diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index 91b0fd22..1733a5c8 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -116,7 +116,7 @@ func serve(cmd *cobra.Command, args []string) error { if err != nil { return fmt.Errorf("invalid config: reading from client CA file: %v", err) } - if cPool.AppendCertsFromPEM(clientCert) != true { + if !cPool.AppendCertsFromPEM(clientCert) { return errors.New("invalid config: failed to parse client CA") } diff --git a/connector/github/github.go b/connector/github/github.go index 35fe6b92..6fc4cc03 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -443,7 +443,7 @@ func (c *githubConnector) userOrgs(ctx context.Context, client *http.Client) ([] // userOrgTeams retrieves teams which current user belongs to. // Method returns a map where key is an org name and value list of teams under the org. func (c *githubConnector) userOrgTeams(ctx context.Context, client *http.Client) (map[string][]string, error) { - groups := make(map[string][]string, 0) + groups := make(map[string][]string) apiURL := c.apiURL + "/user/teams" for { // https://developer.github.com/v3/orgs/teams/#list-user-teams diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go index f56621fb..331b486e 100644 --- a/connector/gitlab/gitlab_test.go +++ b/connector/gitlab/gitlab_test.go @@ -185,13 +185,11 @@ func TestLoginWithTeamNonWhitelisted(t *testing.T) { } func newTestServer(responses map[string]interface{}) *httptest.Server { - var s *httptest.Server - s = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + return httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { response := responses[r.RequestURI] w.Header().Add("Content-Type", "application/json") json.NewEncoder(w).Encode(response) })) - return s } func newClient() *http.Client { diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index 0a2440db..dc74a01f 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -241,6 +241,9 @@ func (p *conn) getUserGroups(ctx context.Context, userID string, token string) ( // https://developer.openstack.org/api-ref/identity/v3/#list-groups-to-which-a-user-belongs groupsURL := p.Host + "/v3/users/" + userID + "/groups" req, err := http.NewRequest("GET", groupsURL, nil) + if err != nil { + return nil, err + } req.Header.Set("X-Auth-Token", token) req = req.WithContext(ctx) resp, err := client.Do(req) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 327b1079..4a64df8b 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -148,7 +148,6 @@ type oidcConnector struct { redirectURI string oauth2Config *oauth2.Config verifier *oidc.IDTokenVerifier - ctx context.Context cancel context.CancelFunc logger log.Logger hostedDomains []string diff --git a/connector/saml/saml.go b/connector/saml/saml.go index 3358583d..7bc6730e 100644 --- a/connector/saml/saml.go +++ b/connector/saml/saml.go @@ -20,6 +20,7 @@ import ( "github.com/russellhaering/goxmldsig/etreeutils" ) +// nolint const ( bindingRedirect = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" bindingPOST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" diff --git a/connector/saml/saml_test.go b/connector/saml/saml_test.go index 4497d059..d9aaf3f4 100644 --- a/connector/saml/saml_test.go +++ b/connector/saml/saml_test.go @@ -424,14 +424,6 @@ func TestConfigCAData(t *testing.T) { } } -const ( - defaultSSOIssuer = "http://www.okta.com/exk91cb99lKkKSYoy0h7" - defaultRedirectURI = "http://localhost:5556/dex/callback" - - // Response ID embedded in our testdata. - testDataResponseID = "_fd1b3ef9-ec09-44a7-a66b-0d39c250f6a0" -) - // Deprecated: Use testing framework established above. func runVerify(t *testing.T, ca string, resp string, shouldSucceed bool) { cert, err := loadCert(ca) @@ -458,27 +450,6 @@ func runVerify(t *testing.T, ca string, resp string, shouldSucceed bool) { } } -// Deprecated: Use testing framework established above. -func newProvider(ssoIssuer string, redirectURI string) *provider { - if ssoIssuer == "" { - ssoIssuer = defaultSSOIssuer - } - if redirectURI == "" { - redirectURI = defaultRedirectURI - } - now, _ := time.Parse(time.RFC3339, "2017-01-24T20:48:41Z") - timeFunc := func() time.Time { return now } - return &provider{ - ssoIssuer: ssoIssuer, - ssoURL: "http://idp.org/saml/sso", - now: timeFunc, - usernameAttr: "user", - emailAttr: "email", - redirectURI: redirectURI, - logger: logrus.New(), - } -} - func TestVerify(t *testing.T) { runVerify(t, "testdata/okta-ca.pem", "testdata/okta-resp.xml", true) } diff --git a/server/oauth2.go b/server/oauth2.go index 79c4bf1a..6104b549 100644 --- a/server/oauth2.go +++ b/server/oauth2.go @@ -89,6 +89,7 @@ func tokenErr(w http.ResponseWriter, typ, description string, statusCode int) er return nil } +// nolint const ( errInvalidRequest = "invalid_request" errUnauthorizedClient = "unauthorized_client" diff --git a/server/rotation.go b/server/rotation.go index 579fe3d1..464dccf0 100644 --- a/server/rotation.go +++ b/server/rotation.go @@ -92,7 +92,6 @@ func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy } } }() - return } func (k keyRotater) rotate() error { diff --git a/server/server.go b/server/server.go index 69b4d0d7..e1258151 100644 --- a/server/server.go +++ b/server/server.go @@ -426,7 +426,6 @@ func (s *Server) startGarbageCollection(ctx context.Context, frequency time.Dura } } }() - return } // ConnectorConfig is a configuration that can open a connector. diff --git a/server/server_test.go b/server/server_test.go index 2b4c6453..6759f240 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -552,7 +552,6 @@ func TestOAuth2CodeFlow(t *testing.T) { t.Errorf("state did not match, want=%q got=%q", state, gotState) } w.WriteHeader(http.StatusOK) - return })) defer oauth2Client.Close() @@ -1204,7 +1203,6 @@ func TestRefreshTokenFlow(t *testing.T) { t.Errorf("state did not match, want=%q got=%q", state, gotState) } w.WriteHeader(http.StatusOK) - return })) defer oauth2Client.server.Close() @@ -1242,8 +1240,7 @@ func TestRefreshTokenFlow(t *testing.T) { } // try to refresh expired token with old refresh token. - newToken, err := oauth2Client.config.TokenSource(ctx, tok).Token() - if newToken != nil { - t.Errorf("Token refreshed with invalid refresh token.") + if _, err := oauth2Client.config.TokenSource(ctx, tok).Token(); err == nil { + t.Errorf("Token refreshed with invalid refresh token, error expected.") } } diff --git a/storage/etcd/types.go b/storage/etcd/types.go index 8d34e0da..0d8f521a 100644 --- a/storage/etcd/types.go +++ b/storage/etcd/types.go @@ -183,24 +183,6 @@ type Keys struct { NextRotation time.Time `json:"next_rotation"` } -func fromStorageKeys(keys storage.Keys) Keys { - return Keys{ - SigningKey: keys.SigningKey, - SigningKeyPub: keys.SigningKeyPub, - VerificationKeys: keys.VerificationKeys, - NextRotation: keys.NextRotation, - } -} - -func toStorageKeys(keys Keys) storage.Keys { - return storage.Keys{ - SigningKey: keys.SigningKey, - SigningKeyPub: keys.SigningKeyPub, - VerificationKeys: keys.VerificationKeys, - NextRotation: keys.NextRotation, - } -} - // OfflineSessions is a mirrored struct from storage with JSON struct tags type OfflineSessions struct { UserID string `json:"user_id,omitempty"` diff --git a/storage/sql/config.go b/storage/sql/config.go index c33fcf20..0095b57d 100644 --- a/storage/sql/config.go +++ b/storage/sql/config.go @@ -72,6 +72,7 @@ func (s *SQLite3) open(logger log.Logger) (*conn, error) { return c, nil } +// nolint const ( // postgres SSL modes pgSSLDisable = "disable" @@ -80,6 +81,7 @@ const ( pgSSLVerifyFull = "verify-full" ) +// nolint const ( // MySQL SSL modes mysqlSSLTrue = "true"