refactor: apply godot recommendations (#2839)

cmd/authelia-scripts/cmd_bootstrap.go

@@ -46,19 +46,19 @@ var hostEntries = []HostEntry{
 	{Domain: "proxy-client2.example.com", IP: "192.168.240.202"},
 	{Domain: "proxy-client3.example.com", IP: "192.168.240.203"},
 
-	// Redis Replicas
+	// Redis Replicas.
 	{Domain: "redis-node-0.example.com", IP: "192.168.240.110"},
 	{Domain: "redis-node-1.example.com", IP: "192.168.240.111"},
 	{Domain: "redis-node-2.example.com", IP: "192.168.240.112"},
 
-	// Redis Sentinel Replicas
+	// Redis Sentinel Replicas.
 	{Domain: "redis-sentinel-0.example.com", IP: "192.168.240.120"},
 	{Domain: "redis-sentinel-1.example.com", IP: "192.168.240.121"},
 	{Domain: "redis-sentinel-2.example.com", IP: "192.168.240.122"},
 
 	// Kubernetes dashboard.
 	{Domain: "kubernetes.example.com", IP: "192.168.240.110"},
-	// OIDC tester app
+	// OIDC tester app.
 	{Domain: "oidc.example.com", IP: "192.168.240.100"},
 	{Domain: "oidc-public.example.com", IP: "192.168.240.100"},
 }

cmd/authelia-suites/main.go

@@ -125,7 +125,7 @@ func setupSuite(cmd *cobra.Command, args []string) {
 		}
 	}
 
-	// Create the .suite file
+	// Create the .suite file.
 	if err := createRunningSuiteFile(suiteName); err != nil {
 		log.Fatal(err)
 	}

internal/authentication/file_user_provider.go

@@ -53,7 +53,7 @@ func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfigur
 		panic(err)
 	}
 
-	// Early check whether hashed passwords are correct for all users
+	// Early check whether hashed passwords are correct for all users.
 	err = checkPasswordHashes(database)
 	if err != nil {
 		panic(err)

internal/authentication/file_user_provider_test.go

@@ -19,7 +19,7 @@ func WithDatabase(content []byte, f func(path string)) {
 		log.Fatal(err)
 	}
 
-	defer os.Remove(tmpfile.Name()) // Clean up
+	defer os.Remove(tmpfile.Name()) // Clean up.
 
 	if _, err := tmpfile.Write(content); err != nil {
 		tmpfile.Close()

internal/authentication/ldap_user_provider_test.go

@@ -89,10 +89,10 @@ func TestEscapeSpecialCharsFromUserInput(t *testing.T) {
 		nil,
 		mockFactory)
 
-	// No escape
+	// No escape.
 	assert.Equal(t, "xyz", ldapClient.ldapEscape("xyz"))
 
-	// Escape
+	// Escape.
 	assert.Equal(t, "test\\,abc", ldapClient.ldapEscape("test,abc"))
 	assert.Equal(t, "test\\5cabc", ldapClient.ldapEscape("test\\abc"))
 	assert.Equal(t, "test\\2aabc", ldapClient.ldapEscape("test*abc"))

internal/configuration/schema/identity_providers.go

@@ -9,7 +9,7 @@ type IdentityProvidersConfiguration struct {
 
 // OpenIDConnectConfiguration configuration for OpenID Connect.
 type OpenIDConnectConfiguration struct {
-	// This secret must be 32 bytes long
+	// This secret must be 32 bytes long.
 	HMACSecret       string `koanf:"hmac_secret"`
 	IssuerPrivateKey string `koanf:"issuer_private_key"`
 

internal/configuration/validator/authentication.go

@@ -45,7 +45,7 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
 	if configuration.Password == nil {
 		configuration.Password = &schema.DefaultPasswordConfiguration
 	} else {
-		// Salt Length
+		// Salt Length.
 		switch {
 		case configuration.Password.SaltLength == 0:
 			configuration.Password.SaltLength = schema.DefaultPasswordConfiguration.SaltLength
@@ -72,32 +72,32 @@ func validateFileAuthenticationBackend(configuration *schema.FileAuthenticationB
 }
 
 func validateFileAuthenticationBackendSHA512(configuration *schema.FileAuthenticationBackendConfiguration) {
-	// Iterations (time)
+	// Iterations (time).
 	if configuration.Password.Iterations == 0 {
 		configuration.Password.Iterations = schema.DefaultPasswordSHA512Configuration.Iterations
 	}
 }
 func validateFileAuthenticationBackendArgon2id(configuration *schema.FileAuthenticationBackendConfiguration, validator *schema.StructValidator) {
-	// Iterations (time)
+	// Iterations (time).
 	if configuration.Password.Iterations == 0 {
 		configuration.Password.Iterations = schema.DefaultPasswordConfiguration.Iterations
 	}
 
-	// Parallelism
+	// Parallelism.
 	if configuration.Password.Parallelism == 0 {
 		configuration.Password.Parallelism = schema.DefaultPasswordConfiguration.Parallelism
 	} else if configuration.Password.Parallelism < 1 {
 		validator.Push(fmt.Errorf("Parallelism for argon2id must be 1 or more, you configured %d", configuration.Password.Parallelism))
 	}
 
-	// Memory
+	// Memory.
 	if configuration.Password.Memory == 0 {
 		configuration.Password.Memory = schema.DefaultPasswordConfiguration.Memory
 	} else if configuration.Password.Memory < configuration.Password.Parallelism*8 {
 		validator.Push(fmt.Errorf("Memory for argon2id must be %d or more (parallelism * 8), you configured memory as %d and parallelism as %d", configuration.Password.Parallelism*8, configuration.Password.Memory, configuration.Password.Parallelism))
 	}
 
-	// Key Length
+	// Key Length.
 	if configuration.Password.KeyLength == 0 {
 		configuration.Password.KeyLength = schema.DefaultPasswordConfiguration.KeyLength
 	} else if configuration.Password.KeyLength < 16 {
@@ -185,12 +185,12 @@ func validateLDAPURL(ldapURL string, validator *schema.StructValidator) (finalUR
 }
 
 func validateLDAPRequiredParameters(configuration *schema.LDAPAuthenticationBackendConfiguration, validator *schema.StructValidator) {
-	// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387)
+	// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
 	if configuration.User == "" {
 		validator.Push(errors.New("Please provide a user name to connect to the LDAP server"))
 	}
 
-	// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387)
+	// TODO: see if it's possible to disable this check if disable_reset_password is set and when anonymous/user binding is supported (#101 and #387).
 	if configuration.Password == "" {
 		validator.Push(errors.New("Please provide a password to connect to the LDAP server"))
 	}

internal/configuration/validator/regulation.go

@@ -10,11 +10,11 @@ import (
 // ValidateRegulation validates and update regulator configuration.
 func ValidateRegulation(configuration *schema.RegulationConfiguration, validator *schema.StructValidator) {
 	if configuration.FindTime == "" {
-		configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min
+		configuration.FindTime = schema.DefaultRegulationConfiguration.FindTime // 2 min.
 	}
 
 	if configuration.BanTime == "" {
-		configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min
+		configuration.BanTime = schema.DefaultRegulationConfiguration.BanTime // 5 min.
 	}
 
 	findTime, err := utils.ParseDurationString(configuration.FindTime)

internal/configuration/validator/session.go

@@ -32,19 +32,19 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
 
 func validateSession(configuration *schema.SessionConfiguration, validator *schema.StructValidator) {
 	if configuration.Expiration == "" {
-		configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour
+		configuration.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
 	} else if _, err := utils.ParseDurationString(configuration.Expiration); err != nil {
 		validator.Push(fmt.Errorf("Error occurred parsing session expiration string: %s", err))
 	}
 
 	if configuration.Inactivity == "" {
-		configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min
+		configuration.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
 	} else if _, err := utils.ParseDurationString(configuration.Inactivity); err != nil {
 		validator.Push(fmt.Errorf("Error occurred parsing session inactivity string: %s", err))
 	}
 
 	if configuration.RememberMeDuration == "" {
-		configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month
+		configuration.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
 	} else if _, err := utils.ParseDurationString(configuration.RememberMeDuration); err != nil {
 		validator.Push(fmt.Errorf("Error occurred parsing session remember_me_duration string: %s", err))
 	}

internal/duo/const.go

@@ -13,4 +13,4 @@ const (
 )
 
 // PossibleMethods is the set of all possible Duo 2FA methods.
-var PossibleMethods = []string{Push} // OTP, Phone, SMS
+var PossibleMethods = []string{Push} // OTP, Phone, SMS.

internal/handlers/handler_firstfactor.go

@@ -91,10 +91,10 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
 			return
 		}
 
-		// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data
+		// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
 		keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
 
-		// Set the cookie to expire if remember me is enabled and the user has asked us to
+		// Set the cookie to expire if remember me is enabled and the user has asked us to.
 		if keepMeLoggedIn {
 			err = ctx.Providers.SessionProvider.UpdateExpiration(ctx.RequestCtx, ctx.Providers.SessionProvider.RememberMe)
 			if err != nil {

internal/handlers/handler_firstfactor_test.go

@@ -33,13 +33,13 @@ func (s *FirstFactorSuite) TearDownTest() {
 func (s *FirstFactorSuite) TestShouldFailIfBodyIsNil() {
 	FirstFactorPost(nil)(s.mock.Ctx)
 
-	// No body
+	// No body.
 	assert.Equal(s.T(), "Failed to parse 1FA request body: unable to parse body: unexpected end of JSON input", s.mock.Hook.LastEntry().Message)
 	s.mock.Assert401KO(s.T(), "Authentication failed. Check your credentials.")
 }
 
 func (s *FirstFactorSuite) TestShouldFailIfBodyIsInBadFormat() {
-	// Missing password
+	// Missing password.
 	s.mock.Ctx.Request.SetBodyString(`{
 		"username": "test"
 	}`)

internal/handlers/handler_sign_u2f_step1.go

@@ -65,7 +65,7 @@ func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
 		},
 	}
 
-	// Save the challenge and registration for use in next request
+	// Save the challenge and registration for use in next request.
 	userSession.U2FRegistration = &session.U2FRegistration{
 		KeyHandle: device.KeyHandle,
 		PublicKey: device.PublicKey,

internal/handlers/handler_verify.go

@@ -73,7 +73,7 @@ func isTargetURLAuthorized(authorizer *authorization.Authorizer, targetURL url.U
 		// deduce the access is forbidden
 		// For anonymous users though, we cannot be sure that she
 		// could not be granted the rights to access the resource. Consequently
-		// for anonymous users we send Unauthorized instead of Forbidden
+		// for anonymous users we send Unauthorized instead of Forbidden.
 		return Forbidden
 	case level == authorization.OneFactor && authLevel >= authentication.OneFactor,
 		level == authorization.TwoFactor && authLevel >= authentication.TwoFactor:
@@ -100,7 +100,7 @@ func verifyBasicAuth(ctx *middlewares.AutheliaCtx, header, auth []byte) (usernam
 
 	// If the user is not correctly authenticated, send a 401.
 	if !authenticated {
-		// Request Basic Authentication otherwise
+		// Request Basic Authentication otherwise.
 		return "", "", nil, nil, authentication.NotAuthenticated, fmt.Errorf("user %s is not authenticated", username)
 	}
 
@@ -391,7 +391,7 @@ func getProfileRefreshSettings(cfg schema.AuthenticationBackendConfiguration) (r
 			refresh = true
 
 			if cfg.RefreshInterval != schema.ProfileRefreshAlways {
-				// Skip Error Check since validator checks it
+				// Skip Error Check since validator checks it.
 				refreshInterval, _ = utils.ParseDurationString(cfg.RefreshInterval)
 			} else {
 				refreshInterval = schema.RefreshIntervalAlways

internal/handlers/handler_verify_test.go

@@ -1023,7 +1023,7 @@ func TestShouldDestroySessionWhenUserNotExist(t *testing.T) {
 	userSession = mock.Ctx.GetSession()
 	assert.Equal(t, clock.Now().Add(5*time.Minute).Unix(), userSession.RefreshTTL.Unix())
 
-	// Simulate a Deleted User
+	// Simulate a Deleted User.
 	userSession.RefreshTTL = clock.Now().Add(-1 * time.Minute)
 	err = mock.Ctx.SaveSession(userSession)
 

internal/middlewares/identity_verification.go

@@ -151,7 +151,7 @@ func IdentityVerificationFinish(args IdentityVerificationFinishArgs, next func(c
 					ctx.Error(fmt.Errorf("Cannot parse token"), messageOperationFailed)
 					return
 				case ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0:
-					// Token is either expired or not active yet
+					// Token is either expired or not active yet.
 					ctx.Error(fmt.Errorf("Token expired"), messageIdentityVerificationTokenHasExpired)
 					return
 				default:

internal/mocks/authelia_ctx.go

@@ -117,7 +117,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
 
 	request := &fasthttp.RequestCtx{}
 	// Set a cookie to identify this client throughout the test.
-	// request.Request.Header.SetCookie("authelia_session", "client_cookie")
+	// request.Request.Header.SetCookie("authelia_session", "client_cookie").
 
 	autheliaCtx, _ := middlewares.NewAutheliaCtx(request, configuration, providers)
 	mockAuthelia.Ctx = autheliaCtx

internal/notification/smtp_notifier.go

@@ -38,7 +38,7 @@ func NewSMTPNotifier(configuration *schema.SMTPNotifierConfiguration, certPool *
 
 // Do startTLS if available (some servers only provide the auth extension after, and encryption is preferred).
 func (n *SMTPNotifier) startTLS() error {
-	// Only start if not already encrypted
+	// Only start if not already encrypted.
 	if _, ok := n.client.TLSConnectionState(); ok {
 		n.log.Debugf("Notifier SMTP connection is already encrypted, skipping STARTTLS")
 		return nil

internal/ntp/const.go

@@ -1,10 +1,10 @@
 package ntp
 
 const (
-	ntpClientModeValue  uint8 = 3  // 00000011
-	ntpLeapEnabledValue uint8 = 64 // 01000000
-	ntpVersion3Value    uint8 = 24 // 00011000
-	ntpVersion4Value    uint8 = 40 // 00101000
+	ntpClientModeValue  uint8 = 3  // 00000011.
+	ntpLeapEnabledValue uint8 = 64 // 01000000.
+	ntpVersion3Value    uint8 = 24 // 00011000.
+	ntpVersion4Value    uint8 = 40 // 00101000.
 )
 
 const ntpEpochOffset = 2208988800

internal/oidc/provider.go

@@ -72,7 +72,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
 		compose.OAuth2ClientCredentialsGrantFactory,
 		compose.OAuth2RefreshTokenGrantFactory,
 		compose.OAuth2ResourceOwnerPasswordCredentialsFactory,
-		// compose.RFC7523AssertionGrantFactory,
+		// compose.RFC7523AssertionGrantFactory,.
 
 		compose.OpenIDConnectExplicitFactory,
 		compose.OpenIDConnectImplicitFactory,
@@ -82,7 +82,7 @@ func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration)
 		compose.OAuth2TokenIntrospectionFactory,
 		compose.OAuth2TokenRevocationFactory,
 
-		// compose.OAuth2PKCEFactory,
+		// compose.OAuth2PKCEFactory,.
 	)
 
 	provider.herodot = herodot.NewJSONWriter(nil)

internal/regulation/regulator_test.go

@@ -282,7 +282,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
 		LoadAuthenticationLogs(s.ctx, gomock.Eq("john"), gomock.Any(), gomock.Eq(10), gomock.Eq(0)).
 		Return(attemptsInDB, nil)
 
-	// Check Disabled Functionality
+	// Check Disabled Functionality.
 	configuration := schema.RegulationConfiguration{
 		MaxRetries: 0,
 		FindTime:   "180",
@@ -293,7 +293,7 @@ func (s *RegulatorSuite) TestShouldHaveRegulatorDisabled() {
 	_, err := regulator.Regulate(s.ctx, "john")
 	assert.NoError(s.T(), err)
 
-	// Check Enabled Functionality
+	// Check Enabled Functionality.
 	configuration = schema.RegulationConfiguration{
 		MaxRetries: 1,
 		FindTime:   "180",

internal/regulation/types.go

@@ -11,7 +11,7 @@ import (
 type Regulator struct {
 	// Is the regulation enabled.
 	enabled bool
-	// The number of failed authentication attempt before banning the user
+	// The number of failed authentication attempt before banning the user.
 	maxRetries int
 	// If a user does the max number of retries within that duration, she will be banned.
 	findTime time.Duration

internal/session/provider_config_test.go

@@ -59,7 +59,7 @@ func TestShouldCreateRedisSessionProviderTLS(t *testing.T) {
 	pConfig := providerConfig.redisConfig
 	assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
 	assert.Equal(t, "pass", pConfig.Password)
-	// DbNumber is the fasthttp/session property for the Redis DB Index
+	// DbNumber is the fasthttp/session property for the Redis DB Index.
 	assert.Equal(t, 0, pConfig.DB)
 	assert.Equal(t, 0, pConfig.PoolSize)
 	assert.Equal(t, 0, pConfig.MinIdleConns)
@@ -94,7 +94,7 @@ func TestShouldCreateRedisSessionProvider(t *testing.T) {
 	pConfig := providerConfig.redisConfig
 	assert.Equal(t, "redis.example.com:6379", pConfig.Addr)
 	assert.Equal(t, "pass", pConfig.Password)
-	// DbNumber is the fasthttp/session property for the Redis DB Index
+	// DbNumber is the fasthttp/session property for the Redis DB Index.
 	assert.Equal(t, 0, pConfig.DB)
 	assert.Equal(t, 0, pConfig.PoolSize)
 	assert.Equal(t, 0, pConfig.MinIdleConns)
@@ -180,7 +180,7 @@ func TestShouldCreateRedisSentinelSessionProvider(t *testing.T) {
 	assert.Equal(t, 8, pConfig.PoolSize)
 	assert.Equal(t, 2, pConfig.MinIdleConns)
 
-	// DbNumber is the fasthttp/session property for the Redis DB Index
+	// DbNumber is the fasthttp/session property for the Redis DB Index.
 	assert.Equal(t, 0, pConfig.DB)
 	assert.Nil(t, pConfig.TLSConfig)
 }
@@ -233,7 +233,7 @@ func TestShouldCreateRedisSessionProviderWithUnixSocket(t *testing.T) {
 	pConfig := providerConfig.redisConfig
 	assert.Equal(t, "/var/run/redis/redis.sock", pConfig.Addr)
 	assert.Equal(t, "pass", pConfig.Password)
-	// DbNumber is the fasthttp/session property for the Redis DB Index
+	// DbNumber is the fasthttp/session property for the Redis DB Index.
 	assert.Equal(t, 0, pConfig.DB)
 	assert.Nil(t, pConfig.TLSConfig)
 }
@@ -256,7 +256,7 @@ func TestShouldSetDbNumber(t *testing.T) {
 
 	assert.Equal(t, "redis", providerConfig.providerName)
 	pConfig := providerConfig.redisConfig
-	// DbNumber is the fasthttp/session property for the Redis DB Index
+	// DbNumber is the fasthttp/session property for the Redis DB Index.
 	assert.Equal(t, 5, pConfig.DB)
 }
 
@@ -277,7 +277,7 @@ func TestShouldUseEncryptingSerializerWithRedis(t *testing.T) {
 	encoded, err := providerConfig.config.EncodeFunc(payload)
 	require.NoError(t, err)
 
-	// Now we try to decrypt what has been serialized
+	// Now we try to decrypt what has been serialized.
 	key := sha256.Sum256([]byte("abc"))
 	decrypted, err := utils.Decrypt(encoded, &key)
 	require.NoError(t, err)

internal/storage/sql_provider.go

@@ -111,7 +111,7 @@ type SQLProvider struct {
 	sqlUpdateU2FDevicePublicKey           string
 	sqlUpdateU2FDevicePublicKeyByUsername string
 
-	// Table: duo_devices
+	// Table: duo_devices.
 	sqlUpsertDuoDevice string
 	sqlDeleteDuoDevice string
 	sqlSelectDuoDevice string

internal/suites/action_login.go

@@ -39,7 +39,7 @@ func (rs *RodSession) doLoginTwoFactor(t *testing.T, page *rod.Page, username, p
 	rs.doLoginOneFactor(t, page, username, password, keepMeLoggedIn, targetURL)
 	rs.verifyIsSecondFactorPage(t, page)
 	rs.doValidateTOTP(t, page, otpSecret)
-	// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain
+	// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain.
 	if targetURL == "" {
 		time.Sleep(1 * time.Second)
 	}

internal/suites/action_reset_password.go

@@ -11,10 +11,10 @@ import (
 func (rs *RodSession) doInitiatePasswordReset(t *testing.T, page *rod.Page, username string) {
 	err := rs.WaitElementLocatedByCSSSelector(t, page, "reset-password-button").Click("left")
 	require.NoError(t, err)
-	// Fill in username
+	// Fill in username.
 	err = rs.WaitElementLocatedByCSSSelector(t, page, "username-textfield").Input(username)
 	require.NoError(t, err)
-	// And click on the reset button
+	// And click on the reset button.
 	err = rs.WaitElementLocatedByCSSSelector(t, page, "reset-button").Click("left")
 	require.NoError(t, err)
 }
@@ -49,7 +49,7 @@ func (rs *RodSession) doUnsuccessfulPasswordReset(t *testing.T, page *rod.Page,
 
 func (rs *RodSession) doResetPassword(t *testing.T, page *rod.Page, username, newPassword1, newPassword2 string, unsuccessful bool) {
 	rs.doInitiatePasswordReset(t, page, username)
-	// then wait for the "email sent notification"
+	// then wait for the "email sent notification".
 	rs.verifyMailNotificationDisplayed(t, page)
 
 	if unsuccessful {

internal/suites/scenario_oidc_test.go

@@ -84,7 +84,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
 
 	s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
 
-	// Search for the 'login' link
+	// Search for the 'login' link.
 	err := s.Page.MustSearch("Log in").Click("left")
 	assert.NoError(s.T(), err)
 
@@ -92,7 +92,7 @@ func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
 	err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left")
 	assert.NoError(s.T(), err)
 
-	// Verify that the app is showing the info related to the user stored in the JWT token
+	// Verify that the app is showing the info related to the user stored in the JWT token.
 	s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!")
 }
 
@@ -111,7 +111,7 @@ func (s *OIDCScenario) TestShouldDenyConsent() {
 
 	s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
 
-	// Search for the 'login' link
+	// Search for the 'login' link.
 	err := s.Page.MustSearch("Log in").Click("left")
 	assert.NoError(s.T(), err)
 

internal/suites/scenario_password_complexity_test.go

@@ -55,7 +55,7 @@ func (s *PasswordComplexityScenario) TestShouldRejectPasswordReset() {
 	s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
 	s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
 
-	// Attempt to reset the password to a
+	// Attempt to reset the password to a.
 	s.doResetPassword(s.T(), s.Context(ctx), "john", "a", "a", true)
 	s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Your supplied password does not meet the password policy requirements.")
 }

internal/suites/scenario_redirection_check_test.go

@@ -48,13 +48,13 @@ func (s *RedirectionCheckScenario) TearDownTest() {
 }
 
 var redirectionAuthorizations = map[string]bool{
-	// external website
+	// external website.
 	"https://www.google.fr": false,
-	// Not the right domain
+	// Not the right domain.
 	"https://public.example.com.a:8080/secret.html": false,
-	// Not https
+	// Not https.
 	"http://secure.example.com:8080/secret.html": false,
-	// Domain handled by Authelia
+	// Domain handled by Authelia.
 	"https://secure.example.com:8080/secret.html": true,
 }
 
@@ -83,13 +83,13 @@ func (s *RedirectionCheckScenario) TestShouldRedirectOnLoginOnlyWhenDomainIsSafe
 }
 
 var logoutRedirectionURLs = map[string]bool{
-	// external website
+	// external website.
 	"https://www.google.fr": false,
-	// Not the right domain
+	// Not the right domain.
 	"https://public.example-not-right.com:8080/index.html": false,
-	// Not https
+	// Not https.
 	"http://public.example.com:8080/index.html": false,
-	// Domain handled by Authelia
+	// Domain handled by Authelia.
 	"https://public.example.com:8080/index.html": true,
 }
 

internal/suites/scenario_regulation_test.go

@@ -66,7 +66,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
 		require.NoError(s.T(), err)
 	}
 
-	// Enter the correct password and test the regulation lock out
+	// Enter the correct password and test the regulation lock out.
 	err := s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
 	require.NoError(s.T(), err)
 	err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")
@@ -76,7 +76,7 @@ func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
 	s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
 	time.Sleep(10 * time.Second)
 
-	// Enter the correct password and test a successful login
+	// Enter the correct password and test a successful login.
 	err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "password-textfield").Input("password")
 	require.NoError(s.T(), err)
 	err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "sign-in-button").Click("left")

internal/suites/scenario_reset_password_test.go

@@ -55,20 +55,20 @@ func (s *ResetPasswordScenario) TestShouldResetPassword() {
 	s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
 	s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
 
-	// Reset the password to abc
+	// Reset the password to abc.
 	s.doResetPassword(s.T(), s.Context(ctx), "john", "abc", "abc", false)
 
-	// Try to login with the old password
+	// Try to login with the old password.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	s.verifyNotificationDisplayed(s.T(), s.Context(ctx), "Incorrect username or password.")
 
-	// Try to login with the new password
+	// Try to login with the new password.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "abc", false, "")
 
-	// Logout
+	// Logout.
 	s.doLogout(s.T(), s.Context(ctx))
 
-	// Reset the original password
+	// Reset the original password.
 	s.doResetPassword(s.T(), s.Context(ctx), "john", "password", "password", false)
 }
 
@@ -85,7 +85,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia
 	// Try to initiate a password reset of an nonexistent user.
 	s.doInitiatePasswordReset(s.T(), s.Context(ctx), "i_dont_exist")
 
-	// Check that the notification make the attacker thinks the process is initiated
+	// Check that the notification make the attacker thinks the process is initiated.
 	s.verifyMailNotificationDisplayed(s.T(), s.Context(ctx))
 }
 

internal/suites/scenario_two_factor_test.go

@@ -58,18 +58,18 @@ func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
 	username := testUsername
 	password := testPassword
 
-	// Login and register TOTP, logout and login again with 1FA & 2FA
+	// Login and register TOTP, logout and login again with 1FA & 2FA.
 	targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
 	_ = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), username, password, false, targetURL)
 
 	// And check if the user is redirected to the secret.
 	s.verifySecretAuthorized(s.T(), s.Context(ctx))
 
-	// Leave the secret
+	// Leave the secret.
 	s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// And try to reload it again to check the session is kept
+	// And try to reload it again to check the session is kept.
 	s.doVisit(s.T(), s.Context(ctx), targetURL)
 	s.verifySecretAuthorized(s.T(), s.Context(ctx))
 }

internal/suites/scenario_user_preferences_test.go

@@ -54,11 +54,11 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
 		s.collectScreenshot(ctx.Err(), s.Page)
 	}()
 
-	// Authenticate
+	// Authenticate.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 
-	// Then switch to push notification method
+	// Then switch to push notification method.
 	s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
 
@@ -71,7 +71,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 	// And check the latest method is still used.
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
-	// Meaning the authentication is successful
+	// Meaning the authentication is successful.
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
 	// Logout the user and see what user 'harry' sees.
@@ -83,7 +83,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
 	s.doLogout(s.T(), s.Context(ctx))
 	s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
 
-	// Then log back as previous user and verify the push notification is still the default method
+	// Then log back as previous user and verify the push notification is still the default method.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
@@ -92,7 +92,7 @@ func (s *UserPreferencesScenario) TestShouldRememberLastUsed2FAMethod() {
 	s.doLogout(s.T(), s.Context(ctx))
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 
-	// Eventually restore the default method
+	// Eventually restore the default method.
 	s.doChangeMethod(s.T(), s.Context(ctx), "one-time-password")
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "one-time-password-method")
 }

internal/suites/suite_duo_push_test.go

@@ -132,18 +132,18 @@ func (s *DuoPushWebDriverSuite) TestShouldAutoSelectDevice() {
 	ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
 	ConfigureDuo(s.T(), Allow)
 
-	// Authenticate
+	// Authenticate.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	// Switch Method where single Device should be selected automatically.
 	s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// Re-Login the user
+	// Re-Login the user.
 	s.doLogout(s.T(), s.Context(ctx))
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	// And check the latest method and device is still used.
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
-	// Meaning the authentication is successful
+	// Meaning the authentication is successful.
 	s.verifyIsHome(s.T(), s.Context(ctx))
 }
 
@@ -171,7 +171,7 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
 	ConfigureDuoPreAuth(s.T(), PreAuthAPIResponse)
 	ConfigureDuo(s.T(), Allow)
 
-	// Authenticate
+	// Authenticate.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	// Switch Method where Device Selection should open automatically.
 	s.doChangeMethod(s.T(), s.Context(ctx), "push-notification")
@@ -183,12 +183,12 @@ func (s *DuoPushWebDriverSuite) TestShouldSelectDevice() {
 	s.doChangeDevice(s.T(), s.Context(ctx), "1234567890ABCDEFGHIJ")
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// Re-Login the user
+	// Re-Login the user.
 	s.doLogout(s.T(), s.Context(ctx))
 	s.doLoginOneFactor(s.T(), s.Context(ctx), "john", "password", false, "")
 	// And check the latest method and device is still used.
 	s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "push-notification-method")
-	// Meaning the authentication is successful
+	// Meaning the authentication is successful.
 	s.verifyIsHome(s.T(), s.Context(ctx))
 }
 

internal/suites/suite_high_availability_test.go

@@ -87,7 +87,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
 	s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// Verify the user is still authenticated
+	// Verify the user is still authenticated.
 	s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 
@@ -130,7 +130,7 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepUserSessionActiveWithPrim
 	s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// Verify the user is still authenticated
+	// Verify the user is still authenticated.
 	s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 }
@@ -170,11 +170,11 @@ func (s *HighAvailabilityWebDriverSuite) TestShouldKeepSessionAfterAutheliaResta
 	s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
 	s.verifyIsHome(s.T(), s.Context(ctx))
 
-	// Verify the user is still authenticated
+	// Verify the user is still authenticated.
 	s.doVisit(s.T(), s.Context(ctx), GetLoginBaseURL())
 	s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
 
-	// Then logout and login again to check the secret is still there
+	// Then logout and login again to check the secret is still there.
 	s.doLogout(s.T(), s.Context(ctx))
 	s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
 

internal/suites/suite_network_acl.go

@@ -17,7 +17,7 @@ func init() {
 		"internal/suites/example/compose/nginx/portal/docker-compose.yml",
 		"internal/suites/example/compose/squid/docker-compose.yml",
 		"internal/suites/example/compose/smtp/docker-compose.yml",
-		// To debug headers
+		// To debug headers.
 		"internal/suites/example/compose/httpbin/docker-compose.yml",
 	})
 

internal/suites/suite_standalone.go

@@ -10,8 +10,8 @@ var standaloneSuiteName = "Standalone"
 
 func init() {
 	_ = os.MkdirAll("/tmp/authelia/StandaloneSuite/", 0700)
-	_ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600)
-	_ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600)
+	_ = os.WriteFile("/tmp/authelia/StandaloneSuite/jwt", []byte("very_important_secret"), 0600)       //nolint:gosec
+	_ = os.WriteFile("/tmp/authelia/StandaloneSuite/session", []byte("unsecure_session_secret"), 0600) //nolint:gosec
 
 	dockerEnvironment := NewDockerEnvironment([]string{
 		"internal/suites/docker-compose.yml",

internal/suites/suite_standalone_test.go

@@ -139,7 +139,7 @@ func (s *StandaloneWebDriverSuite) TestShouldCheckUserIsAskedToRegisterDevice()
 	// Login one factor again.
 	s.doLoginOneFactor(s.T(), s.Context(ctx), username, password, false, "")
 
-	// now the user should be asked to perform 2FA
+	// now the user should be asked to perform 2FA.
 	s.WaitElementLocatedByClassName(s.T(), s.Context(ctx), "state-method")
 }
 

internal/utils/exec.go

@@ -136,12 +136,12 @@ func RunFuncUntilCtrlC(fn func() error) error {
 
 // RunCommandWithTimeout run a command with timeout.
 func RunCommandWithTimeout(cmd *exec.Cmd, timeout time.Duration) error {
-	// Start a process:
+	// Start a process.
 	if err := cmd.Start(); err != nil {
 		log.Fatal(err)
 	}
 
-	// Wait for the process to finish or kill it after a timeout (whichever happens first):
+	// Wait for the process to finish or kill it after a timeout (whichever happens first).
 	done := make(chan error, 1)
 
 	go func() {

internal/utils/rsa.go

@@ -76,7 +76,7 @@ func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
 	case *rsa.PublicKey:
 		return pub, nil
 	default:
-		break // fall through
+		break // fall through.
 	}
 
 	return nil, errors.New("key type is not RSA")

internal/utils/time.go

@@ -43,7 +43,7 @@ func ParseDurationString(input string) (time.Duration, error) {
 
 		duration = time.Duration(seconds) * time.Second
 	case input != "":
-		// Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing
+		// Throw this error if input is anything other than a blank string, blank string will default to a duration of nothing.
 		return 0, fmt.Errorf("could not convert the input string of %s into a duration", input)
 	}