More rubocop fixes

Author: johnnyshields

.rubocop.yml

@@ -15,3 +15,9 @@ AllCops:
     - '.git/**/*'
     - 'tmp/**/*'
     - 'vendor/**/*'
+
+Style/NumericPredicate:
+  EnforcedStyle: comparison
+
+Style/RaiseArgs:
+  EnforcedStyle: compact

.rubocop_todo.yml

@@ -409,112 +409,6 @@ Style/NegatedIfElseCondition:
   Exclude:
     - 'lib/onelogin/ruby-saml/authrequest.rb'
 
-# Offense count: 6
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, MinBodyLength.
-# SupportedStyles: skip_modifier_ifs, always
-Style/Next:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/logoutresponse.rb'
-    - 'lib/onelogin/ruby-saml/metadata.rb'
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/slo_logoutrequest.rb'
-    - 'lib/xml_security.rb'
-
-# Offense count: 7
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle, AllowedMethods, AllowedPatterns.
-# SupportedStyles: predicate, comparison
-Style/NumericPredicate:
-  Exclude:
-    - 'spec/**/*'
-    - 'lib/onelogin/ruby-saml/attribute_service.rb'
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/slo_logoutrequest.rb'
-
-# Offense count: 15
-# Configuration parameters: AllowedMethods.
-# AllowedMethods: respond_to_missing?
-Style/OptionalBooleanParameter:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/idp_metadata_parser.rb'
-    - 'lib/onelogin/ruby-saml/logoutresponse.rb'
-    - 'lib/onelogin/ruby-saml/metadata.rb'
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/saml_message.rb'
-    - 'lib/onelogin/ruby-saml/settings.rb'
-    - 'lib/onelogin/ruby-saml/slo_logoutrequest.rb'
-    - 'lib/onelogin/ruby-saml/utils.rb'
-    - 'lib/xml_security.rb'
-
-# Offense count: 9
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: short, verbose
-Style/PreferredHashMethods:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/attributes.rb'
-    - 'lib/onelogin/ruby-saml/logoutresponse.rb'
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/slo_logoutrequest.rb'
-
-# Offense count: 21
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowedCompactTypes.
-# SupportedStyles: compact, exploded
-Style/RaiseArgs:
-  EnforcedStyle: compact
-
-# Offense count: 4
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantRegexpEscape:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/utils.rb'
-
-# Offense count: 5
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleReturnValues.
-Style/RedundantReturn:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/logoutresponse.rb'
-    - 'lib/onelogin/ruby-saml/utils.rb'
-    - 'lib/xml_security.rb'
-
-# Offense count: 4
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantSelf:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/utils.rb'
-    - 'lib/xml_security.rb'
-
-# Offense count: 4
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
-# SupportedStyles: slashes, percent_r, mixed
-Style/RegexpLiteral:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/utils.rb'
-
-# Offense count: 4
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/SlicingWithRange:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/utils.rb'
-    - 'lib/xml_security.rb'
-
-# Offense count: 10
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowModifier.
-Style/SoleNestedConditional:
-  Exclude:
-    - 'lib/onelogin/ruby-saml/idp_metadata_parser.rb'
-    - 'lib/onelogin/ruby-saml/logoutresponse.rb'
-    - 'lib/onelogin/ruby-saml/response.rb'
-    - 'lib/onelogin/ruby-saml/settings.rb'
-    - 'lib/onelogin/ruby-saml/slo_logoutrequest.rb'
-
 # Offense count: 7
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.

lib/onelogin/ruby-saml/attributes.rb

@@ -48,7 +48,7 @@ def each(&block)
       # @param name [String] The attribute name to be checked
       #
       def include?(name)
-        attributes.has_key?(canonize_name(name))
+        attributes.key?(canonize_name(name))
       end
 
       # Return first value for an attribute

lib/onelogin/ruby-saml/idp_metadata_parser.rb

@@ -125,10 +125,8 @@ def parse(idp_metadata, options = {})
 
         unless parsed_metadata[:cache_duration].nil?
           cache_valid_until_timestamp = OneLogin::RubySaml::Utils.parse_duration(parsed_metadata[:cache_duration])
-          unless cache_valid_until_timestamp.nil?
-            if parsed_metadata[:valid_until].nil? || cache_valid_until_timestamp < Time.parse(parsed_metadata[:valid_until], Time.now.utc).to_i
-              parsed_metadata[:valid_until] = Time.at(cache_valid_until_timestamp).utc.strftime("%Y-%m-%dT%H:%M:%SZ")
-            end
+          if !cache_valid_until_timestamp.nil? && (parsed_metadata[:valid_until].nil? || cache_valid_until_timestamp < Time.parse(parsed_metadata[:valid_until], Time.now.utc).to_i)
+            parsed_metadata[:valid_until] = Time.at(cache_valid_until_timestamp).utc.strftime("%Y-%m-%dT%H:%M:%SZ")
           end
         end
         # Remove the cache_duration because on the settings

lib/onelogin/ruby-saml/logoutresponse.rb

@@ -59,7 +59,7 @@ def response_id
       # @raise [ValidationError] if soft == false and validation fails
       #
       def success?
-        return status_code == "urn:oasis:names:tc:SAML:2.0:status:Success"
+        status_code == "urn:oasis:names:tc:SAML:2.0:status:Success"
       end
 
       # @return [String|nil] Gets the InResponseTo attribute from the Logout Response if exists.
@@ -185,7 +185,7 @@ def valid_state?
       # @raise [ValidationError] if soft == false and validation fails
       #
       def valid_in_response_to?
-        return true unless options.has_key? :matches_request_id
+        return true unless options.key? :matches_request_id
         return true if options[:matches_request_id].nil?
         return true unless options[:matches_request_id] != in_response_to
 
@@ -212,8 +212,8 @@ def valid_issuer?
       #
       def validate_signature
         return true if options.nil?
-        return true unless options.has_key? :get_params
-        return true unless options[:get_params].has_key? 'Signature'
+        return true unless options.key? :get_params
+        return true unless options[:get_params].key? 'Signature'
 
         options[:raw_get_params] = OneLogin::RubySaml::Utils.prepare_raw_get_params(options[:raw_get_params], options[:get_params], settings.security[:lowercase_url_encoding])
 
@@ -225,7 +225,7 @@ def validate_signature
         idp_certs = settings.get_idp_cert_multi
 
         if idp_cert.nil? && (idp_certs.nil? || idp_certs[:signing].empty?)
-          return options.has_key? :relax_signature_validation
+          return options.key? :relax_signature_validation
         end
 
         query_string = OneLogin::RubySaml::Utils.build_query_from_raw_parts(
@@ -243,10 +243,8 @@ def validate_signature
             signature: options[:get_params]['Signature'],
             query_string: query_string
           )
-          if valid && settings.security[:check_idp_cert_expiration]
-            if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
-              expired = true
-            end
+          if valid && settings.security[:check_idp_cert_expiration] && OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
+            expired = true
           end
         else
           valid = false
@@ -257,14 +255,11 @@ def validate_signature
               signature: options[:get_params]['Signature'],
               query_string: query_string
             )
-            if valid
-              if settings.security[:check_idp_cert_expiration]
-                if OneLogin::RubySaml::Utils.is_cert_expired(signing_idp_cert)
-                  expired = true
-                end
-              end
-              break
+            next unless valid
+            if settings.security[:check_idp_cert_expiration] && OneLogin::RubySaml::Utils.is_cert_expired(signing_idp_cert)
+              expired = true
             end
+            break
           end
         end
 

lib/onelogin/ruby-saml/metadata.rb

@@ -71,22 +71,22 @@ def add_sp_certificates(sp_sso, settings)
         cert_new = settings.get_sp_cert_new
 
         [cert, cert_new].each do |sp_cert|
-          if sp_cert
-            cert_text = Base64.encode64(sp_cert.to_der).gsub("\n", '')
-            kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
-            ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
-            xd = ki.add_element "ds:X509Data"
-            xc = xd.add_element "ds:X509Certificate"
-            xc.text = cert_text
-
-            if settings.security[:want_assertions_encrypted]
-              kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
-              ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
-              xd2 = ki2.add_element "ds:X509Data"
-              xc2 = xd2.add_element "ds:X509Certificate"
-              xc2.text = cert_text
-            end
-          end
+          next unless sp_cert
+
+          cert_text = Base64.encode64(sp_cert.to_der).gsub("\n", '')
+          kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
+          ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+          xd = ki.add_element "ds:X509Data"
+          xc = xd.add_element "ds:X509Certificate"
+          xc.text = cert_text
+
+          next unless settings.security[:want_assertions_encrypted]
+
+          kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
+          ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+          xd2 = ki2.add_element "ds:X509Data"
+          xc2 = xd2.add_element "ds:X509Certificate"
+          xc2.text = cert_text
         end
 
         sp_sso
@@ -131,11 +131,11 @@ def add_sp_service_elements(sp_sso, settings)
               "FriendlyName" => attribute[:friendly_name],
               "isRequired" => attribute[:is_required] || false
             }
-            unless attribute[:attribute_value].nil?
-              Array(attribute[:attribute_value]).each do |value|
-                sp_attr_val = sp_req_attr.add_element "saml:AttributeValue"
-                sp_attr_val.text = value.to_s
-              end
+            next if attribute[:attribute_value].nil?
+
+            Array(attribute[:attribute_value]).each do |value|
+              sp_attr_val = sp_req_attr.add_element "saml:AttributeValue"
+              sp_attr_val.text = value.to_s
             end
           end
         end

lib/onelogin/ruby-saml/response.rb

@@ -430,10 +430,8 @@ def validate_structure
           return append_error(structure_error_msg)
         end
 
-        unless decrypted_document.nil?
-          unless valid_saml?(decrypted_document, soft)
+        if !decrypted_document.nil? && !valid_saml?(decrypted_document, soft)
             return append_error(structure_error_msg)
-          end
         end
 
         true
@@ -566,7 +564,7 @@ def validate_signed_elements
           if ref
             uri = ref.attributes.get_attribute("URI")
             if uri && !uri.value.empty?
-              sei = uri.value[1..-1]
+              sei = uri.value[1..]
 
               unless sei == id
                 return append_error("Found an invalid Signed Element. SAML Response rejected")
@@ -600,7 +598,7 @@ def validate_signed_elements
       # @raise [ValidationError] if soft == false and validation fails
       #
       def validate_in_response_to
-        return true unless options.has_key? :matches_request_id
+        return true unless options.key? :matches_request_id
         return true if options[:matches_request_id].nil?
         return true unless options[:matches_request_id] != in_response_to
 
@@ -813,10 +811,8 @@ def validate_name_id
             return append_error("An empty NameID value found")
           end
 
-          unless settings.sp_entity_id.nil? || settings.sp_entity_id.empty? || name_id_spnamequalifier.nil? || name_id_spnamequalifier.empty?
-            if name_id_spnamequalifier != settings.sp_entity_id
+          if !(settings.sp_entity_id.nil? || settings.sp_entity_id.empty? || name_id_spnamequalifier.nil? || name_id_spnamequalifier.empty?) && (name_id_spnamequalifier != settings.sp_entity_id)
               return append_error("The SPNameQualifier value mistmatch the SP entityID value.")
-            end
           end
         end
 
@@ -872,11 +868,9 @@ def validate_signature
           opts[:cert] = idp_cert
 
           if fingerprint && doc.validate_document(fingerprint, @soft, opts)
-            if settings.security[:check_idp_cert_expiration]
-              if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
+            if settings.security[:check_idp_cert_expiration] && OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
                 error_msg = "IdP x509 certificate expired"
                 return append_error(error_msg)
-              end
             end
           else
             return append_error(error_msg)
@@ -886,17 +880,14 @@ def validate_signature
           expired = false
           idp_certs[:signing].each do |idp_cert|
             valid = doc.validate_document_with_cert(idp_cert, true)
-            if valid
-              if settings.security[:check_idp_cert_expiration]
-                if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
-                  expired = true
-                end
-              end
-
-              # At least one certificate is valid, restore the old accumulated errors
-              @errors = old_errors
-              break
+            next unless valid
+            if settings.security[:check_idp_cert_expiration] && OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
+                expired = true
             end
+
+            # At least one certificate is valid, restore the old accumulated errors
+            @errors = old_errors
+            break
           end
           if expired
             error_msg = "IdP x509 certificate expired"
@@ -1005,23 +996,23 @@ def decrypt_assertion_from_document(document_copy)
       # @return [REXML::Document] The decrypted EncryptedAssertion element
       #
       def decrypt_assertion(encrypted_assertion_node)
-        decrypt_element(encrypted_assertion_node, /(.*<\/(\w+:)?Assertion>)/m)
+        decrypt_element(encrypted_assertion_node, %r{(.*</(\w+:)?Assertion>)}m)
       end
 
       # Decrypts an EncryptedID element
       # @param encryptedid_node [REXML::Element] The EncryptedID element
       # @return [REXML::Document] The decrypted EncrypedtID element
       #
       def decrypt_nameid(encryptedid_node)
-        decrypt_element(encryptedid_node, /(.*<\/(\w+:)?NameID>)/m)
+        decrypt_element(encryptedid_node, %r{(.*</(\w+:)?NameID>)}m)
       end
 
       # Decrypts an EncryptedID element
       # @param encryptedid_node [REXML::Element] The EncryptedID element
       # @return [REXML::Document] The decrypted EncrypedtID element
       #
       def decrypt_attribute(encryptedattribute_node)
-        decrypt_element(encryptedattribute_node, /(.*<\/(\w+:)?Attribute>)/m)
+        decrypt_element(encryptedattribute_node, %r{(.*</(\w+:)?Attribute>)}m)
       end
 
       # Decrypt an element

lib/onelogin/ruby-saml/settings.rb

@@ -218,10 +218,8 @@ def get_sp_cert
         formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
         cert = OpenSSL::X509::Certificate.new(formatted_cert)
 
-        if security[:check_sp_cert_expiration]
-          if OneLogin::RubySaml::Utils.is_cert_expired(cert)
-            raise OneLogin::RubySaml::ValidationError.new("The SP certificate expired.")
-          end
+        if security[:check_sp_cert_expiration] && OneLogin::RubySaml::Utils.is_cert_expired(cert)
+          raise OneLogin::RubySaml::ValidationError.new("The SP certificate expired.")
         end
 
         cert