Fix golinting around JWT changes

Signed-off-by: Brian Groux <[email protected]>

Author: bgrouxupgrade

util/oidc/oidc_test.go

@@ -121,7 +121,7 @@ func (p *fakeProvider) Verify(_ context.Context, _ string, _ *settings.ArgoCDSet
 	return nil, nil
 }
 
-func (p *fakeProvider) VerifyJWT(_ string, _ *settings.ArgoCDSettings) (*jwtgo.Token, error) {
+func (p *fakeProvider) VerifyJWT(_ context.Context, _ string, _ *settings.ArgoCDSettings) (*jwtgo.Token, error) {
 	return nil, nil
 }
 

util/oidc/provider.go

@@ -34,8 +34,7 @@ type Provider interface {
 
 	Verify(ctx context.Context, tokenString string, argoSettings *settings.ArgoCDSettings) (*gooidc.IDToken, error)
 
-	// BG: add context?
-	VerifyJWT(tokenString string, argoSettings *settings.ArgoCDSettings) (*jwtgo.Token, error)
+	VerifyJWT(ctx context.Context, tokenString string, argoSettings *settings.ArgoCDSettings) (*jwtgo.Token, error)
 }
 
 type providerImpl struct {
@@ -164,9 +163,9 @@ func (p *providerImpl) Verify(ctx context.Context, tokenString string, argoSetti
 }
 
 // VerifyJWT verifies a JWT token using the configured JWK Set URL
-func (p *providerImpl) VerifyJWT(tokenString string, argoSettings *settings.ArgoCDSettings) (*jwtgo.Token, error) {
+func (p *providerImpl) VerifyJWT(ctx context.Context, tokenString string, argoSettings *settings.ArgoCDSettings) (*jwtgo.Token, error) {
 	if !argoSettings.IsJWTConfigured() {
-		return nil, errors.New("Valid JWT configuration not found")
+		return nil, errors.New("valid JWT configuration not found")
 	}
 
 	cacheTTL := p.defaultCacheTTL
@@ -179,7 +178,7 @@ func (p *providerImpl) VerifyJWT(tokenString string, argoSettings *settings.Argo
 		}
 	}
 
-	jwks, err := p.getJWKS(argoSettings.JWTConfig.JWKSetURL, cacheTTL)
+	jwks, err := p.getJWKS(ctx, argoSettings.JWTConfig.JWKSetURL, cacheTTL)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get JWKS: %w", err)
 	}
@@ -311,15 +310,20 @@ func (p *providerImpl) VerifyJWT(tokenString string, argoSettings *settings.Argo
 	return token, nil
 }
 
-func (p *providerImpl) getJWKS(jwksURL string, cacheTTL time.Duration) (*jose.JSONWebKeySet, error) {
+func (p *providerImpl) getJWKS(ctx context.Context, jwksURL string, cacheTTL time.Duration) (*jose.JSONWebKeySet, error) {
 	p.jwksCacheMux.Lock()
 	defer p.jwksCacheMux.Unlock()
 
 	if p.jwksCache != nil && time.Now().Before(p.jwksExpiry) {
 		return p.jwksCache, nil
 	}
 
-	resp, err := http.Get(jwksURL)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, jwksURL, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch JWKS: %w", err)
 	}

util/oidc/provider_test.go

@@ -296,7 +296,7 @@ func TestVerifyJWT(t *testing.T) {
 			}
 
 			// Verify the JWT
-			token, err := provider.VerifyJWT(tokenString, argoSettings)
+			token, err := provider.VerifyJWT(t.Context(), tokenString, argoSettings)
 
 			// Assertions
 			if tt.expectError {
@@ -359,20 +359,20 @@ func TestVerifyJWT_Cache(t *testing.T) {
 	tokenString := generateTestToken(jwtgo.SigningMethodRS256, privateKey, kid, claims)
 
 	// First verification - should fetch JWKS
-	_, err = provider.VerifyJWT(tokenString, argoSettings)
+	_, err = provider.VerifyJWT(t.Context(), tokenString, argoSettings)
 	require.NoError(t, err)
 	require.Equal(t, 1, requestCount, "JWKS should be fetched on first call")
 
 	// Second verification - should use cache
-	_, err = provider.VerifyJWT(tokenString, argoSettings)
+	_, err = provider.VerifyJWT(t.Context(), tokenString, argoSettings)
 	require.NoError(t, err)
 	require.Equal(t, 1, requestCount, "JWKS should be cached on second call")
 
 	// Wait for cache to expire
 	time.Sleep(1100 * time.Millisecond) // Wait slightly longer than TTL
 
 	// Third verification - should fetch JWKS again
-	_, err = provider.VerifyJWT(tokenString, argoSettings)
+	_, err = provider.VerifyJWT(t.Context(), tokenString, argoSettings)
 	require.NoError(t, err)
 	require.Equal(t, 2, requestCount, "JWKS should be fetched again after cache expiry")
 }

util/session/sessionmanager.go

@@ -589,7 +589,7 @@ func (mgr *SessionManager) VerifyToken(ctx context.Context, tokenString string)
 			// Log the error but don't fail immediately, maybe it's an Argo CD token
 			log.Warnf("Failed to get OIDC provider for JWT verification: %v", err)
 		} else {
-			token, jwtErr := prov.VerifyJWT(tokenString, argoSettings)
+			token, jwtErr := prov.VerifyJWT(ctx, tokenString, argoSettings)
 			if jwtErr == nil {
 				// Successfully verified as JWT via JWKS URL
 				log.Debug("Token verified using JWT config (JWKS URL)")
@@ -665,7 +665,7 @@ func (mgr *SessionManager) provider() (oidcutil.Provider, error) {
 		return nil, err
 	}
 	// In the case of external JWT we need an OIDC provider to veryify tokens
-	if !(settings.IsSSOConfigured() || settings.IsJWTConfigured()) {
+	if !settings.IsSSOConfigured() && !settings.IsJWTConfigured() {
 		return nil, errors.New("SSO or JWT is not configured")
 	}
 	mgr.prov = oidcutil.NewOIDCProvider(settings.IssuerURL(), mgr.client)