diff --git a/example/client/app/app.go b/example/client/app/app.go index 90bb1cb..6db1597 100644 --- a/example/client/app/app.go +++ b/example/client/app/app.go @@ -17,8 +17,8 @@ import ( ) var ( - callbackPath string = "/auth/callback" - key []byte = []byte("test1234test1234") + callbackPath = "/auth/callback" + key = []byte("test1234test1234") ) func main() { diff --git a/example/client/github/github.go b/example/client/github/github.go index d9be995..45f16c1 100644 --- a/example/client/github/github.go +++ b/example/client/github/github.go @@ -16,8 +16,8 @@ import ( ) var ( - callbackPath string = "/orbctl/github/callback" - key []byte = []byte("test1234test1234") + callbackPath = "/orbctl/github/callback" + key = []byte("test1234test1234") ) func main() { diff --git a/example/client/service/service.go b/example/client/service/service.go index 34d959d..818b481 100644 --- a/example/client/service/service.go +++ b/example/client/service/service.go @@ -17,7 +17,7 @@ import ( ) var ( - client *http.Client = http.DefaultClient + client = http.DefaultClient ) func main() { diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index a39a9e4..570e8a5 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -175,6 +175,11 @@ func (s *AuthStorage) TokenRequestByRefreshToken(ctx context.Context, refreshTok func (s *AuthStorage) TerminateSession(_ context.Context, userID, clientID string) error { return nil } + +func (s *AuthStorage) RevokeToken(ctx context.Context, token string, userID string, clientID string) *oidc.Error { + return nil +} + func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey) { keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key} } @@ -294,7 +299,7 @@ func (c *ConfClient) AuthMethod() oidc.AuthMethod { } func (c *ConfClient) IDTokenLifetime() time.Duration { - return time.Duration(5 * time.Minute) + return 5 * time.Minute } func (c *ConfClient) AccessTokenType() op.AccessTokenType { return c.accessTokenType diff --git a/pkg/crypto/crypto.go b/pkg/crypto/crypto.go index a06809a..488d8a4 100644 --- a/pkg/crypto/crypto.go +++ b/pkg/crypto/crypto.go @@ -9,6 +9,10 @@ import ( "io" ) +var ( + ErrCipherTextBlockSize = errors.New("ciphertext block size is too short") +) + func EncryptAES(data string, key string) (string, error) { encrypted, err := EncryptBytesAES([]byte(data), key) if err != nil { @@ -55,8 +59,7 @@ func DecryptBytesAES(cipherText []byte, key string) ([]byte, error) { } if len(cipherText) < aes.BlockSize { - err = errors.New("Ciphertext block size is too short!") - return nil, err + return nil, ErrCipherTextBlockSize } iv := cipherText[:aes.BlockSize] cipherText = cipherText[aes.BlockSize:] diff --git a/pkg/crypto/hash.go b/pkg/crypto/hash.go index 5b9d9ae..6529249 100644 --- a/pkg/crypto/hash.go +++ b/pkg/crypto/hash.go @@ -4,12 +4,17 @@ import ( "crypto/sha256" "crypto/sha512" "encoding/base64" + "errors" "fmt" "hash" "gopkg.in/square/go-jose.v2" ) +var ( + ErrUnsupportedAlgorithm = errors.New("unsupported signing algorithm") +) + func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) { switch sigAlgorithm { case jose.RS256, jose.ES256, jose.PS256: @@ -19,7 +24,7 @@ func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) { case jose.RS512, jose.ES512, jose.PS512: return sha512.New(), nil default: - return nil, fmt.Errorf("oidc: unsupported signing algorithm %q", sigAlgorithm) + return nil, fmt.Errorf("%w: %q", ErrUnsupportedAlgorithm, sigAlgorithm) } } diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go index cf2b80a..e34543e 100644 --- a/pkg/oidc/token.go +++ b/pkg/oidc/token.go @@ -323,7 +323,7 @@ func (t *idTokenClaims) GetSignatureAlgorithm() jose.SignatureAlgorithm { return t.signatureAlg } -//SetSignatureAlgorithm implements the IDTokenClaims interface +//SetAccessTokenHash implements the IDTokenClaims interface func (t *idTokenClaims) SetAccessTokenHash(hash string) { t.AccessTokenHash = hash } diff --git a/pkg/oidc/token_request.go b/pkg/oidc/token_request.go index 21ddf3c..f260f32 100644 --- a/pkg/oidc/token_request.go +++ b/pkg/oidc/token_request.go @@ -183,7 +183,7 @@ func (j *JWTTokenRequest) GetSubject() string { return j.Subject } -//GetSubject implements the TokenRequest interface +//GetScopes implements the TokenRequest interface func (j *JWTTokenRequest) GetScopes() []string { return j.Scopes } diff --git a/pkg/oidc/userinfo.go b/pkg/oidc/userinfo.go index 2ae2acb..b4894fa 100644 --- a/pkg/oidc/userinfo.go +++ b/pkg/oidc/userinfo.go @@ -324,20 +324,20 @@ func NewUserInfoAddress(streetAddress, locality, region, postalCode, country, fo Formatted: formatted, } } -func (i *userinfo) MarshalJSON() ([]byte, error) { +func (u *userinfo) MarshalJSON() ([]byte, error) { type Alias userinfo a := &struct { *Alias Locale interface{} `json:"locale,omitempty"` UpdatedAt int64 `json:"updated_at,omitempty"` }{ - Alias: (*Alias)(i), + Alias: (*Alias)(u), } - if !i.Locale.IsRoot() { - a.Locale = i.Locale + if !u.Locale.IsRoot() { + a.Locale = u.Locale } - if !time.Time(i.UpdatedAt).IsZero() { - a.UpdatedAt = time.Time(i.UpdatedAt).Unix() + if !time.Time(u.UpdatedAt).IsZero() { + a.UpdatedAt = time.Time(u.UpdatedAt).Unix() } b, err := json.Marshal(a) @@ -345,34 +345,34 @@ func (i *userinfo) MarshalJSON() ([]byte, error) { return nil, err } - if len(i.claims) == 0 { + if len(u.claims) == 0 { return b, nil } - err = json.Unmarshal(b, &i.claims) + err = json.Unmarshal(b, &u.claims) if err != nil { - return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims) + return nil, fmt.Errorf("jws: invalid map of custom claims %v", u.claims) } - return json.Marshal(i.claims) + return json.Marshal(u.claims) } -func (i *userinfo) UnmarshalJSON(data []byte) error { +func (u *userinfo) UnmarshalJSON(data []byte) error { type Alias userinfo a := &struct { Address *userInfoAddress `json:"address,omitempty"` *Alias UpdatedAt int64 `json:"update_at,omitempty"` }{ - Alias: (*Alias)(i), + Alias: (*Alias)(u), } if err := json.Unmarshal(data, &a); err != nil { return err } - i.Address = a.Address - i.UpdatedAt = Time(time.Unix(a.UpdatedAt, 0).UTC()) + u.Address = a.Address + u.UpdatedAt = Time(time.Unix(a.UpdatedAt, 0).UTC()) - if err := json.Unmarshal(data, &i.claims); err != nil { + if err := json.Unmarshal(data, &u.claims); err != nil { return err } diff --git a/pkg/oidc/userinfo_test.go b/pkg/oidc/userinfo_test.go index c3c8b7b..114fe2d 100644 --- a/pkg/oidc/userinfo_test.go +++ b/pkg/oidc/userinfo_test.go @@ -2,8 +2,9 @@ package oidc import ( "encoding/json" - "github.com/stretchr/testify/assert" "testing" + + "github.com/stretchr/testify/assert" ) func TestUserInfoMarshal(t *testing.T) { diff --git a/pkg/op/config_test.go b/pkg/op/config_test.go index e140074..5029df8 100644 --- a/pkg/op/config_test.go +++ b/pkg/op/config_test.go @@ -61,6 +61,7 @@ func TestValidateIssuer(t *testing.T) { }, } //ensure env is not set + //nolint:errcheck os.Unsetenv(OidcDevMode) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -86,6 +87,7 @@ func TestValidateIssuerDevLocalAllowed(t *testing.T) { false, }, } + //nolint:errcheck os.Setenv(OidcDevMode, "true") for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/op/token_refresh.go b/pkg/op/token_refresh.go index 001c913..0b6d470 100644 --- a/pkg/op/token_refresh.go +++ b/pkg/op/token_refresh.go @@ -86,7 +86,7 @@ func ValidateRefreshTokenScopes(requestedScopes []string, authRequest RefreshTok return nil } -//AuthorizeCodeClient checks the authorization of the client and that the used method was the one previously registered. +//AuthorizeRefreshClient checks the authorization of the client and that the used method was the one previously registered. //It than returns the data representing the original auth request corresponding to the refresh_token func AuthorizeRefreshClient(ctx context.Context, tokenReq *oidc.RefreshTokenRequest, exchanger Exchanger) (request RefreshTokenRequest, client Client, err error) { if tokenReq.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {