Merge pull request #176 from sil-org/details

minor cleanup (grammar, spelling, comment rules, name style, dead code)

Author: briskt

.github/workflows/govulncheck.yaml

@@ -1,6 +1,5 @@
 name: govulncheck
 on:
-  push:
   schedule: # Every day at 6:08am UTC
     - cron: '8 6 * * *'
   workflow_dispatch:

README.md

@@ -136,7 +136,7 @@ proxy container to keep tabs on the progress.
 
 To exercise the API as it would be used in AWS Lambda, run this command: `air -c .air-cdk.toml`. This will run a
 file watcher that will rebuild the app code and the CDK stack, then run `sam local start-api` using the generated
-Cloudformation template. This will listen on port 8160. Any code changes will trigger a rebuild and SAM will restart
+CloudFormation template. This will listen on port 8160. Any code changes will trigger a rebuild and SAM will restart
 using the new code.
 
 Implementation notes:

apikey_test.go

@@ -139,7 +139,7 @@ func TestApiKey_EncryptDecrypt(t *testing.T) {
 			}
 
 			if !bytes.Equal(tt.plaintext, decrypted) {
-				t.Errorf("results from decypt do not match expected. Got: %s, wanted: %s", decrypted, tt.plaintext)
+				t.Errorf("results from decrypt do not match expected. Got: %s, wanted: %s", decrypted, tt.plaintext)
 				return
 			}
 		})

totp.go

@@ -44,7 +44,7 @@ type TOTP struct {
 	// their authenticator app.
 	ImageURL string `dynamodbav:"-" json:"-"`
 
-	// OTPAuthURL is a otpauth URI like "otpauth://totp/idp:john_doe?secret=G5KFM3LNJ5NWQP3O&issuer=idp" that contains
+	// OTPAuthURL is an otpauth URI like "otpauth://totp/idp:john_doe?secret=G5KFM3LNJ5NWQP3O&issuer=idp" that contains
 	// the password secret key. It may also contain metadata like issuer, algorithm, and number of digits.
 	OTPAuthURL string `dynamodbav:"-" json:"-"`
 }

u2fsimulator/u2fsimulator.go

@@ -33,13 +33,22 @@ const (
 	// including the UserPresent (UP) and AttestedCredentialData (AT) flags would be done
 	// by using the value 65.
 	// AT(64) + UP(1) = 65
-	AttObjFlagUserPresent_UP      = 1
-	AttObjFlagUserVerified_UV     = 2
-	AttObjFlagAttestedCredData_AT = 64
-	AttObjFlagExtensionData_ED    = 128
+	// See https://www.w3.org/TR/webauthn-2/#flags.
+
+	// AttObjFlagUserPresent (UP) is the flag that indicates the user is present (UP).
+	AttObjFlagUserPresent = 1
+
+	// AttObjFlagUserVerified is the flag that indicates the user is verified (UV).
+	AttObjFlagUserVerified = 2
+
+	// AttObjFlagAttestedCredData is the flag that indicates attested credential data is included (AT).
+	AttObjFlagAttestedCredData = 64
+
+	// AttObjFlagExtensionData is the flag that indicates extension data is included (ED).
+	AttObjFlagExtensionData = 128
 )
 
-// Internal type for ASN1 coercion
+// DsaSignature is an internal type for ASN1 coercion
 type DsaSignature struct {
 	R, S *big.Int
 }
@@ -128,7 +137,7 @@ func GetAuthDataAndPrivateKey(rpID, keyHandle string) (authDataStr string, authD
 		authData = append(authData, r)
 	}
 
-	authData = append(authData, byte(AttObjFlagAttestedCredData_AT+AttObjFlagUserPresent_UP)) // AT & UP flags
+	authData = append(authData, byte(AttObjFlagAttestedCredData+AttObjFlagUserPresent)) // AT & UP flags
 
 	// Add 4 bytes for counter = 0 (for now, just make it 0)
 	authData = append(authData, []byte{byte(0), byte(0), byte(0), byte(0)}...)

utils_test.go

@@ -107,13 +107,6 @@ func encodeBase64(buf []byte) string {
 	return strings.TrimRight(s, "=")
 }
 
-// SignResponse as defined by the FIDO U2F Javascript API.
-type SignResponse struct {
-	KeyHandle     string `json:"keyHandle"`
-	SignatureData string `json:"signatureData"`
-	ClientData    string `json:"clientData"`
-}
-
 // ClientData as defined by the FIDO U2F Raw Message Formats specification.
 type ClientData struct {
 	Typ          string          `json:"type"`