From dfdc9bbefc2e5da11e9b4fe6df0fc8d96d600fc9 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 6 Nov 2024 14:24:11 +0100
Subject: [PATCH] chore: synchronize workspaces

---
 cmd/clidoc/main.go                                   |  2 ++
 cmd/hashers/argon2/calibrate.go                      |  1 +
 courier/courier_dispatcher.go                        |  1 +
 driver/config/config.go                              | 12 ++++++++----
 hash/hash_comparator.go                              |  3 ++-
 hash/hasher_argon2.go                                |  1 +
 identity/manager.go                                  |  2 +-
 persistence/sql/identity/persister_identity.go       |  6 +++---
 selfservice/flow/error.go                            |  2 +-
 selfservice/strategy/passkey/passkey_registration.go |  2 +-
 selfservice/strategy/password/validator.go           |  3 +++
 11 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/cmd/clidoc/main.go b/cmd/clidoc/main.go
index a2b1850a87fa..c0bcda5d320e 100644
--- a/cmd/clidoc/main.go
+++ b/cmd/clidoc/main.go
@@ -309,6 +309,8 @@ func validateAllMessages(path string) error {
 	info := &types.Info{
 		Defs: make(map[*ast.Ident]types.Object),
 	}
+
+	//nolint:staticcheck
 	var pack *ast.Package
 	for _, p := range packs {
 		if p.Name == "text" {
diff --git a/cmd/hashers/argon2/calibrate.go b/cmd/hashers/argon2/calibrate.go
index 6f888735bbd5..8b4364a764f3 100644
--- a/cmd/hashers/argon2/calibrate.go
+++ b/cmd/hashers/argon2/calibrate.go
@@ -246,6 +246,7 @@ Please note that the values depend on the machine you run the hashing on. If you
 				case res.MaxMem > conf.localConfig.DedicatedMemory:
 					_, _ = progressPrinter.Printf("The required memory was %s more than the maximum allowed of %s.\n", res.MaxMem-maxMemory, conf.localConfig.DedicatedMemory)
 
+					//nolint:gosec // disable G115
 					conf.localConfig.Memory -= (res.MaxMem - conf.localConfig.DedicatedMemory) / bytesize.ByteSize(reqPerMin)
 					_, _ = progressPrinter.Printf("Decreasing memory to %s\n", conf.localConfig.Memory)
 				// too slow
diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go
index a0f75954d68e..75745ef9a954 100644
--- a/courier/courier_dispatcher.go
+++ b/courier/courier_dispatcher.go
@@ -79,6 +79,7 @@ func (c *courier) DispatchQueue(ctx context.Context) error {
 	maxRetries := c.deps.CourierConfig().CourierMessageRetries(ctx)
 	pullCount := c.deps.CourierConfig().CourierWorkerPullCount(ctx)
 
+	//nolint:gosec // disable G115
 	messages, err := c.deps.CourierPersister().NextMessages(ctx, uint8(pullCount))
 	if err != nil {
 		if errors.Is(err, ErrQueueEmpty) {
diff --git a/driver/config/config.go b/driver/config/config.go
index a7e5a09580d0..4eb0566963d2 100644
--- a/driver/config/config.go
+++ b/driver/config/config.go
@@ -550,10 +550,14 @@ func (p *Config) HasherArgon2(ctx context.Context) *Argon2 {
 	// warn about usage of default values and point to the docs
 	// warning will require https://github.com/ory/viper/issues/19
 	return &Argon2{
-		Memory:            p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigMemory, Argon2DefaultMemory),
-		Iterations:        uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigIterations, int(Argon2DefaultIterations))),
-		Parallelism:       uint8(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigParallelism, int(Argon2DefaultParallelism))),
-		SaltLength:        uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigSaltLength, int(Argon2DefaultSaltLength))),
+		Memory: p.GetProvider(ctx).ByteSizeF(ViperKeyHasherArgon2ConfigMemory, Argon2DefaultMemory),
+		//nolint:gosec // disable G115
+		Iterations: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigIterations, int(Argon2DefaultIterations))),
+		//nolint:gosec // disable G115
+		Parallelism: uint8(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigParallelism, int(Argon2DefaultParallelism))),
+		//nolint:gosec // disable G115
+		SaltLength: uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigSaltLength, int(Argon2DefaultSaltLength))),
+		//nolint:gosec // disable G115
 		KeyLength:         uint32(p.GetProvider(ctx).IntF(ViperKeyHasherArgon2ConfigKeyLength, int(Argon2DefaultKeyLength))),
 		ExpectedDuration:  p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDuration, Argon2DefaultDuration),
 		ExpectedDeviation: p.GetProvider(ctx).DurationF(ViperKeyHasherArgon2ConfigExpectedDeviation, Argon2DefaultDeviation),
diff --git a/hash/hash_comparator.go b/hash/hash_comparator.go
index 524eb9bfba14..f324eb1de32a 100644
--- a/hash/hash_comparator.go
+++ b/hash/hash_comparator.go
@@ -29,7 +29,7 @@ import (
 
 	//nolint:staticcheck
 	//lint:ignore SA1019 compatibility for imported passwords
-	"golang.org/x/crypto/md4" //#nosec G501 -- compatibility for imported passwords
+	"golang.org/x/crypto/md4" //nolint:gosec // disable G115 G501 -- compatibility for imported passwords
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/scrypt"
 
@@ -159,6 +159,7 @@ func CompareArgon2id(_ context.Context, password []byte, hash []byte) error {
 	}
 
 	// Derive the key from the other password using the same parameters.
+	//nolint:gosec // disable G115
 	otherHash := argon2.IDKey(password, salt, p.Iterations, uint32(p.Memory), p.Parallelism, p.KeyLength)
 
 	return comparePasswordHashConstantTime(hash, otherHash)
diff --git a/hash/hasher_argon2.go b/hash/hasher_argon2.go
index 6775641bb36e..0a6dd32debc2 100644
--- a/hash/hasher_argon2.go
+++ b/hash/hasher_argon2.go
@@ -41,6 +41,7 @@ func NewHasherArgon2(c Argon2Configuration) *Argon2 {
 }
 
 func toKB(mem bytesize.ByteSize) uint32 {
+	//nolint:gosec // disable G115
 	return uint32(mem / bytesize.KB)
 }
 
diff --git a/identity/manager.go b/identity/manager.go
index 3bc5b08e0158..89c0259e6658 100644
--- a/identity/manager.go
+++ b/identity/manager.go
@@ -370,7 +370,7 @@ func (e *CreateIdentitiesError) Find(ident *Identity) *FailedIdentity {
 	return nil
 }
 func (e *CreateIdentitiesError) ErrOrNil() error {
-	if e.failedIdentities == nil || len(e.failedIdentities) == 0 {
+	if len(e.failedIdentities) == 0 {
 		return nil
 	}
 	return e
diff --git a/persistence/sql/identity/persister_identity.go b/persistence/sql/identity/persister_identity.go
index 00ac440a16a6..ab62236f9785 100644
--- a/persistence/sql/identity/persister_identity.go
+++ b/persistence/sql/identity/persister_identity.go
@@ -932,7 +932,7 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity.
 			)
 		}
 
-		if params.IdsFilter != nil && len(params.IdsFilter) != 0 {
+		if len(params.IdsFilter) > 0 {
 			wheres += `
 				AND identities.id in (?)
 			`
@@ -987,7 +987,7 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity.
 				}
 			case identity.ExpandFieldVerifiableAddresses:
 				addrs := make([]identity.VerifiableAddress, 0)
-				if err := con.Where("nid = ?", nid).Where("identity_id IN (?)", identityIDs).Order("id").All(&addrs); err != nil {
+				if err := con.Where("identity_id IN (?)", identityIDs).Where("nid = ?", nid).Order("id").All(&addrs); err != nil {
 					return sqlcon.HandleError(err)
 				}
 				for _, addr := range addrs {
@@ -995,7 +995,7 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity.
 				}
 			case identity.ExpandFieldRecoveryAddresses:
 				addrs := make([]identity.RecoveryAddress, 0)
-				if err := con.Where("nid = ?", nid).Where("identity_id IN (?)", identityIDs).Order("id").All(&addrs); err != nil {
+				if err := con.Where("identity_id IN (?)", identityIDs).Where("nid = ?", nid).Order("id").All(&addrs); err != nil {
 					return sqlcon.HandleError(err)
 				}
 				for _, addr := range addrs {
diff --git a/selfservice/flow/error.go b/selfservice/flow/error.go
index d666822fa5c0..8449ec58ad3e 100644
--- a/selfservice/flow/error.go
+++ b/selfservice/flow/error.go
@@ -73,7 +73,7 @@ func NewFlowReplacedError(message *text.Message) *ReplacedError {
 	return &ReplacedError{
 		DefaultError: x.ErrGone.WithID(text.ErrIDSelfServiceFlowReplaced).
 			WithError("self-service flow replaced").
-			WithReasonf(message.Text),
+			WithReason(message.Text),
 	}
 }
 
diff --git a/selfservice/strategy/passkey/passkey_registration.go b/selfservice/strategy/passkey/passkey_registration.go
index cad0e02fda5d..fe3ec305e8b1 100644
--- a/selfservice/strategy/passkey/passkey_registration.go
+++ b/selfservice/strategy/passkey/passkey_registration.go
@@ -147,7 +147,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, regFlow *reg
 			herodot.ErrInternalServerError.WithReasonf("Expected WebAuthN in internal context to be an object but got: %s", err)))
 	}
 
-	if webAuthnSess.UserID == nil || len(webAuthnSess.UserID) == 0 {
+	if len(webAuthnSess.UserID) == 0 {
 		return s.handleRegistrationError(w, r, regFlow, params, errors.WithStack(
 			herodot.ErrInternalServerError.WithReasonf("Expected WebAuthN session data to contain a user ID")))
 	}
diff --git a/selfservice/strategy/password/validator.go b/selfservice/strategy/password/validator.go
index 688cd53f896b..00d15e3c80b6 100644
--- a/selfservice/strategy/password/validator.go
+++ b/selfservice/strategy/password/validator.go
@@ -180,7 +180,9 @@ func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, pas
 func (s *DefaultPasswordValidator) validate(ctx context.Context, identifier, password string) error {
 	passwordPolicyConfig := s.reg.Config().PasswordPolicyConfig(ctx)
 
+	//nolint:gosec // disable G115
 	if len(password) < int(passwordPolicyConfig.MinPasswordLength) {
+		//nolint:gosec // disable G115
 		return text.NewErrorValidationPasswordMinLength(int(passwordPolicyConfig.MinPasswordLength), len(password))
 	}
 
@@ -215,6 +217,7 @@ func (s *DefaultPasswordValidator) validate(ctx context.Context, identifier, pas
 		}
 	}
 
+	//nolint:gosec // disable G115
 	if c > int64(s.reg.Config().PasswordPolicyConfig(ctx).MaxBreaches) {
 		return text.NewErrorValidationPasswordTooManyBreaches(c)
 	}