Change Content-Type to plain text for logout and reset endpoints

No text is returned so the response is not a valid JSON.
go-pkgz · Sep 19, 2024 · 1c0fb40 · 1c0fb40
1 parent b6f1a79
commit 1c0fb40
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 6 deletions.
diff --git a/auth_test.go b/auth_test.go
@@ -298,7 +298,7 @@ func TestLogout(t *testing.T) {
 	resp, err = client.Get("http://127.0.0.1:8089/auth/logout")
 	require.Nil(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
-	assert.Equal(t, "application/json; charset=utf-8", resp.Header.Get("Content-Type"))
+	assert.Equal(t, "text/plain; charset=utf-8", resp.Header.Get("Content-Type"))
 	defer resp.Body.Close()
 
 	resp, err = client.Get("http://127.0.0.1:8089/private")

diff --git a/provider/apple_pubkeys.go b/provider/apple_pubkeys.go
@@ -151,7 +151,7 @@ type appleKeySet struct {
 
 // get return Apple public key with specific KeyID (kid)
 func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
-	if aks.keys == nil || len(aks.keys) == 0 {
+	if len(aks.keys) == 0 {
 		return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
 	}
 

diff --git a/provider/apple_test.go b/provider/apple_test.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
@@ -660,6 +661,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
 
 	// convert exponent
 	eBuff := make([]byte, 4)
+	require.Less(t, publicKey.E, math.MaxUint32)
+	//nolint:gosec // checked by a line above
 	binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
 	e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)
 

diff --git a/token/jwt.go b/token/jwt.go
@@ -332,7 +332,7 @@ func (j *Service) Reset(w http.ResponseWriter) {
 		MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite}
 	http.SetCookie(w, &xsrfCookie)
 
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 }
 
 // checkAuds verifies if claims.Audience in the list of allowed by audReader

diff --git a/v2/auth_test.go b/v2/auth_test.go
@@ -298,7 +298,7 @@ func TestLogout(t *testing.T) {
 	resp, err = client.Get("http://127.0.0.1:8089/auth/logout")
 	require.Nil(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
-	assert.Equal(t, "application/json; charset=utf-8", resp.Header.Get("Content-Type"))
+	assert.Equal(t, "text/plain; charset=utf-8", resp.Header.Get("Content-Type"))
 	defer resp.Body.Close()
 
 	resp, err = client.Get("http://127.0.0.1:8089/private")

diff --git a/v2/provider/apple_pubkeys.go b/v2/provider/apple_pubkeys.go
@@ -151,7 +151,7 @@ type appleKeySet struct {
 
 // get return Apple public key with specific KeyID (kid)
 func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
-	if aks.keys == nil || len(aks.keys) == 0 {
+	if len(aks.keys) == 0 {
 		return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
 	}
 

diff --git a/v2/provider/apple_test.go b/v2/provider/apple_test.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
@@ -660,6 +661,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
 
 	// convert exponent
 	eBuff := make([]byte, 4)
+	require.Less(t, publicKey.E, math.MaxUint32)
+	//nolint:gosec // checked by a line above
 	binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
 	e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)
 

diff --git a/v2/token/jwt.go b/v2/token/jwt.go
@@ -332,7 +332,7 @@ func (j *Service) Reset(w http.ResponseWriter) {
 		MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite}
 	http.SetCookie(w, &xsrfCookie)
 
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 }
 
 // checkAuds verifies if claims.Audience in the list of allowed by audReader