From 1c0fb4081d30ee9ad34c6b2460ca53023da9ff00 Mon Sep 17 00:00:00 2001
From: Dmitry Verkhoturov <paskal.07@gmail.com>
Date: Fri, 20 Sep 2024 00:16:10 +0100
Subject: [PATCH] Change Content-Type to plain text for logout and reset
 endpoints

No text is returned so the response is not a valid JSON.
---
 auth_test.go                 | 2 +-
 provider/apple_pubkeys.go    | 2 +-
 provider/apple_test.go       | 3 +++
 token/jwt.go                 | 2 +-
 v2/auth_test.go              | 2 +-
 v2/provider/apple_pubkeys.go | 2 +-
 v2/provider/apple_test.go    | 3 +++
 v2/token/jwt.go              | 2 +-
 8 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/auth_test.go b/auth_test.go
index 06a3b8aa..9f9fbece 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -298,7 +298,7 @@ func TestLogout(t *testing.T) {
 	resp, err = client.Get("http://127.0.0.1:8089/auth/logout")
 	require.Nil(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
-	assert.Equal(t, "application/json; charset=utf-8", resp.Header.Get("Content-Type"))
+	assert.Equal(t, "text/plain; charset=utf-8", resp.Header.Get("Content-Type"))
 	defer resp.Body.Close()
 
 	resp, err = client.Get("http://127.0.0.1:8089/private")
diff --git a/provider/apple_pubkeys.go b/provider/apple_pubkeys.go
index ce0ccde0..5c3563e5 100644
--- a/provider/apple_pubkeys.go
+++ b/provider/apple_pubkeys.go
@@ -151,7 +151,7 @@ type appleKeySet struct {
 
 // get return Apple public key with specific KeyID (kid)
 func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
-	if aks.keys == nil || len(aks.keys) == 0 {
+	if len(aks.keys) == 0 {
 		return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
 	}
 
diff --git a/provider/apple_test.go b/provider/apple_test.go
index f448ae77..99b177c6 100644
--- a/provider/apple_test.go
+++ b/provider/apple_test.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
@@ -660,6 +661,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
 
 	// convert exponent
 	eBuff := make([]byte, 4)
+	require.Less(t, publicKey.E, math.MaxUint32)
+	//nolint:gosec // checked by a line above
 	binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
 	e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)
 
diff --git a/token/jwt.go b/token/jwt.go
index 73cc1c2c..56cae219 100644
--- a/token/jwt.go
+++ b/token/jwt.go
@@ -332,7 +332,7 @@ func (j *Service) Reset(w http.ResponseWriter) {
 		MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite}
 	http.SetCookie(w, &xsrfCookie)
 
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 }
 
 // checkAuds verifies if claims.Audience in the list of allowed by audReader
diff --git a/v2/auth_test.go b/v2/auth_test.go
index 81655bb6..0031d55e 100644
--- a/v2/auth_test.go
+++ b/v2/auth_test.go
@@ -298,7 +298,7 @@ func TestLogout(t *testing.T) {
 	resp, err = client.Get("http://127.0.0.1:8089/auth/logout")
 	require.Nil(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
-	assert.Equal(t, "application/json; charset=utf-8", resp.Header.Get("Content-Type"))
+	assert.Equal(t, "text/plain; charset=utf-8", resp.Header.Get("Content-Type"))
 	defer resp.Body.Close()
 
 	resp, err = client.Get("http://127.0.0.1:8089/private")
diff --git a/v2/provider/apple_pubkeys.go b/v2/provider/apple_pubkeys.go
index ce0ccde0..5c3563e5 100644
--- a/v2/provider/apple_pubkeys.go
+++ b/v2/provider/apple_pubkeys.go
@@ -151,7 +151,7 @@ type appleKeySet struct {
 
 // get return Apple public key with specific KeyID (kid)
 func (aks *appleKeySet) get(kid string) (keys *applePublicKey, err error) {
-	if aks.keys == nil || len(aks.keys) == 0 {
+	if len(aks.keys) == 0 {
 		return nil, fmt.Errorf("failed to get key in appleKeySet, key set is nil or empty")
 	}
 
diff --git a/v2/provider/apple_test.go b/v2/provider/apple_test.go
index 1b47deb1..0f7f94b2 100644
--- a/v2/provider/apple_test.go
+++ b/v2/provider/apple_test.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
@@ -660,6 +661,8 @@ ODIRe1AuTyHceAbewn8b462yEWKARdpd9AjQW5SIVPfdsz5B6GlYQ5LdYKtznTuy
 
 	// convert exponent
 	eBuff := make([]byte, 4)
+	require.Less(t, publicKey.E, math.MaxUint32)
+	//nolint:gosec // checked by a line above
 	binary.LittleEndian.PutUint32(eBuff, uint32(publicKey.E))
 	e := base64.StdEncoding.WithPadding(base64.NoPadding).EncodeToString(eBuff)
 
diff --git a/v2/token/jwt.go b/v2/token/jwt.go
index 73cc1c2c..56cae219 100644
--- a/v2/token/jwt.go
+++ b/v2/token/jwt.go
@@ -332,7 +332,7 @@ func (j *Service) Reset(w http.ResponseWriter) {
 		MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite}
 	http.SetCookie(w, &xsrfCookie)
 
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 }
 
 // checkAuds verifies if claims.Audience in the list of allowed by audReader