fix user reference unit test, fmt

hscontrol/app.go

@@ -309,7 +309,7 @@ func (h *Headscale) oidcTokenRefreshJob(ctx context.Context, oidcProvider *AuthP
 	defer refreshTicker.Stop()
 	defer gracePeriodTicker.Stop()
 
-	log.Info().Msgf("OIDC: Background token refresh job started (checking every %v for tokens expiring within %v)", 
+	log.Info().Msgf("OIDC: Background token refresh job started (checking every %v for tokens expiring within %v)",
 		checkInterval, oidcProvider.cfg.TokenRefresh.ExpiryThreshold)
 
 	for {

hscontrol/db/oidc_session.go

@@ -67,7 +67,6 @@ func InvalidateExpiredOIDCSessions(tx *gorm.DB, offlineGracePeriod time.Duration
 	err := tx.Joins("JOIN nodes ON nodes.id = oidc_sessions.node_id").
 		Where("oidc_sessions.is_active = ? AND nodes.last_seen IS NOT NULL AND nodes.last_seen < ?", true, cutoff).
 		Find(&sessions).Error
-
 	if err != nil {
 		return fmt.Errorf("failed to find expired OIDC sessions: %w", err)
 	}

hscontrol/oidc.go

@@ -409,7 +409,6 @@ func (a *AuthProviderOIDC) getOauth2Token(
 
 // createOrUpdateOIDCSession creates or updates an OIDC session for a node
 func (a *AuthProviderOIDC) createOrUpdateOIDCSession(registrationID types.RegistrationID, token *oauth2.Token, nodeID types.NodeID) error {
-
 	if token.RefreshToken == "" {
 		log.Warn().
 			Str("node_id", nodeID.String()).
@@ -471,7 +470,6 @@ func (a *AuthProviderOIDC) createOrUpdateOIDCSession(registrationID types.Regist
 // RefreshOIDCSession refreshes an expired OIDC session using the stored refresh token
 // and updates the node expiry using the existing HandleNodeFromAuthPath flow
 func (a *AuthProviderOIDC) RefreshOIDCSession(ctx context.Context, session *types.OIDCSession) error {
-
 	if session.RefreshToken == "" {
 		return fmt.Errorf("no refresh token available for session %s", session.SessionID)
 	}

hscontrol/oidc_test.go

@@ -153,7 +153,7 @@ func TestCreateOrUpdateOIDCSession(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := oidcProvider.createOrUpdateOIDCSession(tt.user, tt.registrationID, tt.token, node.ID)
+			err := oidcProvider.createOrUpdateOIDCSession(tt.registrationID, tt.token, node.ID)
 
 			if tt.expectError {
 				assert.Error(t, err)
@@ -164,7 +164,7 @@ func TestCreateOrUpdateOIDCSession(t *testing.T) {
 			if tt.expectSession && tt.token.RefreshToken != "" {
 				// Verify session was created/updated
 				var session types.OIDCSession
-				err = hsdb.DB.Where("user_id = ? AND node_id = ?", tt.user.ID, node.ID).First(&session).Error
+				err = hsdb.DB.Where("node_id = ?", node.ID).First(&session).Error
 				assert.NoError(t, err)
 				assert.Equal(t, tt.token.RefreshToken, session.RefreshToken)
 				assert.True(t, session.IsActive)
@@ -516,7 +516,6 @@ func TestRefreshOIDCSessionValidation(t *testing.T) {
 			}()
 
 			err := oidcProvider.RefreshOIDCSession(ctx, tt.session)
-
 			// If we get here, it means no panic occurred (good for empty refresh token test)
 			if err != nil {
 				assert.Contains(t, err.Error(), tt.errorMsg)

hscontrol/types/oidc_session.go

@@ -19,7 +19,7 @@ type OIDCSession struct {
 	RegistrationID RegistrationID `gorm:"not null"` // For reusing HandleNodeFromAuthPath
 
 	// Token data
-	RefreshToken string `gorm:"type:text"` //TODO: Encrypt?
+	RefreshToken string `gorm:"type:text"` // TODO: Encrypt?
 
 	// Token lifecycle
 	TokenExpiry     *time.Time `gorm:"index"`