Rubocop fixes

Author: johnnyshields

lib/ruby_saml/logoutresponse.rb

@@ -69,7 +69,7 @@ def in_response_to
     # @return [String] Gets the Issuer from the Logout Response.
     #
     def issuer
-      @issuer ||=document.at_xpath(
+      @issuer ||= document.at_xpath(
         "/p:LogoutResponse/a:Issuer",
         { "p" => RubySaml::XML::NS_PROTOCOL, "a" => RubySaml::XML::NS_ASSERTION }
       )&.text

lib/ruby_saml/memoizable.rb

@@ -1,7 +1,16 @@
 # frozen_string_literal: true
 
 module RubySaml
+  # Mixin for memoizing methods
   module Memoizable
+    # Creates a memoized method
+    #
+    # @param method_name [Symbol] the name of the method to memoize
+    # @param original_method [Symbol, nil] the original method to memoize (defaults to method_name)
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
     private
 
     # Memoizes the result of a block using the given name as the cache key
@@ -16,14 +25,7 @@ def memoize(cache_key)
       instance_variable_set(cache_key, yield)
     end
 
-    # Creates a memoized method
-    #
-    # @param method_name [Symbol] the name of the method to memoize
-    # @param original_method [Symbol, nil] the original method to memoize (defaults to method_name)
-    def self.included(base)
-      base.extend(ClassMethods)
-    end
-
+    # Class methods for memoization
     module ClassMethods
       # Defines multiple memoized methods
       #

lib/ruby_saml/response.rb

@@ -187,7 +187,7 @@ def session_expires_at
       @expires_at ||= begin
                         node = xpath_first_from_signed_assertion('/a:AuthnStatement')
                         parse_time(node, "SessionNotOnOrAfter") if node
-                      end
+      end
     end
 
     # Gets the AuthnInstant from the AuthnStatement.
@@ -241,7 +241,7 @@ def status_code
 
                            code
                          end
-                       end
+      end
     end
 
     # @return [String] the StatusMessage value from a SAML Response.
@@ -254,7 +254,7 @@ def status_message
                             )
 
                             nodes.first&.text if nodes.size == 1
-                          end
+      end
     end
 
     # Gets the Condition Element of the SAML Response if exists.
@@ -303,7 +303,7 @@ def issuers
 
                      nodes = issuer_response_nodes + issuer_assertion_nodes
                      nodes.map(&:text).reject(&:empty?).uniq
-                   end
+      end
     end
 
     # @return [String|nil] The InResponseTo attribute from the SAML Response.
@@ -355,7 +355,7 @@ def assertion_id
       @assertion_id ||= begin
                           node = xpath_first_from_signed_assertion('')
                           node.nil? ? nil : node['ID']
-                        end
+      end
     end
 
     private
@@ -761,9 +761,9 @@ def validate_subject_confirmation
         next unless confirmation_data_node
 
         next if (confirmation_data_node['InResponseTo'] && confirmation_data_node['InResponseTo'] != in_response_to) ||
-          (confirmation_data_node['NotBefore'] && now < (parse_time(confirmation_data_node, "NotBefore") - allowed_clock_drift)) ||
-          (confirmation_data_node['NotOnOrAfter'] && now >= (parse_time(confirmation_data_node, "NotOnOrAfter") + allowed_clock_drift)) ||
-          (confirmation_data_node['Recipient'] && !options[:skip_recipient_check] && settings && confirmation_data_node['Recipient'] != settings.assertion_consumer_service_url)
+                (confirmation_data_node['NotBefore'] && now < (parse_time(confirmation_data_node, "NotBefore") - allowed_clock_drift)) ||
+                (confirmation_data_node['NotOnOrAfter'] && now >= (parse_time(confirmation_data_node, "NotOnOrAfter") + allowed_clock_drift)) ||
+                (confirmation_data_node['Recipient'] && !options[:skip_recipient_check] && settings && confirmation_data_node['Recipient'] != settings.assertion_consumer_service_url)
 
         valid_subject_confirmation = true
         break

lib/ruby_saml/slo_logoutrequest.rb

@@ -115,7 +115,7 @@ def session_indexes
       document.xpath(
         "/p:LogoutRequest/p:SessionIndex",
         { "p" => RubySaml::XML::NS_PROTOCOL }
-      ).map { |node| node.text }
+      ).map(&:text)
     end
 
     private

lib/ruby_saml/xml/signed_document_info.rb

@@ -2,6 +2,7 @@
 
 module RubySaml
   module XML
+    # Represents the information extracted from a signed document.
     class SignedDocumentInfo
       attr_reader :noko,
                   :check_malformed_doc
@@ -22,16 +23,10 @@ def validate_document(idp_cert_fingerprint, options = {})
         # Get certificate from document
         if certificate_object
           # Calculate fingerprint using specified algorithm
-          if options[:fingerprint_alg]
-            fingerprint = certificate_fingerprint(options[:fingerprint_alg])
-          else
-            fingerprint = certificate_fingerprint('SHA256')
-          end
+          fingerprint = certificate_fingerprint(options[:fingerprint_alg] || 'SHA256')
 
           # Check cert matches registered idp cert fingerprint
-          if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/, '').downcase
-            raise RubySaml::ValidationError.new('Fingerprint mismatch')
-          end
+          raise RubySaml::ValidationError.new('Fingerprint mismatch') if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/, '').downcase
 
           cert = certificate_object
         elsif options[:cert]
@@ -43,31 +38,25 @@ def validate_document(idp_cert_fingerprint, options = {})
         validate_signature(cert)
       end
 
-      def validate_document_with_cert(idp_cert = true)
+      def validate_document_with_cert(idp_cert)
         # Check saml response cert matches provided idp cert
-        if certificate_object&.to_pem&.!=(idp_cert.to_pem)
-          raise RubySaml::ValidationError.new('Certificate of the Signature element does not match provided certificate')
-        end
+        raise RubySaml::ValidationError.new('Certificate of the Signature element does not match provided certificate') if certificate_object&.to_pem&.!=(idp_cert.to_pem)
 
         validate_signature(idp_cert)
       end
 
       def validate_signature(cert)
         # TODO: Remove this
         # Get certificate object
-        if cert.is_a?(String)
-          cert = OpenSSL::X509::Certificate.new(Base64.decode64(cert))
-        end
+        cert = OpenSSL::X509::Certificate.new(Base64.decode64(cert)) if cert.is_a?(String)
 
         # Compare digest
         calculated_digest = digest_algorithm.digest(canonicalized_subject)
         # puts "calculated_digest: #{calculated_digest.bytes}"
         # puts "digest_value: #{digest_value.bytes}"
         # puts "subject" + canonicalized_subject.inspect
         # puts "\n\n\n\n\n\n"
-        unless calculated_digest == digest_value
-          raise RubySaml::ValidationError.new('Digest mismatch')
-        end
+        raise RubySaml::ValidationError.new('Digest mismatch') unless calculated_digest == digest_value
 
         # puts "signature_hash_algorithm: #{signature_hash_algorithm}"
         # puts "signature_value: #{signature_value.bytes}"
@@ -126,6 +115,7 @@ def reference_node
       def subject_id
         id = uri_from_reference_node || signature_node.parent&.[]('ID')
         return id unless !id || id.empty?
+
         raise RubySaml::ValidationError.new('No signed subject ID found')
       end
 
@@ -186,6 +176,7 @@ def certificate_text
       # @return [OpenSSL::X509::Certificate] The certificate
       def certificate_object
         return unless certificate_text
+
         OpenSSL::X509::Certificate.new(certificate_text)
       rescue OpenSSL::X509::CertificateError => _e
         # TODO: include underlying error
@@ -206,23 +197,19 @@ def certificate_fingerprint(algorithm = 'SHA256')
       # Extract inclusive namespaces from the document
       # @return [Array<String>, nil] The inclusive namespaces
       def inclusive_namespaces
-        @inclusive_namespaces ||= begin
-          noko.at_xpath(
-            '//ec:InclusiveNamespaces',
-            { 'ec' => RubySaml::XML::C14N }
-          )&.[]('PrefixList')&.split
-        end
+        @inclusive_namespaces ||= noko.at_xpath(
+          '//ec:InclusiveNamespaces',
+          { 'ec' => RubySaml::XML::C14N }
+        )&.[]('PrefixList')&.split
       end
 
       private
 
       # Get the ds:Signature element from the document
       # @return [Nokogiri::XML::Element] The Signature element
       def signature_node
-        @signature_node ||= begin
-          noko.at_xpath('//ds:Signature', { 'ds' => RubySaml::XML::DSIG }) ||
-            (raise RubySaml::ValidationError.new('No Signature node found'))
-        end
+        @signature_node ||= noko.at_xpath('//ds:Signature', { 'ds' => RubySaml::XML::DSIG }) ||
+                            (raise RubySaml::ValidationError.new('No Signature node found'))
       end
 
       # Get the ds:SignedInfo element from the document
@@ -246,7 +233,7 @@ def canon_algorithm_from_signed_info
 
       def canon_algorithm_from_transforms
         transforms = reference_node.xpath('./ds:Transforms/ds:Transform', { 'ds' => RubySaml::XML::DSIG })
-        transform_element = transforms.reverse.detect { |transform_element| transform_element['Algorithm'] }
+        transform_element = transforms.reverse.detect { |el| el['Algorithm'] }
         RubySaml::XML.canon_algorithm(transform_element, default: false)
       end
 

lib/ruby_saml/xml/signed_document_validator.rb

@@ -5,6 +5,8 @@
 
 module RubySaml
   module XML
+    # Wrapper for the SignedDocumentInfo class.
+    # TODO: This should be refactored and removed
     module SignedDocumentValidator
       extend self
 
@@ -13,6 +15,7 @@ def with_error_handling(errors, soft)
       rescue RubySaml::ValidationError => e
         errors << e.message
         raise e unless soft
+
         errors # TODO: Return false??
       end