DEV: Introduce syntax_tree for ruby formatting (#76)

.github/workflows/plugin-linting.yml

@@ -55,3 +55,12 @@ jobs:
       - name: Rubocop
         if: ${{ !cancelled() }}
         run: bundle exec rubocop .
+
+      - name: Syntax Tree
+        if: ${{ !cancelled() }}
+        run: |
+          if test -f .streerc; then
+            bundle exec stree check Gemfile $(git ls-files '*.rb') $(git ls-files '*.rake')
+          else
+            echo "Stree config not detected for this repository. Skipping."
+          fi

.github/workflows/plugin-tests.yml

@@ -80,7 +80,7 @@ jobs:
 
       - name: Get yarn cache directory
         id: yarn-cache-dir
-        run: echo "::set-output name=dir::$(yarn cache dir)"
+        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
       - name: Yarn cache
         uses: actions/cache@v3
@@ -130,7 +130,7 @@ jobs:
         shell: bash
         run: |
           if [ 0 -lt $(find plugins/${{ github.event.repository.name }}/spec -type f -name "*.rb" 2> /dev/null | wc -l) ]; then
-            echo "::set-output name=files_exist::true"
+            echo "files_exist=true" >> $GITHUB_OUTPUT
           fi
 
       - name: Plugin RSpec
@@ -142,7 +142,7 @@ jobs:
         shell: bash
         run: |
           if [ 0 -lt $(find plugins/${{ github.event.repository.name }}/test/javascripts -type f \( -name "*.js" -or -name "*.es6" \) 2> /dev/null | wc -l) ]; then
-            echo "::set-output name=files_exist::true"
+            echo "files_exist=true" >> $GITHUB_OUTPUT
           fi
 
       - name: Plugin QUnit

.rubocop.yml

 inherit_gem:
-  rubocop-discourse: default.yml
+  rubocop-discourse: stree-compat.yml

.streerc

+--print-width=100
+--plugins=plugin/trailing_comma

Gemfile

 # frozen_string_literal: true
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 group :development do
-  gem 'rubocop-discourse'
+  gem "rubocop-discourse"
+  gem "syntax_tree"
 end

Gemfile.lock

@@ -6,6 +6,7 @@ GEM
     parallel (1.22.1)
     parser (3.1.2.1)
       ast (~> 2.4.1)
+    prettier_print (1.2.0)
     rainbow (3.1.1)
     regexp_parser (2.6.0)
     rexml (3.2.5)
@@ -27,6 +28,8 @@ GEM
     rubocop-rspec (2.13.2)
       rubocop (~> 1.33)
     ruby-progressbar (1.11.0)
+    syntax_tree (5.1.0)
+      prettier_print (>= 1.2.0)
     unicode-display_width (2.3.0)
 
 PLATFORMS
@@ -39,6 +42,7 @@ PLATFORMS
 
 DEPENDENCIES
   rubocop-discourse
+  syntax_tree
 
 BUNDLED WITH
    2.3.10

lib/discourse_saml/saml_omniauth_strategy.rb

@@ -10,10 +10,7 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
         authn_request = OneLogin::RubySaml::Authrequest.new
         params = authn_request.create_params(settings, additional_params_for_authn_request)
         destination = settings.idp_sso_service_url
-        render_auto_submitted_form(
-          destination: destination,
-          params: params
-        )
+        render_auto_submitted_form(destination: destination, params: params)
       end
     else
       super
@@ -21,7 +18,8 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
   end
 
   def callback_phase
-    if request.request_method.downcase.to_sym == :post && !request.params["SameSite"] && request.params["SAMLResponse"]
+    if request.request_method.downcase.to_sym == :post && !request.params["SameSite"] &&
+         request.params["SAMLResponse"]
       env[Rack::RACK_SESSION_OPTIONS][:skip] = true # Do not set any session cookies. They'll override our SameSite ones
 
       # Make browser re-issue the request in a same-site context so we get cookies
@@ -30,8 +28,8 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
         destination: callback_url,
         params: {
           "SAMLResponse" => request.params["SAMLResponse"],
-          "SameSite" => "1"
-        }
+          "SameSite" => "1",
+        },
       )
     else
       super
@@ -41,13 +39,15 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
   private
 
   def render_auto_submitted_form(destination:, params:)
-    submit_script_url = UrlHelper.absolute("#{Discourse.base_path}/plugins/discourse-saml/javascripts/submit-form-on-load.js", GlobalSetting.cdn_url)
+    submit_script_url =
+      UrlHelper.absolute(
+        "#{Discourse.base_path}/plugins/discourse-saml/javascripts/submit-form-on-load.js",
+        GlobalSetting.cdn_url,
+      )
 
-    inputs = params.map do |key, value|
-      <<~HTML
+    inputs = params.map { |key, value| <<~HTML }.join("\n")
         <input type="hidden" name="#{CGI.escapeHTML(key)}" value="#{CGI.escapeHTML(value)}"/>
       HTML
-    end.join("\n")
 
     html = <<~HTML
       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
@@ -73,7 +73,7 @@ class ::DiscourseSaml::SamlOmniauthStrategy < OmniAuth::Strategies::SAML
       </html>
     HTML
 
-    r = Rack::Response.new(html, 200, { 'content-type' => 'text/html' })
+    r = Rack::Response.new(html, 200, { "content-type" => "text/html" })
     r.finish
   end
 end

lib/saml_authenticator.rb

@@ -23,24 +23,28 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
 
     attrs = "#{attrs}|#{custom_attrs}" if custom_attrs.present?
 
-    attrs.split("|").uniq.map do |name|
-      { name: name, name_format: attribute_name_format, friendly_name: name }
-    end
+    attrs
+      .split("|")
+      .uniq
+      .map { |name| { name: name, name_format: attribute_name_format, friendly_name: name } }
   end
 
   def attribute_statements
     result = {}
-    statements = "name:fullName,name|email:email,mail|first_name:first_name,firstname,firstName|last_name:last_name,lastname,lastName|nickname:screenName"
+    statements =
+      "name:fullName,name|email:email,mail|first_name:first_name,firstname,firstName|last_name:last_name,lastname,lastName|nickname:screenName"
     custom_statements = setting(:attribute_statements)
 
     statements = "#{statements}|#{custom_statements}" if custom_statements.present?
 
-    statements.split("|").map do |statement|
-      attrs = statement.split(":", 2)
-      next if attrs.count != 2
-      (result[attrs[0]] ||= []) << attrs[1].split(",")
-      result[attrs[0]].flatten!
-    end
+    statements
+      .split("|")
+      .map do |statement|
+        attrs = statement.split(":", 2)
+        next if attrs.count != 2
+        (result[attrs[0]] ||= []) << attrs[1].split(",")
+        result[attrs[0]].flatten!
+      end
 
     result
   end
@@ -48,9 +52,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def register_middleware(omniauth)
     omniauth.provider ::DiscourseSaml::SamlOmniauthStrategy,
                       name: name,
-                      setup: lambda { |env|
-                        setup_strategy(env["omniauth.strategy"])
-                      }
+                      setup: lambda { |env| setup_strategy(env["omniauth.strategy"]) }
   end
 
   def setup_strategy(strategy)
@@ -68,7 +70,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
       assertion_consumer_service_url: SamlAuthenticator.saml_base_url + "/auth/#{name}/callback",
       single_logout_service_url: SamlAuthenticator.saml_base_url + "/auth/#{name}/slo",
       name_identifier_format: setting(:name_identifier_format).presence,
-      request_method: (setting(:request_method)&.downcase == 'post') ? "POST" : "GET",
+      request_method: (setting(:request_method)&.downcase == "post") ? "POST" : "GET",
       certificate: setting(:sp_certificate).presence,
       private_key: setting(:sp_private_key).presence,
       security: {
@@ -76,15 +78,16 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
         want_assertions_signed: !!setting(:want_assertions_signed),
         logout_requests_signed: !!setting(:logout_requests_signed),
         logout_responses_signed: !!setting(:logout_responses_signed),
-        signature_method: XMLSecurity::Document::RSA_SHA1
+        signature_method: XMLSecurity::Document::RSA_SHA1,
       },
-      idp_slo_session_destroy: proc do |env, session|
-        user = CurrentUser.lookup_from_env(env)
-        if user
-          user.user_auth_tokens.destroy_all
-          user.logged_out
-        end
-      end
+      idp_slo_session_destroy:
+        proc do |env, session|
+          user = CurrentUser.lookup_from_env(env)
+          if user
+            user.user_auth_tokens.destroy_all
+            user.logged_out
+          end
+        end,
     )
   end
 
@@ -94,12 +97,8 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
     group_attribute = setting(:groups_attribute)
     if setting(:validate_email_fields).present? && attributes.multi(group_attribute).present?
       validate_email_fields = setting(:validate_email_fields).split("|").map(&:downcase)
-      member_of = attributes.multi(group_attribute).map { |g| g.downcase.split(',') }.flatten
-      if (validate_email_fields & member_of).present?
-        true
-      else
-        false
-      end
+      member_of = attributes.multi(group_attribute).map { |g| g.downcase.split(",") }.flatten
+      (validate_email_fields & member_of).present? ? true : false
     else
       setting(:default_emails_valid)
     end
@@ -111,14 +110,12 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
     extra_data = auth.extra || {}
     attributes = extra_data[:raw_info] || OneLogin::RubySaml::Attributes.new
 
-    auth[:uid] = attributes.single('uid') || auth[:uid] if setting(:use_attributes_uid)
+    auth[:uid] = attributes.single("uid") || auth[:uid] if setting(:use_attributes_uid)
     uid = auth[:uid]
 
     auth.info[:email] ||= uid if uid.to_s&.include?("@")
 
-    if uid && setting(:use_attributes_uid)
-      auth.info[:nickname] = uid.to_s
-    end
+    auth.info[:nickname] = uid.to_s if uid && setting(:use_attributes_uid)
 
     auth.extra = { "raw_info" => attributes.attributes }
     result = super
@@ -130,21 +127,16 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
     end
 
     if setting(:debug_auth)
-      data = {
-        uid: uid,
-        info: info,
-        attributes: attributes
-      }
+      data = { uid: uid, info: info, attributes: attributes }
       log("#{name}_auth: #{data.inspect}")
     end
 
-    if setting(:skip_email_validation)
-      result.skip_email_validation = true
-    end
+    result.skip_email_validation = true if setting(:skip_email_validation)
 
     if result.user.blank?
-      result.username = '' if setting(:clear_username)
-      result.user = auto_create_account(result, uid) if setting(:auto_create_account) && result.email_valid
+      result.username = "" if setting(:clear_username)
+      result.user = auto_create_account(result, uid) if setting(:auto_create_account) &&
+        result.email_valid
     else
       user = result.user
       sync_groups(user, attributes, info)
@@ -168,10 +160,11 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def after_create_account(user, auth)
     super
 
-    uaa = UserAssociatedAccount.find_by(
-      provider_name: auth.extra_data[:provider],
-      provider_uid: auth.extra_data[:uid]
-    )
+    uaa =
+      UserAssociatedAccount.find_by(
+        provider_name: auth.extra_data[:provider],
+        provider_uid: auth.extra_data[:uid],
+      )
 
     info = OmniAuth::AuthHash::InfoHash.new(uaa.info)
     attributes = OneLogin::RubySaml::Attributes.new(uaa.extra&.[]("raw_info") || {})
@@ -194,7 +187,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
         primary_email: UserEmail.new(email: try_email, primary: true),
         name: resolve_name(result.name, result.username, result.email),
         username: resolve_username(result.username, result.name, result.email, uid),
-        active: true
+        active: true,
       }
 
       user = User.create!(user_params)
@@ -213,28 +206,27 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
 
     groups_fullsync = setting(:groups_fullsync)
     raw_group_list = attributes.multi(setting(:groups_attribute)) || []
-    user_group_list = raw_group_list.map { |g| g.downcase.split(',') }.flatten
+    user_group_list = raw_group_list.map { |g| g.downcase.split(",") }.flatten
 
     if setting(:groups_ldap_leafcn).present?
       # Change cn=groupname,cn=groups,dc=example,dc=com to groupname
-      user_group_list = user_group_list.map { |group| group.split('=', 2).last }
+      user_group_list = user_group_list.map { |group| group.split("=", 2).last }
     end
 
     if groups_fullsync
       user_has_groups = user.groups.where(automatic: false).pluck(:name).map(&:downcase)
       groups_to_add = user_group_list - user_has_groups
-      if user_has_groups.present?
-        groups_to_remove = user_has_groups - user_group_list
-      end
+      groups_to_remove = user_has_groups - user_group_list if user_has_groups.present?
     else
-      total_group_list = setting(:sync_groups_list).split('|').map(&:downcase)
+      total_group_list = setting(:sync_groups_list).split("|").map(&:downcase)
 
-      groups_to_add = info['groups_to_add'] || attributes.multi('groups_to_add')&.join(',') || ''
-      groups_to_add = groups_to_add.downcase.split(',')
+      groups_to_add = info["groups_to_add"] || attributes.multi("groups_to_add")&.join(",") || ""
+      groups_to_add = groups_to_add.downcase.split(",")
       groups_to_add += user_group_list
 
-      groups_to_remove = info['groups_to_remove'] || attributes.multi('groups_to_remove')&.join(',') || ''
-      groups_to_remove = groups_to_remove.downcase.split(',')
+      groups_to_remove =
+        info["groups_to_remove"] || attributes.multi("groups_to_remove")&.join(",") || ""
+      groups_to_remove = groups_to_remove.downcase.split(",")
 
       if total_group_list.present?
         groups_to_add = total_group_list & groups_to_add
@@ -247,13 +239,13 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
 
     return if user_group_list.blank? && groups_to_add.blank? && groups_to_remove.blank?
 
-    Group.where('LOWER(name) IN (?) AND NOT automatic', groups_to_add).each do |group|
-      group.add user
-    end
+    Group
+      .where("LOWER(name) IN (?) AND NOT automatic", groups_to_add)
+      .each { |group| group.add user }
 
-    Group.where('LOWER(name) IN (?) AND NOT automatic', groups_to_remove).each do |group|
-      group.remove user
-    end
+    Group
+      .where("LOWER(name) IN (?) AND NOT automatic", groups_to_remove)
+      .each { |group| group.remove user }
   end
 
   def sync_custom_fields(user, attributes, info)
@@ -272,20 +264,22 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def sync_user_fields(user, attributes, info)
     statements = setting(:user_field_statements) || ""
 
-    statements.split("|").each do |statement|
-      key, field_id = statement.split(":")
-      next if key.blank? || field_id.blank?
+    statements
+      .split("|")
+      .each do |statement|
+        key, field_id = statement.split(":")
+        next if key.blank? || field_id.blank?
 
-      val = info[key] || attributes.multi(key)&.join(",")
-      user.custom_fields["user_field_#{field_id}"] = val if val.present?
-    end
+        val = info[key] || attributes.multi(key)&.join(",")
+        user.custom_fields["user_field_#{field_id}"] = val if val.present?
+      end
   end
 
   def sync_moderator(user, attributes)
     return unless setting(:sync_moderator)
 
-    is_moderator_attribute = setting(:moderator_attribute) || 'isModerator'
-    is_moderator = ['1', 'true'].include?(attributes.single(is_moderator_attribute).to_s.downcase)
+    is_moderator_attribute = setting(:moderator_attribute) || "isModerator"
+    is_moderator = %w[1 true].include?(attributes.single(is_moderator_attribute).to_s.downcase)
 
     return if user.moderator == is_moderator
 
@@ -296,8 +290,8 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def sync_admin(user, attributes)
     return unless setting(:sync_admin)
 
-    is_admin_attribute = setting(:admin_attribute) || 'isAdmin'
-    is_admin = ['1', 'true'].include?(attributes.single(is_admin_attribute).to_s.downcase)
+    is_admin_attribute = setting(:admin_attribute) || "isAdmin"
+    is_admin = %w[1 true].include?(attributes.single(is_admin_attribute).to_s.downcase)
 
     return if user.admin == is_admin
 
@@ -308,7 +302,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def sync_trust_level(user, attributes)
     return unless setting(:sync_trust_level)
 
-    trust_level_attribute = setting(:trust_level_attribute) || 'trustLevel'
+    trust_level_attribute = setting(:trust_level_attribute) || "trustLevel"
     level = attributes.single(trust_level_attribute).to_i
 
     return unless level.between?(1, 4)
@@ -326,7 +320,7 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def sync_locale(user, attributes)
     return unless setting(:sync_locale)
 
-    locale_attribute = setting(:locale_attribute) || 'locale'
+    locale_attribute = setting(:locale_attribute) || "locale"
     locale = attributes.single(locale_attribute)
 
     return unless LocaleSiteSetting.valid_value?(locale)
@@ -360,13 +354,10 @@ class SamlAuthenticator < ::Auth::ManagedAuthenticator
   def idp_cert_multi
     return unless setting(:cert_multi).present?
 
-    certificates = setting(:cert_multi).split('|')
+    certificates = setting(:cert_multi).split("|")
     certificates.push(setting(:cert)) if setting(:cert).present?
 
-    {
-      signing: certificates,
-      encryption: []
-    }
+    { signing: certificates, encryption: [] }
   end
 
   def resolve_name(name, username, email)

plugin.rb

@@ -7,15 +7,13 @@
 # url: https://github.com/discourse/discourse-saml
 # transpile_js: true
 
-gem 'macaddr', '1.0.0'
-gem 'uuid', '2.3.7'
-gem 'rexml', '3.2.5'
-gem 'ruby-saml', '1.13.0'
-gem "omniauth-saml", '1.9.0'
-
-if !GlobalSetting.try("saml_target_url")
-  enabled_site_setting :saml_enabled
-end
+gem "macaddr", "1.0.0"
+gem "uuid", "2.3.7"
+gem "rexml", "3.2.5"
+gem "ruby-saml", "1.13.0"
+gem "omniauth-saml", "1.9.0"
+
+enabled_site_setting :saml_enabled if !GlobalSetting.try("saml_target_url")
 
 on(:before_session_destroy) do |data|
   next if !DiscourseSaml.setting(:slo_target_url).present?
@@ -42,9 +40,10 @@ module ::DiscourseSaml
     return if !DiscourseSaml.setting(:forced_domains).present?
     return if email.blank?
 
-    DiscourseSaml.setting(:forced_domains).split(/[,|]/).each do |domain|
-      return true if email.end_with?("@#{domain}")
-    end
+    DiscourseSaml
+      .setting(:forced_domains)
+      .split(/[,|]/)
+      .each { |domain| return true if email.end_with?("@#{domain}") }
 
     false
   end
@@ -79,7 +78,8 @@ after_initialize do
   ::SessionController.prepend(::DiscourseSaml::SessionControllerExtensions)
 
   # "SAML Forced Domains" - Prevent login via other omniauth strategies
-  class ::DiscourseSaml::ForcedSamlError < StandardError; end
+  class ::DiscourseSaml::ForcedSamlError < StandardError
+  end
   on(:after_auth) do |authenticator, result|
     next if authenticator.name == "saml"
     if [result.user&.email, result.email].any? { |e| ::DiscourseSaml.is_saml_forced_domain?(e) }
@@ -88,7 +88,7 @@ after_initialize do
   end
   Users::OmniauthCallbacksController.rescue_from(::DiscourseSaml::ForcedSamlError) do
     flash[:error] = I18n.t("login.use_saml_auth")
-    render('failure')
+    render("failure")
   end
 end
 
@@ -100,6 +100,4 @@ require_relative "lib/saml_authenticator"
 name = GlobalSetting.try(:saml_title)
 button_title = GlobalSetting.try(:saml_button_title) || GlobalSetting.try(:saml_title)
 
-auth_provider title: button_title,
-              pretty_name: name,
-              authenticator: SamlAuthenticator.new
+auth_provider title: button_title, pretty_name: name, authenticator: SamlAuthenticator.new

spec/integration/saml_cross_site_spec.rb

 # frozen_string_literal: true
 
-require 'rails_helper'
+require "rails_helper"
 
 describe "SAML cross-site with same-site cookie", type: :request do
   before do
@@ -16,7 +16,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
       with: {
         "action" => "http://test.localhost/auth/saml/callback",
         "method" => "post",
-      }
+      },
     )
 
     expect(response.body).to have_tag(
@@ -25,7 +25,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
         "name" => "SAMLResponse",
         "value" => "somesamldata",
         "type" => "hidden",
-      }
+      },
     )
 
     expect(response.body).to have_tag(
@@ -34,7 +34,7 @@ describe "SAML cross-site with same-site cookie", type: :request do
         "name" => "SameSite",
         "value" => "1",
         "type" => "hidden",
-      }
+      },
     )
 
     expect(response.body).to have_tag("script")

spec/integration/saml_forced_domains_spec.rb

 # frozen_string_literal: true
 
-require 'rails_helper'
+require "rails_helper"
 
 describe "SAML Forced Domains" do
   let(:password) { "abcdefghijklmnop" }
   let(:saml_user) do
-    Fabricate(
-      :user,
-      email: "user@samlonly.example.com",
-      password: password
-    ).tap { |u| u.activate }
+    Fabricate(:user, email: "user@samlonly.example.com", password: password).tap { |u| u.activate }
   end
   let(:other_user) do
-    Fabricate(
-      :user,
-      email: "user@example.com",
-      password: password
-    ).tap { |u| u.activate }
+    Fabricate(:user, email: "user@example.com", password: password).tap { |u| u.activate }
   end
 
   before do
@@ -27,27 +19,21 @@ describe "SAML Forced Domains" do
 
   describe "username/password login" do
     it "works as normal when feature disabled" do
-      post "/session.json", params: {
-        login: saml_user.username, password: password
-      }
+      post "/session.json", params: { login: saml_user.username, password: password }
       expect(response.status).to eq(200)
       expect(session[:current_user_id]).to eq(saml_user.id)
     end
 
     it "blocks logins for blocked domains" do
       SiteSetting.saml_forced_domains = "samlonly.example.com"
-      post "/session.json", params: {
-        login: saml_user.username, password: password
-      }
+      post "/session.json", params: { login: saml_user.username, password: password }
       expect(response.status).to eq(200)
       expect(response.parsed_body["error"]).to eq(I18n.t("login.use_saml_auth"))
       expect(session[:current_user_id]).to eq(nil)
     end
 
     it "allows logins for other domains" do
-      post "/session.json", params: {
-        login: other_user.username, password: password
-      }
+      post "/session.json", params: { login: other_user.username, password: password }
       expect(response.status).to eq(200)
       expect(session[:current_user_id]).to eq(other_user.id)
     end
@@ -57,9 +43,13 @@ describe "SAML Forced Domains" do
     it "works as normal when feature disabled" do
       post "/u/email-login.json", params: { login: saml_user.email }
       expect(response.status).to eq(200)
-      expect_job_enqueued(job: :critical_user_email, args: {
-        user_id: saml_user.id, type: 'email_login'
-      })
+      expect_job_enqueued(
+        job: :critical_user_email,
+        args: {
+          user_id: saml_user.id,
+          type: "email_login",
+        },
+      )
     end
 
     it "blocks login for blocked domains" do
@@ -73,21 +63,27 @@ describe "SAML Forced Domains" do
       SiteSetting.saml_forced_domains = "samlonly.example.com"
       post "/u/email-login.json", params: { login: other_user.email }
       expect(response.status).to eq(200)
-      expect_job_enqueued(job: :critical_user_email, args: {
-        user_id: other_user.id, type: 'email_login'
-      })
+      expect_job_enqueued(
+        job: :critical_user_email,
+        args: {
+          user_id: other_user.id,
+          type: "email_login",
+        },
+      )
     end
   end
 
   describe "external login" do
     let(:mock_auth) do
       OmniAuth::AuthHash.new(
-        provider: 'google_oauth2',
-        uid: '123545',
-        info: OmniAuth::AuthHash::InfoHash.new(
-          email: saml_user.email,
-        ),
-        extra: { raw_info: { email_verified: true } }
+        provider: "google_oauth2",
+        uid: "123545",
+        info: OmniAuth::AuthHash::InfoHash.new(email: saml_user.email),
+        extra: {
+          raw_info: {
+            email_verified: true,
+          },
+        },
       )
     end
 

spec/integration/saml_post_mode_spec.rb

 # frozen_string_literal: true
 
-require 'rails_helper'
+require "rails_helper"
 
 describe "SAML POST-mode functionality", type: :request do
   before do
@@ -26,7 +26,7 @@ describe "SAML POST-mode functionality", type: :request do
       with: {
         "action" => "https://example.com/samlidp",
         "method" => "post",
-      }
+      },
     )
 
     expect(response.body).to have_tag(
@@ -34,14 +34,15 @@ describe "SAML POST-mode functionality", type: :request do
       with: {
         "name" => "SAMLRequest",
         "type" => "hidden",
-      }
+      },
     )
 
-    html = Nokogiri::HTML5(response.body)
+    html = Nokogiri.HTML5(response.body)
     script_url = html.at("script").attribute("src").value
 
     csp = response.headers["content-security-policy"]
-    script_src = csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
+    script_src =
+      csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
     included_in_csp = script_src.any? { |allowed_src| script_url.start_with?(allowed_src) }
 
     expect(included_in_csp).to eq(true)
@@ -58,7 +59,7 @@ describe "SAML POST-mode functionality", type: :request do
       with: {
         "action" => "https://example.com/samlidp",
         "method" => "post",
-      }
+      },
     )
 
     expect(response.body).to have_tag(
@@ -66,14 +67,15 @@ describe "SAML POST-mode functionality", type: :request do
       with: {
         "name" => "SAMLRequest",
         "type" => "hidden",
-      }
+      },
     )
 
-    html = Nokogiri::HTML5(response.body)
+    html = Nokogiri.HTML5(response.body)
     script_url = html.at("script").attribute("src").value
 
     csp = response.headers["content-security-policy"]
-    script_src = csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
+    script_src =
+      csp.split(";").find { |directive| directive.strip.start_with?("script-src") }.split(" ")
     included_in_csp = script_src.any? { |allowed_src| script_url.start_with?(allowed_src) }
 
     expect(included_in_csp).to eq(true)

spec/integration/saml_single_log_out_spec.rb

 # frozen_string_literal: true
 
-require 'rails_helper'
+require "rails_helper"
 
 describe "SAML Single Log Out" do
   let(:user) { Fabricate(:user) }

spec/integration/saml_staged_user_handling_spec.rb

@@ -8,12 +8,9 @@ describe "SAML staged user handling", type: :request do
     SiteSetting.saml_enabled = true
     OmniAuth.config.test_mode = true
     OmniAuth.config.mock_auth[:saml] = OmniAuth::AuthHash.new(
-      provider: 'saml',
-      uid: '123545',
-      info: OmniAuth::AuthHash::InfoHash.new(
-        nickname: staged.username,
-        email: staged.email,
-      ),
+      provider: "saml",
+      uid: "123545",
+      info: OmniAuth::AuthHash::InfoHash.new(nickname: staged.username, email: staged.email),
     )
 
     UsersController.any_instance.stubs(:honeypot_value).returns(nil)
@@ -25,17 +22,10 @@ describe "SAML staged user handling", type: :request do
 
     expect(response.status).to eq(302)
     expect(response.location).to eq("http://test.localhost/")
-    expect(session[:authentication]).to include(
-      username: staged.username,
-      email: staged.email
-    )
+    expect(session[:authentication]).to include(username: staged.username, email: staged.email)
     expect(JSON.parse(cookies[:authentication_data])["username"]).to eq(staged.username)
 
-    post "/u.json", params: {
-      name: staged.name,
-      username: staged.username,
-      email: staged.email
-    }
+    post "/u.json", params: { name: staged.name, username: staged.username, email: staged.email }
     expect(response.status).to eq(200)
 
     expect(UserAssociatedAccount.where(user: staged).count).to eq(1)

spec/integration/saml_sync_attributes_spec.rb

@@ -8,19 +8,18 @@ describe "SAML Overrides Email", type: :request do
   fab!(:new_email) { "new@example.com" }
   fab!(:new_username) { "newusername" }
   fab!(:user) { Fabricate(:user, email: initial_email, username: initial_username) }
-  fab!(:uac) { UserAssociatedAccount.create!(user: user, provider_name: "saml", provider_uid: "12345") }
+  fab!(:uac) do
+    UserAssociatedAccount.create!(user: user, provider_name: "saml", provider_uid: "12345")
+  end
 
   before do
     SiteSetting.saml_enabled = true
 
     OmniAuth.config.test_mode = true
     OmniAuth.config.mock_auth[:saml] = OmniAuth::AuthHash.new(
-      provider: 'saml',
-      uid: '12345',
-      info: OmniAuth::AuthHash::InfoHash.new(
-        email: new_email,
-        nickname: new_username,
-      ),
+      provider: "saml",
+      uid: "12345",
+      info: OmniAuth::AuthHash::InfoHash.new(email: new_email, nickname: new_username),
     )
   end
 
@@ -34,7 +33,7 @@ describe "SAML Overrides Email", type: :request do
     expect(user.username).to eq(initial_username)
   end
 
-  it 'updates user email if enabled' do
+  it "updates user email if enabled" do
     SiteSetting.saml_sync_email = true
 
     get "/auth/saml/callback"
@@ -45,7 +44,7 @@ describe "SAML Overrides Email", type: :request do
     expect(user.username).to eq(initial_username)
   end
 
-  it 'updates username if enabled' do
+  it "updates username if enabled" do
     SiteSetting.saml_omit_username = true
 
     get "/auth/saml/callback"