Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJaime Martinez <jmartinez@gitlab.com>2020-05-21 03:52:19 +0300
committerJaime Martinez <jmartinez@gitlab.com>2020-05-28 04:10:14 +0300
commitf6dfa5d0043aeaa616c16f8babb64c0d0e8f72dd (patch)
treef8cbab7f2c4a30c07f827a50d7877c388e18616f /internal/auth
parent559311801a1e9114f8dee71faa388dcefab3dcbe (diff)
Add .golangci.yml linter configuration
As part of https://gitlab.com/gitlab-org/gitlab-pages/-/issues/385 we have introduced the use of a custom `.golangci.yml` file with some custom rules for linting. This replaces the need of downloading and using `golint`, `gofmt` `go vet` and `gocyclo` manually. We take advantage of the custom `golangci-lint` docker image as stated in the [Automatic lintinb] (https://docs.gitlab.com/ee/development/go_guide/#automatic-linting) section of the Go standards and style guidelines. This iteration enables a subset of linters, with the remaining of them enabled on a separate MR as described in the issue above. The main changes introduced by this linter include: - gosec: potential hardcoded credentials - goconst: DRY by declaring and using constants - gosimple: reduce statements complexity and improve return statements
Diffstat (limited to 'internal/auth')
-rw-r--r--internal/auth/auth.go14
-rw-r--r--internal/auth/auth_test.go27
2 files changed, 21 insertions, 20 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index c582d96b..a89dd599 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -26,6 +26,9 @@ import (
"golang.org/x/crypto/hkdf"
)
+// nolint: gosec
+// gosec: G101: Potential hardcoded credentials
+// auth constants, not credentials
const (
apiURLUserTemplate = "%s/api/v4/user"
apiURLProjectTemplate = "%s/api/v4/projects/%d/pages_access"
@@ -433,10 +436,7 @@ func destroySession(session *sessions.Session, w http.ResponseWriter, r *http.Re
// IsAuthSupported checks if pages is running with the authentication support
func (a *Auth) IsAuthSupported() bool {
- if a == nil {
- return false
- }
- return true
+ return a != nil
}
func (a *Auth) checkAuthentication(w http.ResponseWriter, r *http.Request, projectID uint64) bool {
@@ -513,11 +513,7 @@ func (a *Auth) GetTokenIfExists(w http.ResponseWriter, r *http.Request) (string,
// RequireAuth will trigger authentication flow if no token exists
func (a *Auth) RequireAuth(w http.ResponseWriter, r *http.Request) bool {
- session := a.checkSessionIsValid(w, r)
- if session == nil {
- return true
- }
- return false
+ return a.checkSessionIsValid(w, r) == nil
}
// CheckAuthentication checks if user is authenticated and has access to the project
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index 4a5d63fa..87cc988d 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -16,6 +16,11 @@ import (
"gitlab.com/gitlab-org/gitlab-pages/internal/source"
)
+const (
+ testAccessToken = "abc"
+ apiPagesAccess = "/api/v4/projects/1000/pages_access"
+)
+
func createAuth(t *testing.T) *Auth {
return New("pages.gitlab-example.com",
"something-very-secret",
@@ -98,7 +103,7 @@ func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) {
require.Equal(t, "POST", r.Method)
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "{\"access_token\":\"abc\"}")
- case "/api/v4/projects/1000/pages_access":
+ case apiPagesAccess:
require.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
w.WriteHeader(http.StatusOK)
default:
@@ -150,7 +155,7 @@ func TestTryAuthenticateWithCodeAndStateOverHTTPS(t *testing.T) {
func TestCheckAuthenticationWhenAccess(t *testing.T) {
apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
- case "/api/v4/projects/1000/pages_access":
+ case apiPagesAccess:
require.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
w.WriteHeader(http.StatusOK)
default:
@@ -178,7 +183,7 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) {
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
require.Equal(t, false, auth.CheckAuthentication(result, r, 1000))
@@ -188,7 +193,7 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) {
func TestCheckAuthenticationWhenNoAccess(t *testing.T) {
apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
- case "/api/v4/projects/1000/pages_access":
+ case apiPagesAccess:
require.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
w.WriteHeader(http.StatusUnauthorized)
default:
@@ -216,7 +221,7 @@ func TestCheckAuthenticationWhenNoAccess(t *testing.T) {
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
require.Equal(t, true, auth.CheckAuthentication(result, r, 1000))
@@ -226,7 +231,7 @@ func TestCheckAuthenticationWhenNoAccess(t *testing.T) {
func TestCheckAuthenticationWhenInvalidToken(t *testing.T) {
apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
- case "/api/v4/projects/1000/pages_access":
+ case apiPagesAccess:
require.Equal(t, "Bearer abc", r.Header.Get("Authorization"))
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprint(w, "{\"error\":\"invalid_token\"}")
@@ -254,7 +259,7 @@ func TestCheckAuthenticationWhenInvalidToken(t *testing.T) {
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
require.Equal(t, true, auth.CheckAuthentication(result, r, 1000))
@@ -292,7 +297,7 @@ func TestCheckAuthenticationWithoutProject(t *testing.T) {
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
require.Equal(t, false, auth.CheckAuthenticationWithoutProject(result, r))
@@ -329,7 +334,7 @@ func TestCheckAuthenticationWithoutProjectWhenInvalidToken(t *testing.T) {
require.NoError(t, err)
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
require.Equal(t, true, auth.CheckAuthenticationWithoutProject(result, r))
@@ -358,11 +363,11 @@ func TestGetTokenIfExistsWhenTokenExists(t *testing.T) {
r := &http.Request{URL: reqURL}
session, _ := store.Get(r, "gitlab-pages")
- session.Values["access_token"] = "abc"
+ session.Values["access_token"] = testAccessToken
session.Save(r, result)
token, err := auth.GetTokenIfExists(result, r)
- require.Equal(t, "abc", token)
+ require.Equal(t, testAccessToken, token)
}
func TestGetTokenIfExistsWhenTokenDoesNotExist(t *testing.T) {