From ce2dcbdbb3f39fbf8c9a60ed903cb6a52734b8ef Mon Sep 17 00:00:00 2001
From: Joshua Casey <joshua.casey@broadcom.com>
Date: Tue, 19 Nov 2024 16:46:04 -0600
Subject: [PATCH] simplify godoc

---
 .../endpoints/auth/auth_handler.go              | 17 +----------------
 .../requestlogger/request_logger.go             |  2 +-
 2 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/internal/federationdomain/endpoints/auth/auth_handler.go b/internal/federationdomain/endpoints/auth/auth_handler.go
index a0b2684c2..ec211c51f 100644
--- a/internal/federationdomain/endpoints/auth/auth_handler.go
+++ b/internal/federationdomain/endpoints/auth/auth_handler.go
@@ -214,22 +214,7 @@ func (h *authorizeHandler) authorize(
 	}
 	if err != nil {
 		// No specific audit event is emitted here in the case of an authorization error.
-		// There are currently seven possible cases:
-		// (1) OIDC with cli_password:
-		//   - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
-		//   - There's no way to determine why the OIDC provider rejected the request.
-		// (2) OIDC with browser_authcode: this endpoint only redirects upstream
-		// (3) LDAP with cli_password:
-		//   - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
-		//   - If we know that the LDAP provider rejected the request due to incorrect username or password,
-		//     Pinniped will provide the "Incorrect Username Or Password" audit event.
-		// (4) LDAP with browser_authcode: this endpoint only redirects to the /login page
-		// (5) Active Directory with cli_password:
-		//   - Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
-		//   - If we know that the Active Directory provider rejected the request due to incorrect username or password,
-		//     Pinniped will provide the "Incorrect Username Or Password" audit event.
-		// (6) Active Directory with browser_authcode: this endpoint only redirects to the /login page
-		// (7) GitHub with browser_authcode (cli_password is not supported): this endpoint only redirects upstream
+		// Rely on the "HTTP Request Completed" audit event with an error and error_description to indicate what went wrong.
 		oidc.WriteAuthorizeError(r, w, oauthHelper, authorizeRequester, err, requestedBrowserlessFlow)
 	}
 }
diff --git a/internal/federationdomain/requestlogger/request_logger.go b/internal/federationdomain/requestlogger/request_logger.go
index 1560379a9..34ada1034 100644
--- a/internal/federationdomain/requestlogger/request_logger.go
+++ b/internal/federationdomain/requestlogger/request_logger.go
@@ -85,7 +85,7 @@ func (rl *requestLogger) logRequestReceived() {
 		KeysAndValues: []any{
 			"proto", r.Proto,
 			"method", r.Method,
-			"host", r.Host,
+			"host", r.Host, // The "Host" header is promoted to this field.
 			"serverName", requestutil.SNIServerName(r),
 			"path", r.URL.Path,
 			"userAgent", rl.userAgent,