diff --git a/cmd/authelia-scripts/cmd_bootstrap.go b/cmd/authelia-scripts/cmd_bootstrap.go index 6d4bec2b..28797e19 100644 --- a/cmd/authelia-scripts/cmd_bootstrap.go +++ b/cmd/authelia-scripts/cmd_bootstrap.go @@ -46,19 +46,19 @@ var hostEntries = []HostEntry{ {Domain: "proxy-client2.example.com", IP: "192.168.240.202"}, {Domain: "proxy-client3.example.com", IP: "192.168.240.203"}, - // Redis Replicas + // Redis Replicas. {Domain: "redis-node-0.example.com", IP: "192.168.240.110"}, {Domain: "redis-node-1.example.com", IP: "192.168.240.111"}, {Domain: "redis-node-2.example.com", IP: "192.168.240.112"}, - // Redis Sentinel Replicas + // Redis Sentinel Replicas. {Domain: "redis-sentinel-0.example.com", IP: "192.168.240.120"}, {Domain: "redis-sentinel-1.example.com", IP: "192.168.240.121"}, {Domain: "redis-sentinel-2.example.com", IP: "192.168.240.122"}, // Kubernetes dashboard. {Domain: "kubernetes.example.com", IP: "192.168.240.110"}, - // OIDC tester app + // OIDC tester app. {Domain: "oidc.example.com", IP: "192.168.240.100"}, {Domain: "oidc-public.example.com", IP: "192.168.240.100"}, } diff --git a/cmd/authelia-suites/main.go b/cmd/authelia-suites/main.go index f2a28767..55934f50 100644 --- a/cmd/authelia-suites/main.go +++ b/cmd/authelia-suites/main.go @@ -125,7 +125,7 @@ func setupSuite(cmd *cobra.Command, args []string) { } } - // Create the .suite file + // Create the .suite file. if err := createRunningSuiteFile(suiteName); err != nil { log.Fatal(err) } diff --git a/internal/authentication/file_user_provider.go b/internal/authentication/file_user_provider.go index 6ee607a7..b70fb53d 100644 --- a/internal/authentication/file_user_provider.go +++ b/internal/authentication/file_user_provider.go @@ -53,7 +53,7 @@ func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfigur panic(err) } - // Early check whether hashed passwords are correct for all users + // Early check whether hashed passwords are correct for all users. err = checkPasswordHashes(database) if err != nil { panic(err) diff --git a/internal/authentication/file_user_provider_test.go b/internal/authentication/file_user_provider_test.go index 844920ff..01c6baa8 100644 --- a/internal/authentication/file_user_provider_test.go +++ b/internal/authentication/file_user_provider_test.go @@ -19,7 +19,7 @@ func WithDatabase(content []byte, f func(path string)) { log.Fatal(err) } - defer os.Remove(tmpfile.Name()) // Clean up + defer os.Remove(tmpfile.Name()) // Clean up. if _, err := tmpfile.Write(content); err != nil { tmpfile.Close() diff --git a/internal/authentication/ldap_user_provider_test.go b/internal/authentication/ldap_user_provider_test.go index 946d8507..b9ee7063 100644 --- a/internal/authentication/ldap_user_provider_test.go +++ b/internal/authentication/ldap_user_provider_test.go @@ -89,10 +89,10 @@ func TestEscapeSpecialCharsFromUserInput(t *testing.T) { nil, mockFactory) - // No escape + // No escape. assert.Equal(t, "xyz", ldapClient.ldapEscape("xyz")) - // Escape + // Escape. assert.Equal(t, "test\\,abc", ldapClient.ldapEscape("test,abc")) assert.Equal(t, "test\\5cabc", ldapClient.ldapEscape("test\\abc")) assert.Equal(t, "test\\2aabc", ldapClient.ldapEscape("test*abc")) diff --git a/internal/configuration/schema/identity_providers.go b/internal/configuration/schema/identity_providers.go index d22734bc..a52cc369 100644 --- a/internal/configuration/schema/identity_providers.go +++ b/internal/configuration/schema/identity_providers.go @@ -9,7 +9,7 @@ type IdentityProvidersConfiguration struct { // OpenIDConnectConfiguration configuration for OpenID Connect. type OpenIDConnectConfiguration struct { - // This secret must be 32 bytes long + // This secret must be 32 bytes long. HMACSecret string `koanf:"hmac_secret"` IssuerPrivateKey string `koanf:"issuer_private_key"` diff --git a/internal/configuration/validator/authentication.go b/internal/configuration/validator/authentication.go index 13d71eaf..e7547f32 100644 --- a/internal/configuration/validator/authentication.go +++ b/internal/configuration/validator/authentication.go @@ -45,7 +45,7 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB if configuration.Password == nil { configuration.Password = &schema.DefaultPasswordConfiguration } else { - // Salt Length + // Salt Length. switch { case configuration.Password.SaltLength == 0: configuration.Password.SaltLength = schema.DefaultPasswordConfiguration.SaltLength @@ -72,32 +72,32 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB } func validateFileAuthenticationBackendSHA512(configuration *schema.FileAuthenticationBackendConfiguration) { - // Iterations (time) + // Iterations (time). if configuration.Password.Iterations == 0 { configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations } } func validateFileAuthenticationBackendArgon2id(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) { - // Iterations (time) + // Iterations (time). if configuration.Password.Iterations == 0 { configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations } - // Parallelism + // Parallelism. if configuration.Password.Parallelism == 0 { configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism } else if configuration.Password.Parallelism < 1 { validator.Push(fmt.Errorf("Parallelism for argon2id must be 1 or more, you configured %d", configuration.Password.Parallelism)) } - // Memory + // Memory. if configuration.Password.Memory == 0 { configuration.Password.Memory = schema.DefaultPasswordConfiguration.Memory } else if configuration.Password.Memory < configuration.Password.Parallelism*8 { validator.Push(fmt.Errorf("Memory for argon2id must be %d or more (parallelism * 8), you configured memory as %d and parallelism as %d", configuration.Password.Parallelism*8, configuration.Password.Memory, configuration.Password.Parallelism)) } - // Key Length + // Key Length. if configuration.Password.KeyLength == 0 { configuration.Password.KeyLength = schema.DefaultPasswordConfiguration.KeyLength } else if configuration.Password.KeyLength < 16 { @@ -185,12 +185,12 @@ func validateLDAPURL(ldapURL string, validator *schema.StructValidator) (finalUR } func validateLDAPRequiredParameters(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) { - // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387) + // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387). if configuration.User == "" { validator.Push(errors.New("Please provide a user name to connect to the LDAP server")) } - // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387) + // TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387). if configuration.Password == "" { validator.Push(errors.New("Please provide a password to connect to the LDAP server")) } diff --git a/internal/configuration/validator/regulation.go b/internal/configuration/validator/regulation.go index 88c6e741..5e11ac5c 100644 --- a/internal/configuration/validator/regulation.go +++ b/internal/configuration/validator/regulation.go @@ -10,11 +10,11 @@ import ( // ValidateRegulation validates and update regulator configuration. func ValidateRegulation(configuration *schema.RegulationConfiguration, validator *schema.StructValidator) { if configuration.FindTime == "" { - configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min + configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min. } if configuration.BanTime == "" { - configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min + configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min. } findTime, err := utils.ParseDurationString(configuration.FindTime) diff --git a/internal/configuration/validator/session.go b/internal/configuration/validator/session.go index 394306c9..381b7f6f 100644 --- a/internal/configuration/validator/session.go +++ b/internal/configuration/validator/session.go @@ -32,19 +32,19 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) { if configuration.Expiration == "" { - configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour + configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour. } else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil { validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err)) } if configuration.Inactivity == "" { - configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min + configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min. } else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil { validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err)) } if configuration.RememberMeDuration == "" { - configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month + configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month. } else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil { validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err)) } diff --git a/internal/duo/const.go b/internal/duo/const.go index 89d5ce27..44550adf 100644 --- a/internal/duo/const.go +++ b/internal/duo/const.go @@ -13,4 +13,4 @@ const ( ) // PossibleMethods is the set of all possible Duo 2FA methods. -var PossibleMethods = []string{Push} // OTP, Phone, SMS +var PossibleMethods = []string{Push} // OTP, Phone, SMS. diff --git a/internal/handlers/handler_firstfactor.go b/internal/handlers/handler_firstfactor.go index 83f7e8ff..5f2b1fe2 100644 --- a/internal/handlers/handler_firstfactor.go +++ b/internal/handlers/handler_firstfactor.go @@ -91,10 +91,10 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re return } - // Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data + // Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data. keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn - // Set the cookie to expire if remember me is enabled and the user has asked us to + // Set the cookie to expire if remember me is enabled and the user has asked us to. if keepMeLoggedIn { err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe) if err != nil { diff --git a/internal/handlers/handler_firstfactor_test.go b/internal/handlers/handler_firstfactor_test.go index 5828883a..6ca33a9f 100644 --- a/internal/handlers/handler_firstfactor_test.go +++ b/internal/handlers/handler_firstfactor_test.go @@ -33,13 +33,13 @@ func (s *FirstFactorSuite) TearDownTest() { func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() { FirstFactorPost(nil)(s.mock.Ctx) - // No body + // No body. assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message) s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.") } func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() { - // Missing password + // Missing password. s.mock.Ctx.Request.SetBodyString(`{ "username": "test" }`) diff --git a/internal/handlers/handler_sign_u2f_step1.go b/internal/handlers/handler_sign_u2f_step1.go index 848a7680..9949b5bd 100644 --- a/internal/handlers/handler_sign_u2f_step1.go +++ b/internal/handlers/handler_sign_u2f_step1.go @@ -65,7 +65,7 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) { }, } - // Save the challenge and registration for use in next request + // Save the challenge and registration for use in next request. userSession.U2FRegistration = &session.U2FRegistration{ KeyHandle: device.KeyHandle, PublicKey: device.PublicKey, diff --git a/internal/handlers/handler_verify.go b/internal/handlers/handler_verify.go index 1767aea0..2d22a516 100644 --- a/internal/handlers/handler_verify.go +++ b/internal/handlers/handler_verify.go @@ -73,7 +73,7 @@ func isTargetURLAuthorized(authorizer *authorization.Authorizer, targetURL url.U // deduce the access is forbidden // For anonymous users though, we cannot be sure that she // could not be granted the rights to access the resource. Consequently - // for anonymous users we send Unauthorized instead of Forbidden + // for anonymous users we send Unauthorized instead of Forbidden. return Forbidden case level == authorization.OneFactor && authLevel >= authentication.OneFactor, level == authorization.TwoFactor && authLevel >= authentication.TwoFactor: @@ -100,7 +100,7 @@ func verifyBasicAuth(ctx *middlewares.AutheliaCtx, header, auth []byte) (usernam // If the user is not correctly authenticated, send a 401. if !authenticated { - // Request Basic Authentication otherwise + // Request Basic Authentication otherwise. return "", "", nil, nil, authentication.NotAuthenticated, fmt.Errorf("user %s is not authenticated", username) } @@ -391,7 +391,7 @@ func getProfileRefreshSettings(cfg schema.AuthenticationBackendConfiguration) (r refresh = true if cfg.RefreshInterval != schema.ProfileRefreshAlways { - // Skip Error Check since validator checks it + // Skip Error Check since validator checks it. refreshInterval, _ = utils.ParseDurationString(cfg.RefreshInterval) } else { refreshInterval = schema.RefreshIntervalAlways diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go index bb78ff02..12a37abe 100644 --- a/internal/handlers/handler_verify_test.go +++ b/internal/handlers/handler_verify_test.go @@ -1023,7 +1023,7 @@ func TestShouldDestroySessionWhenUserNotExist(t *testing.T) { userSession = mock.Ctx.GetSession() assert.Equal(t, clock.Now().Add(5*time.Minute).Unix(), userSession.RefreshTTL.Unix()) - // Simulate a Deleted User + // Simulate a Deleted User. userSession.RefreshTTL = clock.Now().Add(-1 * time.Minute) err = mock.Ctx.SaveSession(userSession) diff --git a/internal/middlewares/identity_verification.go b/internal/middlewares/identity_verification.go index 22ea4793..d5b3e736 100644 --- a/internal/middlewares/identity_verification.go +++ b/internal/middlewares/identity_verification.go @@ -151,7 +151,7 @@ func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(c ctx.Error(fmt.Errorf("Cannot parse token"), messageOperationFailed) return case ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0: - // Token is either expired or not active yet + // Token is either expired or not active yet. ctx.Error(fmt.Errorf("Token expired"), messageIdentityVerificationTokenHasExpired) return default: diff --git a/internal/mocks/authelia_ctx.go b/internal/mocks/authelia_ctx.go index d0f694f7..535e2491 100644 --- a/internal/mocks/authelia_ctx.go +++ b/internal/mocks/authelia_ctx.go @@ -117,7 +117,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx { request := &fasthttp.RequestCtx{} // Set a cookie to identify this client throughout the test. - // request.Request.Header.SetCookie("authelia_session", "client_cookie") + // request.Request.Header.SetCookie("authelia_session", "client_cookie"). autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers) mockAuthelia.Ctx = autheliaCtx diff --git a/internal/notification/smtp_notifier.go b/internal/notification/smtp_notifier.go index feefe0c3..06a020d9 100644 --- a/internal/notification/smtp_notifier.go +++ b/internal/notification/smtp_notifier.go @@ -38,7 +38,7 @@ func NewSMTPNotifier(configuration *schema.SMTPNotifierConfiguration, certPool * // Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred). func (n *SMTPNotifier) startTLS() error { - // Only start if not already encrypted + // Only start if not already encrypted. if _, ok := n.client.TLSConnectionState(); ok { n.log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS") return nil diff --git a/internal/ntp/const.go b/internal/ntp/const.go index 11cb5c2c..ed9c3521 100644 --- a/internal/ntp/const.go +++ b/internal/ntp/const.go @@ -1,10 +1,10 @@ package ntp const ( - ntpClientModeValue uint8 = 3 // 00000011 - ntpLeapEnabledValue uint8 = 64 // 01000000 - ntpVersion3Value uint8 = 24 // 00011000 - ntpVersion4Value uint8 = 40 // 00101000 + ntpClientModeValue uint8 = 3 // 00000011. + ntpLeapEnabledValue uint8 = 64 // 01000000. + ntpVersion3Value uint8 = 24 // 00011000. + ntpVersion4Value uint8 = 40 // 00101000. ) const ntpEpochOffset = 2208988800 diff --git a/internal/oidc/provider.go b/internal/oidc/provider.go index f12ce576..09503c03 100644 --- a/internal/oidc/provider.go +++ b/internal/oidc/provider.go @@ -72,7 +72,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration) compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2RefreshTokenGrantFactory, compose.OAuth2ResourceOwnerPasswordCredentialsFactory, - // compose.RFC7523AssertionGrantFactory, + // compose.RFC7523AssertionGrantFactory,. compose.OpenIDConnectExplicitFactory, compose.OpenIDConnectImplicitFactory, @@ -82,7 +82,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration) compose.OAuth2TokenIntrospectionFactory, compose.OAuth2TokenRevocationFactory, - // compose.OAuth2PKCEFactory, + // compose.OAuth2PKCEFactory,. ) provider.herodot = herodot.NewJSONWriter(nil) diff --git a/internal/regulation/regulator_test.go b/internal/regulation/regulator_test.go index 4c763819..a0dbb453 100644 --- a/internal/regulation/regulator_test.go +++ b/internal/regulation/regulator_test.go @@ -282,7 +282,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() { LoadAuthenticationLogs(s.ctx, gomock.Eq("john"), gomock.Any(), gomock.Eq(10), gomock.Eq(0)). Return(attemptsInDB, nil) - // Check Disabled Functionality + // Check Disabled Functionality. configuration := schema.RegulationConfiguration{ MaxRetries: 0, FindTime: "180", @@ -293,7 +293,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() { _, err := regulator.Regulate(s.ctx, "john") assert.NoError(s.T(), err) - // Check Enabled Functionality + // Check Enabled Functionality. configuration = schema.RegulationConfiguration{ MaxRetries: 1, FindTime: "180", diff --git a/internal/regulation/types.go b/internal/regulation/types.go index 21d0612a..ebaa94ca 100644 --- a/internal/regulation/types.go +++ b/internal/regulation/types.go @@ -11,7 +11,7 @@ import ( type Regulator struct { // Is the regulation enabled. enabled bool - // The number of failed authentication attempt before banning the user + // The number of failed authentication attempt before banning the user. maxRetries int // If a user does the max number of retries within that duration, she will be banned. findTime time.Duration diff --git a/internal/session/provider_config_test.go b/internal/session/provider_config_test.go index 045c10c6..3f7b79da 100644 --- a/internal/session/provider_config_test.go +++ b/internal/session/provider_config_test.go @@ -59,7 +59,7 @@ func TestShouldCreateRedisSessionProviderTLS(t *testing.T) { pConfig := providerConfig.redisConfig assert.Equal(t, "redis.example.com:6379", pConfig.Addr) assert.Equal(t, "pass", pConfig.Password) - // DbNumber is the fasthttp/session property for the Redis DB Index + // DbNumber is the fasthttp/session property for the Redis DB Index. assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.PoolSize) assert.Equal(t, 0, pConfig.MinIdleConns) @@ -94,7 +94,7 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) { pConfig := providerConfig.redisConfig assert.Equal(t, "redis.example.com:6379", pConfig.Addr) assert.Equal(t, "pass", pConfig.Password) - // DbNumber is the fasthttp/session property for the Redis DB Index + // DbNumber is the fasthttp/session property for the Redis DB Index. assert.Equal(t, 0, pConfig.DB) assert.Equal(t, 0, pConfig.PoolSize) assert.Equal(t, 0, pConfig.MinIdleConns) @@ -180,7 +180,7 @@ func TestShouldCreateRedisSentinelSessionProvider(t *testing.T) { assert.Equal(t, 8, pConfig.PoolSize) assert.Equal(t, 2, pConfig.MinIdleConns) - // DbNumber is the fasthttp/session property for the Redis DB Index + // DbNumber is the fasthttp/session property for the Redis DB Index. assert.Equal(t, 0, pConfig.DB) assert.Nil(t, pConfig.TLSConfig) } @@ -233,7 +233,7 @@ func TestShouldCreateRedisSessionProviderWithUnixSocket(t *testing.T) { pConfig := providerConfig.redisConfig assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr) assert.Equal(t, "pass", pConfig.Password) - // DbNumber is the fasthttp/session property for the Redis DB Index + // DbNumber is the fasthttp/session property for the Redis DB Index. assert.Equal(t, 0, pConfig.DB) assert.Nil(t, pConfig.TLSConfig) } @@ -256,7 +256,7 @@ func TestShouldSetDbNumber(t *testing.T) { assert.Equal(t, "redis", providerConfig.providerName) pConfig := providerConfig.redisConfig - // DbNumber is the fasthttp/session property for the Redis DB Index + // DbNumber is the fasthttp/session property for the Redis DB Index. assert.Equal(t, 5, pConfig.DB) } @@ -277,7 +277,7 @@ func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) { encoded, err := providerConfig.config.EncodeFunc(payload) require.NoError(t, err) - // Now we try to decrypt what has been serialized + // Now we try to decrypt what has been serialized. key := sha256.Sum256([]byte("abc")) decrypted, err := utils.Decrypt(encoded, &key) require.NoError(t, err) diff --git a/internal/storage/sql_provider.go b/internal/storage/sql_provider.go index 785ae619..dfbf43de 100644 --- a/internal/storage/sql_provider.go +++ b/internal/storage/sql_provider.go @@ -111,7 +111,7 @@ type SQLProvider struct { sqlUpdateU2FDevicePublicKey string sqlUpdateU2FDevicePublicKeyByUsername string - // Table: duo_devices + // Table: duo_devices. sqlUpsertDuoDevice string sqlDeleteDuoDevice string sqlSelectDuoDevice string diff --git a/internal/suites/action_login.go b/internal/suites/action_login.go index fcb281c1..fd4af24b 100644 --- a/internal/suites/action_login.go +++ b/internal/suites/action_login.go @@ -39,7 +39,7 @@ func (rs *RodSession) doLoginTwoFactor(t *testing.T, page *rod.Page, username, p rs.doLoginOneFactor(t, page, username, password, keepMeLoggedIn, targetURL) rs.verifyIsSecondFactorPage(t, page) rs.doValidateTOTP(t, page, otpSecret) - // timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain + // timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain. if targetURL == "" { time.Sleep(1 * time.Second) } diff --git a/internal/suites/action_reset_password.go b/internal/suites/action_reset_password.go index d0fa3822..2dcf0a25 100644 --- a/internal/suites/action_reset_password.go +++ b/internal/suites/action_reset_password.go @@ -11,10 +11,10 @@ import ( func (rs *RodSession) doInitiatePasswordReset(t *testing.T, page *rod.Page, username string) { err := rs.WaitElementLocatedByCSSSelector(t, page, "reset-password-button").Click("left") require.NoError(t, err) - // Fill in username + // Fill in username. err = rs.WaitElementLocatedByCSSSelector(t, page, "username-textfield").Input(username) require.NoError(t, err) - // And click on the reset button + // And click on the reset button. err = rs.WaitElementLocatedByCSSSelector(t, page, "reset-button").Click("left") require.NoError(t, err) } @@ -49,7 +49,7 @@ func (rs *RodSession) doUnsuccessfulPasswordReset(t *testing.T, page *rod.Page, func (rs *RodSession) doResetPassword(t *testing.T, page *rod.Page, username, newPassword1, newPassword2 string, unsuccessful bool) { rs.doInitiatePasswordReset(t, page, username) - // then wait for the "email sent notification" + // then wait for the "email sent notification". rs.verifyMailNotificationDisplayed(t, page) if unsuccessful { diff --git a/internal/suites/scenario_oidc_test.go b/internal/suites/scenario_oidc_test.go index f97ce0e1..6adc04a6 100644 --- a/internal/suites/scenario_oidc_test.go +++ b/internal/suites/scenario_oidc_test.go @@ -84,7 +84,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() { s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...") - // Search for the 'login' link + // Search for the 'login' link. err := s.Page.MustSearch("Log in").Click("left") assert.NoError(s.T(), err) @@ -92,7 +92,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() { err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left") assert.NoError(s.T(), err) - // Verify that the app is showing the info related to the user stored in the JWT token + // Verify that the app is showing the info related to the user stored in the JWT token. s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!") } @@ -111,7 +111,7 @@ func (s *OIDCScenario) TestShouldDenyConsent() { s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...") - // Search for the 'login' link + // Search for the 'login' link. err := s.Page.MustSearch("Log in").Click("left") assert.NoError(s.T(), err) diff --git a/internal/suites/scenario_password_complexity_test.go b/internal/suites/scenario_password_complexity_test.go index 78e44d0c..cb719ddc 100644 --- a/internal/suites/scenario_password_complexity_test.go +++ b/internal/suites/scenario_password_complexity_test.go @@ -55,7 +55,7 @@ func (s *PasswordComplexityScenario) TestShouldRejectPasswordReset() { s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) - // Attempt to reset the password to a + // Attempt to reset the password to a. s.doResetPassword(s.T(), s.Context(ctx), "john", "a", "a", true) s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Your supplied password does not meet the password policy requirements.") } diff --git a/internal/suites/scenario_redirection_check_test.go b/internal/suites/scenario_redirection_check_test.go index 4d0b7c4f..fd47004b 100644 --- a/internal/suites/scenario_redirection_check_test.go +++ b/internal/suites/scenario_redirection_check_test.go @@ -48,13 +48,13 @@ func (s *RedirectionCheckScenario) TearDownTest() { } var redirectionAuthorizations = map[string]bool{ - // external website + // external website. "https://www.google.fr": false, - // Not the right domain + // Not the right domain. "https://public.example.com.a:8080/secret.html": false, - // Not https + // Not https. "http://secure.example.com:8080/secret.html": false, - // Domain handled by Authelia + // Domain handled by Authelia. "https://secure.example.com:8080/secret.html": true, } @@ -83,13 +83,13 @@ func (s *RedirectionCheckScenario) TestShouldRedirectOnLoginOnlyWhenDomainIsSafe } var logoutRedirectionURLs = map[string]bool{ - // external website + // external website. "https://www.google.fr": false, - // Not the right domain + // Not the right domain. "https://public.example-not-right.com:8080/index.html": false, - // Not https + // Not https. "http://public.example.com:8080/index.html": false, - // Domain handled by Authelia + // Domain handled by Authelia. "https://public.example.com:8080/index.html": true, } diff --git a/internal/suites/scenario_regulation_test.go b/internal/suites/scenario_regulation_test.go index 272e1a52..4d7e20b0 100644 --- a/internal/suites/scenario_regulation_test.go +++ b/internal/suites/scenario_regulation_test.go @@ -66,7 +66,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() { require.NoError(s.T(), err) } - // Enter the correct password and test the regulation lock out + // Enter the correct password and test the regulation lock out. err := s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password") require.NoError(s.T(), err) err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left") @@ -76,7 +76,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() { s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) time.Sleep(10 * time.Second) - // Enter the correct password and test a successful login + // Enter the correct password and test a successful login. err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password") require.NoError(s.T(), err) err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left") diff --git a/internal/suites/scenario_reset_password_test.go b/internal/suites/scenario_reset_password_test.go index 755deb7a..546b4a1d 100644 --- a/internal/suites/scenario_reset_password_test.go +++ b/internal/suites/scenario_reset_password_test.go @@ -55,20 +55,20 @@ func (s *ResetPasswordScenario) TestShouldResetPassword() { s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) - // Reset the password to abc + // Reset the password to abc. s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false) - // Try to login with the old password + // Try to login with the old password. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.") - // Try to login with the new password + // Try to login with the new password. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, "") - // Logout + // Logout. s.doLogout(s.T(), s.Context(ctx)) - // Reset the original password + // Reset the original password. s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false) } @@ -85,7 +85,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia // Try to initiate a password reset of an nonexistent user. s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist") - // Check that the notification make the attacker thinks the process is initiated + // Check that the notification make the attacker thinks the process is initiated. s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx)) } diff --git a/internal/suites/scenario_two_factor_test.go b/internal/suites/scenario_two_factor_test.go index 79288467..81b0f8bf 100644 --- a/internal/suites/scenario_two_factor_test.go +++ b/internal/suites/scenario_two_factor_test.go @@ -58,18 +58,18 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() { username := testUsername password := testPassword - // Login and register TOTP, logout and login again with 1FA & 2FA + // Login and register TOTP, logout and login again with 1FA & 2FA. targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL) _ = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), username, password, false, targetURL) // And check if the user is redirected to the secret. s.verifySecretAuthorized(s.T(), s.Context(ctx)) - // Leave the secret + // Leave the secret. s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.verifyIsHome(s.T(), s.Context(ctx)) - // And try to reload it again to check the session is kept + // And try to reload it again to check the session is kept. s.doVisit(s.T(), s.Context(ctx), targetURL) s.verifySecretAuthorized(s.T(), s.Context(ctx)) } diff --git a/internal/suites/scenario_user_preferences_test.go b/internal/suites/scenario_user_preferences_test.go index 4d51509f..6b35e805 100644 --- a/internal/suites/scenario_user_preferences_test.go +++ b/internal/suites/scenario_user_preferences_test.go @@ -54,11 +54,11 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() { s.collectScreenshot(ctx.Err(), s.Page) }() - // Authenticate + // Authenticate. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) - // Then switch to push notification method + // Then switch to push notification method. s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") @@ -71,7 +71,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() { s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) // And check the latest method is still used. s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") - // Meaning the authentication is successful + // Meaning the authentication is successful. s.verifyIsHome(s.T(), s.Context(ctx)) // Logout the user and see what user 'harry' sees. @@ -83,7 +83,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() { s.doLogout(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) - // Then log back as previous user and verify the push notification is still the default method + // Then log back as previous user and verify the push notification is still the default method. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") @@ -92,7 +92,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() { s.doLogout(s.T(), s.Context(ctx)) s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") - // Eventually restore the default method + // Eventually restore the default method. s.doChangeMethod(s.T(), s.Context(ctx), "one-time-password") s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "one-time-password-method") } diff --git a/internal/suites/suite_duo_push_test.go b/internal/suites/suite_duo_push_test.go index 961afc00..e6904ce7 100644 --- a/internal/suites/suite_duo_push_test.go +++ b/internal/suites/suite_duo_push_test.go @@ -132,18 +132,18 @@ func (s *DuoPushWebDriverSuite) TestShouldAutoSelectDevice() { ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse) ConfigureDuo(s.T(), Allow) - // Authenticate + // Authenticate. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") // Switch Method where single Device should be selected automatically. s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") s.verifyIsHome(s.T(), s.Context(ctx)) - // Re-Login the user + // Re-Login the user. s.doLogout(s.T(), s.Context(ctx)) s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") // And check the latest method and device is still used. s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") - // Meaning the authentication is successful + // Meaning the authentication is successful. s.verifyIsHome(s.T(), s.Context(ctx)) } @@ -171,7 +171,7 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() { ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse) ConfigureDuo(s.T(), Allow) - // Authenticate + // Authenticate. s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") // Switch Method where Device Selection should open automatically. s.doChangeMethod(s.T(), s.Context(ctx), "push-notification") @@ -183,12 +183,12 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() { s.doChangeDevice(s.T(), s.Context(ctx), "1234567890ABCDEFGHIJ") s.verifyIsHome(s.T(), s.Context(ctx)) - // Re-Login the user + // Re-Login the user. s.doLogout(s.T(), s.Context(ctx)) s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "") // And check the latest method and device is still used. s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method") - // Meaning the authentication is successful + // Meaning the authentication is successful. s.verifyIsHome(s.T(), s.Context(ctx)) } diff --git a/internal/suites/suite_high_availability_test.go b/internal/suites/suite_high_availability_test.go index b18bcfa6..2153aaa9 100644 --- a/internal/suites/suite_high_availability_test.go +++ b/internal/suites/suite_high_availability_test.go @@ -87,7 +87,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.verifyIsHome(s.T(), s.Context(ctx)) - // Verify the user is still authenticated + // Verify the user is still authenticated. s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) @@ -130,7 +130,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.verifyIsHome(s.T(), s.Context(ctx)) - // Verify the user is still authenticated + // Verify the user is still authenticated. s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) } @@ -170,11 +170,11 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepSessionAfterAutheliaResta s.doVisit(s.T(), s.Context(ctx), HomeBaseURL) s.verifyIsHome(s.T(), s.Context(ctx)) - // Verify the user is still authenticated + // Verify the user is still authenticated. s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL()) s.verifyIsSecondFactorPage(s.T(), s.Context(ctx)) - // Then logout and login again to check the secret is still there + // Then logout and login again to check the secret is still there. s.doLogout(s.T(), s.Context(ctx)) s.verifyIsFirstFactorPage(s.T(), s.Context(ctx)) diff --git a/internal/suites/suite_network_acl.go b/internal/suites/suite_network_acl.go index e7b8a564..554ba41f 100644 --- a/internal/suites/suite_network_acl.go +++ b/internal/suites/suite_network_acl.go @@ -17,7 +17,7 @@ func init() { "internal/suites/example/compose/nginx/portal/docker-compose.yml", "internal/suites/example/compose/squid/docker-compose.yml", "internal/suites/example/compose/smtp/docker-compose.yml", - // To debug headers + // To debug headers. "internal/suites/example/compose/httpbin/docker-compose.yml", }) diff --git a/internal/suites/suite_standalone.go b/internal/suites/suite_standalone.go index c6596ed1..000998fd 100644 --- a/internal/suites/suite_standalone.go +++ b/internal/suites/suite_standalone.go @@ -10,8 +10,8 @@ var standaloneSuiteName = "Standalone" func init() { _ = os.MkdirAll("/tmp/authelia/StandaloneSuite/", 0700) - _ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600) - _ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) + _ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600) //nolint:gosec + _ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) //nolint:gosec dockerEnvironment := NewDockerEnvironment([]string{ "internal/suites/docker-compose.yml", diff --git a/internal/suites/suite_standalone_test.go b/internal/suites/suite_standalone_test.go index c1672ead..44d3ddfc 100644 --- a/internal/suites/suite_standalone_test.go +++ b/internal/suites/suite_standalone_test.go @@ -139,7 +139,7 @@ func (s *StandaloneWebDriverSuite) TestShouldCheckUserIsAskedToRegisterDevice() // Login one factor again. s.doLoginOneFactor(s.T(), s.Context(ctx), username, password, false, "") - // now the user should be asked to perform 2FA + // now the user should be asked to perform 2FA. s.WaitElementLocatedByClassName(s.T(), s.Context(ctx), "state-method") } diff --git a/internal/utils/exec.go b/internal/utils/exec.go index fbc74320..6a56bf8a 100644 --- a/internal/utils/exec.go +++ b/internal/utils/exec.go @@ -136,12 +136,12 @@ func RunFuncUntilCtrlC(fn func() error) error { // RunCommandWithTimeout run a command with timeout. func RunCommandWithTimeout(cmd *exec.Cmd, timeout time.Duration) error { - // Start a process: + // Start a process. if err := cmd.Start(); err != nil { log.Fatal(err) } - // Wait for the process to finish or kill it after a timeout (whichever happens first): + // Wait for the process to finish or kill it after a timeout (whichever happens first). done := make(chan error, 1) go func() { diff --git a/internal/utils/rsa.go b/internal/utils/rsa.go index 9718ebef..7dd2695f 100644 --- a/internal/utils/rsa.go +++ b/internal/utils/rsa.go @@ -76,7 +76,7 @@ func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) { case *rsa.PublicKey: return pub, nil default: - break // fall through + break // fall through. } return nil, errors.New("key type is not RSA") diff --git a/internal/utils/time.go b/internal/utils/time.go index 17160ec6..7b03d5c1 100644 --- a/internal/utils/time.go +++ b/internal/utils/time.go @@ -43,7 +43,7 @@ func ParseDurationString(input string) (time.Duration, error) { duration = time.Duration(seconds) * time.Second case input != "": - // Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing + // Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing. return 0, fmt.Errorf("could not convert the input string of %s into a duration", input) }