🩹 [Patch]: Linting passes on all platforms (#25)

MariusStorhaug · Copilot · web-flow · commit fdca4e556c64 · 2026-05-12T20:43:41.000+02:00
The `Lint-SourceCode` and `Lint-Module` CI jobs now pass on Linux, macOS, and Windows. All `PSAvoidLongLines` violations that blocked the pipeline after PR #18 was merged have been resolved by extracting long error message strings into local variables and splitting long inline conditionals across multiple lines. - Fixes #24 ## Fixed: Linting no longer fails on any platform `PSScriptAnalyzer` reported a `PSAvoidLongLines` violation (line length > 120 characters) in three source files, causing every platform leg of both `Lint-SourceCode` and `Lint-Module` to exit with code 1 and preventing `Get-TestResults` from completing successfully. The affected lines were all `throw` statements with long interpolated error messages and one long inline `if/else` expression used to set an HMAC key. Each has been reformatted — long messages extracted into a `$message` variable, and the inline conditional split across multiple lines. No error types, parameter names, function signatures, or observable behaviors changed. All 31 Pester tests pass locally after the reformatting. ## Technical Details - **`New-Jwt.ps1`** — 7 violations fixed: `throw` messages on lines 80, 90, 101, 106, 128, 144 extracted to `$message` variables; `$hmacsha256.Key = if (...) {...} else {...}` on line 132 split across multiple lines. - **`Test-Jwt.ps1`** — 6 violations fixed: same patterns as `New-Jwt.ps1` (lines 78, 88, 103, 121, 125, 154). - **`ConvertTo-Base64UrlString.ps1`** — 2 violations fixed: `.NOTES` comment wrapped at a word boundary (line 24); `throw` message extracted via an intermediate `$type` variable to stay within 120 chars (line 51). - **Implementation plan progress**: All tasks completed — source fixes in all three files applied, `Invoke-ScriptAnalyzer` returns no `PSAvoidLongLines` results, and all 31 Pester tests pass. --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
diff --git a/src/functions/public/ConvertTo-Base64UrlString.ps1 b/src/functions/public/ConvertTo-Base64UrlString.ps1
@@ -21,7 +21,8 @@
         System.String
 
         .NOTES
-        Converts standard base64 output to JWT-safe base64url text by replacing URL-sensitive characters and removing padding.
+        Converts standard base64 output to JWT-safe base64url text by replacing URL-sensitive
+        characters and removing padding.
 
         .LINK
         https://psmodule.io/Jwt/Functions/ConvertTo-Base64UrlString/
@@ -48,7 +49,9 @@
         } elseif ($InputObject -is [byte[]]) {
             [Convert]::ToBase64String($InputObject) -replace '\+', '-' -replace '/', '_' -replace '='
         } else {
-            throw [System.ArgumentException]::new("ConvertTo-Base64UrlString requires string or byte array input, received $($InputObject.GetType())")
+            $type = $InputObject.GetType()
+            $message = "ConvertTo-Base64UrlString requires string or byte array input, received $type"
+            throw [System.ArgumentException]::new($message)
         }
     }
 
diff --git a/src/functions/public/New-Jwt.ps1 b/src/functions/public/New-Jwt.ps1
@@ -77,7 +77,8 @@
         try {
             $algorithm = (ConvertFrom-Json -InputObject $Header -ErrorAction Stop).alg
         } catch {
-            throw [System.FormatException]::new("The supplied JWT header is not valid JSON. Header length: $($Header.Length) characters.")
+            $message = "The supplied JWT header is not valid JSON. Header length: $($Header.Length) characters."
+            throw [System.FormatException]::new($message)
         }
         if ([string]::IsNullOrEmpty($algorithm)) {
             throw [System.FormatException]::new('The JWT header is missing the required "alg" claim.')
@@ -87,7 +88,8 @@
         try {
             $null = ConvertFrom-Json -InputObject $PayloadJson -ErrorAction Stop
         } catch {
-            throw [System.FormatException]::new("The supplied JWT payload is not valid JSON. Payload length: $($PayloadJson.Length) characters.")
+            $message = "The supplied JWT payload is not valid JSON. Payload length: $($PayloadJson.Length) characters."
+            throw [System.FormatException]::new($message)
         }
 
         $encodedHeader = ConvertTo-Base64UrlString $Header
@@ -98,12 +100,14 @@
         switch ($algorithm) {
             'RS256' {
                 if (-not $PSBoundParameters.ContainsKey('Cert')) {
-                    throw [System.ArgumentException]::new('RS256 requires a -Cert parameter of type X509Certificate2.', 'Cert')
+                    $message = 'RS256 requires a -Cert parameter of type X509Certificate2.'
+                    throw [System.ArgumentException]::new($message, 'Cert')
                 }
                 Write-Verbose "Signing certificate: $($Cert.Subject)"
                 $rsa = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($Cert)
                 if ($null -eq $rsa) {
-                    throw [System.ArgumentException]::new('The supplied certificate has no RSA private key and cannot be used to sign.', 'Cert')
+                    $message = 'The supplied certificate has no RSA private key and cannot be used to sign.'
+                    throw [System.ArgumentException]::new($message, 'Cert')
                 } else {
                     try {
                         $signature = $rsa.SignData(
@@ -125,11 +129,16 @@
                     throw [System.ArgumentException]::new('HS256 requires a -Secret parameter.', 'Secret')
                 }
                 if ($Secret -isnot [byte[]] -and $Secret -isnot [string]) {
-                    throw [System.ArgumentException]::new("Expected Secret parameter as byte array or string, instead got $($Secret.GetType())", 'Secret')
+                    $message = "Expected Secret parameter as byte array or string, instead got $($Secret.GetType())"
+                    throw [System.ArgumentException]::new($message, 'Secret')
                 }
                 $hmacsha256 = [System.Security.Cryptography.HMACSHA256]::new()
                 try {
-                    $hmacsha256.Key = if ($Secret -is [byte[]]) { $Secret } else { [System.Text.Encoding]::UTF8.GetBytes($Secret) }
+                    $hmacsha256.Key = if ($Secret -is [byte[]]) {
+                        $Secret
+                    } else {
+                        [System.Text.Encoding]::UTF8.GetBytes($Secret)
+                    }
                     $encodedSignature = ConvertTo-Base64UrlString $hmacsha256.ComputeHash($contentBytes)
                 } catch {
                     throw [System.Exception]::new("Signing with HMACSHA256 failed: $_", $_.Exception)
@@ -141,7 +150,8 @@
                 $encodedSignature = $null
             }
             default {
-                throw [System.NotSupportedException]::new('The algorithm is not one of the supported: "RS256", "HS256", "none".')
+                $message = 'The algorithm is not one of the supported: "RS256", "HS256", "none".'
+                throw [System.NotSupportedException]::new($message)
             }
         }
 
diff --git a/src/functions/public/Test-Jwt.ps1 b/src/functions/public/Test-Jwt.ps1
@@ -75,7 +75,8 @@ function Test-Jwt {
         try {
             $algorithm = (ConvertFrom-Json -InputObject $header -ErrorAction Stop).alg
         } catch {
-            throw [System.FormatException]::new("The supplied JWT header segment is not valid JSON. Header length: $($header.Length) characters.")
+            $message = "The supplied JWT header segment is not valid JSON. Header length: $($header.Length) characters."
+            throw [System.FormatException]::new($message)
         }
         if ([string]::IsNullOrEmpty($algorithm)) {
             throw [System.FormatException]::new('The JWT header is missing the required "alg" claim.')
@@ -85,7 +86,8 @@ function Test-Jwt {
         switch ($algorithm) {
             'RS256' {
                 if (-not $PSBoundParameters.ContainsKey('Cert')) {
-                    throw [System.ArgumentException]::new('RS256 requires a -Cert parameter of type X509Certificate2.', 'Cert')
+                    $message = 'RS256 requires a -Cert parameter of type X509Certificate2.'
+                    throw [System.ArgumentException]::new($message, 'Cert')
                 }
                 if ([string]::IsNullOrEmpty($parts[2])) {
                     return $false
@@ -100,7 +102,8 @@ function Test-Jwt {
                 $computed = [System.Security.Cryptography.SHA256]::HashData($signedContent)
                 $rsa = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPublicKey($Cert)
                 if ($null -eq $rsa) {
-                    throw [System.ArgumentException]::new('The supplied certificate has no RSA public key and cannot be used to verify.', 'Cert')
+                    $message = 'The supplied certificate has no RSA public key and cannot be used to verify.'
+                    throw [System.ArgumentException]::new($message, 'Cert')
                 }
                 try {
                     $rsa.VerifyHash(
@@ -118,11 +121,16 @@ function Test-Jwt {
                     throw [System.ArgumentException]::new('HS256 requires a -Secret parameter.', 'Secret')
                 }
                 if ($Secret -isnot [byte[]] -and $Secret -isnot [string]) {
-                    throw [System.ArgumentException]::new("Expected Secret parameter as byte array or string, instead got $($Secret.GetType())", 'Secret')
+                    $message = "Expected Secret parameter as byte array or string, instead got $($Secret.GetType())"
+                    throw [System.ArgumentException]::new($message, 'Secret')
                 }
                 $hmacsha256 = [System.Security.Cryptography.HMACSHA256]::new()
                 try {
-                    $hmacsha256.Key = if ($Secret -is [byte[]]) { $Secret } else { [System.Text.Encoding]::UTF8.GetBytes($Secret) }
+                    $hmacsha256.Key = if ($Secret -is [byte[]]) {
+                        $Secret
+                    } else {
+                        [System.Text.Encoding]::UTF8.GetBytes($Secret)
+                    }
                     $signedContent = [System.Text.Encoding]::UTF8.GetBytes($parts[0] + '.' + $parts[1])
                     $signature = $hmacsha256.ComputeHash($signedContent)
                     if (-not $parts[2]) {
@@ -151,7 +159,8 @@ function Test-Jwt {
                 $parts[2] -eq ''
             }
             default {
-                throw [System.NotSupportedException]::new('The algorithm is not one of the supported: "RS256", "HS256", "none".')
+                $message = 'The algorithm is not one of the supported: "RS256", "HS256", "none".'
+                throw [System.NotSupportedException]::new($message)
             }
         }
     }
