Fix remarks

app/controllers/api/openid_connect/authorizations_controller.rb

@@ -55,7 +55,7 @@ module Api
       def handle_prompt(prompt, auth)
         if prompt.include? "select_account"
           handle_params_error("account_selection_required",
-                                     "There is no support for choosing among multiple accounts")
+                              "There is no support for choosing among multiple accounts")
         elsif prompt.include? "none"
           handle_prompt_none(prompt, auth)
         elsif prompt.include?("login") && logged_in_before?(60)
@@ -92,9 +92,9 @@ module Api
         return unless claims_json
         claims_array = claims_json["userinfo"].try(:keys)
         return unless claims_array
-        claims = claims_array.join(" ")
         req = build_rack_request
-        req.update_param("scope", req[:scope] + " " + claims)
+        claims = claims_array.unshift(req[:scope]).join(" ")
+        req.update_param("scope", claims)
       end
 
       def logged_in_before?(seconds)
@@ -111,16 +111,16 @@ module Api
             process_authorization_consent("true")
           else
             handle_params_error("interaction_required",
-                                       "The Authentication Request cannot be completed without end-user interaction")
+                                "The Authentication Request cannot be completed without end-user interaction")
           end
         else
           handle_params_error("invalid_request",
-                                     "The 'none' value cannot be used with any other prompt value")
+                              "The 'none' value cannot be used with any other prompt value")
         end
       end
 
       def handle_start_point_response(endpoint)
-        _status, header, response = *endpoint.call(request.env)
+        _status, header, response = endpoint.call(request.env)
         if response.redirect?
           redirect_to header["Location"]
         else
@@ -129,10 +129,10 @@ module Api
       end
 
       def save_params_and_render_consent_form(endpoint)
-        @o_auth_application, @response_type, @redirect_uri, @scopes = *[
+        @o_auth_application = endpoint.o_auth_application
-          endpoint.o_auth_application, endpoint.response_type,
+        @response_type = endpoint.response_type
-          endpoint.redirect_uri, endpoint.scopes
+        @redirect_uri = endpoint.redirect_uri
-        ]
+        @scopes = endpoint.scopes
         save_request_parameters
         @app = UserApplicationPresenter.new @o_auth_application, @scopes
         render :new
@@ -157,7 +157,7 @@ module Api
       end
 
       def handle_confirmation_endpoint_response(endpoint)
-        _status, header, _response = *endpoint.call(request.env)
+        _status, header, _response = endpoint.call(request.env)
         delete_authorization_session_variables
         redirect_to header["Location"]
       end
@@ -188,11 +188,7 @@ module Api
       end
 
       def response_type_as_space_seperated_values
-        if session[:response_type].respond_to?(:map)
+        [*session[:response_type]].join(" ")
-          session[:response_type].join(" ")
-        else
-          session[:response_type]
-        end
       end
 
       def handle_params_error(error, error_description)

app/controllers/api/openid_connect/clients_controller.rb

@@ -6,11 +6,11 @@ module Api
       end
 
       rescue_from OpenIDConnect::ValidationFailed,
-                  ActiveRecord::RecordInvalid, Api::OpenidConnect::Exception::InvalidSectorIdentifierUri do |e|
+                  ActiveRecord::RecordInvalid, Api::OpenidConnect::Error::InvalidSectorIdentifierUri do |e|
         validation_fail_as_json(e)
       end
 
-      rescue_from Api::OpenidConnect::Exception::InvalidRedirectUri do |e|
+      rescue_from Api::OpenidConnect::Error::InvalidRedirectUri do |e|
         validation_fail_redirect_uri(e)
       end
 

app/models/api/openid_connect/authorization.rb

@@ -4,9 +4,8 @@ module Api
       belongs_to :user
       belongs_to :o_auth_application
 
-      validates :user, presence: true
+      validates :user, presence: true, uniqueness: {scope: :o_auth_application}
       validates :o_auth_application, presence: true
-      validates :user, uniqueness: {scope: :o_auth_application}
       validate :validate_scope_names
       serialize :scopes, JSON
 
@@ -38,8 +37,7 @@ module Api
 
       def create_code
         SecureRandom.hex(32).tap do |code|
-          self.code = code
+          update!(code: code)
-          save
         end
       end
 
@@ -52,13 +50,13 @@ module Api
       end
 
       def self.find_by_client_id_and_user(client_id, user)
-        app = Api::OpenidConnect::OAuthApplication.find_by(client_id: client_id)
+        app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
         find_by(o_auth_application: app, user: user)
       end
 
       def self.find_by_refresh_token(client_id, refresh_token)
-        Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
+        app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
-          o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
+        find_by(o_auth_application: app, refresh_token: refresh_token)
       end
 
       def self.use_code(code)

app/models/api/openid_connect/id_token.rb

@@ -39,7 +39,7 @@ module Api
       end
 
       def build_sub
-        Api::OpenidConnect::SubjectIdentifierCreator.createSub(authorization)
+        Api::OpenidConnect::SubjectIdentifierCreator.create(authorization)
       end
     end
   end

app/models/api/openid_connect/o_auth_application.rb

@@ -56,7 +56,7 @@ module Api
           redirect_uris = attributes[:redirect_uris]
           sector_identifier_uri_includes_redirect_uris = (redirect_uris - sector_identifier_uri_json).empty?
           return if sector_identifier_uri_includes_redirect_uris
-          raise Api::OpenidConnect::Exception::InvalidSectorIdentifierUri.new
+          raise Api::OpenidConnect::Error::InvalidSectorIdentifierUri.new
         end
 
         def check_redirect_uris(attributes)
@@ -64,7 +64,7 @@ module Api
           uri_array = redirect_uris.map {|uri| URI(uri) }
           any_uri_contains_fragment = uri_array.any? {|uri| !uri.fragment.nil? }
           return unless any_uri_contains_fragment
-          raise Api::OpenidConnect::Exception::InvalidRedirectUri.new
+          raise Api::OpenidConnect::Error::InvalidRedirectUri.new
         end
 
         def supported_metadata

app/presenters/user_application_presenter.rb

@@ -43,6 +43,7 @@ class UserApplicationPresenter
 
   def url
     client_redirect = URI(@app.redirect_uris[0])
-    "#{client_redirect.scheme}://#{client_redirect.host}"
+    client_redirect.path = "/"
+    client_redirect.to_s
   end
 end

app/serializers/user_info_serializer.rb

@@ -3,7 +3,7 @@ class UserInfoSerializer < ActiveModel::Serializer
 
   def sub
     auth = serialization_options[:authorization]
-    Api::OpenidConnect::SubjectIdentifierCreator.createSub(auth)
+    Api::OpenidConnect::SubjectIdentifierCreator.create(auth)
   end
 
   def name

lib/api/openid_connect/authorization_point/endpoint_start_point.rb

@@ -16,7 +16,7 @@ module Api
 
         def replace_profile_scope_with_specific_claims(req)
           profile_claims = %w(sub aud name nickname profile picture)
-          scopes_as_claims = req.scope.map {|scope| scope == "profile" ? profile_claims : [scope] }.flatten!.uniq
+          scopes_as_claims = req.scope.flat_map {|scope| scope == "profile" ? profile_claims : [scope] }.uniq
           req.update_param("scope", scopes_as_claims)
         end
 

lib/api/openid_connect/error/invalid_redirect_uri.rb

@@ -1,6 +1,6 @@
 module Api
   module OpenidConnect
-    module Exception
+    module Error
       class InvalidRedirectUri < ::ArgumentError
         def initialize
           super "Redirect uri contains fragment"

lib/api/openid_connect/error/invalid_sector_identifier_uri.rb

@@ -1,6 +1,6 @@
 module Api
   module OpenidConnect
-    module Exception
+    module Error
       class InvalidSectorIdentifierUri < ::ArgumentError
         def initialize
           super "Invalid sector identifier uri"

lib/api/openid_connect/subject_identifier_creator.rb

@@ -1,7 +1,7 @@
 module Api
   module OpenidConnect
-    class SubjectIdentifierCreator
+    module SubjectIdentifierCreator
-      def self.createSub(auth)
+      def self.create(auth)
         if auth.o_auth_application.ppid?
           identifier = auth.o_auth_application.sector_identifier_uri ||
             URI.parse(auth.o_auth_application.redirect_uris[0]).host