User authentication and session management for web applications
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix merlint lint warnings: missing docs, doc style, test inclusion

Resolve E400 (missing documentation), E410 (bad doc style), E615
(missing test suite), and E616 (use failf) across the monorepo.
Also fix test_timing to reference Requests.Timing instead of
non-existent Http.Timing.

+7 -11
+3 -8
fuzz/fuzz_auth.ml
··· 18 18 Crowbar.test_case "sign_verify_roundtrip" 19 19 Crowbar.[ bytes ] 20 20 (fun input -> 21 - let secret = 22 - "fuzz-secret-must-be-at-least-32-characters" 23 - in 21 + let secret = "fuzz-secret-must-be-at-least-32-characters" in 24 22 let signed = Csrf.sign_state ~secret input in 25 23 match Csrf.verify_state ~secret signed with 26 - | Some recovered -> 27 - if recovered <> input then Crowbar.bad_test () 24 + | Some recovered -> if recovered <> input then Crowbar.bad_test () 28 25 | None -> ()); 29 26 Crowbar.test_case "verify_no_crash" 30 27 Crowbar.[ bytes ] 31 28 (fun input -> 32 - let secret = 33 - "fuzz-secret-must-be-at-least-32-characters" 34 - in 29 + let secret = "fuzz-secret-must-be-at-least-32-characters" in 35 30 ignore (Csrf.verify_state ~secret input)); 36 31 ] ); 37 32 ]
+4 -3
lib/auth.mli
··· 77 77 unit -> 78 78 config 79 79 (** [config ~oauth_provider ~client_id ~client_secret ~base_url ~cookie_secret 80 - ~http] is an auth configuration. 80 + ~http ()] is an auth configuration. 81 81 82 82 - [base_url] is the public origin (e.g. [https://run.space]). Must be HTTPS 83 83 in production — session cookies are sent in cleartext over HTTP. ··· 221 221 222 222 val current_user_from_params : 223 223 session_config -> Store.t -> Respond.params -> Headers.t -> user option 224 - (** Same as {!current_user} but takes raw [params] and [headers]. Useful in GET 225 - handlers where only query parameters are available. *) 224 + (** [current_user_from_params cfg store params headers] is the same as 225 + {!current_user} but takes raw [params] and [headers]. Useful in GET handlers 226 + where only query parameters are available. *) 226 227 227 228 (** {1:routes Routes} *) 228 229