Fixing hounds remarks

2015-07-16 20:38:56 +02:00 · 2015-07-16 20:38:56 +02:00 · cc28199555
commit cc28199555
parent 7b80a7408d
10 changed files with 66 additions and 52 deletions
--- a/app/controllers/openid_connect/authorizations_controller.rb
+++ b/app/controllers/openid_connect/authorizations_controller.rb
@ -1,7 +1,7 @@
 class OpenidConnect::AuthorizationsController < ApplicationController
  rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
-    logger.info e.backtrace[0,10].join("\n")
-    render json: { error: e.message || :error, status: e.status }
+    logger.info e.backtrace[0, 10].join("\n")
+    render json: {error: e.message || :error, status: e.status}
  end

  before_action :authenticate_user!
@ -44,8 +44,12 @@ class OpenidConnect::AuthorizationsController < ApplicationController
  end

  def save_request_parameters
-    session[:client_id], session[:response_type], session[:redirect_uri], session[:scopes], session[:request_object], session[:nonce] =
-      @o_auth_application.client_id, @response_type, @redirect_uri, @scopes.map(&:name), @request_object, params[:nonce]
+    session[:client_id] = @o_auth_application.client_id
+    session[:response_type] = @response_type
+    session[:redirect_uri] = @redirect_uri
+    session[:scopes] = @scopes.map(&:name)
+    session[:request_object] = @request_object
+    session[:nonce] = params[:nonce]
  end

  def process_authorization_consent(approvedString)
--- a/app/controllers/openid_connect/discovery_controller.rb
+++ b/app/controllers/openid_connect/discovery_controller.rb
@ -1,30 +1,30 @@
 class OpenidConnect::DiscoveryController < ApplicationController
  def webfinger
    jrd = {
-             links: [{
-                        rel: OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
-                        href: File.join(root_url, "openid_connect")
-                     }]
-          }
+      links: [{
+        rel:  OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
+        href: File.join(root_url, "openid_connect")
+      }]
+    }
    jrd[:subject] = params[:resource] if params[:resource].present?
    render json: jrd, content_type: "application/jrd+json"
  end

  def configuration
    render json: OpenIDConnect::Discovery::Provider::Config::Response.new(
-             issuer: root_url,
-             registration_endpoint: openid_connect_clients_url,
-             authorization_endpoint: new_openid_connect_authorization_url,
-             token_endpoint: openid_connect_access_tokens_url,
-             userinfo_endpoint: api_v0_user_url,
-             jwks_uri: File.join(root_url, "openid_connect", "jwks.json"),
-             scopes_supported: Scope.pluck(:name),
-             response_types_supported: OAuthApplication.available_response_types,
-             request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
-             subject_types_supported: %w(public pairwise),
-             id_token_signing_alg_values_supported: %i(RS256),
-             token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post),
-             # TODO: claims_supported: ["sub", "iss", "name", "email"]
-           )
+      issuer:                                      root_url,
+      registration_endpoint:                       openid_connect_clients_url,
+      authorization_endpoint:                      new_openid_connect_authorization_url,
+      token_endpoint:                              openid_connect_access_tokens_url,
+      userinfo_endpoint:                           api_v0_user_url,
+      jwks_uri:                                    File.join(root_url, "openid_connect", "jwks.json"),
+      scopes_supported:                            Scope.pluck(:name),
+      response_types_supported:                    OAuthApplication.available_response_types,
+      request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
+      subject_types_supported:                     %w(public pairwise),
+      id_token_signing_alg_values_supported:       %i(RS256),
+      token_endpoint_auth_methods_supported:       %w(client_secret_basic client_secret_post),
+    # TODO: claims_supported: ["sub", "iss", "name", "email"]
+    )
  end
 end
--- a/app/models/openid_connect/id_token.rb
+++ b/app/models/openid_connect/id_token.rb
@ -9,20 +9,20 @@ class OpenidConnect::IdToken < ActiveRecord::Base
    self.expires_at = 30.minutes.from_now
  end

-  def to_jwt(options = {})
+  def to_jwt(options={})
    to_response_object(options).to_jwt OpenidConnect::IdTokenConfig.private_key
  end

-  def to_response_object(options = {})
+  def to_response_object(options={})
    claims = {
-      iss: AppConfig.environment.url,
-      sub: AppConfig.environment.url + authorization.o_auth_application.client_id.to_s + authorization.user.id.to_s, # TODO: Convert to proper PPID
-      aud: authorization.o_auth_application.client_id,
-      exp: expires_at.to_i,
-      iat: created_at.to_i,
+      iss:       AppConfig.environment.url,
+      sub:       AppConfig.environment.url + authorization.o_auth_application.client_id.to_s + authorization.user.id.to_s, # TODO: Convert to proper PPID
+      aud:       authorization.o_auth_application.client_id,
+      exp:       expires_at.to_i,
+      iat:       created_at.to_i,
      auth_time: authorization.user.current_sign_in_at.to_i,
-      nonce: nonce,
-      acr: 0 # TODO: Adjust ?
+      nonce:     nonce,
+      acr:       0 # TODO: Adjust ?
    }
    id_token = OpenIDConnect::ResponseObject::IdToken.new(claims)
    id_token.code = options[:code] if options[:code]
--- a/app/models/openid_connect/o_auth_access_token.rb
+++ b/app/models/openid_connect/o_auth_access_token.rb
@ -17,7 +17,7 @@ class OpenidConnect::OAuthAccessToken < ActiveRecord::Base
  def bearer_token
    @bearer_token ||= Rack::OAuth2::AccessToken::Bearer.new(
      access_token: token,
-      expires_in: (expires_at - Time.now.utc).to_i
+      expires_in:   (expires_at - Time.now.utc).to_i
    )
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -605,10 +605,10 @@ class User < ActiveRecord::Base
  private

  def clearable_fields
-    self.attributes.keys - %w(id username encrypted_password created_at updated_at locked_at
-                            serialized_private_key getting_started
-                            disable_mail show_community_spotlight_in_stream
-                            strip_exif email remove_after export exporting exported_at
-                            exported_photos_file exporting_photos exported_photos_at)
+    attributes.keys - %w(id username encrypted_password created_at updated_at locked_at
+                         serialized_private_key getting_started
+                         disable_mail show_community_spotlight_in_stream
+                         strip_exif email remove_after export exporting exported_at
+                         exported_photos_file exporting_photos exported_photos_at)
  end
 end
--- a/features/step_definitions/implicit_flow_steps.rb
+++ b/features/step_definitions/implicit_flow_steps.rb
@ -1,3 +1,11 @@
+o_auth_query_params = %i(
+  redirect_uri=http://localhost:3000
+  response_type=id_token token
+  scope=openid
+  nonce=hello
+  state=hi
+).join("&")
+
 Given(/^the OpenID scope exists$/) do
  OpenidConnect::Scope.create(name: "openid")
 end
@ -5,14 +13,12 @@ end
 Given /^I send a post request from that client to the implicit flow authorization endpoint$/ do
  client_json = JSON.parse(last_response.body)
  auth_endpoint_url = "/openid_connect/authorizations/new"
-  visit auth_endpoint_url + "?client_id=" + client_json["o_auth_application"]["client_id"] + "&redirect_uri=" + "http://localhost:3000" +
-       "&response_type=id_token token" + "&scope=openid" + "&nonce=hello" + "&state=hi"
+  visit "#{auth_endpoint_url}?client_id=#{client_json["o_auth_application"]["client_id"]}&#{o_auth_query_params}"
 end

 Given /^I send a post request from that client to the implicit flow authorization endpoint using a invalid client id/ do
  auth_endpoint_url = "/openid_connect/authorizations/new"
-  visit auth_endpoint_url + "?client_id=randomid" + "&redirect_uri=" + "http://localhost:3000" +
-          "&response_type=id_token token" + "&scope=openid" + "&nonce=hello" + "&state=hi"
+  visit "#{auth_endpoint_url}?client_id=randomid&#{o_auth_query_params}"
 end

 When /^I give my consent and authorize the client$/ do
--- a/lib/openid_connect/authorization_point/endpoint.rb
+++ b/lib/openid_connect/authorization_point/endpoint.rb
@ -24,7 +24,7 @@ module OpenidConnect
        build_scopes(req)
      end

-      def handle_response_type(req, res)
+      def handle_response_type(_req, _res)
        # Implemented by subclass
      end

--- a/lib/openid_connect/authorization_point/endpoint_start_point.rb
+++ b/lib/openid_connect/authorization_point/endpoint_start_point.rb
@ -1,7 +1,7 @@
 module OpenidConnect
  module AuthorizationPoint
    class EndpointStartPoint < Endpoint
-      def handle_response_type(req, res)
+      def handle_response_type(req, _res)
        @response_type = req.response_type
      end

--- a/spec/controllers/openid_connect/authorizations_controller_spec.rb
+++ b/spec/controllers/openid_connect/authorizations_controller_spec.rb
@ -1,7 +1,9 @@
 require "spec_helper"

 describe OpenidConnect::AuthorizationsController, type: :controller do
-  let!(:client) { OpenidConnect::OAuthApplication.create!(name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"]) }
+  let!(:client) do
+    OpenidConnect::OAuthApplication.create!(name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"])
+  end
  let!(:client_with_multiple_redirects) do
    OpenidConnect::OAuthApplication.create!(
      name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/", "http://localhost/"])
@ -102,7 +104,8 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
        it "should return the id token in a fragment" do
          expect(response.location).to have_content("id_token=")
          encoded_id_token = response.location[/(?<=id_token=)[^&]+/]
-          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token, OpenidConnect::IdTokenConfig.public_key
+          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
+                                                                        OpenidConnect::IdTokenConfig.public_key
          expect(decoded_token.nonce).to eq("4130930983")
          expect(decoded_token.exp).to be > Time.now.utc.to_i
        end
@ -115,7 +118,6 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
  end

  describe "#create" do
-
    context "when id_token token" do
      before do
        get :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/", response_type: "id_token token",
@ -129,14 +131,16 @@ describe OpenidConnect::AuthorizationsController, type: :controller do

        it "should return the id token in a fragment" do
          encoded_id_token = response.location[/(?<=id_token=)[^&]+/]
-          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token, OpenidConnect::IdTokenConfig.public_key
+          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
+                                                                        OpenidConnect::IdTokenConfig.public_key
          expect(decoded_token.nonce).to eq("4180930983")
          expect(decoded_token.exp).to be > Time.now.utc.to_i
        end

        it "should return a valid access token in a fragment" do
          encoded_id_token = response.location[/(?<=id_token=)[^&]+/]
-          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token, OpenidConnect::IdTokenConfig.public_key
+          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
+                                                                        OpenidConnect::IdTokenConfig.public_key
          access_token = response.location[/(?<=access_token=)[^&]+/]
          access_token_check_num = UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8])
          expect(decoded_token.at_hash).to eq(access_token_check_num)
@ -158,7 +162,8 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
        it "should return the id token in a fragment" do
          expect(response.location).to have_content("id_token=")
          encoded_id_token = response.location[/(?<=id_token=)[^&]+/]
-          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token, OpenidConnect::IdTokenConfig.public_key
+          decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
+                                                                        OpenidConnect::IdTokenConfig.public_key
          expect(decoded_token.nonce).to eq("4180930983")
          expect(decoded_token.exp).to be > Time.now.utc.to_i
        end
@ -182,6 +187,5 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
        end
      end
    end
-
  end
 end
--- a/spec/controllers/openid_connect/id_tokens_controller_spec.rb
+++ b/spec/controllers/openid_connect/id_tokens_controller_spec.rb
@ -9,7 +9,7 @@ describe OpenidConnect::IdTokensController, type: :controller do
    it "should contain a public key that matches the internal private key" do
      json = JSON.parse(response.body).with_indifferent_access
      jwks = JSON::JWK::Set.new json[:keys]
-      public_keys = jwks.collect do |jwk|
+      public_keys = jwks.map do |jwk|
        JSON::JWK.decode jwk
      end
      public_key = public_keys.first