Sign upLogin

ory-am/hydra

View on GitHub
Star

Showing 403 of 850 total issues

Method OAuth2Client.ToMap has a Cognitive Complexity of 48 (exceeds 20 allowed). Consider refactoring.
Open

func (o OAuth2Client) ToMap() (map[string]interface{}, error) {
    toSerialize := map[string]interface{}{}
    if !IsNil(o.AccessTokenStrategy) {
        toSerialize["access_token_strategy"] = o.AccessTokenStrategy
    }
Severity: Minor
Found in internal/httpclient/model_o_auth2_client.go - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function TestHandler has a Cognitive Complexity of 48 (exceeds 20 allowed). Consider refactoring.
Open

func TestHandler(t *testing.T) {
    ctx := context.Background()
    reg := internal.NewMockedRegistry(t, &contextx.Default{})
    h := client.NewHandler(reg)
    reg.WithContextualizer(&contextx.TestContextualizer{})
Severity: Minor
Found in client/handler_test.go - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method OAuth2Client.ToMap has 146 lines of code (exceeds 50 allowed). Consider refactoring.
Open

func (o OAuth2Client) ToMap() (map[string]interface{}, error) {
    toSerialize := map[string]interface{}{}
    if !IsNil(o.AccessTokenStrategy) {
        toSerialize["access_token_strategy"] = o.AccessTokenStrategy
    }
Severity: Major
Found in internal/httpclient/model_o_auth2_client.go - About 4 hrs to fix

    Persister has 36 methods (exceeds 20 allowed). Consider refactoring.
    Open

    func (p *Persister) RevokeSubjectConsentSession(ctx context.Context, user string) error {
    ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectConsentSession")
    defer span.End()

    return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ?", user))
    Severity: Minor
    Found in persistence/sql/persister_consent.go - About 4 hrs to fix

      Method DefaultStrategy.issueLogoutVerifier has 140 lines of code (exceeds 50 allowed). Consider refactoring.
      Open

      func (s *DefaultStrategy) issueLogoutVerifier(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error) {
    // There are two types of log out flows:
    //
    // - RP initiated logout
    // - OP initiated logout
      Severity: Major
      Found in consent/strategy_default.go - About 4 hrs to fix

        Function NewImportClientCmd has a Cognitive Complexity of 46 (exceeds 20 allowed). Consider refactoring.
        Open

        func NewImportClientCmd() *cobra.Command {
    cmd := &cobra.Command{
        Use:     "oauth2-client <file-1.json> [<file-2.json> ...]",
        Aliases: []string{"client", "clients", "oauth2-clients"},
        Short:   "Import one or more OAuth 2.0 Clients from files or STDIN",
        Severity: Minor
        Found in cmd/cmd_import_client.go - About 4 hrs to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function TestValidate has 139 lines of code (exceeds 50 allowed). Consider refactoring.
        Open

        func TestValidate(t *testing.T) {
    ctx := context.Background()
    c := internal.NewConfigurationWithDefaults()
    c.MustSet(ctx, config.KeySubjectTypesSupported, []string{"pairwise", "public"})
    c.MustSet(ctx, config.KeyDefaultClientScope, []string{"openid"})
        Severity: Major
        Found in client/validator_test.go - About 4 hrs to fix

          Function TestCreateCsrfSession has 138 lines of code (exceeds 50 allowed). Consider refactoring.
          Open

          func TestCreateCsrfSession(t *testing.T) {
    type cookie struct {
        httpOnly bool
        secure   bool
        domain   string
          Severity: Major
          Found in consent/helper_test.go - About 4 hrs to fix

            Function TestKeyManager_GetKeySet has 138 lines of code (exceeds 50 allowed). Consider refactoring.
            Open

            func TestKeyManager_GetKeySet(t *testing.T) {
    ctrl := gomock.NewController(t)
    hsmContext := NewMockContext(ctrl)
    defer ctrl.Finish()
    l := logrusx.New("", "")
            Severity: Major
            Found in hsm/manager_hsm_test.go - About 4 hrs to fix

              TrustedOAuth2JwtGrantIssuer has 34 methods (exceeds 20 allowed). Consider refactoring.
              Open

              type TrustedOAuth2JwtGrantIssuer struct {
    // The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.
    AllowAnySubject *bool `json:"allow_any_subject,omitempty"`
    // The \"created_at\" indicates, when grant was created.
    CreatedAt *time.Time `json:"created_at,omitempty"`
              Severity: Minor
              Found in internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go - About 4 hrs to fix

                VerifiableCredentialPrimingResponse has 34 methods (exceeds 20 allowed). Consider refactoring.
                Open

                type VerifiableCredentialPrimingResponse struct {
    CNonce           *string `json:"c_nonce,omitempty"`
    CNonceExpiresIn  *int64  `json:"c_nonce_expires_in,omitempty"`
    Error            *string `json:"error,omitempty"`
    ErrorDebug       *string `json:"error_debug,omitempty"`
                Severity: Minor
                Found in internal/httpclient/model_verifiable_credential_priming_response.go - About 4 hrs to fix

                  OAuth2LoginRequest has 34 methods (exceeds 20 allowed). Consider refactoring.
                  Open

                  type OAuth2LoginRequest struct {
    // ID is the identifier (\"login challenge\") of the login request. It is used to identify the session.
    Challenge   string                                    `json:"challenge"`
    Client      OAuth2Client                              `json:"client"`
    OidcContext *OAuth2ConsentRequestOpenIDConnectContext `json:"oidc_context,omitempty"`
                  Severity: Minor
                  Found in internal/httpclient/model_o_auth2_login_request.go - About 4 hrs to fix

                    GenericError has 34 methods (exceeds 20 allowed). Consider refactoring.
                    Open

                    type GenericError struct {
    // The status code
    Code *int64 `json:"code,omitempty"`
    // Debug information  This field is often not exposed to protect against leaking sensitive information.
    Debug *string `json:"debug,omitempty"`
                    Severity: Minor
                    Found in internal/httpclient/model_generic_error.go - About 4 hrs to fix

                      Method DefaultStrategy.verifyAuthentication has 130 lines of code (exceeds 50 allowed). Consider refactoring.
                      Open

                      func (s *DefaultStrategy) verifyAuthentication(
    ctx context.Context,
    w http.ResponseWriter,
    r *http.Request,
    req fosite.AuthorizeRequester,
                      Severity: Major
                      Found in consent/strategy_default.go - About 4 hrs to fix

                        Method Handler.createVerifiableCredential has 126 lines of code (exceeds 50 allowed). Consider refactoring.
                        Open

                        func (h *Handler) createVerifiableCredential(w http.ResponseWriter, r *http.Request) {
    ctx := r.Context()
    session := NewSessionWithCustomClaims(ctx, h.c, "")
    accessToken := fosite.AccessTokenFromRequest(r)
    tokenType, _, err := h.r.OAuth2Provider().IntrospectToken(ctx, accessToken, fosite.AccessToken, session)
                        Severity: Major
                        Found in oauth2/handler.go - About 4 hrs to fix

                          Function TestClientSDK has 125 lines of code (exceeds 50 allowed). Consider refactoring.
                          Open

                          func TestClientSDK(t *testing.T) {
    ctx := context.Background()
    conf := internal.NewConfigurationWithDefaults()
    conf.MustSet(ctx, config.KeySubjectTypesSupported, []string{"public"})
    conf.MustSet(ctx, config.KeyDefaultClientScope, []string{"foo", "bar"})
                          Severity: Major
                          Found in client/sdk_test.go - About 4 hrs to fix

                            Persister has 32 methods (exceeds 20 allowed). Consider refactoring.
                            Open

                            func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string, r fosite.Requester, table tableName, expiresAt time.Time) (*OAuth2RequestSQL, error) {
    subject := ""
    if r.GetSession() == nil {
        p.l.Debugf("Got an empty session in sqlSchemaFromRequest")
    } else {
                            Severity: Minor
                            Found in persistence/sql/persister_oauth2.go - About 4 hrs to fix

                              File api_jwk.go has 582 lines of code (exceeds 500 allowed). Consider refactoring.
                              Open

                              /*
Ory Hydra API

Documentation for all of Ory Hydra's APIs.
                              Severity: Minor
                              Found in internal/httpclient/api_jwk.go - About 4 hrs to fix

                                Function NewPerformAuthorizationCodeCmd has a Cognitive Complexity of 41 (exceeds 20 allowed). Consider refactoring.
                                Open

                                func NewPerformAuthorizationCodeCmd() *cobra.Command {
    cmd := &cobra.Command{
        Use:     "authorization-code",
        Example: "{{ .CommandPath }} --client-id ... --client-secret ...",
        Short:   "An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow",
                                Severity: Minor
                                Found in cmd/cmd_perform_authorization_code.go - About 3 hrs to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Method Validator.Validate has 117 lines of code (exceeds 50 allowed). Consider refactoring.
                                Open

                                func (v *Validator) Validate(ctx context.Context, c *Client) error {
    if c.TokenEndpointAuthMethod == "" {
        c.TokenEndpointAuthMethod = "client_secret_basic"
    } else if c.TokenEndpointAuthMethod == "private_key_jwt" {
        if len(c.JSONWebKeysURI) == 0 && c.JSONWebKeys == nil {
                                Severity: Major
                                Found in client/validator.go - About 3 hrs to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language