test(auth,gateway): cover pending-less pair and window slide guard#50
Conversation
Pin auth_pair's 16-token store cap (oldest eviction), reject non-6-digit codes, and reject length-mismatched bearer tokens to reduce auth DoS and bypass regression risk.
2772e39 to
a9c47a7
Compare
PR SummaryLow Risk Overview
Reviewed by Cursor Bugbot for commit 840d4ef. Bugbot is set up for automated code reviews on this repo. Configure here. |
Pin lockout_find_or_create's full-table policy: the 33rd IP reuses slot 0, dropping the first IP's lockout while later slots stay locked.
Reject auth_pair when no pairing code was issued, and prove over-limit ASAP hits near the window edge do not extend window_start so clients still regain a full RPM allowance after the original window expires.
a9c47a7 to
840d4ef
Compare
Summary
auth_pairwhen no pending pairing code was issued (fail closed).window_startcannot be slid forward.Risky behavior now covered
Test files added/updated
tests/test_auth.c—test_auth_pair_rejects_without_pending_codetests/test_rate_limit.c—test_limited_calls_do_not_extend_windowWhy this reduces regression risk
These are auth fail-closed and rate-limit availability edge paths. A silent refactor that issues tokens without a pending code, or that refreshes
window_starton every limited hit, would otherwise ship without CI signal.Validation
Both binaries reported all tests passed.
Notes
Does not overlap open drafts #48/#49 or branch
cursor/test-coverage-automation-c4f4(table-full / single-use pairing).