Sign upLogin

ory-am/hydra

View on GitHub
Star

Showing 402 of 849 total issues

Function NewImportClientCmd has 99 lines of code (exceeds 50 allowed). Consider refactoring.
Open

func NewImportClientCmd() *cobra.Command {
    cmd := &cobra.Command{
        Use:     "oauth2-client <file-1.json> [<file-2.json> ...]",
        Aliases: []string{"client", "clients", "oauth2-clients"},
        Short:   "Import one or more OAuth 2.0 Clients from files or STDIN",
Severity: Major
Found in cmd/cmd_import_client.go - About 2 hrs to fix

    Function BenchmarkClientCredentials has 99 lines of code (exceeds 50 allowed). Consider refactoring.
    Open

    func BenchmarkClientCredentials(b *testing.B) {
    ctx := context.Background()

    spans := tracetest.NewSpanRecorder()
    tracer := trace.NewTracerProvider(trace.WithSpanProcessor(spans)).Tracer("")
    Severity: Major
    Found in oauth2/oauth2_client_credentials_bench_test.go - About 2 hrs to fix

      File provider.go has 539 lines of code (exceeds 500 allowed). Consider refactoring.
      Open

      // Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package config
      Severity: Minor
      Found in driver/config/provider.go - About 2 hrs to fix

        Function setup has 97 lines of code (exceeds 50 allowed). Consider refactoring.
        Open

        func setup(ctx context.Context, d driver.Registry, cmd *cobra.Command) (admin *httprouterx.RouterAdmin, public *httprouterx.RouterPublic, adminmw, publicmw *negroni.Negroni) {
    fmt.Println(banner(config.Version))

    if d.Config().CGroupsV1AutoMaxProcsEnabled() {
        _, err := maxprocs.Set(maxprocs.Logger(d.Logger().Infof))
        Severity: Major
        Found in cmd/server/handler.go - About 2 hrs to fix

          Function TestAuthCodeWithDefaultStrategy has 32 return statements (exceeds 4 allowed).
          Open

          func TestAuthCodeWithDefaultStrategy(t *testing.T) {
    ctx := context.Background()
    reg := internal.NewMockedRegistry(t, &contextx.Default{})
    reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
    reg.Config().MustSet(ctx, config.KeyRefreshTokenHook, "")
          Severity: Major
          Found in oauth2/oauth2_auth_code_test.go - About 2 hrs to fix

            Function readMigrations has a Cognitive Complexity of 35 (exceeds 20 allowed). Consider refactoring.
            Open

            func readMigrations(migrationSourceFS fs.FS, expectedDialects []string) (map[string]*migrationGroup, error) {
    mgs := make(map[string]*migrationGroup)
    err := fs.WalkDir(migrationSourceFS, ".", func(p string, d fs.DirEntry, err2 error) error {
        if err2 != nil {
            fmt.Println("Warning: unexpected error " + err2.Error())
            Severity: Minor
            Found in cmd/cli/handler_migrate.go - About 2 hrs to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Function Middleware has 92 lines of code (exceeds 50 allowed). Consider refactoring.
            Open

            func Middleware(
    reg interface {
        x.RegistryLogger
        oauth2.Registry
        client.Registry
            Severity: Major
            Found in x/oauth2cors/cors.go - About 2 hrs to fix

              Method Handler.oAuth2Authorize has 91 lines of code (exceeds 50 allowed). Consider refactoring.
              Open

              func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
    ctx := r.Context()

    authorizeRequest, err := h.r.OAuth2Provider().NewAuthorizeRequest(ctx, r)
    if err != nil {
              Severity: Major
              Found in oauth2/handler.go - About 2 hrs to fix

                Function TestStrategyLoginConsentNext has 29 return statements (exceeds 4 allowed).
                Open

                func TestStrategyLoginConsentNext(t *testing.T) {
    ctx := context.Background()
    reg := internal.NewMockedRegistry(t, &contextx.Default{})
    reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
    reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour)
                Severity: Major
                Found in consent/strategy_oauth_test.go - About 2 hrs to fix

                  Method OAuth2ApiService.SetOAuth2ClientExecute has 89 lines of code (exceeds 50 allowed). Consider refactoring.
                  Open

                  func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
    var (
        localVarHTTPMethod  = http.MethodPut
        localVarPostBody    interface{}
        formFiles           []formFile
                  Severity: Major
                  Found in internal/httpclient/api_o_auth2.go - About 2 hrs to fix

                    TrustOAuth2JwtGrantIssuer has 23 methods (exceeds 20 allowed). Consider refactoring.
                    Open

                    type TrustOAuth2JwtGrantIssuer struct {
    // The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.
    AllowAnySubject *bool `json:"allow_any_subject,omitempty"`
    // The \"expires_at\" indicates, when grant will expire, so we will reject assertion from \"issuer\" targeting \"subject\".
    ExpiresAt time.Time `json:"expires_at"`
                    Severity: Minor
                    Found in internal/httpclient/model_trust_o_auth2_jwt_grant_issuer.go - About 2 hrs to fix

                      File handler.go has 519 lines of code (exceeds 500 allowed). Consider refactoring.
                      Open

                      // Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package consent
                      Severity: Minor
                      Found in consent/handler.go - About 2 hrs to fix

                        OAuth2ConsentRequestOpenIDConnectContext has 22 methods (exceeds 20 allowed). Consider refactoring.
                        Open

                        type OAuth2ConsentRequestOpenIDConnectContext struct {
    // ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.
    AcrValues []string `json:"acr_values,omitempty"`
    // Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \"feature phone\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.
    Display *string `json:"display,omitempty"`
                        Severity: Minor
                        Found in internal/httpclient/model_o_auth2_consent_request_open_id_connect_context.go - About 2 hrs to fix

                          ErrorOAuth2 has 22 methods (exceeds 20 allowed). Consider refactoring.
                          Open

                          type ErrorOAuth2 struct {
    // Error
    Error *string `json:"error,omitempty"`
    // Error Debug Information  Only available in dev mode.
    ErrorDebug *string `json:"error_debug,omitempty"`
                          Severity: Minor
                          Found in internal/httpclient/model_error_o_auth2.go - About 2 hrs to fix

                            DefaultStrategy has 22 methods (exceeds 20 allowed). Consider refactoring.
                            Open

                            type DefaultStrategy struct {
    c *config.DefaultProvider
    r InternalRegistry
}
                            Severity: Minor
                            Found in consent/strategy_default.go - About 2 hrs to fix

                              OAuth2ConsentSessionExpiresAt has 22 methods (exceeds 20 allowed). Consider refactoring.
                              Open

                              type OAuth2ConsentSessionExpiresAt struct {
    AccessToken   *time.Time `json:"access_token,omitempty"`
    AuthorizeCode *time.Time `json:"authorize_code,omitempty"`
    IdToken       *time.Time `json:"id_token,omitempty"`
    ParContext    *time.Time `json:"par_context,omitempty"`
                              Severity: Minor
                              Found in internal/httpclient/model_o_auth2_consent_session_expires_at.go - About 2 hrs to fix

                                RejectOAuth2Request has 22 methods (exceeds 20 allowed). Consider refactoring.
                                Open

                                type RejectOAuth2Request struct {
    // The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`).  Defaults to `request_denied`.
    Error *string `json:"error,omitempty"`
    // Debug contains information to help resolve the problem as a developer. Usually not exposed to the public but only in the server logs.
    ErrorDebug *string `json:"error_debug,omitempty"`
                                Severity: Minor
                                Found in internal/httpclient/model_reject_o_auth2_request.go - About 2 hrs to fix

                                  RFC6749ErrorJson has 22 methods (exceeds 20 allowed). Consider refactoring.
                                  Open

                                  type RFC6749ErrorJson struct {
    Error            *string `json:"error,omitempty"`
    ErrorDebug       *string `json:"error_debug,omitempty"`
    ErrorDescription *string `json:"error_description,omitempty"`
    ErrorHint        *string `json:"error_hint,omitempty"`
                                  Severity: Minor
                                  Found in internal/httpclient/model_rfc6749_error_json.go - About 2 hrs to fix

                                    Function TestHelperCreateGetUpdateDeleteClientNext has 83 lines of code (exceeds 50 allowed). Consider refactoring.
                                    Open

                                    func TestHelperCreateGetUpdateDeleteClientNext(t *testing.T, m Storage, networks []uuid.UUID) {
    ctx := context.Background()

    resources := map[uuid.UUID][]Client{}
    for k := range networks {
                                    Severity: Major
                                    Found in client/manager_test_helpers.go - About 2 hrs to fix

                                      Function createPlan has 82 lines of code (exceeds 50 allowed). Consider refactoring.
                                      Open

                                      func createPlan(t *testing.T, extra url.Values, isParallel bool) {
    planName := extra.Get("planName")
    if stringslice.Has(skipWhenShort, planName) && testing.Short() {
        t.Skipf("Skipping test plan '%s' because short tests", planName)
        return
                                      Severity: Major
                                      Found in test/conformance/run_test.go - About 2 hrs to fix
                                        Severity
                                        Category
                                        Status
                                        Source
                                        Language