duration::ZERO);
179188
// After timing oracle fix: invalid hash format returns Ok(Invalid) instead of Err
180189
// to prevent timing-based user enumeration attacks
@@ -190,8 +199,7 @@ mod tests {
190199
let hash = hasher.hash(&valid_key).unwrap();
191200

192201
let (dummy_key, dummy_hash) = dummy_key_and_hash();
193-
let validator =
194-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
202+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
195203
let result = validator.verify(&oversized_key, hash.as_ref(), std::time::Duration::ZERO);
196204
assert!(result.is_err());
197205
assert!(matches!(result.unwrap_err(), Error::InvalidFormat));
@@ -202,8 +210,7 @@ mod tests {
202210
let oversized_hash = "a".repeat(513); // Exceeds MAX_HASH_LENGTH
203211

204212
let (dummy_key, dummy_hash) = dummy_key_and_hash();
205-
let validator =
206-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
213+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
207214
let result = validator.verify("valid_key", &oversized_hash, std::time::Duration::ZERO);
208215
assert!(result.is_err());
209216
assert!(matches!(result.unwrap_err(), Error::InvalidFormat));
@@ -216,8 +223,7 @@ mod tests {
216223
let hash = hasher.hash(&valid_key).unwrap();
217224

218225
let (dummy_key, dummy_hash) = dummy_key_and_hash();
219-
let validator =
220-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
226+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
221227

222228
// Test at boundary (512 chars - should pass)
223229
let max_key = "a".repeat(512);
@@ -238,18 +244,25 @@ mod tests {
238244
let valid_hash = hasher.hash(&valid_key).unwrap();
239245

240246
let (dummy_key, dummy_hash) = dummy_key_and_hash();
241-
let validator =
242-
KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
247+
let validator = KeyValidator::new(true, dummy_key, dummy_hash).unwrap();
243248

244249
let result1 = validator.verify("wrong_key", valid_hash.as_ref(), std::time::Duration::ZERO);
245250
assert!(result1.is_ok());
246251
assert_eq!(result1.unwrap(), KeyStatus::Invalid);
247252

248-
let result2 = validator.verify(valid_key.expose_secret(), "invalid_hash_format", std::time::Duration::ZERO);
253+
let result2 = validator.verify(
254+
valid_key.expose_secret(),
255+
"invalid_hash_format",
256+
std::time::Duration::ZERO,
257+
);
249258
assert!(result2.is_ok());
250259
assert_eq!(result2.unwrap(), KeyStatus::Invalid);
251260

252-
let result3 = validator.verify(valid_key.expose_secret(), "not even close to valid", std::time::Duration::ZERO);
261+
let result3 = validator.verify(
262+
valid_key.expose_secret(),
263+
"not even close to valid",
264+
std::time::Duration::ZERO,
265+
);
253266
assert!(result3.is_ok());
254267
assert_eq!(result3.unwrap(), KeyStatus::Invalid);
255268
}

crates/api-keys-simplified/tests/checksum_dos_protection.rs

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,13 @@ fn test_checksum_prevents_expensive_verification() {
4444
fn test_valid_checksum_proceeds_to_argon2() {
4545
// Verify that valid checksums still go through Argon2 verification
4646
let config = KeyConfig::default().disable_checksum();
47-
let generator = ApiKeyManagerV0::init("verify", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
47+
let generator = ApiKeyManagerV0::init(
48+
"verify",
49+
config,
50+
HashConfig::default(),
51+
std::time::Duration::ZERO,
52+
)
53+
.unwrap();
4854

4955
let key = generator.generate(Environment::production()).unwrap();
5056

@@ -70,8 +76,13 @@ fn test_valid_checksum_proceeds_to_argon2() {
7076
#[test]
7177
fn test_dos_protection_comparison() {
7278
// Compare DoS resistance: with vs without checksum
73-
let with_checksum =
74-
ApiKeyManagerV0::init("dos1", KeyConfig::default(), HashConfig::default(), std::time::Duration::ZERO).unwrap();
79+
let with_checksum = ApiKeyManagerV0::init(
80+
"dos1",
81+
KeyConfig::default(),
82+
HashConfig::default(),
83+
std::time::Duration::ZERO,
84+
)
85+
.unwrap();
7586

7687
let without_checksum = ApiKeyManagerV0::init(
7788
"dos2",

crates/api-keys-simplified/tests/concurrency.rs

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,15 @@ fn test_concurrent_generation_and_uniqueness() {
5656
fn test_concurrent_verification_and_checksum() {
5757
// Tests: Argon2 thread safety, checksum verification (enabled by default), Arc-wrapped SecureString
5858
let config = KeyConfig::default();
59-
let generator = Arc::new(ApiKeyManagerV0::init("pk", config, HashConfig::default(), std::time::Duration::ZERO).unwrap());
59+
let generator = Arc::new(
60+
ApiKeyManagerV0::init(
61+
"pk",
62+
config,
63+
HashConfig::default(),
64+
std::time::Duration::ZERO,
65+
)
66+
.unwrap(),
67+
);
6068

6169
// Generate test data
6270
let mut keys_and_hashes = Vec::new();
@@ -104,7 +112,13 @@ fn test_concurrent_verification_and_checksum() {
104112
#[test]
105113
fn test_clone_safety_and_config_isolation() {
106114
// Tests: Clone safety, different configs don't interfere, cross-verification
107-
let gen1 = ApiKeyManagerV0::init("g1", KeyConfig::balanced(), HashConfig::balanced(), std::time::Duration::ZERO).unwrap();
115+
let gen1 = ApiKeyManagerV0::init(
116+
"g1",
117+
KeyConfig::balanced(),
118+
HashConfig::balanced(),
119+
std::time::Duration::ZERO,
120+
)
121+
.unwrap();
108122
let gen2_cloned = gen1.clone();
109123
let gen3 = ApiKeyManagerV0::init(
110124
"g3",

crates/api-keys-simplified/tests/configuration.rs

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,13 @@ use api_keys_simplified::{ExposeSecret, SecureStringExt};
44
#[test]
55
fn test_custom_entropy() {
66
let config = KeyConfig::new().with_entropy(16).unwrap();
7-
let generator = ApiKeyManagerV0::init("sk", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
7+
let generator = ApiKeyManagerV0::init(
8+
"sk",
9+
config,
10+
HashConfig::default(),
11+
std::time::Duration::ZERO,
12+
)
13+
.unwrap();
814
let key = generator.generate(Environment::test()).unwrap();
915

1016
assert!(key.key().len() > 10);
@@ -13,7 +19,13 @@ fn test_custom_entropy() {
1319
#[test]
1420
fn test_without_checksum() {
1521
let config = KeyConfig::default().disable_checksum();
16-
let generator = ApiKeyManagerV0::init("pk", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
22+
let generator = ApiKeyManagerV0::init(
23+
"pk",
24+
config,
25+
HashConfig::default(),
26+
std::time::Duration::ZERO,
27+
)
28+
.unwrap();
1729
let key = generator.generate(Environment::production()).unwrap();
1830

1931
// Environment "live" means production, Base64URL can contain underscores and hyphens
@@ -54,7 +66,8 @@ fn test_custom_hash_config() {
5466
let hash_config = HashConfig::custom(8192, 1, 1).unwrap();
5567

5668
let config = KeyConfig::default();
57-
let generator = ApiKeyManagerV0::init("text", config, hash_config, std::time::Duration::ZERO).unwrap();
69+
let generator =
70+
ApiKeyManagerV0::init("text", config, hash_config, std::time::Duration::ZERO).unwrap();
5871
let key = generator.generate(Environment::dev()).unwrap();
5972

6073
assert_eq!(
@@ -67,13 +80,25 @@ fn test_custom_hash_config() {
6780
fn test_entropy_boundaries() {
6881
// Minimum entropy
6982
let config_min = KeyConfig::new().with_entropy(16).unwrap();
70-
let gen_min = ApiKeyManagerV0::init("min", config_min, HashConfig::default(), std::time::Duration::ZERO).unwrap();
83+
let gen_min = ApiKeyManagerV0::init(
84+
"min",
85+
config_min,
86+
HashConfig::default(),
87+
std::time::Duration::ZERO,
88+
)
89+
.unwrap();
7190
let key_min = gen_min.generate(Environment::test()).unwrap();
7291
assert!(!key_min.key().is_empty());
7392

7493
// Maximum entropy
7594
let config_max = KeyConfig::new().with_entropy(64).unwrap();
76-
let gen_max = ApiKeyManagerV0::init("max", config_max, HashConfig::default(), std::time::Duration::ZERO).unwrap();
95+
let gen_max = ApiKeyManagerV0::init(
96+
"max",
97+
config_max,
98+
HashConfig::default(),
99+
std::time::Duration::ZERO,
100+
)
101+
.unwrap();
77102
let key_max = gen_max.generate(Environment::test()).unwrap();
78103
assert!(key_max.key().len() > key_min.key().len());
79104
}

crates/api-keys-simplified/tests/key_expiry.rs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,13 @@ fn test_expiry_without_checksum() {
196196
use api_keys_simplified::{HashConfig, KeyConfig};
197197

198198
let config = KeyConfig::default().disable_checksum();
199-
let manager = ApiKeyManagerV0::init("sk", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
199+
let manager = ApiKeyManagerV0::init(
200+
"sk",
201+
config,
202+
HashConfig::default(),
203+
std::time::Duration::ZERO,
204+
)
205+
.unwrap();
200206

201207
let past = Utc::now() - Duration::hours(1);
202208
let future = Utc::now() + Duration::hours(1);

crates/api-keys-simplified/tests/security.rs

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,13 @@ fn test_different_keys_same_hash() {
3333
#[test]
3434
fn test_checksum_validation() {
3535
let config = KeyConfig::default();
36-
let generator = ApiKeyManagerV0::init("chk", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
36+
let generator = ApiKeyManagerV0::init(
37+
"chk",
38+
config,
39+
HashConfig::default(),
40+
std::time::Duration::ZERO,
41+
)
42+
.unwrap();
3743
let with_checksum = generator.generate(Environment::test()).unwrap();
3844
assert!(generator.verify_checksum(with_checksum.key()).unwrap());
3945

@@ -75,7 +81,13 @@ fn test_collision_resistance() {
7581
#[test]
7682
fn test_key_format_consistency() {
7783
let config = KeyConfig::default();
78-
let generator = ApiKeyManagerV0::init("format", config, HashConfig::default(), std::time::Duration::ZERO).unwrap();
84+
let generator = ApiKeyManagerV0::init(
85+
"format",
86+
config,
87+
HashConfig::default(),
88+
std::time::Duration::ZERO,
89+
)
90+
.unwrap();
7991
let key = generator.generate(Environment::test()).unwrap();
8092
let key_str = key.key().expose_secret();
8193

0 commit comments

Comments
 (0)