Add new linters (#486)

* add new linters and fix issues * fix deprecated warnings * simplify return * update CHANGELOG * fix staticcheck issues * remove a deprecated linter, minor fixes of variable initialization
2025-06-29 01:01:36 +02:00 · 2020-04-14 17:36:44 +09:00
parent 4341ab4420
commit dd05e7ff0b
21 changed files with 88 additions and 79 deletions
--- a/providers/bitbucket.go
+++ b/providers/bitbucket.go
@ -116,7 +116,7 @@ func (p *BitbucketProvider) GetEmailAddress(s *sessions.SessionState) (string, e
 				break
 			}
 		}
-		if found != true {
+		if !found {
 			logger.Print("team membership test failed, access denied")
 			return "", nil
 		}
@ -147,7 +147,7 @@ func (p *BitbucketProvider) GetEmailAddress(s *sessions.SessionState) (string, e
 				break
 			}
 		}
-		if found != true {
+		if !found {
 			logger.Print("repository access test failed, access denied")
 			return "", nil
 		}
--- a/providers/github.go
+++ b/providers/github.go
@ -122,7 +122,7 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
 		pn++
 	}

-	var presentOrgs []string
+	presentOrgs := make([]string, 0, len(orgs))
 	for _, org := range orgs {
 		if p.Org == org.Login {
 			logger.Printf("Found Github Organization: %q", org.Login)
--- a/providers/gitlab.go
+++ b/providers/gitlab.go
@ -222,11 +222,7 @@ func (p *GitLabProvider) createSessionState(ctx context.Context, token *oauth2.T
 func (p *GitLabProvider) ValidateSessionState(s *sessions.SessionState) bool {
 	ctx := context.Background()
 	_, err := p.Verifier.Verify(ctx, s.IDToken)
-	if err != nil {
-		return false
-	}
-
-	return true
+	return err == nil
 }

 // GetEmailAddress returns the Account email address
--- a/providers/google.go
+++ b/providers/google.go
@ -2,6 +2,7 @@ package providers

 import (
 	"bytes"
+	"context"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@ -15,10 +16,10 @@ import (

 	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/logger"
-	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	admin "google.golang.org/api/admin/directory/v1"
 	"google.golang.org/api/googleapi"
+	"google.golang.org/api/option"
 )

 // GoogleProvider represents an Google based Identity Provider
@ -184,8 +185,9 @@ func getAdminService(adminEmail string, credentialsReader io.Reader) *admin.Serv
 	}
 	conf.Subject = adminEmail

-	client := conf.Client(oauth2.NoContext)
-	adminService, err := admin.New(client)
+	ctx := context.Background()
+	client := conf.Client(ctx)
+	adminService, err := admin.NewService(ctx, option.WithHTTPClient(client))
 	if err != nil {
 		logger.Fatal(err)
 	}
--- a/providers/keycloak.go
+++ b/providers/keycloak.go
@ -76,7 +76,7 @@ func (p *KeycloakProvider) GetEmailAddress(s *sessions.SessionState) (string, er
 			}
 		}

-		if found != true {
+		if !found {
 			logger.Printf("group not found, access denied")
 			return "", nil
 		}
--- a/providers/logingov.go
+++ b/providers/logingov.go
@ -183,7 +183,7 @@ func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *sessions.Session
 		Issuer:    p.ClientID,
 		Subject:   p.ClientID,
 		Audience:  p.RedeemURL.String(),
-		ExpiresAt: int64(time.Now().Add(time.Duration(5 * time.Minute)).Unix()),
+		ExpiresAt: time.Now().Add(5 * time.Minute).Unix(),
 		Id:        randSeq(32),
 	}
 	token := jwt.NewWithClaims(jwt.GetSigningMethod("RS256"), claims)
@ -260,8 +260,7 @@ func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *sessions.Session

 // GetLoginURL overrides GetLoginURL to add login.gov parameters
 func (p *LoginGovProvider) GetLoginURL(redirectURI, state string) string {
-	var a url.URL
-	a = *p.LoginURL
+	a := *p.LoginURL
 	params, _ := url.ParseQuery(a.RawQuery)
 	params.Set("redirect_uri", redirectURI)
 	params.Set("approval_prompt", p.ApprovalPrompt)
--- a/providers/oidc.go
+++ b/providers/oidc.go
@ -180,11 +180,7 @@ func (p *OIDCProvider) createSessionState(token *oauth2.Token, idToken *oidc.IDT
 func (p *OIDCProvider) ValidateSessionState(s *sessions.SessionState) bool {
 	ctx := context.Background()
 	_, err := p.Verifier.Verify(ctx, s.IDToken)
-	if err != nil {
-		return false
-	}
-
-	return true
+	return err == nil
 }

 func getOIDCHeader(accessToken string) http.Header {
--- a/providers/oidc_test.go
+++ b/providers/oidc_test.go
@ -62,6 +62,9 @@ type fakeKeySetStub struct{}

 func (fakeKeySetStub) VerifySignature(_ context.Context, jwt string) (payload []byte, err error) {
 	decodeString, err := base64.RawURLEncoding.DecodeString(strings.Split(jwt, ".")[1])
+	if err != nil {
+		return nil, err
+	}
 	tokenClaims := &idTokenClaims{}
 	err = json.Unmarshal(decodeString, tokenClaims)

@ -242,7 +245,9 @@ func TestOIDCProvider_findVerifiedIdToken(t *testing.T) {

 	verifiedIDToken, err := provider.findVerifiedIDToken(context.Background(), tokenWithIDToken)
 	assert.Equal(t, true, err == nil)
-	assert.Equal(t, true, verifiedIDToken != nil)
+	if verifiedIDToken == nil {
+		t.Fatal("verifiedIDToken is nil")
+	}
 	assert.Equal(t, defaultIDToken.Issuer, verifiedIDToken.Issuer)
 	assert.Equal(t, defaultIDToken.Subject, verifiedIDToken.Subject)

--- a/providers/provider_data.go
+++ b/providers/provider_data.go
@ -31,7 +31,7 @@ type ProviderData struct {
 // Data returns the ProviderData
 func (p *ProviderData) Data() *ProviderData { return p }

-func (p *ProviderData) GetClientSecret() (ClientSecret string, err error) {
+func (p *ProviderData) GetClientSecret() (clientSecret string, err error) {
 	if p.ClientSecret != "" || p.ClientSecretFile == "" {
 		return p.ClientSecret, nil
 	}
--- a/providers/provider_default.go
+++ b/providers/provider_default.go
@ -86,8 +86,7 @@ func (p *ProviderData) Redeem(redirectURL, code string) (s *sessions.SessionStat

 // GetLoginURL with typical oauth parameters
 func (p *ProviderData) GetLoginURL(redirectURI, state string) string {
-	var a url.URL
-	a = *p.LoginURL
+	a := *p.LoginURL
 	params, _ := url.ParseQuery(a.RawQuery)
 	params.Set("redirect_uri", redirectURI)
 	params.Add("acr_values", p.AcrValues)