chore: fix golangci-lint issues in Hydra

hperl · ory-bot · commit eaa93938680c · 2025-12-04T17:20:45.000Z
GitOrigin-RevId: 03eb601af45a17c6e7403f37a13cba79775b44ef
diff --git a/fosite/authorize_request_handler.go b/fosite/authorize_request_handler.go
@@ -73,7 +73,7 @@ func (f *Fosite) authorizeRequestParametersFromOpenIDConnectRequest(ctx context.
 		if err != nil {
 			return errorsx.WithStack(ErrInvalidRequestURI.WithHintf("Unable to fetch OpenID Connect request parameters from 'request_uri' because: %s.", err.Error()).WithWrap(err).WithDebug(err.Error()))
 		}
-		defer response.Body.Close()
+		defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)
 		response.Body = io.NopCloser(io.LimitReader(response.Body, 10*1024*1024)) // limit to 10MiB
 
 		if response.StatusCode != http.StatusOK {
diff --git a/fosite/authorize_request_handler_oidc_request_test.go b/fosite/authorize_request_handler_oidc_request_test.go
@@ -67,7 +67,8 @@ func TestAuthorizeRequestParametersFromOpenIDConnectRequest(t *testing.T) {
 	validNoneRequestObject := mustGenerateNoneAssertion(t, jwt.MapClaims{"scope": "foo", "foo": "bar", "baz": "baz", "state": "some-state"})
 
 	var reqH http.HandlerFunc = func(rw http.ResponseWriter, r *http.Request) {
-		rw.Write([]byte(validRequestObject))
+		_, err := rw.Write([]byte(validRequestObject))
+		require.NoError(t, err)
 	}
 	reqTS := httptest.NewServer(reqH)
 	defer reqTS.Close()
diff --git a/fosite/client_authentication_jwks_strategy.go b/fosite/client_authentication_jwks_strategy.go
@@ -112,7 +112,9 @@ func (s *DefaultJWKSFetcherStrategy) Resolve(ctx context.Context, location strin
 		if err != nil {
 			return nil, errorsx.WithStack(ErrServerError.WithHintf("Unable to fetch JSON Web Keys from location '%s'. Check for typos or other network issues.", location).WithWrap(err).WithDebug(err.Error()))
 		}
-		defer response.Body.Close()
+		defer func() {
+			_ = response.Body.Close()
+		}()
 
 		if response.StatusCode < 200 || response.StatusCode >= 400 {
 			return nil, errorsx.WithStack(ErrServerError.WithHintf("Expected successful status code in range of 200 - 399 from location '%s' but received code %d.", location, response.StatusCode))
diff --git a/fosite/client_authentication_jwks_strategy_test.go b/fosite/client_authentication_jwks_strategy_test.go
@@ -167,7 +167,7 @@ func TestDefaultJWKSFetcherStrategy(t *testing.T) {
 	t.Run("case=error_encoding", func(t *testing.T) {
 		s := NewDefaultJWKSFetcherStrategy()
 		h = func(w http.ResponseWriter, r *http.Request) {
-			w.Write([]byte("[]"))
+			_, _ = w.Write([]byte("[]"))
 		}
 		ts := httptest.NewServer(h)
 		defer ts.Close()
diff --git a/fosite/device_write.go b/fosite/device_write.go
@@ -32,7 +32,7 @@ func (f *Fosite) WriteDeviceResponse(ctx context.Context, rw http.ResponseWriter
 	}
 
 	r, err := json.Marshal(deviceResponse)
-	rw.Write(r)
+	_, _ = rw.Write(r)
 	if err != nil {
 		http.Error(rw, ErrServerError.WithWrap(err).WithDebug(err.Error()).Error(), http.StatusInternalServerError)
 		return
diff --git a/fosite/go_mod_indirect_pins.go b/fosite/go_mod_indirect_pins.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build tools
-// +build tools
 
 package fosite
 
diff --git a/fosite/integration/authorize_code_grant_public_client_pkce_test.go b/fosite/integration/authorize_code_grant_public_client_pkce_test.go
@@ -98,7 +98,7 @@ func runAuthorizeCodeGrantWithPublicClientAndPKCETest(t *testing.T, strategy oau
 					"code_verifier": {verifier},
 				})
 				require.NoError(t, err)
-				defer resp.Body.Close()
+				defer func(Body io.ReadCloser) { _ = Body.Close() }(resp.Body)
 
 				body, err := io.ReadAll(resp.Body)
 				require.NoError(t, err)
diff --git a/fosite/integration/authorize_code_grant_test.go b/fosite/integration/authorize_code_grant_test.go
@@ -152,10 +152,10 @@ func runAuthorizeCodeGrantDupeCodeTest(t *testing.T, strategy oauth2.CoreStrateg
 	ts := mockServer(t, f, &fosite.DefaultSession{})
 	defer ts.Close()
 
-	oauthClient := newOAuth2Client(ts)
+	newOAuth2Client(ts)
 	fositeStore.Clients["my-client"].(*fosite.DefaultClient).RedirectURIs[0] = ts.URL + "/callback"
 
-	oauthClient = newOAuth2Client(ts)
+	oauthClient := newOAuth2Client(ts)
 	state := "12345678901234567890"
 
 	resp, err := http.Get(oauthClient.AuthCodeURL(state))
diff --git a/fosite/integration/authorize_device_grant_request_test.go b/fosite/integration/authorize_device_grant_request_test.go
@@ -183,6 +183,7 @@ func exchangeForAccessToken(t *testing.T) {
 
 				tokenSource := cl.TokenSource(t.Context(), token)
 				refreshed, err := tokenSource.Token()
+				require.NoError(t, err)
 
 				assert.NotEmpty(t, refreshed.AccessToken)
 				assert.NotEmpty(t, refreshed.RefreshToken)
diff --git a/fosite/integration/authorize_jwt_bearer_test.go b/fosite/integration/authorize_jwt_bearer_test.go
@@ -5,6 +5,7 @@ package integration_test
 
 import (
 	"context"
+	"errors"
 	"net/http"
 	"testing"
 	"time"
@@ -265,7 +266,8 @@ func (s *authorizeJWTBearerSuite) TestBadResponseForSecondRequestWithSameJTI() {
 		},
 	}
 
-	client.GetToken(ctx, config, nil)
+	_, err := client.GetToken(ctx, config, nil)
+	require.NoError(s.T(), err)
 	token2, err := client.GetToken(ctx, config, nil)
 
 	s.assertBadResponse(s.T(), token2, err)
@@ -285,7 +287,8 @@ func (s *authorizeJWTBearerSuite) TestSuccessResponseForSecondRequestWithSameJTI
 		},
 	}
 
-	client.GetToken(ctx, config, nil)
+	_, err := client.GetToken(ctx, config, nil)
+	require.NoError(s.T(), err)
 
 	time.Sleep(time.Second)
 	config.Expiry = jwt.NewNumericDate(time.Now().Add(time.Hour))
@@ -396,7 +399,8 @@ func (s *authorizeJWTBearerSuite) assertBadResponse(t *testing.T, token *clients
 	assert.Nil(t, token)
 	assert.NotNil(t, err)
 
-	retrieveError, ok := err.(*clients.RequestError)
+	var retrieveError *clients.RequestError
+	ok := errors.As(err, &retrieveError)
 	assert.True(t, ok)
 	assert.Equal(t, retrieveError.Response.StatusCode, http.StatusBadRequest)
 }
diff --git a/fosite/integration/client_credentials_grant_test.go b/fosite/integration/client_credentials_grant_test.go
@@ -40,7 +40,7 @@ func introspect(t *testing.T, ts *httptest.Server, token string, p interface{},
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	r, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
-	defer r.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(r.Body)
 	body, err := io.ReadAll(r.Body)
 	require.NoError(t, err)
 	assert.Equal(t, http.StatusOK, r.StatusCode, "%s", body)
@@ -134,7 +134,7 @@ func runClientCredentialsGrantTest(t *testing.T, strategy oauth2.CoreStrategyPro
 			c.setup()
 
 			oauthClient.EndpointParams = c.params
-			token, err := oauthClient.Token(goauth.NoContext)
+			token, err := oauthClient.Token(t.Context())
 			require.Equal(t, c.err, err != nil, "(%d) %s\n%s\n%s", k, c.description, c.err, err)
 			if !c.err {
 				assert.NotEmpty(t, token.AccessToken, "(%d) %s\n%s", k, c.description, token)
diff --git a/fosite/integration/clients/introspect.go b/fosite/integration/clients/introspect.go
@@ -52,7 +52,7 @@ func (c *Introspect) IntrospectToken(
 		return nil, err
 	}
 
-	defer response.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)
 
 	body, err := io.ReadAll(response.Body)
 	if err != nil {
diff --git a/fosite/integration/clients/jwt_bearer.go b/fosite/integration/clients/jwt_bearer.go
@@ -91,7 +91,7 @@ func (c *JWTBearer) GetToken(ctx context.Context, payloadData *JWTBearerPayload,
 		return nil, err
 	}
 
-	defer response.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)
 
 	body, err := io.ReadAll(response.Body)
 	if err != nil {
diff --git a/fosite/integration/helper_endpoints_test.go b/fosite/integration/helper_endpoints_test.go
@@ -113,19 +113,19 @@ func authCallbackHandler(t *testing.T) func(rw http.ResponseWriter, req *http.Re
 		}
 
 		if q.Get("code") != "" {
-			rw.Write([]byte("code: ok"))
+			_, _ = rw.Write([]byte("code: ok"))
 		}
 		if q.Get("error") != "" {
 			rw.WriteHeader(http.StatusNotAcceptable)
-			rw.Write([]byte("error: " + q.Get("error")))
+			_, _ = rw.Write([]byte("error: " + q.Get("error")))
 		}
 
 	}
 }
 
 func tokenEndpointHandler(t *testing.T, provider fosite.OAuth2Provider) func(rw http.ResponseWriter, req *http.Request) {
 	return func(rw http.ResponseWriter, req *http.Request) {
-		req.ParseMultipartForm(1 << 20)
+		_ = req.ParseMultipartForm(1 << 20)
 		ctx := fosite.NewContext()
 
 		accessRequest, err := provider.NewAccessRequest(ctx, req, &oauth2.JWTSession{})
diff --git a/fosite/integration/oidc_explicit_test.go b/fosite/integration/oidc_explicit_test.go
@@ -181,7 +181,9 @@ func TestOpenIDConnectExplicitFlow(t *testing.T) {
 
 			resp, err := http.Get(c.setup(oauthClient))
 			require.NoError(t, err)
-			defer resp.Body.Close()
+			defer func(body io.ReadCloser) {
+				require.NoError(t, body.Close())
+			}(resp.Body)
 
 			body, _ := io.ReadAll(resp.Body)
 			require.Equal(t, c.authStatusCode, resp.StatusCode, "Got response: %s", body)
diff --git a/fosite/integration/oidc_implicit_hybrid_public_client_pkce_test.go b/fosite/integration/oidc_implicit_hybrid_public_client_pkce_test.go
@@ -79,7 +79,7 @@ func TestOIDCImplicitFlowPublicClientPKCE(t *testing.T) {
 					return errors.New("Dont follow redirects")
 				},
 			}
-			resp, err := client.Get(authURL)
+			_, err := client.Get(authURL)
 			require.Error(t, err)
 
 			t.Logf("Response (%d): %s", k, callbackURL.String())
@@ -91,15 +91,17 @@ func TestOIDCImplicitFlowPublicClientPKCE(t *testing.T) {
 
 			assert.NotEmpty(t, fragment.Get("id_token"))
 
-			resp, err = http.PostForm(oauthClient.Endpoint.TokenURL, url.Values{
+			resp, err := http.PostForm(oauthClient.Endpoint.TokenURL, url.Values{
 				"code":          {code},
 				"grant_type":    {"authorization_code"},
 				"client_id":     {"public-client"},
 				"redirect_uri":  {ts.URL + "/callback"},
 				"code_verifier": {c.codeVerifier},
 			})
 			require.NoError(t, err)
-			defer resp.Body.Close()
+			defer func(Body io.ReadCloser) {
+				_ = Body.Close()
+			}(resp.Body)
 
 			body, err := io.ReadAll(resp.Body)
 			require.NoError(t, err)
diff --git a/fosite/integration/pushed_authorize_code_grant_test.go b/fosite/integration/pushed_authorize_code_grant_test.go
@@ -12,13 +12,11 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	goauth "golang.org/x/oauth2"
-
 	"github.com/ory/hydra/v2/fosite"
 	"github.com/ory/hydra/v2/fosite/compose"
 	"github.com/ory/hydra/v2/fosite/handler/oauth2"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestPushedAuthorizeCodeFlow(t *testing.T) {
@@ -159,11 +157,11 @@ func runPushedAuthorizeCodeGrantTest(t *testing.T, strategy oauth2.CoreStrategyP
 
 			require.NotEmpty(t, resp.Request.URL.Query().Get("code"), "Auth code is empty")
 
-			token, err := oauthClient.Exchange(goauth.NoContext, resp.Request.URL.Query().Get("code"))
+			token, err := oauthClient.Exchange(t.Context(), resp.Request.URL.Query().Get("code"))
 			require.NoError(t, err)
 			require.NotEmpty(t, token.AccessToken)
 
-			httpClient := oauthClient.Client(goauth.NoContext, token)
+			httpClient := oauthClient.Client(t.Context(), token)
 			resp, err = httpClient.Get(ts.URL + "/info")
 			require.NoError(t, err)
 			assert.Equal(t, http.StatusOK, resp.StatusCode)
@@ -176,15 +174,15 @@ func runPushedAuthorizeCodeGrantTest(t *testing.T, strategy oauth2.CoreStrategyP
 }
 
 func checkStatusAndGetBody(t *testing.T, resp *http.Response, expectedStatusCode int) ([]byte, error) {
-	defer resp.Body.Close()
+	defer func(Body io.ReadCloser) { _ = Body.Close() }(resp.Body)
 
 	require.Equal(t, expectedStatusCode, resp.StatusCode)
 	b, err := io.ReadAll(resp.Body)
 	if err == nil {
 		fmt.Printf("PAR response: body=%s\n", string(b))
 	}
 	if expectedStatusCode != resp.StatusCode {
-		return nil, fmt.Errorf("Invalid status code %d", resp.StatusCode)
+		return nil, fmt.Errorf("invalid status code %d", resp.StatusCode)
 	}
 
 	return b, err
diff --git a/fosite/storage/memory_test.go b/fosite/storage/memory_test.go
@@ -14,8 +14,7 @@ import (
 
 func TestMemoryStore_Authenticate(t *testing.T) {
 	type fields struct {
-		Users      map[string]MemoryUserRelation
-		usersMutex sync.RWMutex
+		Users map[string]MemoryUserRelation
 	}
 	type args struct {
 		in0    context.Context
@@ -50,7 +49,7 @@ func TestMemoryStore_Authenticate(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			s := &MemoryStore{
 				Users:      tt.fields.Users,
-				usersMutex: tt.fields.usersMutex,
+				usersMutex: sync.RWMutex{},
 			}
 			if _, err := s.Authenticate(tt.args.in0, tt.args.name, tt.args.secret); err == nil || !errors.Is(err, tt.wantErr) {
 				t.Errorf("Authenticate() error = %v, wantErr %v", err, tt.wantErr)
diff --git a/fosite/token/jwt/jwt_test.go b/fosite/token/jwt/jwt_test.go
@@ -141,15 +141,15 @@ func TestGenerateJWT(t *testing.T) {
 				require.Equal(t, k.KeyID, decoded.Header["kid"])
 			}
 
-			sig, err = tc.strategy.Validate(context.TODO(), token)
+			_, err = tc.strategy.Validate(context.TODO(), token)
 			require.NoError(t, err)
 
-			sig, err = tc.strategy.Validate(context.TODO(), token+"."+"0123456789")
+			_, err = tc.strategy.Validate(context.TODO(), token+"."+"0123456789")
 			require.Error(t, err)
 
 			partToken := strings.Split(token, ".")[2]
 
-			sig, err = tc.strategy.Validate(context.TODO(), partToken)
+			_, err = tc.strategy.Validate(context.TODO(), partToken)
 			require.Error(t, err)
 
 			// Reset private key
@@ -159,21 +159,21 @@ func TestGenerateJWT(t *testing.T) {
 			claims = &JWTClaims{
 				ExpiresAt: time.Now().UTC().Add(-time.Hour),
 			}
-			token, sig, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
+			token, _, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
 			require.NoError(t, err)
 			require.NotNil(t, token)
 
-			sig, err = tc.strategy.Validate(context.TODO(), token)
+			_, err = tc.strategy.Validate(context.TODO(), token)
 			require.Error(t, err)
 
 			// Lets validate the nbf claim
 			claims = &JWTClaims{
 				NotBefore: time.Now().UTC().Add(time.Hour),
 			}
-			token, sig, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
+			token, _, err = tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
 			require.NoError(t, err)
 			require.NotNil(t, token)
-			//t.Logf("%s.%s", token, sig)
+			// t.Logf("%s.%s", token, sig)
 			sig, err = tc.strategy.Validate(context.TODO(), token)
 			require.Error(t, err)
 			require.Empty(t, sig, "%s", err)
diff --git a/fosite/tools.go b/fosite/tools.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build tools
-// +build tools
 
 package fosite
 
diff --git a/hsm/crypto11_mock_test.go b/hsm/crypto11_mock_test.go
diff --git a/hsm/hsm.go b/hsm/hsm.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build hsm
-// +build hsm
 
 package hsm
 
diff --git a/hsm/hsm_mock_test.go b/hsm/hsm_mock_test.go
diff --git a/hsm/manager_hsm.go b/hsm/manager_hsm.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build hsm
-// +build hsm
 
 package hsm
 
diff --git a/hsm/manager_hsm_test.go b/hsm/manager_hsm_test.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build hsm
-// +build hsm
 
 package hsm_test
 
diff --git a/hsm/manager_nohsm.go b/hsm/manager_nohsm.go
@@ -2,7 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 //go:build !hsm
-// +build !hsm
 
 package hsm
 
diff --git a/test/conformance/run_test.go b/test/conformance/run_test.go

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ func (f *Fosite) authorizeRequestParametersFromOpenIDConnectRequest(ctx context.`
`73`	`73`	`if err != nil {`
`74`	`74`	`return errorsx.WithStack(ErrInvalidRequestURI.WithHintf("Unable to fetch OpenID Connect request parameters from 'request_uri' because: %s.", err.Error()).WithWrap(err).WithDebug(err.Error()))`
`75`	`75`	`}`
`76`		`- defer response.Body.Close()`
	`76`	`+ defer func(Body io.ReadCloser) { _ = Body.Close() }(response.Body)`
`77`	`77`	`response.Body = io.NopCloser(io.LimitReader(response.Body, 1010241024)) // limit to 10MiB`
`78`	`78`
`79`	`79`	`if response.StatusCode != http.StatusOK {`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,8 @@ func TestAuthorizeRequestParametersFromOpenIDConnectRequest(t *testing.T) {`
`67`	`67`	`validNoneRequestObject := mustGenerateNoneAssertion(t, jwt.MapClaims{"scope": "foo", "foo": "bar", "baz": "baz", "state": "some-state"})`
`68`	`68`
`69`	`69`	`var reqH http.HandlerFunc = func(rw http.ResponseWriter, r *http.Request) {`
`70`		`- rw.Write([]byte(validRequestObject))`
	`70`	`+ _, err := rw.Write([]byte(validRequestObject))`
	`71`	`+ require.NoError(t, err)`
`71`	`72`	`}`
`72`	`73`	`reqTS := httptest.NewServer(reqH)`
`73`	`74`	`defer reqTS.Close()`
Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ func TestDefaultJWKSFetcherStrategy(t *testing.T) {`
`167`	`167`	`t.Run("case=error_encoding", func(t *testing.T) {`
`168`	`168`	`s := NewDefaultJWKSFetcherStrategy()`
`169`	`169`	`h = func(w http.ResponseWriter, r *http.Request) {`
`170`		`- w.Write([]byte("[]"))`
	`170`	`+ _, _ = w.Write([]byte("[]"))`
`171`	`171`	`}`
`172`	`172`	`ts := httptest.NewServer(h)`
`173`	`173`	`defer ts.Close()`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ func (f *Fosite) WriteDeviceResponse(ctx context.Context, rw http.ResponseWriter`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`r, err := json.Marshal(deviceResponse)`
`35`		`- rw.Write(r)`
	`35`	`+ _, _ = rw.Write(r)`
`36`	`36`	`if err != nil {`
`37`	`37`	`http.Error(rw, ErrServerError.WithWrap(err).WithDebug(err.Error()).Error(), http.StatusInternalServerError)`
`38`	`38`	`return`