diff options
author | Jaime Martinez <jmartinez@gitlab.com> | 2020-05-21 03:52:19 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2020-05-28 04:10:14 +0300 |
commit | f6dfa5d0043aeaa616c16f8babb64c0d0e8f72dd (patch) | |
tree | f8cbab7f2c4a30c07f827a50d7877c388e18616f /internal/auth | |
parent | 559311801a1e9114f8dee71faa388dcefab3dcbe (diff) |
Add .golangci.yml linter configuration
As part of https://gitlab.com/gitlab-org/gitlab-pages/-/issues/385
we have introduced the use of a custom `.golangci.yml` file with some
custom rules for linting.
This replaces the need of downloading and using `golint`, `gofmt`
`go vet` and `gocyclo` manually. We take advantage of the custom
`golangci-lint` docker image as stated in the [Automatic lintinb]
(https://docs.gitlab.com/ee/development/go_guide/#automatic-linting)
section of the Go standards and style guidelines.
This iteration enables a subset of linters, with the remaining
of them enabled on a separate MR as described in the issue above.
The main changes introduced by this linter include:
- gosec: potential hardcoded credentials
- goconst: DRY by declaring and using constants
- gosimple: reduce statements complexity and improve return statements
Diffstat (limited to 'internal/auth')
-rw-r--r-- | internal/auth/auth.go | 14 | ||||
-rw-r--r-- | internal/auth/auth_test.go | 27 |
2 files changed, 21 insertions, 20 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index c582d96b..a89dd599 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -26,6 +26,9 @@ import ( "golang.org/x/crypto/hkdf" ) +// nolint: gosec +// gosec: G101: Potential hardcoded credentials +// auth constants, not credentials const ( apiURLUserTemplate = "%s/api/v4/user" apiURLProjectTemplate = "%s/api/v4/projects/%d/pages_access" @@ -433,10 +436,7 @@ func destroySession(session *sessions.Session, w http.ResponseWriter, r *http.Re // IsAuthSupported checks if pages is running with the authentication support func (a *Auth) IsAuthSupported() bool { - if a == nil { - return false - } - return true + return a != nil } func (a *Auth) checkAuthentication(w http.ResponseWriter, r *http.Request, projectID uint64) bool { @@ -513,11 +513,7 @@ func (a *Auth) GetTokenIfExists(w http.ResponseWriter, r *http.Request) (string, // RequireAuth will trigger authentication flow if no token exists func (a *Auth) RequireAuth(w http.ResponseWriter, r *http.Request) bool { - session := a.checkSessionIsValid(w, r) - if session == nil { - return true - } - return false + return a.checkSessionIsValid(w, r) == nil } // CheckAuthentication checks if user is authenticated and has access to the project diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 4a5d63fa..87cc988d 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -16,6 +16,11 @@ import ( "gitlab.com/gitlab-org/gitlab-pages/internal/source" ) +const ( + testAccessToken = "abc" + apiPagesAccess = "/api/v4/projects/1000/pages_access" +) + func createAuth(t *testing.T) *Auth { return New("pages.gitlab-example.com", "something-very-secret", @@ -98,7 +103,7 @@ func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) { require.Equal(t, "POST", r.Method) w.WriteHeader(http.StatusOK) fmt.Fprint(w, "{\"access_token\":\"abc\"}") - case "/api/v4/projects/1000/pages_access": + case apiPagesAccess: require.Equal(t, "Bearer abc", r.Header.Get("Authorization")) w.WriteHeader(http.StatusOK) default: @@ -150,7 +155,7 @@ func TestTryAuthenticateWithCodeAndStateOverHTTPS(t *testing.T) { func TestCheckAuthenticationWhenAccess(t *testing.T) { apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { - case "/api/v4/projects/1000/pages_access": + case apiPagesAccess: require.Equal(t, "Bearer abc", r.Header.Get("Authorization")) w.WriteHeader(http.StatusOK) default: @@ -178,7 +183,7 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) { r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) require.Equal(t, false, auth.CheckAuthentication(result, r, 1000)) @@ -188,7 +193,7 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) { func TestCheckAuthenticationWhenNoAccess(t *testing.T) { apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { - case "/api/v4/projects/1000/pages_access": + case apiPagesAccess: require.Equal(t, "Bearer abc", r.Header.Get("Authorization")) w.WriteHeader(http.StatusUnauthorized) default: @@ -216,7 +221,7 @@ func TestCheckAuthenticationWhenNoAccess(t *testing.T) { r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) require.Equal(t, true, auth.CheckAuthentication(result, r, 1000)) @@ -226,7 +231,7 @@ func TestCheckAuthenticationWhenNoAccess(t *testing.T) { func TestCheckAuthenticationWhenInvalidToken(t *testing.T) { apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { - case "/api/v4/projects/1000/pages_access": + case apiPagesAccess: require.Equal(t, "Bearer abc", r.Header.Get("Authorization")) w.WriteHeader(http.StatusUnauthorized) fmt.Fprint(w, "{\"error\":\"invalid_token\"}") @@ -254,7 +259,7 @@ func TestCheckAuthenticationWhenInvalidToken(t *testing.T) { r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) require.Equal(t, true, auth.CheckAuthentication(result, r, 1000)) @@ -292,7 +297,7 @@ func TestCheckAuthenticationWithoutProject(t *testing.T) { r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) require.Equal(t, false, auth.CheckAuthenticationWithoutProject(result, r)) @@ -329,7 +334,7 @@ func TestCheckAuthenticationWithoutProjectWhenInvalidToken(t *testing.T) { require.NoError(t, err) r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) require.Equal(t, true, auth.CheckAuthenticationWithoutProject(result, r)) @@ -358,11 +363,11 @@ func TestGetTokenIfExistsWhenTokenExists(t *testing.T) { r := &http.Request{URL: reqURL} session, _ := store.Get(r, "gitlab-pages") - session.Values["access_token"] = "abc" + session.Values["access_token"] = testAccessToken session.Save(r, result) token, err := auth.GetTokenIfExists(result, r) - require.Equal(t, "abc", token) + require.Equal(t, testAccessToken, token) } func TestGetTokenIfExistsWhenTokenDoesNotExist(t *testing.T) { |