linting

Emyrk · Emyrk · commit 27775043e1cc · 2024-08-28T09:39:25.000-05:00
diff --git a/cli/server.go b/cli/server.go
@@ -109,7 +109,7 @@ import (
 	"github.com/coder/coder/v2/tailnet"
 )
 
-func createOIDCConfig(ctx context.Context, logger slog.Logger, entitlements *entitlements.Set, vals *codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {
+func createOIDCConfig(ctx context.Context, logger slog.Logger, set *entitlements.Set, vals *codersdk.DeploymentValues) (*coderd.OIDCConfig, error) {
 	if vals.OIDC.ClientID == "" {
 		return nil, xerrors.Errorf("OIDC client ID must be set!")
 	}
@@ -199,7 +199,7 @@ func createOIDCConfig(ctx context.Context, logger slog.Logger, entitlements *ent
 		SignupsDisabledText: vals.OIDC.SignupsDisabledText.String(),
 		IconURL:             vals.OIDC.IconURL.String(),
 		IgnoreEmailVerified: vals.OIDC.IgnoreEmailVerified.Value(),
-		IDPSync: idpsync.NewSync(logger, entitlements, idpsync.SyncSettings{
+		IDPSync: idpsync.NewSync(logger, set, idpsync.SyncSettings{
 			OrganizationField:         vals.OIDC.OrganizationField.Value(),
 			OrganizationMapping:       vals.OIDC.OrganizationMapping.Value,
 			OrganizationAssignDefault: vals.OIDC.OrganizationAssignDefault.Value(),
diff --git a/coderd/idpsync/idpsync.go b/coderd/idpsync/idpsync.go
@@ -23,14 +23,14 @@ import (
 // So instead, if the code is compiled with the enterprise logic, it will
 // override this function to return the enterprise IDP sync object.
 // For unit testing, the callers can specifically choose which "NewSync" to use.
-var NewSync = func(logger slog.Logger, entitlements *entitlements.Set, settings SyncSettings) IDPSync {
-	return NewAGPLSync(logger, entitlements, settings)
+var NewSync = func(logger slog.Logger, set *entitlements.Set, settings SyncSettings) IDPSync {
+	return NewAGPLSync(logger, set, settings)
 }
 
 type IDPSync interface {
 	// ParseOrganizationClaims takes claims from an OIDC provider, and returns the
 	// organization sync params for assigning users into organizations.
-	ParseOrganizationClaims(ctx context.Context, _ jwt.MapClaims) (OrganizationParams, *HttpError)
+	ParseOrganizationClaims(ctx context.Context, _ jwt.MapClaims) (OrganizationParams, *HTTPError)
 	// SyncOrganizations assigns and removed users from organizations based on the
 	// provided params.
 	SyncOrganizations(ctx context.Context, tx database.Store, user database.User, params OrganizationParams) error
@@ -111,18 +111,18 @@ func ParseStringSliceClaim(claim interface{}) ([]string, error) {
 	return nil, xerrors.Errorf("invalid claim type. Expected an array of strings, got: %T", claim)
 }
 
-// HttpError is a helper struct for returning errors from the IDP sync process.
+// HTTPError is a helper struct for returning errors from the IDP sync process.
 // A regular error is not sufficient because many of these errors are surfaced
 // to a user logging in, and the errors should be descriptive.
-type HttpError struct {
+type HTTPError struct {
 	Code                 int
 	Msg                  string
 	Detail               string
 	RenderStaticPage     bool
 	RenderDetailMarkdown bool
 }
 
-func (e HttpError) Write(rw http.ResponseWriter, r *http.Request) {
+func (e HTTPError) Write(rw http.ResponseWriter, r *http.Request) {
 	if e.RenderStaticPage {
 		site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
 			Status:       e.Code,
@@ -142,7 +142,7 @@ func (e HttpError) Write(rw http.ResponseWriter, r *http.Request) {
 	})
 }
 
-func (e HttpError) Error() string {
+func (e HTTPError) Error() string {
 	if e.Detail != "" {
 		return e.Detail
 	}
diff --git a/coderd/idpsync/organization.go b/coderd/idpsync/organization.go
@@ -16,10 +16,7 @@ import (
 	"github.com/coder/coder/v2/coderd/util/slice"
 )
 
-func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ jwt.MapClaims) (OrganizationParams, *HttpError) {
-	// nolint:gocritic // all syncing is done as a system user
-	ctx = dbauthz.AsSystemRestricted(ctx)
-
+func (s AGPLIDPSync) ParseOrganizationClaims(ctx context.Context, _ jwt.MapClaims) (OrganizationParams, *HTTPError) {
 	// For AGPL we only sync the default organization.
 	return OrganizationParams{
 		SyncEnabled:    false,
diff --git a/coderd/idpsync/organizations_test.go b/coderd/idpsync/organizations_test.go
@@ -1,4 +1,4 @@
-package idpsync
+package idpsync_test
 
 import (
 	"testing"
@@ -9,6 +9,7 @@ import (
 
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/v2/coderd/entitlements"
+	"github.com/coder/coder/v2/coderd/idpsync"
 	"github.com/coder/coder/v2/testutil"
 )
 
@@ -18,7 +19,7 @@ func TestParseOrganizationClaims(t *testing.T) {
 	t.Run("SingleOrgDeployment", func(t *testing.T) {
 		t.Parallel()
 
-		s := NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), SyncSettings{
+		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), idpsync.SyncSettings{
 			OrganizationField:         "",
 			OrganizationMapping:       nil,
 			OrganizationAssignDefault: true,
@@ -38,7 +39,7 @@ func TestParseOrganizationClaims(t *testing.T) {
 		t.Parallel()
 
 		// AGPL has limited behavior
-		s := NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), SyncSettings{
+		s := idpsync.NewAGPLSync(slogtest.Make(t, &slogtest.Options{}), entitlements.New(), idpsync.SyncSettings{
 			OrganizationField: "orgs",
 			OrganizationMapping: map[string][]uuid.UUID{
 				"random": {uuid.New()},
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -669,7 +669,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
 	})
 	cookies, user, key, err := api.oauthLogin(r, params)
 	defer params.CommitAuditLogs()
-	var httpErr idpsync.HttpError
+	var httpErr idpsync.HTTPError
 	if xerrors.As(err, &httpErr) {
 		httpErr.Write(rw, r)
 		return
@@ -1069,7 +1069,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 	})
 	cookies, user, key, err := api.oauthLogin(r, params)
 	defer params.CommitAuditLogs()
-	var httpErr idpsync.HttpError
+	var httpErr idpsync.HTTPError
 	if xerrors.As(err, &httpErr) {
 		httpErr.Write(rw, r)
 		return
@@ -1097,7 +1097,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 }
 
 // oidcGroups returns the groups for the user from the OIDC claims.
-func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interface{}) (bool, []string, *idpsync.HttpError) {
+func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interface{}) (bool, []string, *idpsync.HTTPError) {
 	logger := api.Logger.Named(userAuthLoggerName)
 	usingGroups := false
 	var groups []string
@@ -1118,7 +1118,7 @@ func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interfac
 					slog.F("type", fmt.Sprintf("%T", groupsRaw)),
 					slog.Error(err),
 				)
-				return false, nil, &idpsync.HttpError{
+				return false, nil, &idpsync.HTTPError{
 					Code:             http.StatusBadRequest,
 					Msg:              "Failed to sync groups from OIDC claims",
 					Detail:           err.Error(),
@@ -1151,7 +1151,7 @@ func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interfac
 			if len(groups) == 0 {
 				detail = "You are currently not a member of any groups! Ask an administrator to add you to an authorized group to login."
 			}
-			return usingGroups, groups, &idpsync.HttpError{
+			return usingGroups, groups, &idpsync.HTTPError{
 				Code:             http.StatusForbidden,
 				Msg:              "Not a member of an allowed group",
 				Detail:           detail,
@@ -1175,7 +1175,7 @@ func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interfac
 // It would be preferred to just return an error, however this function
 // decorates returned errors with the appropriate HTTP status codes and details
 // that are hard to carry in a standard `error` without more work.
-func (api *API) oidcRoles(ctx context.Context, mergedClaims map[string]interface{}) ([]string, *idpsync.HttpError) {
+func (api *API) oidcRoles(ctx context.Context, mergedClaims map[string]interface{}) ([]string, *idpsync.HTTPError) {
 	roles := api.OIDCConfig.UserRolesDefault
 	if !api.OIDCConfig.RoleSyncEnabled() {
 		return roles, nil
@@ -1197,7 +1197,7 @@ func (api *API) oidcRoles(ctx context.Context, mergedClaims map[string]interface
 			slog.F("type", fmt.Sprintf("%T", rolesRow)),
 			slog.Error(err),
 		)
-		return nil, &idpsync.HttpError{
+		return nil, &idpsync.HTTPError{
 			Code:             http.StatusInternalServerError,
 			Msg:              "Login disabled until OIDC config is fixed",
 			Detail:           fmt.Sprintf("Roles claim must be an array of strings, type found: %T. Disabling role sync will allow login to proceed.", rolesRow),
@@ -1358,7 +1358,7 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
 			if api.OIDCConfig != nil && api.OIDCConfig.SignupsDisabledText != "" {
 				signupsDisabledText = render.HTMLFromMarkdown(api.OIDCConfig.SignupsDisabledText)
 			}
-			return &idpsync.HttpError{
+			return &idpsync.HTTPError{
 				Code:                 http.StatusForbidden,
 				Msg:                  "Signups are disabled",
 				Detail:               signupsDisabledText,
@@ -1409,7 +1409,7 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
 					}
 				}
 				if !validUsername {
-					return &idpsync.HttpError{
+					return &idpsync.HTTPError{
 						Code: http.StatusConflict,
 						Msg:  fmt.Sprintf("exhausted alternatives for taken username %q", original),
 					}
@@ -1564,7 +1564,7 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
 			//nolint:gocritic
 			err := api.Options.SetUserSiteRoles(dbauthz.AsSystemRestricted(ctx), logger, tx, user.ID, filtered)
 			if err != nil {
-				return &idpsync.HttpError{
+				return &idpsync.HTTPError{
 					Code:             http.StatusBadRequest,
 					Msg:              "Invalid roles through OIDC claims",
 					Detail:           fmt.Sprintf("Error from role assignment attempt: %s", err.Error()),
@@ -1679,15 +1679,15 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 	// Trying to convert to OIDC, but the email does not match.
 	// So do not make a new user, just block the request.
 	if user.ID == uuid.Nil {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusBadRequest,
 			Msg:  fmt.Sprintf("The oidc account with the email %q does not match the email of the account you are trying to convert. Contact your administrator to resolve this issue.", params.Email),
 		}
 	}
 
 	jwtCookie, err := r.Cookie(OAuthConvertCookieValue)
 	if err != nil {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusBadRequest,
 			Msg: fmt.Sprintf("Convert to oauth cookie not found. Missing signed jwt to authorize this action. " +
 				"Please try again."),
@@ -1699,13 +1699,13 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 	})
 	if xerrors.Is(err, jwt.ErrSignatureInvalid) || !token.Valid {
 		// These errors are probably because the user is mixing 2 coder deployments.
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusBadRequest,
 			Msg:  "Using an invalid jwt to authorize this action. Ensure there is only 1 coder deployment and try again.",
 		}
 	}
 	if err != nil {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusInternalServerError,
 			Msg:  fmt.Sprintf("Error parsing jwt: %v", err),
 		}
@@ -1727,14 +1727,14 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 	oauthConvertAudit.Old = user
 
 	if claims.RegisteredClaims.Issuer != api.DeploymentID {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusForbidden,
 			Msg:  "Request to convert login type failed. Issuer mismatch. Found a cookie from another coder deployment, please try again.",
 		}
 	}
 
 	if params.State.StateString != claims.State {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusForbidden,
 			Msg:  "Request to convert login type failed. State mismatch.",
 		}
@@ -1746,7 +1746,7 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 	if user.ID != claims.UserID ||
 		codersdk.LoginType(user.LoginType) != claims.FromLoginType ||
 		codersdk.LoginType(params.LoginType) != claims.ToLoginType {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusForbidden,
 			Msg:  fmt.Sprintf("Request to convert login type from %s to %s failed", user.LoginType, params.LoginType),
 		}
@@ -1762,7 +1762,7 @@ func (api *API) convertUserToOauth(ctx context.Context, r *http.Request, db data
 		UserID:       user.ID,
 	})
 	if err != nil {
-		return database.User{}, idpsync.HttpError{
+		return database.User{}, idpsync.HTTPError{
 			Code: http.StatusInternalServerError,
 			Msg:  "Failed to convert user to new login type",
 		}
@@ -1850,12 +1850,12 @@ func clearOAuthConvertCookie() *http.Cookie {
 	}
 }
 
-func wrongLoginTypeHTTPError(user database.LoginType, params database.LoginType) idpsync.HttpError {
+func wrongLoginTypeHTTPError(user database.LoginType, params database.LoginType) idpsync.HTTPError {
 	addedMsg := ""
 	if user == database.LoginTypePassword {
 		addedMsg = " You can convert your account to use this login type by visiting your account settings."
 	}
-	return idpsync.HttpError{
+	return idpsync.HTTPError{
 		Code:             http.StatusForbidden,
 		RenderStaticPage: true,
 		Msg:              "Incorrect login type",
diff --git a/enterprise/coderd/enidpsync/enidpsync.go b/enterprise/coderd/enidpsync/enidpsync.go
@@ -18,9 +18,9 @@ type EnterpriseIDPSync struct {
 	*idpsync.AGPLIDPSync
 }
 
-func NewSync(logger slog.Logger, entitlements *entitlements.Set, settings idpsync.SyncSettings) *EnterpriseIDPSync {
+func NewSync(logger slog.Logger, set *entitlements.Set, settings idpsync.SyncSettings) *EnterpriseIDPSync {
 	return &EnterpriseIDPSync{
-		entitlements: entitlements,
-		AGPLIDPSync:  idpsync.NewAGPLSync(logger.With(slog.F("enterprise_capable", "true")), entitlements, settings),
+		entitlements: set,
+		AGPLIDPSync:  idpsync.NewAGPLSync(logger.With(slog.F("enterprise_capable", "true")), set, settings),
 	}
 }
diff --git a/enterprise/coderd/enidpsync/organizations.go b/enterprise/coderd/enidpsync/organizations.go
@@ -14,7 +14,7 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 )
 
-func (e EnterpriseIDPSync) ParseOrganizationClaims(ctx context.Context, mergedClaims jwt.MapClaims) (idpsync.OrganizationParams, *idpsync.HttpError) {
+func (e EnterpriseIDPSync) ParseOrganizationClaims(ctx context.Context, mergedClaims jwt.MapClaims) (idpsync.OrganizationParams, *idpsync.HTTPError) {
 	if !e.entitlements.Enabled(codersdk.FeatureMultipleOrganizations) {
 		// Default to agpl if multi-org is not enabled
 		return e.AGPLIDPSync.ParseOrganizationClaims(ctx, mergedClaims)
@@ -30,7 +30,7 @@ func (e EnterpriseIDPSync) ParseOrganizationClaims(ctx context.Context, mergedCl
 		if ok {
 			parsedOrganizations, err := idpsync.ParseStringSliceClaim(organizationRaw)
 			if err != nil {
-				return idpsync.OrganizationParams{}, &idpsync.HttpError{
+				return idpsync.OrganizationParams{}, &idpsync.HTTPError{
 					Code:                 http.StatusBadRequest,
 					Msg:                  "Failed to sync organizations from the OIDC claims",
 					Detail:               err.Error(),
diff --git a/enterprise/coderd/enidpsync/organizations_test.go b/enterprise/coderd/enidpsync/organizations_test.go
@@ -1,4 +1,4 @@
-package enidpsync
+package enidpsync_test
 
 import (
 	"context"
@@ -32,7 +32,7 @@ type Expectations struct {
 	Name   string
 	Claims jwt.MapClaims
 	// Parse
-	ParseError     func(t *testing.T, httpErr *idpsync.HttpError)
+	ParseError     func(t *testing.T, httpErr *idpsync.HTTPError)
 	ExpectedParams idpsync.OrganizationParams
 	// Mutate allows mutating the user before syncing
 	Mutate func(t *testing.T, db database.Store, user database.User)
@@ -235,7 +235,7 @@ func TestOrganizationSync(t *testing.T) {
 			}
 
 			// Create a new sync object
-			sync := NewSync(logger, caseData.Entitlements, caseData.Settings)
+			sync := idpsync.NewSync(logger, caseData.Entitlements, caseData.Settings)
 			for _, exp := range caseData.Exps {
 				t.Run(exp.Name, func(t *testing.T) {
 					params, httpErr := sync.ParseOrganizationClaims(ctx, exp.Claims)

Original file line number	Diff line number	Diff line change
`@@ -18,9 +18,9 @@ type EnterpriseIDPSync struct {`
`18`	`18`	`*idpsync.AGPLIDPSync`
`19`	`19`	`}`
`20`	`20`
`21`		`-func NewSync(logger slog.Logger, entitlements entitlements.Set, settings idpsync.SyncSettings) EnterpriseIDPSync {`
	`21`	`+func NewSync(logger slog.Logger, set entitlements.Set, settings idpsync.SyncSettings) EnterpriseIDPSync {`
`22`	`22`	`return &EnterpriseIDPSync{`
`23`		`- entitlements: entitlements,`
`24`		`- AGPLIDPSync: idpsync.NewAGPLSync(logger.With(slog.F("enterprise_capable", "true")), entitlements, settings),`
	`23`	`+ entitlements: set,`
	`24`	`+ AGPLIDPSync: idpsync.NewAGPLSync(logger.With(slog.F("enterprise_capable", "true")), set, settings),`
`25`	`25`	`}`
`26`	`26`	`}`