forked from vikunja/vikunja
Fix golint errors
This commit is contained in:
parent
27891e4492
commit
93dee49b25
|
@ -80,3 +80,11 @@ issues:
|
|||
- text: "Missed string"
|
||||
linters:
|
||||
- goheader
|
||||
- path: pkg/modules/auth/identityawareproxy/middleware_test.go
|
||||
text: "G101:" # We don't care about hardcoded credentials in this test
|
||||
linters:
|
||||
- gosec
|
||||
- path: pkg/modules/auth/auth.go
|
||||
text: "stutters"
|
||||
linters:
|
||||
- golint
|
||||
|
|
|
@ -60,7 +60,7 @@ const (
|
|||
AuthOpenIDRedirectURL Key = `auth.openid.redirecturl`
|
||||
AuthOpenIDProviders Key = `auth.openid.providers`
|
||||
AuthIdentityAwareProxyEnabled Key = `auth.identityawareproxy.enabled`
|
||||
AuthIdentityAwareProxyJwksUri Key = `auth.identityawareproxy.jwksuri`
|
||||
AuthIdentityAwareProxyJwksURI Key = `auth.identityawareproxy.jwksuri`
|
||||
AuthIdentityAwareProxyJwtHeader Key = `auth.identityawareproxy.jwtheader`
|
||||
|
||||
LegalImprintURL Key = `legal.imprinturl`
|
||||
|
|
|
@ -153,7 +153,7 @@ func GetAuthFromClaims(c echo.Context) (a web.Auth, err error) {
|
|||
return getLinkShareFromClaims(claims)
|
||||
}
|
||||
if claims.Type == AuthTypeUser {
|
||||
return getUserFromClaims(claims)
|
||||
return getUserFromClaims(claims), nil
|
||||
}
|
||||
if authProvider, ok := authProviders[claims.Type]; ok {
|
||||
return authProvider.GetWebAuth(c, claims)
|
||||
|
@ -178,7 +178,7 @@ func getLinkShareFromClaims(claims *AuthClaims) (share *models.LinkSharing, err
|
|||
}
|
||||
|
||||
// getUserFromClaims Returns a new user from jwt claims
|
||||
func getUserFromClaims(claims *AuthClaims) (u *user.User, err error) {
|
||||
func getUserFromClaims(claims *AuthClaims) (u *user.User) {
|
||||
u = &user.User{
|
||||
ID: claims.UserID,
|
||||
Email: claims.UserEmail,
|
||||
|
@ -223,10 +223,7 @@ func RenewToken(s *xorm.Session, c echo.Context) (token string, err error) {
|
|||
return NewLinkShareJWTAuthtoken(share)
|
||||
}
|
||||
if claims.Type == AuthTypeUser {
|
||||
oldUser, err := getUserFromClaims(claims)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
oldUser := getUserFromClaims(claims)
|
||||
u, err := user.GetUserWithEmail(s, &user.User{ID: oldUser.ID})
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
|
@ -32,6 +32,7 @@ func TestGetOrCreateUser(t *testing.T) {
|
|||
u, err := GetOrCreateUserFromExternalAuth(s, "https://some.issuer", "12345", "test@example.com", "", "someUserWhoDoesNotExistYet")
|
||||
assert.NoError(t, err)
|
||||
err = s.Commit()
|
||||
assert.NoError(t, err)
|
||||
|
||||
db.AssertExists(t, "users", map[string]interface{}{
|
||||
"id": u.ID,
|
||||
|
|
|
@ -48,7 +48,7 @@ func (err ErrIAPTokenMissing) HTTPError() web.HTTPError {
|
|||
|
||||
// ErrIAPPublicKeysetMissing represents a "IAPPublicKeysetMissing" kind of error.
|
||||
type ErrIAPPublicKeysetMissing struct {
|
||||
Url string
|
||||
URL string
|
||||
}
|
||||
|
||||
// IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPPublicKeysetMissing.
|
||||
|
@ -58,7 +58,7 @@ func IsErrIAPPublicKeysetMissing(err error) bool {
|
|||
}
|
||||
|
||||
func (err ErrIAPPublicKeysetMissing) Error() string {
|
||||
return fmt.Sprintf("Failed to retrive the identity-aware proxy's signing public key at URL: %s", err.Url)
|
||||
return fmt.Sprintf("Failed to retrieve the identity-aware proxy's signing public key at URL: %s", err.URL)
|
||||
}
|
||||
|
||||
// ErrorCodeIAPPublicKeysetMissing holds the unique world-error code of this error
|
||||
|
@ -66,7 +66,7 @@ const ErrorCodeIAPPublicKeysetMissing = 12002
|
|||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrIAPPublicKeysetMissing) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPPublicKeysetMissing, Message: "Failed to retrive the identity-aware proxy's signing public keys."}
|
||||
return web.HTTPError{HTTPCode: http.StatusServiceUnavailable, Code: ErrorCodeIAPPublicKeysetMissing, Message: "Failed to retrieve the identity-aware proxy's signing public keys."}
|
||||
}
|
||||
|
||||
// ErrIAPUserFrontendMismatch represents a "IAPUserDoesNotMatchFrontendUser" kind of error.
|
||||
|
|
|
@ -52,7 +52,7 @@ func init() {
|
|||
// These are intentionally short lived because they can be regenerated at
|
||||
// any time from the IAP authn information. They are not related to
|
||||
// session length and are only used to provide user info to the frontend
|
||||
// and a hint to auth.go to retreive auth data from the IAP.
|
||||
// and a hint to auth.go to retrieve auth data from the IAP.
|
||||
func NewIAPUserJWTAuthtoken(u *user.User) (token string, err error) {
|
||||
// Set claims
|
||||
claims := &auth.AuthClaims{
|
||||
|
@ -141,11 +141,11 @@ func (c *IAPClaims) Valid() error {
|
|||
// Validate that expiresAt and issuedAt are set and valid (with up to 1 minute of skew)
|
||||
now := TimeFunc()
|
||||
skew := time.Minute
|
||||
if c.VerifyExpiresAt(now.Add(-skew).Unix(), true) == false {
|
||||
if !c.VerifyExpiresAt(now.Add(-skew).Unix(), true) {
|
||||
delta := now.Sub(time.Unix(c.ExpiresAt, 0))
|
||||
return fmt.Errorf("token is expired by %v", delta)
|
||||
}
|
||||
if c.VerifyIssuedAt(now.Add(skew).Unix(), true) == false {
|
||||
if !c.VerifyIssuedAt(now.Add(skew).Unix(), true) {
|
||||
return fmt.Errorf("token used before issued")
|
||||
|
||||
}
|
||||
|
|
|
@ -55,10 +55,10 @@ func (cache *iapCache) GetKeyset() (*jwk.Set, error) {
|
|||
}
|
||||
|
||||
// Fetch the public key(s) from the identity-aware proxy
|
||||
keyset, err := jwk.FetchHTTP(config.AuthIdentityAwareProxyJwksUri.GetString())
|
||||
keyset, err := jwk.FetchHTTP(config.AuthIdentityAwareProxyJwksURI.GetString())
|
||||
if err != nil {
|
||||
log.Error("Failed to retrive the identity-aware proxy's signing public key at URL %s: %v", config.AuthIdentityAwareProxyJwksUri.GetString(), err)
|
||||
return nil, ErrIAPPublicKeysetMissing{Url: config.AuthIdentityAwareProxyJwksUri.GetString()}
|
||||
log.Error("Failed to retrieve the identity-aware proxy's signing public key at URL %s: %v", config.AuthIdentityAwareProxyJwksURI.GetString(), err)
|
||||
return nil, ErrIAPPublicKeysetMissing{URL: config.AuthIdentityAwareProxyJwksURI.GetString()}
|
||||
}
|
||||
cache.keyset = keyset
|
||||
return cache.keyset, nil
|
||||
|
|
Loading…
Reference in New Issue