Stricter lint rules

Signed-off-by: Jan-Otto Kröpke <[email protected]>
jkroepke · Dec 20, 2024 · 6c00bc3 · 6c00bc3
1 parent 31f9f18
commit 6c00bc3
Show file tree

Hide file tree

Showing 27 changed files with 234 additions and 143 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -66,3 +66,86 @@ linters-settings:
       - ca *testcerts.CertificateAuthority
   lll:
     line-length: 160
+  revive:
+    rules:
+      - name: argument-limit
+        arguments: [ 6 ]
+      - name: atomic
+      - name: bare-return
+      - name: blank-imports
+      - name: bool-literal-in-expr
+      - name: call-to-gc
+      - name: comment-spacings
+        arguments:
+          - "nolint:"
+      - name: confusing-naming
+      #- name: confusing-results
+      - name: constant-logical-expr
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: datarace
+      - name: deep-exit
+      - name: defer
+      - name: dot-imports
+      - name: duplicated-imports
+      - name: early-return
+      - name: empty-block
+      - name: empty-lines
+      - name: enforce-map-style
+        arguments: [ "make" ]
+        exclude: [ "TEST" ]
+      - name: enforce-repeated-arg-type-style
+        arguments: [ "short" ]
+      - name: enforce-slice-style
+        arguments: [ "make" ]
+      - name: error-naming
+      - name: error-return
+      - name: error-strings
+      - name: errorf
+      #- name: function-result-limit
+      #  arguments: [ 3 ]
+      - name: get-return
+      - name: identical-branches
+      - name: if-return
+      - name: import-alias-naming
+      - name: import-shadowing
+      - name: increment-decrement
+      - name: indent-error-flow
+      # Enable again when https://github.com/mgechev/revive/issues/1103 is fixed
+      #      - name: max-public-structs
+      #        exclude: [ "TEST" ]
+      #        arguments: [ 5 ]
+      - name: modifies-parameter
+      - name: modifies-value-receiver
+      - name: optimize-operands-order
+      - name: package-comments
+      - name: range
+      - name: range-val-address
+      - name: range-val-in-closure
+      - name: receiver-naming
+      - name: redefines-builtin-id
+      - name: redundant-import-alias
+      - name: string-format
+        arguments:
+          - - 'fmt.Errorf[0],errors.New[0]'
+            - '/^([^A-Z]|$)/'
+            - 'Error string must not start with a capital letter.'
+          - - 'fmt.Errorf[0],errors.New[0]'
+            - '/(^|[^\.!?])$/'
+            - 'Error string must not end in punctuation.'
+          - - 'panic'
+            - '/^[^\n]*$/'
+            - 'Must not contain line breaks.'
+      - name: string-of-int
+      - name: struct-tag
+      - name: superfluous-else
+      - name: time-equal
+      - name: time-naming
+      - name: unconditional-recursion
+      - name: unexported-naming
+      - name: unnecessary-stmt
+      - name: unreachable-code
+      - name: unused-parameter
+      - name: var-declaration
+      - name: var-naming
+      - name: waitgroup-by-value
diff --git a/cmd/daemon/root.go b/cmd/daemon/root.go
@@ -114,7 +114,7 @@ func Execute(args []string, logWriter io.Writer, version, commit, date string) i
 		defer wg.Done()
 
 		if err := openvpnClient.Connect(); err != nil {
-			cancel(fmt.Errorf("OpenVPN: %w", err))
+			cancel(fmt.Errorf("openvpn: %w", err))
 
 			return
 		}

diff --git a/docs/Non-interactive session refresh.md b/docs/Non-interactive session refresh.md
@@ -6,7 +6,7 @@ This means users must log in interactively each time they authenticate, includin
 
 However, you can change this behavior by enabling the `oauth2.refresh.enabled=true` setting.
 This allows `openvpn-auth-oauth2` to store either the connection ID or SessionID (`oauth2.refresh.use-session-id=true`),
-accepting connections without additional login checks. SessionIDs are availible in OpenVPN, if
+accepting connections without additional login checks. SessionIDs are available in OpenVPN, if
 `auth-gen-token [lifetime] external-auth` is configured on server side.
 
 When `oauth2.refresh.validate-user=true` is set, `openvpn-auth-oauth2`

diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/zitadel/logging v0.6.1
 	github.com/zitadel/oidc/v3 v3.33.1
-	golang.org/x/net v0.32.0
+	golang.org/x/net v0.33.0
 	golang.org/x/oauth2 v0.24.0
 	golang.org/x/text v0.21.0
 )
@@ -24,7 +24,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/go-chi/chi/v5 v5.1.0 // indirect
+	github.com/go-chi/chi/v5 v5.2.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -39,10 +39,11 @@ require (
 	github.com/rs/cors v1.11.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/zitadel/schema v1.3.0 // indirect
-	go.opentelemetry.io/otel v1.32.0 // indirect
-	go.opentelemetry.io/otel/metric v1.32.0 // indirect
-	go.opentelemetry.io/otel/trace v1.32.0 // indirect
-	golang.org/x/crypto v0.30.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/otel v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.33.0 // indirect
+	go.opentelemetry.io/otel/trace v1.33.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

diff --git a/go.sum b/go.sum
@@ -7,8 +7,8 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
-github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.2.0 h1:Aj1EtB0qR2Rdo2dG4O94RIU35w2lvQSj6BRA4+qwFL0=
+github.com/go-chi/chi/v5 v5.2.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -44,8 +44,8 @@ github.com/knadh/koanf/providers/structs v0.1.0 h1:wJRteCNn1qvLtE5h8KQBvLJovidSd
 github.com/knadh/koanf/providers/structs v0.1.0/go.mod h1:sw2YZ3txUcqA3Z27gPlmmBzWn1h8Nt9O6EP/91MkcWE=
 github.com/knadh/koanf/v2 v2.1.2 h1:I2rtLRqXRy1p01m/utEtpZSSA6dcJbgGVuE27kW2PzQ=
 github.com/knadh/koanf/v2 v2.1.2/go.mod h1:Gphfaen0q1Fc1HTgJgSTC4oRX9R2R5ErYMZJy8fLJBo=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/madflojo/testcerts v1.3.0 h1:H6r7WlzfeLqzcuOglfAlnj5Rkt5iQoH1ctTi7FsLOdE=
@@ -60,6 +60,8 @@ github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/
 github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
 github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -74,16 +76,18 @@ github.com/zitadel/oidc/v3 v3.33.1 h1:e3w9PDV0Mh50/ZiJWtzyT0E4uxJ6RXll+hqVDnqGbT
 github.com/zitadel/oidc/v3 v3.33.1/go.mod h1:zkoZ1Oq6CweX3BaLrftLEGCs6YK6zDpjjVGZrP10AWU=
 github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
 github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
-go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
-go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
-go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
-go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
-go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
-go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
+go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
+go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
+go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
+go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
+go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

diff --git a/go.work.sum b/go.work.sum
@@ -515,6 +515,7 @@ github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
 github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
 github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
 github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=

diff --git a/internal/config/defaults.go b/internal/config/defaults.go
@@ -74,7 +74,7 @@ var Defaults = Config{
 			Expires:      time.Hour * 8,
 			ValidateUser: true,
 		},
-		Scopes: []string{},
+		Scopes: make([]string, 0),
 		Validate: OAuth2Validate{
 			Groups: make([]string, 0),
 			IPAddr: false,

diff --git a/internal/config/url.go b/internal/config/url.go
@@ -2,6 +2,6 @@ package config
 
 import "net/url"
 
-func IsURLEmpty(url *url.URL) bool {
-	return url == nil || url.String() == ""
+func IsURLEmpty(u *url.URL) bool {
+	return u == nil || u.String() == ""
 }
diff --git a/internal/oauth2/handler_test.go b/internal/oauth2/handler_test.go
@@ -52,7 +52,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -83,7 +83,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -117,7 +117,7 @@ func TestHandler(t *testing.T) {
 					PKCE:  true,
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -149,7 +149,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -180,7 +180,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -212,7 +212,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -244,7 +244,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -276,7 +276,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -308,7 +308,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},
@@ -340,7 +340,7 @@ func TestHandler(t *testing.T) {
 					},
 				},
 				OpenVpn: config.OpenVpn{
-					Bypass:        config.OpenVpnBypass{CommonNames: []string{}},
+					Bypass:        config.OpenVpnBypass{CommonNames: make([]string, 0)},
 					AuthTokenUser: true,
 				},
 			},

diff --git a/internal/oauth2/provider.go b/internal/oauth2/provider.go
@@ -165,10 +165,10 @@ func (p *Provider) getProviderOptions(basePath *url.URL) []rp.Option {
 		rp.WithAuthStyle(p.conf.OAuth2.AuthStyle.AuthStyle()),
 		rp.WithHTTPClient(p.httpClient),
 		rp.WithErrorHandler(func(w http.ResponseWriter, _ *http.Request, errorType string, errorDesc string, encryptedSession string) {
-			errorHandler(w, p.conf, p.logger, p.openvpn, http.StatusInternalServerError, errorType, errorDesc, encryptedSession)
+			p.errorHandler(w, http.StatusInternalServerError, errorType, errorDesc, encryptedSession)
 		}),
 		rp.WithUnauthorizedHandler(func(w http.ResponseWriter, _ *http.Request, desc string, encryptedSession string) {
-			errorHandler(w, p.conf, p.logger, p.openvpn, http.StatusUnauthorized, "Unauthorized", desc, encryptedSession)
+			p.errorHandler(w, http.StatusUnauthorized, "Unauthorized", desc, encryptedSession)
 		}),
 		rp.WithSigningAlgsFromDiscovery(),
 	}
@@ -226,24 +226,24 @@ func newOidcProvider(ctx context.Context, conf config.Config, httpClient *http.C
 	return provider, nil
 }
 
-func errorHandler(
-	w http.ResponseWriter, conf config.Config, logger *slog.Logger, openvpn OpenVPN,
-	httpStatus int, errorType string, errorDesc string, encryptedSession string,
+func (p *Provider) errorHandler(
+	w http.ResponseWriter,
+	httpStatus int, errorType, errorDesc, encryptedSession string,
 ) {
-	session, err := state.NewWithEncodedToken(encryptedSession, conf.HTTP.Secret.String())
+	session, err := state.NewWithEncodedToken(encryptedSession, p.conf.HTTP.Secret.String())
 	if err == nil {
-		logger = logger.With(
+		logger := p.logger.With(
 			slog.String("ip", fmt.Sprintf("%s:%s", session.IPAddr, session.IPPort)),
 			slog.Uint64("cid", session.Client.CID),
 			slog.Uint64("kid", session.Client.KID),
 			slog.String("common_name", session.CommonName),
 		)
-		openvpn.DenyClient(logger, session.Client, "client rejected")
+		p.openvpn.DenyClient(logger, session.Client, "client rejected")
 	} else {
-		logger.Debug("errorHandler: " + err.Error())
+		p.logger.Debug("errorHandler: " + err.Error())
 	}
 
-	writeError(w, logger, conf, httpStatus, errorType, errorDesc)
+	writeError(w, p.logger, p.conf, httpStatus, errorType, errorDesc)
 }
 
 func (p *Provider) GetNonce(id string) string {

diff --git a/internal/oauth2/providers/generic/check_test.go b/internal/oauth2/providers/generic/check_test.go
@@ -137,12 +137,12 @@ func TestValidateGroups(t *testing.T) {
 		requiredGroups []string
 		err            string
 	}{
-		{"groups not present", nil, []string{}, ""},
-		{"groups empty", []string{}, []string{}, ""},
-		{"groups present", []string{"apple"}, []string{}, ""},
+		{"groups not present", nil, make([]string, 0), ""},
+		{"groups empty", make([]string, 0), make([]string, 0), ""},
+		{"groups present", []string{"apple"}, make([]string, 0), ""},
 		{"configure one group", []string{"apple"}, []string{"apple"}, ""},
 		{"configure one group, groups not present", nil, []string{"apple"}, "missing claim: groups"},
-		{"configure two group, none match", []string{}, []string{"apple", "pear"}, generic.ErrMissingRequiredGroup.Error()},
+		{"configure two group, none match", make([]string, 0), []string{"apple", "pear"}, generic.ErrMissingRequiredGroup.Error()},
 		{"configure two group, missing one", []string{"apple"}, []string{"apple", "pear"}, ""},
 		{"configure two group", []string{"apple", "pear"}, []string{"apple", "pear"}, ""},
 	} {
@@ -187,12 +187,12 @@ func TestValidateRoles(t *testing.T) {
 		requiredRoles []string
 		err           string
 	}{
-		{"groups not present", nil, []string{}, ""},
-		{"groups empty", []string{}, []string{}, ""},
-		{"groups present", []string{"apple"}, []string{}, ""},
+		{"groups not present", nil, make([]string, 0), ""},
+		{"groups empty", make([]string, 0), make([]string, 0), ""},
+		{"groups present", []string{"apple"}, make([]string, 0), ""},
 		{"configure one role", []string{"apple"}, []string{"apple"}, ""},
 		{"configure one role, role not present", nil, []string{"apple"}, "missing claim: roles"},
-		{"configure two role, none match", []string{}, []string{"apple", "pear"}, generic.ErrMissingRequiredRole.Error()},
+		{"configure two role, none match", make([]string, 0), []string{"apple", "pear"}, generic.ErrMissingRequiredRole.Error()},
 		{"configure two role, missing one", []string{"apple"}, []string{"apple", "pear"}, ""},
 		{"configure two role", []string{"apple", "pear"}, []string{"apple", "pear"}, ""},
 	} {