refactor(users): burn down OIDC/admin lint exclusions (bookshelf-bbsd.2) #916
Open
zombor
wants to merge 1 commit from
bd-bookshelf-bbsd.2 into main
pull from: bd-bookshelf-bbsd.2
merge into: zombor:main
zombor:main
zombor:bd-bookshelf-28s0
zombor:bd-bookshelf-bbsd.5
zombor:bd-bookshelf-rppy
zombor:bd-bookshelf-s7kr
zombor:bd-bookshelf-v3ks
zombor:bd-bookshelf-bbsd.4
zombor:bd-bookshelf-6krh
zombor:bd-bookshelf-fq9r
zombor:bd-bookshelf-n51o
zombor:bd-bookshelf-4rvz
zombor:bd-bookshelf-cehm
zombor:bd-bookshelf-scev
zombor:bd-bookshelf-bkzy
zombor:bd-bookshelf-amwv
zombor:bd-bookshelf-9u56
zombor:bd-bookshelf-t5xp
zombor:bd-bookshelf-63dw.10
zombor:bd-bookshelf-0szi
zombor:bd-bookshelf-5kje
zombor:bd-bookshelf-fx7k
zombor:bd-bookshelf-y6z7
zombor:bd-bookshelf-zii7
zombor:bd-bookshelf-s8jh
zombor:bd-bookshelf-iso0
zombor:bd-bookshelf-ug3n
zombor:bd-bookshelf-rpr4
zombor:bd-bookshelf-b6je
zombor:bd-bookshelf-u8fd
zombor:bd-bookshelf-slof
zombor:bd-bookshelf-u5q4
zombor:bd-bookshelf-nu1i
zombor:bd-bookshelf-81x8
zombor:bd-bookshelf-vnu3
zombor:bd-bookshelf-ry66
zombor:bd-bookshelf-7mzg
zombor:bd-bookshelf-lj5p
zombor:bd-bookshelf-81gk
zombor:bd-bookshelf-poza
zombor:bd-bookshelf-v7r0
zombor:bd-bookshelf-3u1y
zombor:bd-bookshelf-y1nh
zombor:bd-bookshelf-94sd
zombor:bd-bookshelf-ssbz
zombor:bd-bookshelf-d4yf.2
zombor:bd-bookshelf-tal7
zombor:bd-bookshelf-h411
zombor:bd-bookshelf-mpfv
zombor:bd-bookshelf-o1qm
zombor:bd-bookshelf-0nyl
zombor:bd-bookshelf-63dw.9
zombor:bd-bookshelf-lwh6
zombor:bd-bookshelf-cp6i
zombor:bd-bookshelf-qdlw
zombor:bd-bookshelf-vbtl
zombor:bd-bookshelf-nqp0.3
zombor:bd-bookshelf-nqp0.1
zombor:bd-bookshelf-jxqf
zombor:bd-bookshelf-63dw.8
zombor:bd-bookshelf-d4yf.1
zombor:bd-bookshelf-pmd7
zombor:bd-bookshelf-jjj3
zombor:bd-bookshelf-5xcs.2
zombor:bd-bookshelf-nnb9.9
zombor:bd-bookshelf-wbf2
zombor:bd-bookshelf-7lsm
zombor:bd-bookshelf-5xcs.1
zombor:bd-bookshelf-ocjj
zombor:bd-bookshelf-htpc.2
zombor:bd-bookshelf-nnb9.12
zombor:bd-bookshelf-nnb9.10
zombor:bd-bookshelf-qnmg
zombor:bd-bookshelf-0ypn
zombor:bd-bookshelf-nnb9.26
zombor:bd-bookshelf-nnb9.19
zombor:bd-bookshelf-nnb9.22
zombor:bd-bookshelf-bpb9.1
zombor:bd-bookshelf-nnb9.16
zombor:bd-bookshelf-htpc.3
zombor:bd-bookshelf-zc7j
zombor:bd-bookshelf-tc4u
zombor:bd-bookshelf-nnb9.18
zombor:bd-bookshelf-uydp
zombor:bd-bookshelf-abwx
zombor:bd-bookshelf-nnb9.21
zombor:bd-bookshelf-3j83
zombor:bd-bookshelf-htpc.1
zombor:bd-bookshelf-nnb9.23
zombor:bd-bookshelf-9yut
zombor:bd-bookshelf-dziq
zombor:bd-bookshelf-1st
zombor:bd-bookshelf-8dp6
zombor:bd-bookshelf-ziz3
zombor:bd-bookshelf-fgkh
zombor:bd-bookshelf-nnb9.2
zombor:bd-bookshelf-nnb9.24
zombor:bd-bookshelf-1gkx
zombor:bd-bookshelf-e47e.1
zombor:bd-bookshelf-hh9z
zombor:bd-bookshelf-v1to
zombor:bd-bookshelf-m0g7
zombor:bd-bookshelf-fjkw
zombor:bd-bookshelf-vyya.3
zombor:bd-bookshelf-vqy9.20
zombor:bd-bookshelf-tdtj
zombor:bd-bookshelf-4ywp
zombor:bd-bookshelf-lw6t
zombor:bd-bookshelf-qy9b
zombor:bd-bookshelf-4op.3.5
zombor:bd-bookshelf-av3c
zombor:bd-bookshelf-y0h8
zombor:bd-bookshelf-nrl3
zombor:bd-bookshelf-04kb
zombor:bd-bookshelf-8czw
zombor:bd-bookshelf-rcgw
zombor:bd-bookshelf-skgs
zombor:bd-bookshelf-vyya.2
zombor:bd-bookshelf-vf83
zombor:bd-bookshelf-bimx
zombor:bd-bookshelf-lkra
zombor:bd-bookshelf-74qg
zombor:bd-bookshelf-061u
zombor:bd-bookshelf-qmhj
zombor:bd-bookshelf-63dw.7
zombor:bd-bookshelf-djaf
zombor:bd-bookshelf-2sjm
zombor:bd-bookshelf-3f0r.10
zombor:bd-bookshelf-9au8
zombor:bd-bookshelf-2hoy
zombor:bd-bookshelf-hynl
zombor:bd-bookshelf-qknn
zombor:bd-bookshelf-vqy9.3
zombor:bd-bookshelf-xn31
zombor:bd-bookshelf-vyya.1
zombor:bd-bookshelf-yaoi
zombor:bd-bookshelf-t1is
zombor:bd-bookshelf-f1lh
zombor:bd-bookshelf-bvmy
zombor:bd-bookshelf-vqy9-batch
zombor:bd-bookshelf-3f0r.5
zombor:bd-bookshelf-3f0r.11
zombor:bd-bookshelf-63dw.6
zombor:bd-bookshelf-o0m9
zombor:bd-bookshelf-63dw.5
zombor:bd-bookshelf-4op.11.3
zombor:bd-bookshelf-l7kx
zombor:bd-bookshelf-eccn.2
zombor:bd-bookshelf-63dw.4
zombor:bd-bookshelf-vqy9.9
zombor:bd-bookshelf-z9xy
zombor:bd-bookshelf-u7vb.4
zombor:bd-bookshelf-qzgu
zombor:bd-bookshelf-vqy9.8
zombor:bd-bookshelf-8uas
zombor:bd-bookshelf-3f0r.3
zombor:bd-bookshelf-etkw.13
zombor:bd-bookshelf-etkw.14
zombor:bd-bookshelf-4op.11.2
zombor:bd-bookshelf-uk9f
zombor:bd-bookshelf-etkw.12
zombor:bd-bookshelf-r5w2
zombor:bd-bookshelf-9gsf
zombor:bd-bookshelf-wh79
zombor:bd-bookshelf-jsng
zombor:bd-bookshelf-rqun
zombor:bd-bookshelf-hvk9
zombor:bd-bookshelf-nvnq
zombor:bd-bookshelf-xrpd
zombor:bd-bookshelf-9yjy
zombor:bd-bookshelf-0b1o
zombor:bd-bookshelf-tosp
zombor:bd-bookshelf-ezqn
zombor:bd-bookshelf-xwi0
zombor:bd-bookshelf-tvgm
zombor:bd-bookshelf-3f0r.9
zombor:bd-bookshelf-etkw.11
zombor:bd-bookshelf-vqy9.19
zombor:bd-bookshelf-etkw.10
zombor:bd-bookshelf-65fk
zombor:bd-bookshelf-u7vb.3
zombor:bd-bookshelf-quq6
zombor:bd-bookshelf-4np8
zombor:bd-bookshelf-4gae
zombor:bd-bookshelf-4fjs.2
zombor:bd-bookshelf-vqy9.12
zombor:bd-bookshelf-vqy9.15
zombor:bd-bookshelf-vqy9.13
zombor:bd-bookshelf-vqy9.2
zombor:bd-bookshelf-etkw.9
zombor:bd-bookshelf-etkw.8
zombor:bd-bookshelf-63dw.3
zombor:bd-bookshelf-3v97
zombor:bd-bookshelf-63dw.2
zombor:bd-bookshelf-c15a.6
zombor:bd-bookshelf-aulh
zombor:bd-bookshelf-etkw.7
zombor:bd-bookshelf-0ai8
zombor:bd-bookshelf-63dw.1
zombor:bd-bookshelf-etkw.6
zombor:bd-bookshelf-rzlf
zombor:bd-bookshelf-e4mq
zombor:bd-bookshelf-4ztq.2
zombor:bd-bookshelf-evno
zombor:bd-bookshelf-etkw.5
zombor:bd-bookshelf-h2af
zombor:bd-bookshelf-3f0r.7
zombor:bd-bookshelf-6edv
zombor:bd-bookshelf-pytb
zombor:bd-bookshelf-0q61
zombor:bd-bookshelf-3hcm
zombor:bd-bookshelf-hei6
zombor:bd-bookshelf-1257.1
zombor:bd-bookshelf-gxiq
zombor:bd-bookshelf-etkw.4
zombor:bd-bookshelf-y59n.5
zombor:bd-bookshelf-etkw.3
zombor:bd-bookshelf-rfru
zombor:bd-bookshelf-55dd.2
zombor:bd-bookshelf-d61z
zombor:bd-bookshelf-vqy9.7
zombor:bd-bookshelf-w3e2
zombor:bd-cleanup-sweep
zombor:bd-bookshelf-1x1l
zombor:bd-bookshelf-ts96
zombor:bd-bookshelf-vqy9.5
zombor:bd-bookshelf-s885
zombor:bd-bookshelf-4ztq.1
zombor:bd-bookshelf-wzqw
zombor:bd-bookshelf-3f0r.8
zombor:bd-bookshelf-vqy9.6
zombor:bd-bookshelf-23na
zombor:bd-bookshelf-0ynf
zombor:bd-bookshelf-55dd.1
zombor:bd-bookshelf-n89u.2
zombor:bd-bookshelf-n89u.3
zombor:bd-bookshelf-xcck
zombor:bd-bookshelf-f3yy
zombor:bd-bookshelf-nre9
zombor:bd-bookshelf-c15a.5
zombor:bd-bookshelf-06b7
zombor:bd-bookshelf-3jrv
zombor:bd-bookshelf-3jrv-rebased
zombor:bd-bookshelf-luo3
zombor:bd-bookshelf-n89u.1
zombor:bd-bookshelf-lv9s
zombor:bd-bookshelf-aq0a
zombor:bd-bookshelf-fi2u
zombor:bd-bookshelf-d7es
zombor:bd-bookshelf-irrt
zombor:bd-bookshelf-u7vb.2
zombor:bd-bookshelf-3f0r.6
zombor:bd-bookshelf-vqy9.4
zombor:bd-bookshelf-jh5d
zombor:bd-bookshelf-83i1
zombor:bd-bookshelf-yc8k
zombor:bd-bookshelf-u7vb.1
zombor:bd-bookshelf-43bh
zombor:bd-bookshelf-e0t0
zombor:bd-bookshelf-etkw.2
zombor:bd-bookshelf-5rj3
zombor:bd-bookshelf-zurw
zombor:bd-bookshelf-88oe
zombor:bd-bookshelf-etkw.1
zombor:bd-bookshelf-gf14
zombor:bd-bookshelf-tswu
zombor:bd-bookshelf-d17j
zombor:bd-bookshelf-2xfi
zombor:bd-bookshelf-q14o
zombor:bd-bookshelf-qfjk
zombor:bd-bookshelf-d1x3.3
zombor:bd-bookshelf-aox5
zombor:bd-bookshelf-2p2m
zombor:bd-bookshelf-uuew
zombor:bd-bookshelf-sjy4
zombor:bd-bookshelf-orxk
zombor:bd-bookshelf-72g7
zombor:bd-bookshelf-gzqz
zombor:bd-bookshelf-o0uh
zombor:bd-bookshelf-3f0r.4
zombor:bd-bookshelf-jmn7.4.2
zombor:bd-bookshelf-jmn7.6
zombor:bd-bookshelf-kfi6
zombor:bd-bookshelf-ptbo
zombor:bd-bookshelf-pd9x
zombor:bd-bookshelf-3f0r.2
zombor:bd-bookshelf-7hc1
zombor:bd-bookshelf-jmn7.7
zombor:bd-bookshelf-l5mo.3
zombor:bd-bookshelf-uib3.1
zombor:bd-bookshelf-w1or
zombor:bd-bookshelf-l5mo.2
zombor:bd-bookshelf-ubad
zombor:bd-bookshelf-3f0r.1
zombor:bd-bookshelf-l5mo.1
zombor:bd-bookshelf-jmn7.4.1
zombor:bd-bookshelf-g3y8
zombor:bd-bookshelf-lv0a
zombor:bd-bookshelf-bp34
zombor:bd-bookshelf-4op.11.1
zombor:bd-bookshelf-72gh
zombor:bd-bookshelf-hsf2
zombor:bd-bookshelf-pmfb
zombor:bd-bookshelf-8xhu
zombor:bd-bookshelf-vguw.7
zombor:bd-bookshelf-nb5x
zombor:bd-bookshelf-m8mh
zombor:bd-bookshelf-ubre
zombor:bd-bookshelf-vguw.6
zombor:bd-bookshelf-zw7g
zombor:bd-zw7g
zombor:bd-bookshelf-99n8
zombor:bd-bookshelf-hj9.3
zombor:bd-bookshelf-xhqy
zombor:bd-bookshelf-4op.10
zombor:bd-bookshelf-lt2p
zombor:bd-bookshelf-c15a.3
zombor:bd-bookshelf-4op.6
zombor:bd-bookshelf-d1x3.2
zombor:bd-bookshelf-4op.9
zombor:bd-bookshelf-g3rl
zombor:bd-bookshelf-senm.4
zombor:bd-bookshelf-r6lx.2
zombor:bd-bookshelf-pogw
zombor:bd-bookshelf-cizu
zombor:bd-bookshelf-hcyq
zombor:bd-bookshelf-d1x3.1
zombor:bd-bookshelf-7rz7
zombor:bd-bookshelf-j4xx
zombor:bd-bookshelf-y59n.3
zombor:bd-bookshelf-senm.3
zombor:bd-bookshelf-y59n.2
zombor:bd-bookshelf-1s0y
zombor:bd-bookshelf-9q4t
zombor:bd-bookshelf-senm.2
zombor:bd-bookshelf-iyv2
zombor:bd-bookshelf-uyem
zombor:bd-bookshelf-7akw
zombor:bd-bookshelf-d1x3.5
zombor:bd-bookshelf-cojh
zombor:bd-bookshelf-r6lx.1
zombor:bd-bookshelf-d1x3.4
zombor:bd-bookshelf-c15a.4
zombor:bd-bookshelf-dz34
zombor:bd-bookshelf-ku5n
zombor:bd-bookshelf-qebx
zombor:bd-bookshelf-yfnr2
zombor:bd-bookshelf-c5dv
zombor:bd-bookshelf-c15a.2
zombor:bd-bookshelf-l4jy
zombor:bd-bookshelf-0sha
zombor:bd-bookshelf-yfnr
zombor:bd-bookshelf-4xvk
zombor:bd-bookshelf-5adv
zombor:bd-bookshelf-v726
zombor:bd-bookshelf-c15a.1
zombor:bd-bookshelf-etwt
zombor:bd-bookshelf-ae60
zombor:bd-bookshelf-a9uk
zombor:bd-bookshelf-ilm7
zombor:bd-bookshelf-u5wp
zombor:bd-bookshelf-4fjs.1
zombor:bd-bookshelf-effh
zombor:bd-bookshelf-z6c7
zombor:bd-bookshelf-eh09
zombor:bd-bookshelf-qjty
zombor:bd-bookshelf-3tor
zombor:bd-bookshelf-q8f4
zombor:bd-bookshelf-kmqq
zombor:bd-bookshelf-tzsy
zombor:bd-bookshelf-qfff.8
zombor:bd-bookshelf-qfff.5
zombor:bd-bookshelf-qfff.7
zombor:bd-bookshelf-qfff.4
zombor:bd-bookshelf-qfff.6
zombor:bd-bookshelf-r0ua
zombor:bd-bookshelf-h97u
zombor:bd-bookshelf-qfff.9
zombor:bd-bookshelf-qfff.1
zombor:bd-bookshelf-qfff.3
zombor:bd-bookshelf-qfff.2
zombor:bd-bookshelf-q9sg
zombor:bd-bookshelf-cvak.1
zombor:bd-bookshelf-nkni
zombor:bd-bookshelf-4hep
zombor:bd-bookshelf-3g0l
zombor:bd-bookshelf-bnuz
zombor:bd-bookshelf-tr2i
zombor:bd-bookshelf-kxyu
zombor:bd-bookshelf-o1v2
zombor:bd-bookshelf-nage
zombor:bd-bookshelf-uij9
zombor:bd-bookshelf-1utg
zombor:bd-bookshelf-8cu.2
zombor:bd-bookshelf-e5qr
zombor:bd-bookshelf-sw5a
zombor:bd-bookshelf-l94s
zombor:bd-bookshelf-5455
zombor:bd-bookshelf-rdcc
zombor:bd-bookshelf-81q5
zombor:bd-bookshelf-jgr1.3
zombor:bd-bookshelf-8cu.5
zombor:bd-bookshelf-htlp
zombor:bd-bookshelf-4y3y.5
zombor:bd-bookshelf-8fiv
zombor:bd-bookshelf-jgr1.2
zombor:bd-bookshelf-47m9
zombor:bd-bookshelf-dwt.7
zombor:bd-bookshelf-2i6b
zombor:bd-bookshelf-50z.6
zombor:bd-bookshelf-phay
zombor:bd-bookshelf-xtnx
zombor:bd-bookshelf-h448
zombor:bd-bookshelf-50z.7
zombor:bd-bookshelf-mtxh.6
zombor:bd-bookshelf-ptvk
zombor:bd-bookshelf-tv2h
zombor:bd-bookshelf-jgr1.1
zombor:bd-bookshelf-66to
zombor:bd-bookshelf-clwi
zombor:bd-bookshelf-wy3d
zombor:bd-bookshelf-xqdp
zombor:bd-bookshelf-j4v4
zombor:bd-bookshelf-9i06
zombor:bd-bookshelf-dj2u
zombor:bd-bookshelf-uz59
zombor:bd-bookshelf-jhqh
zombor:bd-bookshelf-hoxb
zombor:bd-bookshelf-8cu.4
zombor:bd-bookshelf-nki1
zombor:bd-bookshelf-cpxo
zombor:bd-bookshelf-lplk
zombor:bd-bookshelf-v1at
zombor:bd-bookshelf-hnen
zombor:bd-bookshelf-cupd
zombor:bd-bookshelf-oxau
zombor:bd-bookshelf-nmkq
zombor:bd-bookshelf-mjbo.4
zombor:bd-bookshelf-izde
zombor:bd-bookshelf-4y3y.4
zombor:bd-bookshelf-bu7h
zombor:bd-bookshelf-ixav
zombor:bd-bookshelf-491n
zombor:bd-bookshelf-93cc
zombor:bd-bookshelf-gdnn
zombor:bd-bookshelf-qk72.2
zombor:bd-bookshelf-cs9.2
zombor:bd-bookshelf-a977
zombor:bd-bookshelf-d7d5
zombor:bd-bookshelf-8cu.3
zombor:bd-bookshelf-4op.3.6
zombor:bd-bookshelf-w59y
zombor:bd-bookshelf-dwqu
zombor:bd-bookshelf-jdls
zombor:bd-bookshelf-jmn7.3
zombor:bd-bookshelf-37ef.1
zombor:bd-bookshelf-qk72.1
zombor:bd-bookshelf-4op.3.3
zombor:bd-bookshelf-4op.3.2
zombor:bd-bookshelf-8cu.1
zombor:bd-bookshelf-xm84.1
zombor:bd-bookshelf-4op.3.1
zombor:bd-bookshelf-qk72.3
zombor:bd-bookshelf-cs9.1
zombor:bd-bookshelf-4y3y.3
zombor:bd-bookshelf-4op.5
zombor:bd-bookshelf-80zv.1
zombor:bd-bookshelf-4y3y.6
zombor:bd-bookshelf-cvak
zombor:bd-o3np
zombor:bd-bookshelf-o3np
zombor:bd-bookshelf-4y3y.2
zombor:bd-bookshelf-wg60
zombor:bd-m6x0.4
zombor:bd-bookshelf-ecaf
zombor:bd-uqwl
zombor:bd-bookshelf-8duj
zombor:bd-bookshelf-5gko
zombor:bd-bookshelf-4y3y.1
zombor:bd-bookshelf-wnt7
zombor:bd-bookshelf-hx8i
zombor:bd-bookshelf-jmn7.1
zombor:bd-bookshelf-0cay
zombor:bd-bookshelf-69k4
zombor:bd-bookshelf-rh2k
zombor:bd-bookshelf-fflj
zombor:bd-bookshelf-po6m
zombor:bd-bookshelf-37jn
zombor:bd-bookshelf-xikn
zombor:bd-bookshelf-rgjd
zombor:bd-zz2b
zombor:bd-bookshelf-epxf
zombor:bd-bookshelf-2678
zombor:bd-bookshelf-jmn7.2
zombor:bd-bookshelf-5vc6
zombor:bd-bookshelf-ve3e.6
zombor:bd-bookshelf-kn7x
zombor:bd-bookshelf-9qsi
zombor:bd-bookshelf-pnzo
zombor:bd-bookshelf-yfhm
zombor:bd-bookshelf-kurr
zombor:bd-bookshelf-h8fw
zombor:bd-bookshelf-wzef
zombor:bd-bookshelf-c6bm
zombor:bd-bookshelf-obdm
zombor:bd-bookshelf-x1g6
zombor:bd-bookshelf-2b8a
zombor:bd-bookshelf-hpu4
zombor:bd-bookshelf-gm1p
zombor:bd-bookshelf-624i
zombor:bd-bookshelf-sjpx
zombor:bd-bookshelf-6b8h
zombor:bd-bookshelf-mjbo.3
zombor:bd-bookshelf-7tln
zombor:bd-bookshelf-evw2
zombor:bd-bookshelf-yb5n
zombor:bd-bookshelf-mjbo.2
zombor:bd-bookshelf-m6x0.3
zombor:bd-bookshelf-jmn7.5
zombor:bd-bookshelf-3ehn
zombor:bd-bookshelf-7dfl
zombor:bd-bookshelf-m9gp
zombor:bd-bookshelf-buk6
zombor:bd-bookshelf-53oh
zombor:bd-bookshelf-dn31
zombor:bd-bookshelf-mjbo.8
zombor:bd-bookshelf-6ibb
zombor:bd-bookshelf-mjbo.7
zombor:bd-bookshelf-m6x0.2
zombor:bd-bookshelf-m6x0.1
zombor:bd-bookshelf-ukqt.3
zombor:bd-bookshelf-ukqt.4
zombor:bd-bookshelf-ukqt.2
zombor:bd-bookshelf-mjbo.1
zombor:bd-bookshelf-ukqt.1
zombor:bd-8uqb
zombor:bd-bookshelf-90fa
zombor:bd-bookshelf-8j6l
zombor:bd-review-minors
zombor:bd-bookshelf-pp5v
zombor:bd-bookshelf-8eu.4
zombor:bd-bookshelf-mtxh.5
zombor:bd-bookshelf-mtxh.4
zombor:bd-bookshelf-mtxh.3
zombor:bd-bookshelf-mtxh.2
zombor:bd-bookshelf-mtxh.1
zombor:bd-bookshelf-pwix
zombor:bd-bookshelf-n6gq
zombor:bd-bookshelf-60i0
zombor:bd-bookshelf-135h
zombor:bd-bookshelf-8dbo
zombor:bd-bookshelf-xh7c
zombor:bd-bookshelf-l14e
zombor:bd-bookshelf-dwpw
zombor:bd-bookshelf-1kzh
zombor:bd-bookshelf-9rvz
zombor:bd-bookshelf-3zzc
zombor:bd-bookshelf-2yth.2
zombor:bd-bookshelf-2yth.1
zombor:bd-bookshelf-b9dx
zombor:bd-bookshelf-sp5u
zombor:bd-bookshelf-ve3e.5
zombor:bd-bookshelf-6jrd
zombor:bd-bookshelf-aoem
zombor:bd-bookshelf-eapl
zombor:bd-bookshelf-51tt
zombor:bd-bookshelf-yrz5
zombor:bd-bookshelf-ur0w
zombor:bd-bookshelf-3bxp
zombor:bd-bookshelf-juh7
zombor:poc/go-workflows
zombor:bd-bookshelf-nzv0
zombor:bd-bookshelf-ve3e.3
zombor:bd-bookshelf-ve3e.2
zombor:bd-bookshelf-b32t
zombor:bd-bookshelf-ve3e.1
zombor:bd-bookshelf-vguw.17
zombor:bd-bookshelf-vguw.16
zombor:bd-bookshelf-vguw.14
zombor:bd-bookshelf-vguw.13
zombor:bd-bookshelf-vguw.12
zombor:bd-bookshelf-vguw.10
zombor:bd-bookshelf-vguw.11
zombor:bd-bookshelf-vguw.9
zombor:bd-bookshelf-vguw.8
zombor:bd-bookshelf-vguw.5
zombor:bd-bookshelf-vguw.4
zombor:bd-bookshelf-vguw.3
zombor:bd-bookshelf-vguw.2
zombor:bd-bookshelf-vguw.1
zombor:bd-bookshelf-i32o
zombor:bd-8dbo
zombor:bd-bookshelf-1ho9
zombor:bd-bookshelf-0zpr.5
zombor:bd-bookshelf-0zpr.3
zombor:bd-bookshelf-0zpr.2
zombor:bd-mg0c
zombor:bd-bookshelf-qce9.2
zombor:bd-bookshelf-0zpr.4
zombor:bd-bookshelf-qce9.4
zombor:bd-bookshelf-imcd.3
zombor:bd-bookshelf-2jxl
zombor:bd-bookshelf-imcd.1
zombor:bd-bd4l
zombor:bd-bookshelf-bevu
zombor:bd-bookshelf-imcd.2
zombor:bd-bookshelf-rb97
zombor:bd-fp2r
zombor:bd-uml2
zombor:bd-bookshelf-gphb
zombor:bd-bookshelf-9hcf
zombor:bd-bookshelf-b5pj
zombor:bd-bookshelf-xnm6
zombor:bd-bookshelf-9f97
zombor:bd-bookshelf-50z.3
zombor:bd-bookshelf-50z.4
zombor:bd-50z1-repo-refs
zombor:bd-bookshelf-50z.1
zombor:bd-bookshelf-1xpy
zombor:bd-bookshelf-mn8s
zombor:bd-bookshelf-qce9.1
zombor:bd-bookshelf-9oeo
zombor:bd-bookshelf-idkg
zombor:bd-bookshelf-1nsa
zombor:bd-bookshelf-0zpr.1
zombor:bd-bookshelf-cipr
zombor:bd-bookshelf-n43x
zombor:bd-bookshelf-c9x5
zombor:bd-bookshelf-bukz
zombor:bd-bookshelf-b3s1
zombor:bd-bookshelf-dct5
zombor:bd-bookshelf-r0es
zombor:bd-bookshelf-kfu9
zombor:bd-bookshelf-2359
zombor:bd-bookshelf-qodb
zombor:bd-bookshelf-n2q6
zombor:bd-bookshelf-het5
zombor:bd-bookshelf-2loz
zombor:bd-bookshelf-00yo
zombor:bd-bookshelf-blm4
zombor:bd-bookshelf-3avz
zombor:bd-bookshelf-4op.8
zombor:bd-bookshelf-0j7.16
zombor:bd-bookshelf-v7na
zombor:bd-bookshelf-z83r
zombor:bd-bookshelf-akzq
zombor:bd-bookshelf-6bsv
zombor:bd-bookshelf-0915
zombor:bd-bookshelf-ji8p
zombor:bd-bookshelf-que1
zombor:bd-bookshelf-1axt
zombor:bd-bookshelf-pkbz
zombor:bd-bookshelf-8ggs
zombor:bd-bookshelf-vs3x
zombor:bd-bookshelf-cxlu
zombor:bd-bookshelf-oydh
zombor:bd-bookshelf-10jh
zombor:bd-bookshelf-r2er
zombor:bd-bookshelf-38if
zombor:bd-bookshelf-4c6n
zombor:bd-bookshelf-l9nn
zombor:bd-bookshelf-dwt.8
zombor:bd-bookshelf-w5y.2
zombor:bd-bookshelf-1ozd
zombor:bd-bookshelf-s2fd
zombor:bd-bookshelf-irw
zombor:bd-bookshelf-38y
zombor:bd-bookshelf-9wut.4
zombor:bd-bookshelf-88pi
zombor:bd-bookshelf-pw9
zombor:bd-bookshelf-9wut.3
zombor:bd-bookshelf-u1d
zombor:bd-bookshelf-7wr
zombor:bd-bookshelf-moxf
zombor:bd-bookshelf-9wut.2
zombor:bd-bookshelf-i3z
zombor:bd-bookshelf-s9vp
zombor:bd-bookshelf-nx9x
zombor:bd-bookshelf-fjjl
zombor:bd-bookshelf-s9wm
zombor:bd-bookshelf-9wut.1
zombor:bd-bookshelf-t1ax
zombor:bd-bookshelf-8eu.3
zombor:bd-bookshelf-dwt.5
zombor:bd-bookshelf-j0jh
zombor:bd-bookshelf-5fy
zombor:bd-bookshelf-dwt.9
zombor:bd-bookshelf-4op.4
zombor:bd-bookshelf-8eu.2
zombor:bd-bookshelf-dwt.3
zombor:bd-bookshelf-5j1f
zombor:bd-bookshelf-i8s
zombor:bd-bookshelf-dwt.6
zombor:bd-bookshelf-8eu.1
zombor:bd-bookshelf-pur
zombor:bd-bookshelf-0j7.8
zombor:bd-bookshelf-jgh
zombor:bd-bookshelf-9jt2
zombor:bd-bookshelf-dwt.4
zombor:bd-bookshelf-pts
zombor:bd-bookshelf-nz6
zombor:bd-ful
zombor:bd-bookshelf-3mod
zombor:bd-bookshelf-6xm
zombor:bd-bookshelf-6gj
zombor:bd-bookshelf-ztw
zombor:bd-bookshelf-a56k
zombor:bd-bookshelf-xwh
zombor:bd-93w
zombor:bd-80bn
zombor:bd-bookshelf-7lz
zombor:bd-bookshelf-b4y
zombor:bd-bookshelf-r64
zombor:bd-bookshelf-w8s
zombor:bd-bookshelf-sci
zombor:bd-bookshelf-hj9.2
zombor:bd-bookshelf-91o
zombor:bd-bookshelf-6hh
zombor:bd-bookshelf-ism
zombor:bd-bookshelf-dwt.10
zombor:bd-bookshelf-qm7
zombor:bd-prefix-fix
zombor:bd-bookshelf-abf
zombor:bd-bookshelf-3dz
zombor:bd-bookshelf-xpd.4
zombor:bd-bookshelf-xpd.2.3
zombor:bd-bookshelf-pcz
zombor:bd-bookshelf-e5h
zombor:bd-bookshelf-h6w
zombor:bd-bookshelf-l0m
zombor:bd-bookshelf-xp3
zombor:bd-bookshelf-xpd.3
zombor:bd-bookshelf-xpd.2.5
zombor:bd-bookshelf-adx
zombor:bd-bookshelf-xpd.2.2
zombor:bd-bookshelf-q5k
zombor:bd-bookshelf-6v1
zombor:bd-bookshelf-8cb
zombor:bd-bookshelf-p18
zombor:bd-bookshelf-o0q
zombor:bd-bookshelf-rw5
zombor:bd-bookshelf-z0j
zombor:bd-bookshelf-vtp.10
zombor:bd-bookshelf-fj9
zombor:bd-bookshelf-b9b
zombor:bd-bookshelf-3km
zombor:bd-bookshelf-gch
zombor:bd-bookshelf-as1
zombor:bd-bookshelf-vtp.1
zombor:bd-bookshelf-24j
zombor:bd-bookshelf-a09
zombor:bd-bookshelf-7ev
zombor:bd-bookshelf-krg
zombor:bd-bookshelf-vtp.12
zombor:bd-bookshelf-8jq
zombor:bd-bookshelf-u76
zombor:bd-bookshelf-7fc
zombor:bd-bookshelf-xpd.2.6
zombor:slicing-standard
zombor:bd-bookshelf-xpd.2.7
zombor:bd-bookshelf-28z
zombor:bd-bookshelf-nqx
zombor:bd-bookshelf-9g3.3
zombor:bd-7ev
zombor:bd-bookshelf-nrr
zombor:bd-bookshelf-2se
zombor:bd-bookshelf-hj9.1.1
zombor:bd-bookshelf-hj9.1
zombor:bd-bookshelf-dl3
zombor:bd-bookshelf-17t.9
zombor:bd-bookshelf-17t.4
zombor:bd-bookshelf-2zg
zombor:bd-bookshelf-xpd.2.1
zombor:bd-bookshelf-3ll
zombor:bd-bookshelf-17t.8
zombor:bd-bookshelf-0j7.4
zombor:bd-bookshelf-xpd.2.4
zombor:bd-bookshelf-xpd.1
zombor:bd-bookshelf-ee4
zombor:bd-bookshelf-h77
zombor:bd-bookshelf-466
zombor:bd-bookshelf-0j7.15
zombor:bd-bookshelf-dwt.2
zombor:bd-bookshelf-07i
zombor:bd-bookshelf-0j7.14.4
zombor:bd-bookshelf-rg8
zombor:bd-bookshelf-9g3.2
zombor:bd-bookshelf-17t.7
zombor:bd-bookshelf-17t.2
zombor:bd-bookshelf-17t.5
zombor:bd-bookshelf-17t.6
zombor:bd-bookshelf-17t.3
zombor:bd-bookshelf-17t.1
zombor:bd-bookshelf-o92
zombor:bd-bookshelf-gmp
zombor:bd-bookshelf-0j7.7
zombor:bd-bookshelf-dwt.1
zombor:bd-bookshelf-3u6
zombor:bd-bookshelf-0j7.14.1
zombor:bd-bookshelf-24a.5
zombor:bd-bookshelf-0j7.14.3
zombor:bd-bookshelf-0j7.14.2
zombor:bd-bookshelf-9g3.1
zombor:bd-bookshelf-7pu
zombor:bd-bookshelf-waj.2
zombor:bd-bookshelf-6lc
zombor:bd-bookshelf-um5
zombor:bd-bookshelf-0j7.11
zombor:bd-bookshelf-v0g
zombor:bd-bookshelf-7m0
zombor:bd-bookshelf-4op.7
zombor:bd-bookshelf-ukv.1
zombor:bd-bookshelf-474.3
zombor:bd-bookshelf-3zz
zombor:bd-bookshelf-kb1
zombor:bd-bookshelf-iox
zombor:bd-bookshelf-ahs
zombor:bd-bookshelf-waj.1
zombor:bd-bookshelf-0j7.12
zombor:bd-bookshelf-7ua
zombor:bd-bookshelf-tsa
zombor:bd-bookshelf-474.1
zombor:bd-bookshelf-0j7.10
zombor:bd-bookshelf-w5y.3
zombor:bd-bookshelf-0j7.3
zombor:bd-bookshelf-w3m.9
zombor:bd-bookshelf-w3m.10
zombor:bd-bookshelf-w3m.40
zombor:bd-bookshelf-0j7.13
zombor:bd-bookshelf-w3m.18
zombor:bd-bookshelf-4op.2
zombor:bd-bookshelf-w3m.34
zombor:bd-bookshelf-w3m.27
zombor:bd-bookshelf-ayw
zombor:bd-bookshelf-a86
zombor:bd-bookshelf-6a1
zombor:bd-bookshelf-4op.1
zombor:bd-bookshelf-dkc
zombor:bd-bookshelf-0j7.2
zombor:bd-bookshelf-w3m.24
zombor:bd-bookshelf-e7u
zombor:bd-bookshelf-932
zombor:bd-bookshelf-e69
zombor:bd-bookshelf-w5y.8
zombor:bd-bookshelf-fr5.2
zombor:bd-bookshelf-fnb
zombor:bd-bookshelf-w5y.6
zombor:bd-bookshelf-1pv
zombor:bd-bookshelf-24a.6
zombor:bd-bookshelf-zjb
zombor:bd-bookshelf-dbp
zombor:bd-bookshelf-24a.3
zombor:bd-bookshelf-w5y.5
zombor:bd-bookshelf-0j7.1
zombor:bd-bookshelf-w3m.23
zombor:bd-bookshelf-w3m.26
zombor:bd-bookshelf-w3m.36
zombor:bd-bookshelf-w3m.35
zombor:bd-bookshelf-w3m.39
zombor:bd-bookshelf-w3m.37
zombor:bd-bookshelf-axt.4
zombor:bd-bookshelf-24a.1
zombor:bd-bookshelf-omd
zombor:bd-bookshelf-0gz
zombor:bd-bookshelf-w5y.4
zombor:bd-bookshelf-fu9.3
zombor:bd-bookshelf-ejl.1
zombor:bd-bookshelf-o7z
zombor:bd-bookshelf-c6k
zombor:bd-bookshelf-ejl.3
zombor:bd-bookshelf-tp4
zombor:bd-bookshelf-ejl.2
zombor:bd-bookshelf-fu9.2
zombor:bd-bookshelf-p5w
zombor:bd-bookshelf-fu9.1
zombor:bd-bookshelf-j4f
zombor:bd-bookshelf-axt.3
zombor:bd-bookshelf-w5y.1
zombor:bd-bookshelf-yuh
zombor:bd-bookshelf-nfb
zombor:bd-bookshelf-axt.2
zombor:bd-bookshelf-rna
zombor:bd-bookshelf-2lh
zombor:bd-bookshelf-axt.1
zombor:bd-bookshelf-qqz.5
zombor:bd-bookshelf-s92
zombor:workflow-mergeability-check
zombor:bd-bookshelf-2tc
zombor:bd-bookshelf-8df
zombor:bd-bookshelf-qqz.9
zombor:bd-bookshelf-qqz.4
zombor:bd-bookshelf-qqz.7
zombor:code-style-rules
zombor:ci-drop-mysql-service
zombor:bd-bookshelf-qqz.8
zombor:bd-bookshelf-qqz.11
zombor:bd-bookshelf-qqz.6
zombor:bd-bookshelf-qqz.10
zombor:bd-bookshelf-qqz.3
zombor:bd-bookshelf-qqz.2
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".
No due date set.
Dependencies
No dependencies set.
Reference
zombor/pergamum!916
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "bd-bookshelf-bbsd.2"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Brings the grandfathered
internal/usersOIDC and admin god-functions under the now-live lint gates (funlen ≤60L/40stmt, gocyclo ≤15, nestif ≤5) and deletes their.golangci.ymlexclusion entries.Functions refactored:
OIDCHandleCallback— extractedoidcValidateCallbackState,oidcExchangeCode,oidcVerifyAndProvision,oidcRecordSession,oidcIssueTokens,buildOAuthConfigprovisionOIDCUser— extractedderiveDisplayName,deriveUsernamesyncOIDCGroupMappings— extractedmergeGroupMappingsapplyPermissionsJSON— replaced 27 individualifblocks with a package-levelpermSetterTable []permSetterverifyIDToken— extractedbuildJWKKeySet,resolveJWKSKey,validateTokenAudienceadminUsersListHandler— extractedparseListParams,buildUserListRowsadminUserUpdateHandler— extractedparseUpdateLibraryIDs,validateLibraryIDs,adminUpdateUserError.golangci.ymllines removed: allinternal/users/entries fromfunlen,gocyclo, andnestifexclude-rules sections. Zero new exclusions added.Coverage: Added test for
deriveDisplayName'susernameClaimfallback branch (nameabsent,preferred_usernamepresent) to maintain 100% coverage gate.Test plan
make lint— 0 issuesmake test— passmake coverage—check-coverage: OKCloses bead bookshelf-bbsd.2 on merge.
Workflow Detail page screenshot (wf-detail-older-execution)
Older completed ContinueAsNew epoch detail — execution ID and state visible, Cancel absent.
Recompute Match Score — kebab open screenshot (recompute-match-score-kebab-open)
CODE REVIEW: APPROVED
Reviewed diff of bd-bookshelf-bbsd.2 (refactor internal/users OIDC/admin god-functions + burn .golangci.yml exclusions).
Phase 0: DEMO Verification
This is a behavior-preserving internal refactor with no user-visible surface change. There is no DEMO block, which is appropriate — the CI gate and lint gate together are the truth signal for a pure refactor. CI: success. Lint exclusions removed: verified in diff. Proceeding to Phase 1.
Phase 1: Spec Compliance
Bead description: refactor OIDCHandleCallback, provisionOIDCUser, syncOIDCGroupMappings, applyPermissionsJSON, verifyIDToken, adminUsersListHandler, adminUserUpdateHandler; delete all internal/users/ .golangci.yml exclusions (funlen, gocyclo, nestif).
All seven functions refactored: confirmed in diff.
.golangci.yml burn-down — 7 exclusion blocks removed, 0 added:
Phase 2: Behavior Preservation
Traced each extraction against the original control flow:
admin_handler.go
parseListParams (lines 130-153): afterID defaults to 0 (zero value, unchanged when parse fails), limit defaults to adminUsersDefaultLimit, capped at adminUsersMaxLimit. Identical to original inline logic.
buildUserListRows (lines 157-165): pre-allocates with make([]AdminUserListRow, len(pg.Users)), same loop body.
adminUsersListHandler error-param simplification (line 216): original was a switch with one case "self-delete"; new is an if == "self-delete". Behavior identical.
parseUpdateLibraryIDs / validateLibraryIDs / adminUpdateUserError: extracted verbatim. The UpdateUser error path (JSON branch: sets 422 + JSON body; HTML branch: re-fetches user, sets 422 + renders form) is preserved exactly in adminUpdateUserError. Call site returns adminUpdateUserError(...) so the early-return semantics are unchanged.
oidc_jwks.go
buildJWKKeySet: removed the keyEntry struct wrapper; stores pub any directly. resolveJWKSKey: reproduces the original kid-lookup with len==1 fallback faithfully.
validateTokenAudience: string/[]any/default cases match the original switch. The string case: on mismatch returns error, on match falls through to return nil. The []any case: early-return on first match, error after loop (replaces found bool). Functionally identical.
oidc_service.go
OIDCHandleCallback pipeline: getConfig -> oidcValidateCallbackState (Enabled check + state CSRF check) -> discoverMeta -> oidcExchangeCode (Exchange + extract id_token; ErrInvalidCredentials on Exchange failure) -> oidcVerifyAndProvision (fetchJWKS + verifyIDToken + provisionOIDCUser) -> oidcRecordSession (non-fatal insertOIDCSession) -> syncOIDCGroupMappings -> oidcIssueTokens. Every step maps 1:1 to the original inlined code. No branch dropped or reordered.
oidcRecordSession: cfg.Issuer passed as issuer argument at call site; OidcIssuer field receives the same value. Non-fatal error handling preserved.
deriveDisplayName: nameClaim -> usernameClaim -> email local-part -> "OIDC User" fallback chain matches the original if-cascade exactly.
deriveUsername: usernameClaim -> emailClaim -> sub matches original.
provisionOIDCUser: emailNull hoisted before the ErrNoRows branch — safe because the computation is identical in both branches (same email variable, same NullString construction).
mergeGroupMappings: groupSet construction, isAdmin accumulation, applyPermissionsJSON call, parseLibraryIDs + warn-and-continue on error — all preserved.
syncOIDCGroupMappings: anyMatched gating of setLibraries (both anyMatched==true with empty libIDs and anyMatched==false paths preserved).
applyPermissionsJSON: table-driven replacement covers all 27 permission keys. Verified count and field mappings against original if-chain.
Phase 3: oidc_coverage_test.go Anti-Gaming Audit
internal/users/oidc_coverage_test.go lines 435-461 — new Context "name derived from preferred_username when name claim is absent":
This is a genuine behavioral assertion covering the deriveDisplayName usernameClaim branch. Not coverage padding.
Package declaration confirmed: package users_test. ExportProvisionOIDCUser pre-exists on main (export_test.go: var ExportProvisionOIDCUser = provisionOIDCUser); not a new export introduced by this PR.
One-Expect-per-It: confirmed (single Expect in the new It block; err folded in via trailing-actual form).
Findings
[MINOR] internal/users/oidc_service.go — oidcVerifyAndProvision, oidcIssueTokens parameter count
Both functions exceed the project metric of <5 parameters (use object for >5): oidcVerifyAndProvision has 9, oidcIssueTokens has 8. They are unexported helpers extracted from an existing large function; adding a parameter struct is out of scope for this refactor bead. Note for a follow-up pass.
[MINOR] internal/users/admin_handler.go:387 — adminUpdateUserError parameter count
9 parameters (w, r, d, id, perms, libraryIDs, contentRestrictions, allLibraries, updateErr). Same reasoning as above.
[MINOR] internal/users/admin_handler.go — var-at-top preference not applied in refactored handlers
adminUsersListHandler and adminUserUpdateHandler use inline := throughout rather than a top-of-block var block. Per project conventions this is a stated preference, not absolute, and the functions are short post-extraction. Acceptable here.
REVIEW VERDICT: 0 blocker, 0 major, 3 minor
Security Review — bookshelf-bbsd.2 (PR #916)
Refactor of OIDC/admin god-functions into extracted helpers. This is auth code; the bar is high. Traced every extracted helper against the original monolithic function.
1. verifyIDToken — all token checks survive
Signature validation:
jwt.ParseWithClaimswith the JWKS-keyed function is unchanged.buildJWKKeySet+resolveJWKSKeyproduce the same key lookup as the originalkeyEntrymap with identical fall-back-to-sole-key logic.Expiry / not-before / issued-at:
jwt.MapClaims.Valid()(called internally byParseWithClaimsin golang-jwt v5) validatesexp,nbf, andiat. This was true before and after the refactor.Issuer: manually validated after
ParseWithClaimsat the same position as original —claims["iss"] != expectedIssuer→ error.Audience: extracted into
validateTokenAudience(claims jwt.MapClaims, expectedAudience string) error. Logic is byte-equivalent to the original inline switch: string case rejects mismatch;[]anycase iterates with early-return nil on match or error if exhausted; default rejects unknown type. No path change.Nonce: never implemented before this PR (no
nonceparameter inOIDCBeginLogin, no nonce check in callback). Not dropped by this refactor — pre-existing gap outside this diff's scope.2. OIDCHandleCallback — state/CSRF check survives and order preserved
oidcValidateCallbackState(cfg, state, cookieState, logger)is called first aftergetConfig, beforediscoverMeta, beforeoidcExchangeCode, beforeoidcVerifyAndProvision. Sequence: state check → discover → exchange code → verify token → provision user → record session (non-fatal) → sync groups (fatal) → issue tokens. Identical to original.oidcValidateCallbackStatechecks: OIDC disabled →ErrOIDCNotEnabled;state == "" || state != cookieState→ErrInvalidCredentials. Same predicates, same error values.3. provisionOIDCUser / syncOIDCGroupMappings / applyPermissionsJSON — mapping logic identical
applyPermissionsJSON / permSetterTable: the 27-entry table covers the exact same permission keys as the original 27
if m["permission_*"]blocks in the same order. Iterating the table withif m[s.key] { s.set(dst) }is semantically identical to the original if-chain. Verified by inspection: count matches.mergeGroupMappings: extracted loop body is identical —
groupSetmembership test,IsAdminOR-accumulation,applyPermissionsJSONfor permissions,parseLibraryIDsfor library IDs with the same warning-and-continue on parse error.syncOIDCGroupMappings: the unconditional
upsertPermissions(zero-permissions when no groups match, revoking stale grants) and thesetLibraries([]int64{})empty-revoke path both survive.Admin assignment:
merged.Perms.PermissionAdmin = truewhenmerged.IsAdmin— unchanged.emailNull hoisting: original declared
emailNullseparately in both the create-branch and update-branch. New code declares it once before theerrors.Is(err, sql.ErrNoRows)branch. Functionally identical — same value used in both paths.4. adminUserUpdateHandler / adminUsersListHandler — authz intact
claims := ClaimsFromContext(r.Context())nil-guard is present and identical.claims.UserID(from the authenticated session, not from the request body) is still passed as the first argument toUpdateUser,CreateUser, andDeleteUser. Route-levelAdminRequiredmiddleware remains the outer gate (not changed in this diff).idcomes fromr.PathValue("id")(URL path), not from the body. Library ID validation viavalidateLibraryIDsis equivalent to the original inline set-membership check — same logic, sameErrValidationerror type.5. No auth bypass via error handling
Every extracted helper that can fail returns a non-nil error that the caller propagates, blocking login:
oidcValidateCallbackState→ caller returns immediatelyoidcExchangeCode→ returnsErrInvalidCredentialson exchange failure, preserving the original "redirect gracefully" behaviouroidcVerifyAndProvision→ every error infetchJWKS,verifyIDToken, orprovisionOIDCUserreturns non-nil; no success value is produced on erroroidcIssueTokens→ every error propagatesoidcRecordSessionremains non-fatal (session-tracking failure logs at Error but does not block login) — same as original.6. Secrets / PII — no new exposure
rawIDTokencontinues to be stored in the DB asIDTokenHint(pre-existing OIDC logout-hint behaviour) but is not newly logged.ClientSecretis consumed insidebuildOAuthConfigpassed tooauth2.Configand is never logged. JWKS bytes are not logged. The warn-on-exchange-failure log entry records the OAuth error string from the provider (not the authorization code), same as before.REVIEW VERDICT: 0 blocker, 0 major, 0 minor
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.