Sign upLogin

ory-am/hydra

View on GitHub
Star

Showing 849 of 849 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        cy.location().should(({ search, port }) => {
          const query = qs.parse(search.substr(1))
          expect(query.error).to.equal("invalid_client")

          // Should show Ory Hydra's Error URL because a redirect URL could not be determined
Severity: Major
Found in cypress/integration/oauth2/authorize_error.js and 1 other location - About 3 hrs to fix
cypress/integration/oauth2/authorize_error.js on lines 108..114

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 112.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Function NewPerformAuthorizationCodeCmd has a Cognitive Complexity of 41 (exceeds 20 allowed). Consider refactoring.
Open

func NewPerformAuthorizationCodeCmd() *cobra.Command {
    cmd := &cobra.Command{
        Use:     "authorization-code",
        Example: "{{ .CommandPath }} --client-id ... --client-secret ...",
        Short:   "An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow",
Severity: Minor
Found in cmd/cmd_perform_authorization_code.go - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method Validator.Validate has 117 lines of code (exceeds 50 allowed). Consider refactoring.
Open

func (v *Validator) Validate(ctx context.Context, c *Client) error {
    if c.TokenEndpointAuthMethod == "" {
        c.TokenEndpointAuthMethod = "client_secret_basic"
    } else if c.TokenEndpointAuthMethod == "private_key_jwt" {
        if len(c.JSONWebKeysURI) == 0 && c.JSONWebKeys == nil {
Severity: Major
Found in client/validator.go - About 3 hrs to fix

    AcceptOAuth2ConsentRequest has 30 methods (exceeds 20 allowed). Consider refactoring.
    Open

    type AcceptOAuth2ConsentRequest struct {
    Context                  interface{} `json:"context,omitempty"`
    GrantAccessTokenAudience []string    `json:"grant_access_token_audience,omitempty"`
    GrantScope               []string    `json:"grant_scope,omitempty"`
    HandledAt                *time.Time  `json:"handled_at,omitempty"`
    Severity: Minor
    Found in internal/httpclient/model_accept_o_auth2_consent_request.go - About 3 hrs to fix

      Function TestIntrospectorSDK has 114 lines of code (exceeds 50 allowed). Consider refactoring.
      Open

      func TestIntrospectorSDK(t *testing.T) {
    ctx := context.Background()
    conf := internal.NewConfigurationWithDefaults()
    conf.MustSet(ctx, config.KeyScopeStrategy, "wildcard")
    conf.MustSet(ctx, config.KeyIssuerURL, "https://foobariss")
      Severity: Major
      Found in oauth2/introspector_test.go - About 3 hrs to fix

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

                    setup: func(t *testing.T) {
                op.EXPECT().
                    IntrospectToken(gomock.Any(), gomock.Eq("access-token"), gomock.Eq(fosite.AccessToken), gomock.Any()).
                    DoAndReturn(func(_ context.Context, _ string, _ fosite.TokenType, _ fosite.Session, _ ...string) (fosite.TokenType, fosite.AccessRequester, error) {
                        session := &oauth2.Session{
        Severity: Major
        Found in oauth2/handler_test.go and 1 other location - About 3 hrs to fix
        oauth2/handler_test.go on lines 250..274

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 283.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

                    setup: func(t *testing.T) {
                op.EXPECT().
                    IntrospectToken(gomock.Any(), gomock.Eq("access-token"), gomock.Eq(fosite.AccessToken), gomock.Any()).
                    DoAndReturn(func(_ context.Context, _ string, _ fosite.TokenType, _ fosite.Session, _ ...string) (fosite.TokenType, fosite.AccessRequester, error) {
                        session := &oauth2.Session{
        Severity: Major
        Found in oauth2/handler_test.go and 1 other location - About 3 hrs to fix
        oauth2/handler_test.go on lines 147..171

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 283.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

        func (o VerifiableCredentialPrimingResponse) ToMap() (map[string]interface{}, error) {
    toSerialize := map[string]interface{}{}
    if !IsNil(o.CNonce) {
        toSerialize["c_nonce"] = o.CNonce
    }
        Severity: Major
        Found in internal/httpclient/model_verifiable_credential_priming_response.go and 1 other location - About 3 hrs to fix
        internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go on lines 321..348

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 282.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

        func (o TrustedOAuth2JwtGrantIssuer) ToMap() (map[string]interface{}, error) {
    toSerialize := map[string]interface{}{}
    if !IsNil(o.AllowAnySubject) {
        toSerialize["allow_any_subject"] = o.AllowAnySubject
    }
        Severity: Major
        Found in internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go and 1 other location - About 3 hrs to fix
        internal/httpclient/model_verifiable_credential_priming_response.go on lines 314..341

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 282.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Function TestHelperGrantManagerCreateGetDeleteGrant has 113 lines of code (exceeds 50 allowed). Consider refactoring.
        Open

        func TestHelperGrantManagerCreateGetDeleteGrant(t1 GrantManager, km jwk.Manager, parallel bool) func(t *testing.T) {
    tokenServicePubKey1 := jose.JSONWebKey{}
    tokenServicePubKey2 := jose.JSONWebKey{}
    mikePubKey := jose.JSONWebKey{}
        Severity: Major
        Found in oauth2/trust/manager_test_helpers.go - About 3 hrs to fix

          Config has 29 methods (exceeds 20 allowed). Consider refactoring.
          Open

          type Config struct {
    deps configDependencies

    authorizeEndpointHandlers  fosite.AuthorizeEndpointHandlers
    tokenEndpointHandlers      fosite.TokenEndpointHandlers
          Severity: Minor
          Found in fositex/config.go - About 3 hrs to fix

            Method APIClient.prepareRequest has 112 lines of code (exceeds 50 allowed). Consider refactoring.
            Open

            func (c *APIClient) prepareRequest(
    ctx context.Context,
    path string, method string,
    postBody interface{},
    headerParams map[string]string,
            Severity: Major
            Found in internal/httpclient/client.go - About 3 hrs to fix

              Function TestJWKSDK has 111 lines of code (exceeds 50 allowed). Consider refactoring.
              Open

              func TestJWKSDK(t *testing.T) {
    t.Parallel()
    ctx := context.Background()
    conf := internal.NewConfigurationWithDefaults()
    reg := internal.NewRegistryMemory(t, conf, &contextx.Default{})
              Severity: Major
              Found in jwk/sdk_test.go - About 3 hrs to fix

                Method DefaultStrategy.verifyAuthentication has a Cognitive Complexity of 38 (exceeds 20 allowed). Consider refactoring.
                Open

                func (s *DefaultStrategy) verifyAuthentication(
    ctx context.Context,
    w http.ResponseWriter,
    r *http.Request,
    req fosite.AuthorizeRequester,
                Severity: Minor
                Found in consent/strategy_default.go - About 3 hrs to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method DefaultStrategy.issueLogoutVerifier has a Cognitive Complexity of 38 (exceeds 20 allowed). Consider refactoring.
                Open

                func (s *DefaultStrategy) issueLogoutVerifier(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error) {
    // There are two types of log out flows:
    //
    // - RP initiated logout
    // - OP initiated logout
                Severity: Minor
                Found in consent/strategy_default.go - About 3 hrs to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Similar blocks of code found in 2 locations. Consider refactoring.
                Open

                          cy.request(`${Cypress.env("client_url")}/oauth2/introspect/at`)
            .its("body")
            .then((body) => {
              expect(body.result).to.equal("success")
              expect(body.body.active).to.be.false
                Severity: Major
                Found in cypress/integration/oauth2/consent.js and 1 other location - About 3 hrs to fix
                cypress/integration/oauth2/consent.js on lines 91..96

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 100.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 2 locations. Consider refactoring.
                Open

                          cy.request(`${Cypress.env("client_url")}/oauth2/introspect/rt`)
            .its("body")
            .then((body) => {
              expect(body.result).to.equal("success")
              expect(body.body.active).to.be.false
                Severity: Major
                Found in cypress/integration/oauth2/consent.js and 1 other location - About 3 hrs to fix
                cypress/integration/oauth2/consent.js on lines 84..89

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 100.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                File model_oidc_user_info.go has 548 lines of code (exceeds 500 allowed). Consider refactoring.
                Open

                /*
Ory Hydra API

Documentation for all of Ory Hydra's APIs.
                Severity: Minor
                Found in internal/httpclient/model_oidc_user_info.go - About 3 hrs to fix

                  Function TestViperProviderValidates has 103 lines of code (exceeds 50 allowed). Consider refactoring.
                  Open

                  func TestViperProviderValidates(t *testing.T) {
    ctx := context.Background()
    l := logrusx.New("", "")
    c := MustNew(context.Background(), l, configx.WithConfigFiles("../../internal/.hydra.yaml"))
                  Severity: Major
                  Found in driver/config/provider_test.go - About 3 hrs to fix

                    Function TestHelperCreateGetUpdateDeleteClient has 103 lines of code (exceeds 50 allowed). Consider refactoring.
                    Open

                    func TestHelperCreateGetUpdateDeleteClient(k string, connection *pop.Connection, t1 Storage, t2 Storage) func(t *testing.T) {
    return func(t *testing.T) {
        ctx := context.Background()
        _, err := t1.GetClient(ctx, "1234")
        require.Error(t, err)
                    Severity: Major
                    Found in client/manager_test_helpers.go - About 3 hrs to fix
                      Severity
                      Category
                      Status
                      Source
                      Language