dev: Fix tests and linter issues

Author: vlasebian

pkg/identityserver/bunstore/oauth_store.go

@@ -713,7 +713,9 @@ func (s *oauthStore) GetAccessTokenWithSession(
 		Relation("Client", func(q *bun.SelectQuery) *bun.SelectQuery {
 			return q.Column("client_id")
 		}).
-		Relation("UserSession")
+		Relation("UserSession", func(q *bun.SelectQuery) *bun.SelectQuery {
+			return q.ExcludeColumn("session_secret")
+		})
 
 	if err := selectQuery.Scan(ctx); err != nil {
 		err = storeutil.WrapDriverError(err)

pkg/identityserver/entity_access_test.go

@@ -72,13 +72,17 @@ func TestEntityAccess(t *testing.T) {
 	oauthClient := p.NewClient(oauthUsr.GetOrganizationOrUserIdentifiers())
 	oauthClient.Rights = []ttnpb.Right{ttnpb.Right_RIGHT_USER_ALL}
 
-	// Session that is already expired.
-	expiredSession := p.NewUserSession(oauthUsr.GetIds())
-	p.UserSessions[len(p.UserSessions)-1].ExpiresAt = timestamppb.New(time.Now().Add(-10 * time.Minute))
+	// Session that is already expired. CreateSession assigns the session ID,
+	// so we reference the population slice entry to read the actual ID after
+	// Populate runs.
+	p.NewUserSession(oauthUsr.GetIds())
+	expiredSession := p.UserSessions[len(p.UserSessions)-1]
+	expiredSession.ExpiresAt = timestamppb.New(time.Now().Add(-10 * time.Minute))
 
 	// Session that is still valid.
-	validSession := p.NewUserSession(oauthUsr.GetIds())
-	p.UserSessions[len(p.UserSessions)-1].ExpiresAt = timestamppb.New(time.Now().Add(10 * time.Minute))
+	p.NewUserSession(oauthUsr.GetIds())
+	validSession := p.UserSessions[len(p.UserSessions)-1]
+	validSession.ExpiresAt = timestamppb.New(time.Now().Add(10 * time.Minute))
 
 	// Generate access token bearer strings. The stored AccessToken is the hashed key.
 	newBearerAccessToken := func() (bearer, tokenID, hashed string) {
@@ -250,23 +254,23 @@ func TestEntityAccess(t *testing.T) {
 			}
 		})
 
-		t.Run("Access Token with Valid Session", func(t *testing.T) {
+		t.Run("Access Token with Valid Session", func(t *testing.T) { // nolint:paralleltest
 			a, ctx := test.New(t)
 			authInfo, err := cli.AuthInfo(ctx, ttnpb.Empty, bearerCreds(validSessionToken))
 			if a.So(err, should.BeNil) && a.So(authInfo, should.NotBeNil) {
 				a.So(authInfo.GetOauthAccessToken(), should.NotBeNil)
 			}
 		})
 
-		t.Run("Access Token with Expired Session", func(t *testing.T) {
+		t.Run("Access Token with Expired Session", func(t *testing.T) { // nolint:paralleltest
 			a, ctx := test.New(t)
 			_, err := cli.AuthInfo(ctx, ttnpb.Empty, bearerCreds(expiredSessionToken))
 			if a.So(err, should.NotBeNil) {
 				a.So(errors.IsUnauthenticated(err), should.BeTrue)
 			}
 		})
 
-		t.Run("Access Token with Missing Session", func(t *testing.T) {
+		t.Run("Access Token with Missing Session", func(t *testing.T) { // nolint:paralleltest
 			a, ctx := test.New(t)
 			_, err := cli.AuthInfo(ctx, ttnpb.Empty, bearerCreds(missingSessionToken))
 			if a.So(err, should.NotBeNil) {

pkg/oauth/server_test.go

@@ -813,13 +813,15 @@ func TestTokenExchange(t *testing.T) {
 			Method: "POST",
 			Path:   "/oauth/token",
 			Body: map[string]string{
-				"grant_type":    "refresh_token",
-				"refresh_token": "OJSWM.IBTFXELDVVT64Y26IZZFFNSL7GWZY2Y3ALQQI3A.GCPIASDUP7UZJ6YL5OP2ESZB7CKRFV4JJQYTMDOSDIOE7O75IAMQ",
+				"grant_type": "refresh_token",
+				"refresh_token": "OJSWM.IBTFXELDVVT64Y26IZZFFNSL7GWZY2Y3ALQQI3A" +
+					".GCPIASDUP7UZJ6YL5OP2ESZB7CKRFV4JJQYTMDOSDIOE7O75IAMQ",
 				"client_id":     "client",
 				"client_secret": "secret",
 			},
 			ExpectedCode: http.StatusUnauthorized,
 			StoreCheck: func(t *testing.T, s *mockStore) {
+				t.Helper()
 				a := assertions.New(t)
 				a.So(s.calls, should.Contain, "GetAccessToken")
 				a.So(s.calls, should.Contain, "GetSession")