chore: fix golangci-lint issues in Hydra

GitOrigin-RevId: 03eb601af45a17c6e7403f37a13cba79775b44ef
2025-12-04 18:18:26 +01:00 · 2025-12-04 18:18:26 +01:00 · eaa9393868
parent 5c510334e0
commit eaa9393868
27 changed files with 51 additions and 51 deletions
--- a/fosite/authorize_request_handler.go
+++ b/fosite/authorize_request_handler.go
@ -73,7 +73,7 @@ func (f *Fosite) authorizeRequestParametersFromOpenIDConnectRequest(ctx context.
 		if err != nil {
 			return errorsx.WithStack(ErrInvalidRequestURI.WithHintf("Unable to fetch OpenID Connect request parameters from 'request_uri' because: %s.", err.Error()).WithWrap(err).WithDebug(err.Error()))
 		}
-		defer response.Body.Close()
+		defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)
 		response.Body = io.NopCloser(io.LimitReader(response.Body, 10*1024*1024)) // limit to 10MiB

 		if response.StatusCode != http.StatusOK {
--- a/fosite/authorize_request_handler_oidc_request_test.go
+++ b/fosite/authorize_request_handler_oidc_request_test.go
@ -67,7 +67,8 @@ func TestAuthorizeRequestParametersFromOpenIDConnectRequest(t *testing.T) {
 	validNoneRequestObject := mustGenerateNoneAssertion(t, jwt.MapClaims{"scope": "foo", "foo": "bar", "baz": "baz", "state": "some-state"})

 	var reqH http.HandlerFunc = func(rw http.ResponseWriter, r *http.Request) {
-		rw.Write([]byte(validRequestObject))
+		_, err := rw.Write([]byte(validRequestObject))
+		require.NoError(t, err)
 	}
 	reqTS := httptest.NewServer(reqH)
 	defer reqTS.Close()
--- a/fosite/client_authentication_jwks_strategy.go
+++ b/fosite/client_authentication_jwks_strategy.go
@ -112,7 +112,9 @@ func (s *DefaultJWKSFetcherStrategy) Resolve(ctx context.Context, location strin
 		if err != nil {
 			return nil, errorsx.WithStack(ErrServerError.WithHintf("Unable to fetch JSON Web Keys from location '%s'. Check for typos or other network issues.", location).WithWrap(err).WithDebug(err.Error()))
 		}
-		defer response.Body.Close()
+		defer func() {
+			_ = response.Body.Close()
+		}()

 		if response.StatusCode < 200 || response.StatusCode >= 400 {
 			return nil, errorsx.WithStack(ErrServerError.WithHintf("Expected successful status code in range of 200 - 399 from location '%s' but received code %d.", location, response.StatusCode))
--- a/fosite/client_authentication_jwks_strategy_test.go
+++ b/fosite/client_authentication_jwks_strategy_test.go
@ -167,7 +167,7 @@ func TestDefaultJWKSFetcherStrategy(t *testing.T) {
 	t.Run("case=error_encoding", func(t *testing.T) {
 		s := NewDefaultJWKSFetcherStrategy()
 		h = func(w http.ResponseWriter, r *http.Request) {
-			w.Write([]byte("[]"))
+			_, _ = w.Write([]byte("[]"))
 		}
 		ts := httptest.NewServer(h)
 		defer ts.Close()
--- a/fosite/device_write.go
+++ b/fosite/device_write.go
@ -32,7 +32,7 @@ func (f *Fosite) WriteDeviceResponse(ctx context.Context, rw http.ResponseWriter
 	}

 	r, err := json.Marshal(deviceResponse)
-	rw.Write(r)
+	_, _ = rw.Write(r)
 	if err != nil {
 		http.Error(rw, ErrServerError.WithWrap(err).WithDebug(err.Error()).Error(), http.StatusInternalServerError)
 		return
--- a/fosite/go_mod_indirect_pins.go
+++ b/fosite/go_mod_indirect_pins.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build tools
-// +build tools

 package fosite

--- a/fosite/integration/authorize_code_grant_public_client_pkce_test.go
+++ b/fosite/integration/authorize_code_grant_public_client_pkce_test.go
@ -98,7 +98,7 @@ func runAuthorizeCodeGrantWithPublicClientAndPKCETest(t *testing.T, strategy oau
 					"code_verifier": {verifier},
 				})
 				require.NoError(t, err)
-				defer resp.Body.Close()
+				defer func(Body io.ReadCloser) { _ = Body.Close() }(resp.Body)

 				body, err := io.ReadAll(resp.Body)
 				require.NoError(t, err)
--- a/fosite/integration/authorize_code_grant_test.go
+++ b/fosite/integration/authorize_code_grant_test.go
@ -152,10 +152,10 @@ func runAuthorizeCodeGrantDupeCodeTest(t *testing.T, strategy oauth2.CoreStrateg
 	ts := mockServer(t, f, &fosite.DefaultSession{})
 	defer ts.Close()

-	oauthClient := newOAuth2Client(ts)
+	newOAuth2Client(ts)
 	fositeStore.Clients["my-client"].(*fosite.DefaultClient).RedirectURIs[0] = ts.URL + "/callback"

-	oauthClient = newOAuth2Client(ts)
+	oauthClient := newOAuth2Client(ts)
 	state := "12345678901234567890"

 	resp, err := http.Get(oauthClient.AuthCodeURL(state))
--- a/fosite/integration/authorize_device_grant_request_test.go
+++ b/fosite/integration/authorize_device_grant_request_test.go
@ -183,6 +183,7 @@ func exchangeForAccessToken(t *testing.T) {

 				tokenSource := cl.TokenSource(t.Context(), token)
 				refreshed, err := tokenSource.Token()
+				require.NoError(t, err)

 				assert.NotEmpty(t, refreshed.AccessToken)
 				assert.NotEmpty(t, refreshed.RefreshToken)
--- a/fosite/integration/authorize_jwt_bearer_test.go
+++ b/fosite/integration/authorize_jwt_bearer_test.go
@ -5,6 +5,7 @@ package integration_test

 import (
 	"context"
+	"errors"
 	"net/http"
 	"testing"
 	"time"
@ -265,7 +266,8 @@ func (s *authorizeJWTBearerSuite) TestBadResponseForSecondRequestWithSameJTI() {
 		},
 	}

-	client.GetToken(ctx, config, nil)
+	_, err := client.GetToken(ctx, config, nil)
+	require.NoError(s.T(), err)
 	token2, err := client.GetToken(ctx, config, nil)

 	s.assertBadResponse(s.T(), token2, err)
@ -285,7 +287,8 @@ func (s *authorizeJWTBearerSuite) TestSuccessResponseForSecondRequestWithSameJTI
 		},
 	}

-	client.GetToken(ctx, config, nil)
+	_, err := client.GetToken(ctx, config, nil)
+	require.NoError(s.T(), err)

 	time.Sleep(time.Second)
 	config.Expiry = jwt.NewNumericDate(time.Now().Add(time.Hour))
@ -396,7 +399,8 @@ func (s *authorizeJWTBearerSuite) assertBadResponse(t *testing.T, token *clients
 	assert.Nil(t, token)
 	assert.NotNil(t, err)

-	retrieveError, ok := err.(*clients.RequestError)
+	var retrieveError *clients.RequestError
+	ok := errors.As(err, &retrieveError)
 	assert.True(t, ok)
 	assert.Equal(t, retrieveError.Response.StatusCode, http.StatusBadRequest)
 }
--- a/fosite/integration/client_credentials_grant_test.go
+++ b/fosite/integration/client_credentials_grant_test.go
@ -40,7 +40,7 @@ func introspect(t *testing.T, ts *httptest.Server, token string, p interface{},
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	r, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
-	defer r.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(r.Body)
 	body, err := io.ReadAll(r.Body)
 	require.NoError(t, err)
 	assert.Equal(t, http.StatusOK, r.StatusCode, "%s", body)
@ -134,7 +134,7 @@ func runClientCredentialsGrantTest(t *testing.T, strategy oauth2.CoreStrategyPro
 			c.setup()

 			oauthClient.EndpointParams = c.params
-			token, err := oauthClient.Token(goauth.NoContext)
+			token, err := oauthClient.Token(t.Context())
 			require.Equal(t, c.err, err != nil, "(%d) %s\n%s\n%s", k, c.description, c.err, err)
 			if !c.err {
 				assert.NotEmpty(t, token.AccessToken, "(%d) %s\n%s", k, c.description, token)
--- a/fosite/integration/clients/introspect.go
+++ b/fosite/integration/clients/introspect.go
@ -52,7 +52,7 @@ func (c *Introspect) IntrospectToken(
 		return nil, err
 	}

-	defer response.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)

 	body, err := io.ReadAll(response.Body)
 	if err != nil {
--- a/fosite/integration/clients/jwt_bearer.go
+++ b/fosite/integration/clients/jwt_bearer.go
@ -91,7 +91,7 @@ func (c *JWTBearer) GetToken(ctx context.Context, payloadData *JWTBearerPayload,
 		return nil, err
 	}

-	defer response.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)

 	body, err := io.ReadAll(response.Body)
 	if err != nil {
--- a/fosite/integration/helper_endpoints_test.go
+++ b/fosite/integration/helper_endpoints_test.go
@ -113,11 +113,11 @@ func authCallbackHandler(t *testing.T) func(rw http.ResponseWriter, req *http.Re
 		}

 		if q.Get("code") != "" {
-			rw.Write([]byte("code: ok"))
+			_, _ = rw.Write([]byte("code: ok"))
 		}
 		if q.Get("error") != "" {
 			rw.WriteHeader(http.StatusNotAcceptable)
-			rw.Write([]byte("error: " + q.Get("error")))
+			_, _ = rw.Write([]byte("error: " + q.Get("error")))
 		}

 	}
@ -125,7 +125,7 @@ func authCallbackHandler(t *testing.T) func(rw http.ResponseWriter, req *http.Re

 func tokenEndpointHandler(t *testing.T, provider fosite.OAuth2Provider) func(rw http.ResponseWriter, req *http.Request) {
 	return func(rw http.ResponseWriter, req *http.Request) {
-		req.ParseMultipartForm(1 << 20)
+		_ = req.ParseMultipartForm(1 << 20)
 		ctx := fosite.NewContext()

 		accessRequest, err := provider.NewAccessRequest(ctx, req, &oauth2.JWTSession{})
--- a/fosite/integration/oidc_explicit_test.go
+++ b/fosite/integration/oidc_explicit_test.go
@ -181,7 +181,9 @@ func TestOpenIDConnectExplicitFlow(t *testing.T) {

 			resp, err := http.Get(c.setup(oauthClient))
 			require.NoError(t, err)
-			defer resp.Body.Close()
+			defer func(body io.ReadCloser) {
+				require.NoError(t, body.Close())
+			}(resp.Body)

 			body, _ := io.ReadAll(resp.Body)
 			require.Equal(t, c.authStatusCode, resp.StatusCode, "Got response: %s", body)
--- a/fosite/integration/oidc_implicit_hybrid_public_client_pkce_test.go
+++ b/fosite/integration/oidc_implicit_hybrid_public_client_pkce_test.go
@ -79,7 +79,7 @@ func TestOIDCImplicitFlowPublicClientPKCE(t *testing.T) {
 					return errors.New("Dont follow redirects")
 				},
 			}
-			resp, err := client.Get(authURL)
+			_, err := client.Get(authURL)
 			require.Error(t, err)

 			t.Logf("Response (%d): %s", k, callbackURL.String())
@ -91,7 +91,7 @@ func TestOIDCImplicitFlowPublicClientPKCE(t *testing.T) {

 			assert.NotEmpty(t, fragment.Get("id_token"))

-			resp, err = http.PostForm(oauthClient.Endpoint.TokenURL, url.Values{
+			resp, err := http.PostForm(oauthClient.Endpoint.TokenURL, url.Values{
 				"code":          {code},
 				"grant_type":    {"authorization_code"},
 				"client_id":     {"public-client"},
@ -99,7 +99,9 @@ func TestOIDCImplicitFlowPublicClientPKCE(t *testing.T) {
 				"code_verifier": {c.codeVerifier},
 			})
 			require.NoError(t, err)
-			defer resp.Body.Close()
+			defer func(Body io.ReadCloser) {
+				_ = Body.Close()
+			}(resp.Body)

 			body, err := io.ReadAll(resp.Body)
 			require.NoError(t, err)
--- a/fosite/integration/pushed_authorize_code_grant_test.go
+++ b/fosite/integration/pushed_authorize_code_grant_test.go
@ -12,13 +12,11 @@ import (
 	"strings"
 	"testing"

-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	goauth "golang.org/x/oauth2"
-
 	"github.com/ory/hydra/v2/fosite"
 	"github.com/ory/hydra/v2/fosite/compose"
 	"github.com/ory/hydra/v2/fosite/handler/oauth2"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestPushedAuthorizeCodeFlow(t *testing.T) {
@ -159,11 +157,11 @@ func runPushedAuthorizeCodeGrantTest(t *testing.T, strategy oauth2.CoreStrategyP

 			require.NotEmpty(t, resp.Request.URL.Query().Get("code"), "Auth code is empty")

-			token, err := oauthClient.Exchange(goauth.NoContext, resp.Request.URL.Query().Get("code"))
+			token, err := oauthClient.Exchange(t.Context(), resp.Request.URL.Query().Get("code"))
 			require.NoError(t, err)
 			require.NotEmpty(t, token.AccessToken)

-			httpClient := oauthClient.Client(goauth.NoContext, token)
+			httpClient := oauthClient.Client(t.Context(), token)
 			resp, err = httpClient.Get(ts.URL + "/info")
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, resp.StatusCode)
@ -176,7 +174,7 @@ func runPushedAuthorizeCodeGrantTest(t *testing.T, strategy oauth2.CoreStrategyP
 }

 func checkStatusAndGetBody(t *testing.T, resp *http.Response, expectedStatusCode int) ([]byte, error) {
-	defer resp.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(resp.Body)

 	require.Equal(t, expectedStatusCode, resp.StatusCode)
 	b, err := io.ReadAll(resp.Body)
@ -184,7 +182,7 @@ func checkStatusAndGetBody(t *testing.T, resp *http.Response, expectedStatusCode
 		fmt.Printf("PAR response: body=%s\n", string(b))
 	}
 	if expectedStatusCode != resp.StatusCode {
-		return nil, fmt.Errorf("Invalid status code %d", resp.StatusCode)
+		return nil, fmt.Errorf("invalid status code %d", resp.StatusCode)
 	}

 	return b, err
--- a/fosite/storage/memory_test.go
+++ b/fosite/storage/memory_test.go
@ -14,8 +14,7 @@ import (

 func TestMemoryStore_Authenticate(t *testing.T) {
 	type fields struct {
-		Users      map[string]MemoryUserRelation
-		usersMutex sync.RWMutex
+		Users map[string]MemoryUserRelation
 	}
 	type args struct {
 		in0    context.Context
@ -50,7 +49,7 @@ func TestMemoryStore_Authenticate(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			s := &MemoryStore{
 				Users:      tt.fields.Users,
-				usersMutex: tt.fields.usersMutex,
+				usersMutex: sync.RWMutex{},
 			}
 			if _, err := s.Authenticate(tt.args.in0, tt.args.name, tt.args.secret); err == nil || !errors.Is(err, tt.wantErr) {
 				t.Errorf("Authenticate() error = %v, wantErr %v", err, tt.wantErr)
--- a/fosite/token/jwt/jwt_test.go
+++ b/fosite/token/jwt/jwt_test.go
@ -141,15 +141,15 @@ func TestGenerateJWT(t *testing.T) {
 				require.Equal(t, k.KeyID, decoded.Header["kid"])
 			}

-			sig, err = tc.strategy.Validate(context.TODO(), token)
+			_, err = tc.strategy.Validate(context.TODO(), token)
 			require.NoError(t, err)

-			sig, err = tc.strategy.Validate(context.TODO(), token+"."+"0123456789")
+			_, err = tc.strategy.Validate(context.TODO(), token+"."+"0123456789")
 			require.Error(t, err)

 			partToken := strings.Split(token, ".")[2]

-			sig, err = tc.strategy.Validate(context.TODO(), partToken)
+			_, err = tc.strategy.Validate(context.TODO(), partToken)
 			require.Error(t, err)

 			// Reset private key
@ -159,21 +159,21 @@ func TestGenerateJWT(t *testing.T) {
 			claims = &JWTClaims{
 				ExpiresAt: time.Now().UTC().Add(-time.Hour),
 			}
-			token, sig, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
+			token, _, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
 			require.NoError(t, err)
 			require.NotNil(t, token)

-			sig, err = tc.strategy.Validate(context.TODO(), token)
+			_, err = tc.strategy.Validate(context.TODO(), token)
 			require.Error(t, err)

 			// Lets validate the nbf claim
 			claims = &JWTClaims{
 				NotBefore: time.Now().UTC().Add(time.Hour),
 			}
-			token, sig, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
+			token, _, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
 			require.NoError(t, err)
 			require.NotNil(t, token)
-			//t.Logf("%s.%s", token, sig)
+			// t.Logf("%s.%s", token, sig)
 			sig, err = tc.strategy.Validate(context.TODO(), token)
 			require.Error(t, err)
 			require.Empty(t, sig, "%s", err)
--- a/fosite/tools.go
+++ b/fosite/tools.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build tools
-// +build tools

 package fosite

--- a/hsm/crypto11_mock_test.go
+++ b/hsm/crypto11_mock_test.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build hsm
-// +build hsm

 // Code generated by MockGen. DO NOT EDIT.
 // Source: github.com/ThalesGroup/crypto11 (interfaces: SignerDecrypter)
--- a/hsm/hsm.go
+++ b/hsm/hsm.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build hsm
-// +build hsm

 package hsm

--- a/hsm/hsm_mock_test.go
+++ b/hsm/hsm_mock_test.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build hsm
-// +build hsm

 // Code generated by MockGen. DO NOT EDIT.
 // Source: hsm/hsm.go
--- a/hsm/manager_hsm.go
+++ b/hsm/manager_hsm.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build hsm
-// +build hsm

 package hsm

--- a/hsm/manager_hsm_test.go
+++ b/hsm/manager_hsm_test.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build hsm
-// +build hsm

 package hsm_test

--- a/hsm/manager_nohsm.go
+++ b/hsm/manager_nohsm.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build !hsm
-// +build !hsm

 package hsm

--- a/test/conformance/run_test.go
+++ b/test/conformance/run_test.go
@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0

 //go:build conformity
-// +build conformity

 package main

@ -198,8 +197,8 @@ func createPlan(t *testing.T, extra url.Values, isParallel bool) {
 	}

 	// https://localhost:8443/api/plan?planName=oidcc-formpost-basic-certification-test-plan&variant={"server_metadata":"discovery","client_registration":"dynamic_client"}&variant={"server_metadata":"discovery","client_registration":"dynamic_client"}
-	//planConfig, err := sjson.SetBytes(config, "alias", uuid.New())
-	//require.NoError(t, err)
+	// planConfig, err := sjson.SetBytes(config, "alias", uuid.New())
+	// require.NoError(t, err)
 	body := makePost(t, urlx.CopyWithQuery(urlx.AppendPaths(server, "/api/plan"), extra).String(),
 		bytes.NewReader(config),
 		201)