diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..729e2c5 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# the project is owned by the platform team +* @kivra/platform-team diff --git a/rebar.config b/rebar.config index a4c25b3..1b23538 100644 --- a/rebar.config +++ b/rebar.config @@ -1,4 +1,21 @@ -{erl_opts, [debug_info]}. +{erl_opts, [ + debug_info, + warnings_as_errors, + warn_export_vars, + warn_unused_import, + warn_keywords +]}. + +{dialyzer, [ + {plt_apps, all_deps}, + incremental, + {warnings, [unmatched_returns]} +]}. + +{overrides, [ + {override, jose, [{erl_opts, [debug_info, no_warnings_as_errors]}]} +]}. + {deps, [ {jsx, {git, "https://github.com/talentdeficit/jsx.git" , {tag, "v3.1.0"}}} , {jose, {git, "https://github.com/potatosalad/erlang-jose.git" , {tag, "1.11.5"}}} , {hackney, {git, "https://github.com/benoitc/hackney.git" , {tag, "1.18.0"}}} @@ -15,9 +32,19 @@ {profiles, [{test, [ + {cover_enabled, true}, + {cover_opts, [verbose]}, {erl_opts, [nowarn_export_all]}, - {deps, [ proper + {deps, [ {proper, "1.4.0"} , {meck, "0.8.13"} ]} ]} ]}. + +{xref_checks, [ + undefined_function_calls, + undefined_functions, + locals_not_used, + deprecated_function_calls, + deprecated_functions +]}. diff --git a/src/ets_pubkeys_storage.erl b/src/ets_pubkeys_storage.erl index 9ba1729..daea0e7 100644 --- a/src/ets_pubkeys_storage.erl +++ b/src/ets_pubkeys_storage.erl @@ -34,7 +34,7 @@ put(#{<<"kid">> := Kid} = Key) -> %% gen_server callbacks init(A) -> - ets:new(?MODULE, ?ETS_OPTIONS), + ?MODULE = ets:new(?MODULE, ?ETS_OPTIONS), {ok, A}. handle_call(_, _, S) -> {noreply, S}. handle_cast(_, S) -> {noreply, S}. diff --git a/src/id_token.app.src b/src/id_token.app.src index 0dc45eb..dcbb5ee 100644 --- a/src/id_token.app.src +++ b/src/id_token.app.src @@ -7,7 +7,8 @@ [kernel, stdlib, hackney, - jose + jose, + jsx ]}, {env,[]}, {modules, []}, diff --git a/src/id_token_provider.erl b/src/id_token_provider.erl index 8cedddc..e1326f3 100644 --- a/src/id_token_provider.erl +++ b/src/id_token_provider.erl @@ -46,7 +46,7 @@ add_provider(Name, Uri) -> %%% gen_server callbacks %%%=================================================================== init([]) -> - ets:new(?ID_TOKEN_CACHE, ?ETS_OPTIONS), + ?ID_TOKEN_CACHE = ets:new(?ID_TOKEN_CACHE, ?ETS_OPTIONS), Providers = id_token_jwks:get_providers(), lists:foreach(fun add_provider/1, Providers), case application:get_env(id_token, async_revalidate, false) of @@ -79,7 +79,7 @@ handle_info({refresh, Provider}, State) -> %% the price and re-initiate async_revalidate-loop after 10 seconds 10_000 end, - timer:send_after(Delay, self(), {refresh, Provider}), + {ok, _} = timer:send_after(Delay, self(), {refresh, Provider}), {noreply, State}. maybe_refresh(Provider, #{force_refresh := true}) -> diff --git a/src/id_token_pubkeys_storage.erl b/src/id_token_pubkeys_storage.erl index f0a1990..e15f91d 100644 --- a/src/id_token_pubkeys_storage.erl +++ b/src/id_token_pubkeys_storage.erl @@ -28,7 +28,7 @@ -define(call_callback(Args), begin Mod = ?BACKEND, - code:ensure_loaded(Mod), + _ = code:ensure_loaded(Mod), case erlang:function_exported(Mod, ?FUNCTION_NAME, ?FUNCTION_ARITY) of true -> erlang:apply(Mod, ?FUNCTION_NAME, Args); false -> {error, not_exported} diff --git a/src/id_token_sign.erl b/src/id_token_sign.erl index 39916db..570f9b1 100644 --- a/src/id_token_sign.erl +++ b/src/id_token_sign.erl @@ -46,7 +46,7 @@ add_key_for(Alg, Options) -> %%%=================================================================== init([]) -> id_token_pubkeys_storage:start(), - ets:new(?MODULE, ?ETS_OPTIONS), + ?MODULE = ets:new(?MODULE, ?ETS_OPTIONS), SignKeys = application:get_env(id_token, sign_keys, []), Timers = lists:sort([put_key_for(Alg, Opts) || {Alg, Opts} <- SignKeys]), {ok, Timers, timeout(Timers)}. diff --git a/test/prop_id_token_jwt.erl b/test/prop_id_token_jwt.erl index ee769b2..a9e517f 100644 --- a/test/prop_id_token_jwt.erl +++ b/test/prop_id_token_jwt.erl @@ -10,6 +10,8 @@ <<"RS256">>, <<"RS384">>, <<"RS512">>, <<"ES256">>, <<"ES384">>, <<"ES512">>]). +-elvis([{elvis_style, used_ignored_variable, disable}]). + %%%%%%%%%%%%%%%%%%%% %%% Eunit runner %%% %%%%%%%%%%%%%%%%%%%% @@ -38,7 +40,7 @@ prop_valid_signature() -> end). prop_invalid_signature() -> - ?FORALL({{JWK, PublicKeyMap}, {OtherJWK, OtherPublicKeyMap}, Claims}, + ?FORALL({{JWK, _PublicKeyMap}, {OtherJWK, OtherPublicKeyMap}, Claims}, {key_pair(), key_pair(), jwt_claims()}, begin #jose_jwk{fields = OtherFields} = OtherJWK, @@ -49,7 +51,7 @@ prop_invalid_signature() -> end). prop_no_matching_key() -> - ?FORALL({[{JWK, PublicKeyMap} | OtherKeys], Claims}, + ?FORALL({[{JWK, _PublicKeyMap} | OtherKeys], Claims}, {non_empty(list(key_pair())), jwt_claims()}, begin JWT = id_token_jws:sign(Claims, JWK), diff --git a/test/prop_id_token_sign.erl b/test/prop_id_token_sign.erl index e7c7355..2e0a34b 100644 --- a/test/prop_id_token_sign.erl +++ b/test/prop_id_token_sign.erl @@ -15,12 +15,12 @@ %%%%%%%%%%%%%%%%%%%% eunit_test_() -> Opts = [{numtests, 30}], - ?_assert(proper:quickcheck(prop_test(), Opts)). + ?_assert(proper:quickcheck(prop_test2(), Opts)). %%%%%%%%%%%%%%%%%% %%% PROPERTIES %%% %%%%%%%%%%%%%%%%%% -prop_test() -> +prop_test2() -> ?FORALL(Cmds, commands(?MODULE), begin id_token_sign:start_link(), diff --git a/test/prop_pubkeys_storage.erl b/test/prop_pubkeys_storage.erl index 76d2c2a..4fbf5eb 100644 --- a/test/prop_pubkeys_storage.erl +++ b/test/prop_pubkeys_storage.erl @@ -11,12 +11,12 @@ %%%%%%%%%%%%%%%%%%%% eunit_test_() -> Opts = [{numtests, 30}], - ?_assert(proper:quickcheck(prop_test(), Opts)). + ?_assert(proper:quickcheck(prop_test1(), Opts)). %%%%%%%%%%%%%%%%%% %%% PROPERTIES %%% %%%%%%%%%%%%%%%%%% -prop_test() -> +prop_test1() -> ?FORALL(Cmds, commands(?MODULE), begin id_token_pubkeys_storage:start(), @@ -54,7 +54,7 @@ postcondition(State, {call, _Mod, get_all, _Args}, {ok, Res}) -> lists:sort(maps:values(State)) =:= lists:sort(Res); postcondition(State, {call, _Mod, get, [Kid]}, Res) -> case {maps:find(Kid, State), Res} of - {{ok, _V}, {ok, _V}} -> true; + {{ok, V}, {ok, V}} -> true; {error, {error, not_found}} -> true; _ -> false end;