Fix Rubocop errors

Author: joshcanhelp

Gemfile

@@ -3,8 +3,8 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'gem-release'
-gem 'rake'
 gem 'jwt'
+gem 'rake'
 
 group :development do
   gem 'dotenv'
@@ -19,8 +19,8 @@ group :test do
   gem 'listen', '~> 3.1.5'
   gem 'rack-test'
   gem 'rspec', '~> 3.5'
-  gem 'rubocop', '>= 0.30', platforms: [
-    :ruby_19, :ruby_20, :ruby_21, :ruby_22
+  gem 'rubocop', '>= 0.30', platforms: %i[
+    ruby_19 ruby_20 ruby_21 ruby_22
   ]
   gem 'simplecov'
   gem 'webmock'

Rakefile

@@ -10,7 +10,7 @@ begin
   RuboCop::RakeTask.new
 rescue LoadError
   task :rubocop do
-    $stderr.puts 'Rubocop is disabled'
+    warn 'Rubocop is disabled'
   end
 end
 
@@ -23,7 +23,7 @@ namespace :sinatra do
 end
 
 desc 'Run specs'
-task default: [:spec, :rubocop]
+task default: %i[spec rubocop]
 task test: :spec
 task :guard do
   system 'bundle exec guard'

lib/omniauth/auth0/jwt_validator.rb

@@ -5,8 +5,8 @@
 
 module OmniAuth
   module Auth0
+    # JWT Validator class
     class JWTValidator
-
       attr_accessor :issuer
 
       # Initializer
@@ -17,7 +17,7 @@ class JWTValidator
       def initialize(options)
         temp_domain = URI(options.domain)
         temp_domain = URI("https://#{options.domain}") unless temp_domain.scheme
-        @issuer = "#{temp_domain.to_s}/"
+        @issuer = "#{temp_domain}/"
 
         @client_id = options.client_id
         @client_secret = options.client_secret
@@ -31,37 +31,23 @@ def decode(jwt)
         head = token_head(jwt)
 
         # Make sure the algorithm is supported and get the decode key.
+        decode_key = @client_secret
         if head[:alg] == 'RS256'
-          jwks_x5c = jwks_key(:x5c, head[:kid])
-          raise JWT::VerificationError, :jwks_missing_x5c if jwks_x5c.nil?
-          decode_key = jwks_public_cert(jwks_x5c.first)
-        elsif head[:alg] == 'HS256'
-          decode_key = @client_secret
-        else
+          decode_key = rs256_decode_key(head[:kid])
+        elsif head[:alg] != 'HS256'
           raise JWT::VerificationError, :id_token_alg_unsupported
         end
 
-        # Docs: https://github.com/jwt/ruby-jwt#add-custom-header-fields
-        decode_options = {
-          algorithm: head[:alg],
-          leeway: 30,
-          verify_expiration: true,
-          verify_iss: true,
-          iss: @issuer,
-          verify_aud: true,
-          aud: @client_id,
-          verify_not_before: true
-        }
-
         # Docs: https://github.com/jwt/ruby-jwt#algorithms-and-usage
-        JWT.decode(jwt, decode_key, true, decode_options)
+        JWT.decode(jwt, decode_key, true, decode_opts(head[:alg]))
       end
 
       # Get the decoded head segment from a JWT.
       # @return hash - The parsed head of the JWT passed, empty hash if not.
       def token_head(jwt)
         jwt_parts = jwt.split('.')
         return {} if blank?(jwt_parts) || blank?(jwt_parts[0])
+
         json_parse(Base64.decode64(jwt_parts[0]))
       end
 
@@ -81,12 +67,36 @@ def jwks_public_cert(x5c)
       # @return nil|string
       def jwks_key(key, kid)
         return nil if blank?(jwks[:keys])
+
         matching_jwk = jwks[:keys].find { |jwk| jwk[:kid] == kid }
         matching_jwk[key] if matching_jwk
       end
 
       private
 
+      # Get the JWT decode options
+      # Docs: https://github.com/jwt/ruby-jwt#add-custom-header-fields
+      # @return hash
+      def decode_opts(alg)
+        {
+          algorithm: alg,
+          leeway: 30,
+          verify_expiration: true,
+          verify_iss: true,
+          iss: @issuer,
+          verify_aud: true,
+          aud: @client_id,
+          verify_not_before: true
+        }
+      end
+
+      def rs256_decode_key(kid)
+        jwks_x5c = jwks_key(:x5c, kid)
+        raise JWT::VerificationError, :jwks_missing_x5c if jwks_x5c.nil?
+
+        jwks_public_cert(jwks_x5c.first)
+      end
+
       # Get a JWKS from the issuer
       # @return void
       def jwks
@@ -105,7 +115,7 @@ def blank?(obj)
       # @param json string - JSON to parse.
       # @return hash
       def json_parse(json)
-        JSON.parse(json, {:symbolize_names => true})
+        JSON.parse(json, symbolize_names: true)
       end
     end
   end

lib/omniauth/strategies/auth0.rb

@@ -9,11 +9,11 @@ module Strategies
     class Auth0 < OmniAuth::Strategies::OAuth2
       option :name, 'auth0'
 
-      args [
-             :client_id,
-             :client_secret,
-             :domain
-           ]
+      args %i[
+        client_id
+        client_secret
+        domain
+      ]
 
       # Setup client URLs used during authentication
       def client
@@ -36,16 +36,17 @@ def client
         }
 
         if access_token.params
-          credentials.merge!({
+          credentials.merge!(
             'id_token' => access_token.params['id_token'],
             'token_type' => access_token.params['token_type'],
-            'refresh_token' => access_token.refresh_token,
-          })
+            'refresh_token' => access_token.refresh_token
+          )
         end
 
         # Make sure the ID token can be verified and decoded.
         auth0_jwt = OmniAuth::Auth0::JWTValidator.new(options)
-        fail!(:invalid_id_token) unless auth0_jwt.decode(credentials['id_token']).length
+        jwt_decoded = auth0_jwt.decode(credentials['id_token'])
+        fail!(:invalid_id_token) unless jwt_decoded.length
 
         credentials
       end

spec/omniauth/auth0/jwt_validator_spec.rb

@@ -3,16 +3,15 @@
 require 'jwt'
 
 describe OmniAuth::Auth0::JWTValidator do
-
   #
   # Reused data
   #
 
   let(:client_id) { 'CLIENT_ID' }
   let(:client_secret) { 'CLIENT_SECRET' }
   let(:domain) { 'samples.auth0.com' }
-  let(:future_timecode) { 32503680000 }
-  let(:past_timecode) { 303912000 }
+  let(:future_timecode) { 32_503_680_000 }
+  let(:past_timecode) { 303_912_000 }
   let(:jwks_kid) { 'NkJCQzIyQzRBMEU4NjhGNUU4MzU4RkY0M0ZDQzkwOUQ0Q0VGNUMwQg' }
 
   let(:rsa_private_key) do
@@ -24,7 +23,7 @@
       keys: [
         {
           kid: jwks_kid,
-          x5c: [ Base64.encode64(make_cert(rsa_private_key).to_der) ]
+          x5c: [Base64.encode64(make_cert(rsa_private_key).to_der)]
         }
       ]
     }.to_json
@@ -33,7 +32,7 @@
   let(:jwks) do
     current_dir = File.dirname(__FILE__)
     jwks_file = File.read("#{current_dir}/../../resources/jwks.json")
-    JSON.parse(jwks_file, {:symbolize_names => true})
+    JSON.parse(jwks_file, symbolize_names: true)
   end
 
   #
@@ -122,7 +121,7 @@
     let(:jwt_validator) do
       make_jwt_validator
     end
-    
+
     before do
       stub_jwks
       stub_dummy_jwks
@@ -146,7 +145,7 @@
 
     it 'should fail with invalid issuer' do
       payload = {
-        iss: "https://auth0.com/"
+        iss: 'https://auth0.com/'
       }
       token = make_hs256_token(payload)
       expect do
@@ -178,7 +177,7 @@
     it 'should fail with invalid audience' do
       payload = {
         iss: "https://#{domain}/",
-        aud: "Auth0"
+        aud: 'Auth0'
       }
       token = make_hs256_token(payload)
       expect do
@@ -234,10 +233,10 @@
   def make_jwt_validator(opt_domain = domain)
     options = Struct.new(:domain, :client_id, :client_secret)
     OmniAuth::Auth0::JWTValidator.new(options.new(
-      opt_domain,
-      client_id,
-      client_secret
-    ))
+                                        opt_domain,
+                                        client_id,
+                                        client_secret
+                                      ))
   end
 
   def make_hs256_token(payload = nil)
@@ -247,12 +246,12 @@ def make_hs256_token(payload = nil)
 
   def make_rs256_token(payload = nil)
     payload = { sub: 'abc123' } if payload.nil?
-    JWT.encode payload, rsa_private_key, 'RS256', { kid: jwks_kid }
+    JWT.encode payload, rsa_private_key, 'RS256', kid: jwks_kid
   end
 
   def make_cert(private_key)
     cert = OpenSSL::X509::Certificate.new
-    cert.issuer = OpenSSL::X509::Name.parse("/C=BE/O=Auth0/OU=Auth0/CN=Auth0")
+    cert.issuer = OpenSSL::X509::Name.parse('/C=BE/O=Auth0/OU=Auth0/CN=Auth0')
     cert.subject = cert.issuer
     cert.not_before = Time.now
     cert.not_after = Time.now + 365 * 24 * 60 * 60
@@ -264,12 +263,12 @@ def make_cert(private_key)
     ef.subject_certificate = cert
     ef.issuer_certificate = cert
     cert.extensions = [
-      ef.create_extension("basicConstraints","CA:TRUE", true),
-      ef.create_extension("subjectKeyIdentifier", "hash")
+      ef.create_extension('basicConstraints', 'CA:TRUE', true),
+      ef.create_extension('subjectKeyIdentifier', 'hash')
     ]
     cert.add_extension ef.create_extension(
-      "authorityKeyIdentifier",
-      "keyid:always,issuer:always"
+      'authorityKeyIdentifier',
+      'keyid:always,issuer:always'
     )
 
     cert.sign private_key, OpenSSL::Digest::SHA1.new
@@ -299,4 +298,4 @@ def stub_dummy_jwks
         status: 200
       )
   end
-end
+end

spec/spec_helper.rb

@@ -1,5 +1,5 @@
-$LOAD_PATH.unshift File.expand_path('..', __FILE__)
-$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift File.expand_path(__dir__)
+$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
 
 require 'simplecov'
 if ENV['COVERAGE']