Fix some lint and documentation problems

Signed-off-by: Jonas Franz <[email protected]>

custom/conf/app.ini.sample

@@ -619,7 +619,7 @@ ACCESS_TOKEN_EXPIRATION_TIME=3600
 ; Lifetime of an OAuth2 access token in hours
 REFRESH_TOKEN_EXPIRATION_TIME=730
 ; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
-JWT_PRIVATE=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
+JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
 
 [i18n]
 LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -324,7 +324,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `ENABLED`: **true**: Enables OAuth2 provider.
 - `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
 - `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
-- `JWT_PRIVATE`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.
+- `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 
 ## i18n (`i18n`)
 

models/oauth2_application.go

@@ -186,7 +186,7 @@ func getOAuth2AuthorizationByCode(e Engine, code string) (auth *OAuth2Authorizat
 	} else if !has {
 		return nil, nil
 	}
-	return  auth, nil
+	return auth, nil
 }
 
 //////////////////////////////////////////////////////
@@ -224,19 +224,22 @@ func (grant *OAuth2Grant) generateNewAuthorizationCode(e Engine, redirectURI str
 	return code, nil
 }
 
-
 //////////////////////////////////////////////////////////////
 
+// OAuth2TokenType represents the type of token for an oauth application
 type OAuth2TokenType int
 
 const (
+	// TypeAccessToken is a token with short lifetime to access the api
 	TypeAccessToken OAuth2TokenType = 0
+	// TypeRefreshToken is token wiht long lifetime to refresh access tokens obtained by the client
 	TypeRefreshToken = iota
 )
 
+// OAuth2Token represents a JWT token used to authenticate a client
 type OAuth2Token struct {
-	GrantID int64 `json:"sub"`
-	Type OAuth2TokenType `json:"tt"`
+	GrantID int64           `json:"sub"`
+	Type    OAuth2TokenType `json:"tt"`
 	jwt.StandardClaims
 }
 
@@ -266,6 +269,7 @@ func ParseOAuth2Token(jwtToken string) (*OAuth2Token, error) {
 	return token, nil
 }
 
+// SignToken signs the token with the JWT secret
 func (token *OAuth2Token) SignToken() (string, error) {
 	token.IssuedAt = time.Now().Unix()
 	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, token)

modules/setting/setting.go

@@ -549,22 +549,22 @@ var (
 
 	// API settings
 	API = struct {
-		EnableSwagger             bool
-		MaxResponseItems          int
+		EnableSwagger    bool
+		MaxResponseItems int
 	}{
-		EnableSwagger:             true,
-		MaxResponseItems:          50,
+		EnableSwagger:    true,
+		MaxResponseItems: 50,
 	}
 
 	OAuth2 = struct {
-		Enable bool
-		AccessTokenExpirationTime int64
+		Enable                     bool
+		AccessTokenExpirationTime  int64
 		RefreshTokenExpirationTime int64
-		JWTSecretBytes []byte `ini:"-"`
-		JWTSecretBase64 string `ini:"JWT_SECRET"`
+		JWTSecretBytes             []byte `ini:"-"`
+		JWTSecretBase64            string `ini:"JWT_SECRET"`
 	}{
-		Enable: true,
-		AccessTokenExpirationTime: 3600,
+		Enable:                     true,
+		AccessTokenExpirationTime:  3600,
 		RefreshTokenExpirationTime: 730,
 	}
 

routers/user/oauth.go

@@ -29,13 +29,20 @@ const (
 type AuthorizeErrorCode string
 
 const (
-	ErrorCodeInvalidRequest          AuthorizeErrorCode = "invalid_request"
-	ErrorCodeUnauthorizedClient      AuthorizeErrorCode = "unauthorized_client"
-	ErrorCodeAccessDenied            AuthorizeErrorCode = "access_denied"
+	// ErrorCodeInvalidRequest represents the according error in RFC 6749
+	ErrorCodeInvalidRequest AuthorizeErrorCode = "invalid_request"
+	// ErrorCodeUnauthorizedClient represents the according error in RFC 6749
+	ErrorCodeUnauthorizedClient AuthorizeErrorCode = "unauthorized_client"
+	// ErrorCodeAccessDenied represents the according error in RFC 6749
+	ErrorCodeAccessDenied AuthorizeErrorCode = "access_denied"
+	// ErrorCodeUnsupportedResponseType represents the according error in RFC 6749
 	ErrorCodeUnsupportedResponseType AuthorizeErrorCode = "unsupported_response_type"
-	ErrorCodeInvalidScope            AuthorizeErrorCode = "invalid_scope"
-	ErrorCodeServerError             AuthorizeErrorCode = "server_error"
-	ErrorCodeTemporaryUnavailable    AuthorizeErrorCode = "temporarily_unavailable"
+	// ErrorCodeInvalidScope represents the according error in RFC 6749
+	ErrorCodeInvalidScope AuthorizeErrorCode = "invalid_scope"
+	// ErrorCodeServerError represents the according error in RFC 6749
+	ErrorCodeServerError AuthorizeErrorCode = "server_error"
+	// ErrorCodeTemporaryUnavailable represents the according error in RFC 6749
+	ErrorCodeTemporaryUnavailable AuthorizeErrorCode = "temporarily_unavailable"
 )
 
 // AuthorizeError represents an error type specified in RFC 6749
@@ -54,12 +61,18 @@ func (err AuthorizeError) Error() string {
 type AccessTokenErrorCode string
 
 const (
-	AccessTokenErrorCodeInvalidRequest       AccessTokenErrorCode = "invalid_request"
-	AccessTokenErrorCodeInvalidClient                             = "invalid_client"
-	AccessTokenErrorCodeInvalidGrant                              = "invalid_grant"
-	AccessTokenErrorCodeUnauthorizedClient                        = "unauthorized_client"
-	AccessTokenErrorCodeUnsupportedGrantType                      = "unsupported_grant_type"
-	AccessTokenErrorCodeInvalidScope                              = "invalid_scope"
+	// AccessTokenErrorCodeInvalidRequest represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidRequest AccessTokenErrorCode = "invalid_request"
+	// AccessTokenErrorCodeInvalidClient represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidClient = "invalid_client"
+	// AccessTokenErrorCodeInvalidGrant represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidGrant = "invalid_grant"
+	// AccessTokenErrorCodeUnauthorizedClient represents an error code specified in RFC 6749
+	AccessTokenErrorCodeUnauthorizedClient = "unauthorized_client"
+	// AccessTokenErrorCodeUnsupportedGrantType represents an error code specified in RFC 6749
+	AccessTokenErrorCodeUnsupportedGrantType = "unsupported_grant_type"
+	// AccessTokenErrorCodeInvalidScope represents an error code specified in RFC 6749
+	AccessTokenErrorCodeInvalidScope = "invalid_scope"
 )
 
 // AccessTokenError represents an error response specified in RFC 6749
@@ -77,8 +90,10 @@ func (err AccessTokenError) Error() string {
 type TokenType string
 
 const (
+	// TokenTypeBearer represents a token type specified in RFC 6749
 	TokenTypeBearer TokenType = "bearer"
-	TokenTypeMAC              = "mac"
+	// TokenTypeMAC represents a token type specified in RFC 6749
+	TokenTypeMAC = "mac"
 )
 
 // AccessTokenResponse represents a successful access token response
@@ -207,13 +222,13 @@ func AccessTokenOAuth(ctx *context.Context, form auth.AccessTokenForm) {
 		})
 		return
 	}
-/*	if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
+	if !app.ValidateClientSecret([]byte(form.ClientSecret)) {
 		handleAccessTokenError(ctx, AccessTokenError{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "client is not authorized",
 		})
 		return
-	}*/
+	}
 	authorizationCode, err := models.GetOAuth2AuthorizationByCode(form.Code)
 	if err != nil || authorizationCode == nil {
 		handleAccessTokenError(ctx, AccessTokenError{
@@ -240,7 +255,7 @@ func AccessTokenOAuth(ctx *context.Context, form auth.AccessTokenForm) {
 	signedAccessToken, err := accessToken.SignToken()
 	if err != nil {
 		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode: AccessTokenErrorCodeInvalidRequest,
+			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot sign token",
 		})
 		return
@@ -257,7 +272,7 @@ func AccessTokenOAuth(ctx *context.Context, form auth.AccessTokenForm) {
 	signedRefreshToken, err := refreshToken.SignToken()
 	if err != nil {
 		handleAccessTokenError(ctx, AccessTokenError{
-			ErrorCode: AccessTokenErrorCodeInvalidRequest,
+			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot sign token",
 		})
 		return