Skip to content

Comments

fix(jwt): correct docs and remove dead code#63

Merged
vabatta merged 5 commits intomainfrom
fix/jwt-docs-coverage
Jan 21, 2026
Merged

fix(jwt): correct docs and remove dead code#63
vabatta merged 5 commits intomainfrom
fix/jwt-docs-coverage

Conversation

@vabatta
Copy link
Contributor

@vabatta vabatta commented Jan 21, 2026
edited
Loading

Summary

  • Fix documentation bug: --verify flag doesn't exist, corrected to -k/--key
  • Add tests for edge cases (empty JWT parts, invalid base64 in payload)
  • Remove dead code paths that can never be reached
  • Add kcov-exclude markers for environment-dependent code

Changes

Documentation

  • Fixed examples in manpage using non-existent --verify flag

Dead Code Removed

  • base64url_to_base64 remainder=1 case (mathematically impossible for valid base64)
  • get_openssl_digest default case (verify_signature validates algorithm first)
  • jwt_sig_to_der default case (only called with valid key_bits)
  • jwt_sig_to_der failure handling in verify_ecdsa (can't fail with valid inputs)

Tests Added

  • Empty header/payload/signature part detection
  • Invalid base64 in payload

kcov-exclude Markers

Environment-dependent code that can't be tested in CI:

  • jwt_warn - only called when OpenSSL version warnings fire
  • check_dependencies - can't mock missing openssl/xxd
  • LibreSSL detection branch
  • OpenSSL 3.x version warning path
  • EdDSA digest case (requires OpenSSL 3.x)

Coverage

Before: ~91% → After: 100% (excluding environment-dependent code)

@vabatta
fix(jwt): correct docs and add kcov-exclude markers
03a9af8 
Documentation:
- Fix examples using non-existent --verify flag to use -k/--key

Coverage markers (kcov can't track these):
- decode.sh: base64 remainder=1 case (impossible for valid input)
- verify.sh: defensive fallbacks for unsupported algorithms
- main.sh: TTY detection (ShellSpec uses pipes)
@github-actions
Copy link

github-actions bot commented Jan 21, 2026
edited
Loading

📊 Coverage Report

Script Coverage Change
jwt 88.58% → 99.48% +10.90% ⬆️

@vabatta
test(jwt): add coverage tests and kcov-exclude markers
ae17a3e 
- Add tests for empty JWT parts (header, payload, signature)
- Add test for invalid base64 in payload
- Add kcov-exclude for environment-dependent code:
  - jwt_warn (only called on OpenSSL version warnings)
  - check_dependencies (can't mock missing openssl/xxd)
  - get_openssl_major_version LibreSSL branch
  - check_algorithm_support OpenSSL 3.x warning path
  - ECDSA signature conversion failure (defensive)
@vabatta
chore(jwt): kcov-ignore EdDSA digest (requires OpenSSL 3.x)
36f51d4
@vabatta
refactor(jwt): remove impossible base64 remainder=1 case
7ea79d7
@vabatta
refactor(jwt): remove dead code paths
998059c 
- Remove get_openssl_digest default case (verify_signature validates first)
- Remove jwt_sig_to_der default case (only called with valid key_bits)
- Remove jwt_sig_to_der failure handling (can't fail with valid inputs)
- Remove wrong kcov-exclude from verify_signature default (IS reachable)
@vabatta vabatta changed the title fix(jwt): correct docs and add kcov-exclude markers fix(jwt): correct docs and remove dead code Jan 21, 2026
@vabatta vabatta merged commit cc82848 into main Jan 21, 2026
10 checks passed
@vabatta vabatta deleted the fix/jwt-docs-coverage branch January 21, 2026 13:22
@github-actions github-actions bot mentioned this pull request Jan 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vabatta