Formatting

netsphere-labs · Apr 6, 2022 · 7a2a222 · 7a2a222
1 parent 9981c8a
commit 7a2a222
Showing 1 changed file with 36 additions and 50 deletions.
diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb
@@ -1,12 +1,11 @@
-# -*- coding:utf-8 -*-
 # frozen_string_literal: true
 
-#require 'addressable/uri'
+# require 'addressable/uri'
 require 'timeout'
 require 'net/http'
 require 'omniauth'
 require 'openid_connect'
-#require 'jwt'
+# require 'jwt'
 require 'forwardable'
 
 module OmniAuth
@@ -114,9 +113,9 @@ class OpenIDConnect
       option :max_age
 
       # not option, but by request.params
-      #option :ui_locales
-      #option :id_token_hint
-      #option :login_hint
+      # option :ui_locales
+      # option :id_token_hint
+      # option :login_hint
 
       # Authentication Request: [OPTIONAL]
       option :acr_values
@@ -127,7 +126,7 @@ class OpenIDConnect
       option :send_nonce, true
 
       # Must verify the id_token. So remove this option.
-      #option :verify_id_token, nil
+      # option :verify_id_token, nil
 
       option :ux
 
@@ -199,8 +198,8 @@ def uid
           image: user_info.picture,
           phone: user_info.phone_number,
           urls: {
-            website: user_info.website
-          }
+            website: user_info.website,
+          },
         }
       end
 
@@ -221,7 +220,7 @@ def uid
             token: access_token.access_token,
             refresh_token: access_token.refresh_token,
             expires_in: access_token.expires_in,
-            scope: access_token.scope
+            scope: access_token.scope,
           }
         end
       end
@@ -239,9 +238,7 @@ def initialize(app, *args, &block)
       # client_options から OpenIDConnect::Client インスタンスを構築.
       # @return [OpenIDConnect::Client] サーバとのconnection
       def client
-        if !client_options.host
-          raise TypeError, 'internal error: call setup_phase() first'
-        end
+        raise TypeError, 'internal error: call setup_phase() first' unless client_options.host
         @client ||= ::OpenIDConnect::Client.new(client_options)
       end
 
@@ -261,14 +258,14 @@ def config
       # request_phase() と callback_phase() の開始前に呼び出される.
       def setup_phase
         super
-        raise TypeError if !options.issuer.is_a?(String)
+        raise TypeError unless options.issuer.is_a?(String)
         unless (uri = URI.parse(options.issuer)) &&
-                 %w[http https].include?(uri.scheme)
+            %w[http https].include?(uri.scheme)
           raise ArgumentError, 'Invalid issuer URI scheme'
         end
         @issuer = options.issuer
 
-        if !client_options.host
+        unless client_options.host
           client_options.scheme = uri.scheme
           client_options.host = uri.host
           client_options.port = uri.port
@@ -366,9 +363,9 @@ def other_phase
         call_app!
       end
 
-      #def authorization_code  ... params.delete() しないといかん. Remove.
+      # def authorization_code  ... params.delete() しないといかん. Remove.
       #  params['code']
-      #end
+      # end
 
       def end_session_uri
         return unless end_session_endpoint_is_valid?
@@ -394,12 +391,9 @@ def authorize_params
           nonce: nonce(options.send_nonce ||
             configured_response_type == 'id_token token'),
           hd: options.hd,
-          hd: options.hd
         }
 
-        unless options.extra_authorize_params.empty?
-          opts.merge!(options.extra_authorize_params)
-        end
+        opts.merge!(options.extra_authorize_params) unless options.extra_authorize_params.empty?
 
         # Optional params.
         %i[display max_age acr_values ux].each do |key|
@@ -416,10 +410,10 @@ def authorize_params
           'email',
           'realm',
           'cid',
-          'chem'
+          'chem',
         ].each { |key| opts[key.to_sym] = params[key] if params[key] }
 
-        return opts.reject { |_k, v| v.nil? }
+        opts.reject { |_k, v| v.nil? }
       end
 
       # @return [JSON::JWK::Set or JSON::JWK] IdP's RSA public keys. NOT client's.
@@ -456,7 +450,7 @@ def public_key(kid = nil)
       attr_reader :issuer
 
       def discover!
-        raise 'internal bug' if !options.discovery
+        raise 'internal bug' unless options.discovery
 
         # config() 内で, issuer を引数にして, 実際に discover! している.
         client_options.authorization_endpoint = config.authorization_endpoint
@@ -465,13 +459,11 @@ def discover!
 
         # OpenIDConnect::Discovery::Provider::Config::Response に expires_in は
         # ない.
-        #client_options.expires_in = config().expires_in
+        # client_options.expires_in = config().expires_in
 
         # client_options に jwks_uri, end_session_endpoint はない.
         options.jwks_uri = config.jwks_uri
-        if config.respond_to?(:end_session_endpoint)
-          options.end_session_endpoint = config.end_session_endpoint
-        end
+        options.end_session_endpoint = config.end_session_endpoint if config.respond_to?(:end_session_endpoint)
 
         if config.respond_to?(:token_endpoint_auth_methods_supported)
           if config.token_endpoint_auth_methods_supported.include?(
@@ -502,25 +494,23 @@ def user_info
         return @user_info if @user_info
 
         # openidconnect package: openid_connect/access_token.rb
-        return {} if !access_token
-        if !access_token.is_a?(::OpenIDConnect::AccessToken)
-          raise TypeError, 'internal error'
-        end
+        return {} unless access_token
+        raise TypeError, 'internal error' unless access_token.is_a?(::OpenIDConnect::AccessToken)
         @user_info = access_token.userinfo!
-        return @user_info
+        @user_info
       end
 
       # Google sends the string "true" as the value for the field
       # 'email_verified' while a boolean is expected.
       def fix_user_info(user_info)
-        raise TypeError if !user_info
+        raise TypeError unless user_info
 
         if user_info.email_verified.is_a? String
           user_info.email_verified =
             (user_info.email_verified.casecmp('true') == 0)
         end
 
-        #user_info.gender = nil # in case someone picks something else than male or female, we don't need it anyway
+        # user_info.gender = nil # in case someone picks something else than male or female, we don't need it anyway
         user_info
       end
 
@@ -544,12 +534,10 @@ def authorization_code_flow_callback_phase
         # 仕様では grant_type, code, redirect_uri パラメータ
         opts = {
           scope: (options.scope if options.send_scope_to_token_endpoint),
-          client_auth_method: options.client_auth_method
+          client_auth_method: options.client_auth_method,
         }
         @access_token = client.access_token! opts
-        if !@access_token.is_a?(Rack::OAuth2::AccessToken)
-          raise TypeError, 'internal error'
-        end
+        raise TypeError, 'internal error' unless @access_token.is_a?(Rack::OAuth2::AccessToken)
 
         # 鍵を選ぶ。"{ヘッダ部}.{ペイロード部}.{シグネチャ部}" と、ピリオドで
         # 区切られている。ヘッダ部にアルゴリズムが書かれている.
@@ -559,7 +547,7 @@ def authorization_code_flow_callback_phase
                                                 :skip_verification
           ).header
 
-        #header = ::JWT.decoded_segments(actoken.id_token, false)[0]
+        # header = ::JWT.decoded_segments(actoken.id_token, false)[0]
         key = key_or_secret header
 
         # このなかで署名の検証も行う. => JSON::JWS::VerificationFailed
@@ -578,7 +566,7 @@ def authorization_code_flow_callback_phase
       # [Security issue] On Authorization Code Flow, use key_or_secret, not
       # public_key. On the other hand, you have to use public_key on Implicit
       # Flow.
-      #def decode_id_token(id_token)
+      # def decode_id_token(id_token)
 
       def client_options
         options.client_options
@@ -612,7 +600,7 @@ def session
       # HMAC-SHA256 の場合は, client_secret を共通鍵とする
       # RSAの場合は, 認証サーバの公開鍵を使う
       def key_or_secret(header)
-        raise TypeError if !header
+        raise TypeError unless header
 
         case header['alg'].to_sym
         when :HS256, :HS384, :HS512
@@ -628,7 +616,7 @@ def key_or_secret(header)
       end
 
       # [Security issue] Do not use params['redirect_uri']
-      #def redirect_uri
+      # def redirect_uri
 
       # @return [String] クエリパラメータ.
       def encoded_post_logout_redirect_uri
@@ -686,7 +674,7 @@ def implicit_flow_callback_phase
       end
 
       def configured_response_type
-        if !@configured_response_type
+        unless @configured_response_type
           ary =
             case options.response_type
             when Array
@@ -698,13 +686,11 @@ def configured_response_type
             end
           @configured_response_type = ary.sort.join(' ')
         end
-        return @configured_response_type
+        @configured_response_type
       end
 
       def verify_id_token!(decoded_id_token)
-        if !decoded_id_token.is_a?(::OpenIDConnect::ResponseObject::IdToken)
-          raise TypeError
-        end
+        raise TypeError unless decoded_id_token.is_a?(::OpenIDConnect::ResponseObject::IdToken)
         decoded_id_token.verify!(
           issuer: issuer,
           client_id: client_options.identifier,
@@ -720,7 +706,7 @@ class CallbackError < StandardError
         # @param error_reason [OPTIONAL] Human-readable text.
         # @param error_uri [OPTIONAL]
         def initialize(error, error_reason = nil, error_uri = nil)
-          raise TypeError if !error
+          raise TypeError unless error
 
           @error = error
           @error_reason = error_reason