mauth-client 6.3.0 → 6.4.0

data/gemfiles/faraday_2.x.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "faraday", "~> 2.0"
+
+gemspec path: "../"

data/lib/mauth/autoload.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module MAuth
   autoload :Client, 'mauth/client'
   autoload :Middleware, 'mauth/middleware'

data/lib/mauth/client/authenticator_base.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # methods common to RemoteRequestAuthenticator and LocalAuthenticator
 
 module MAuth
@@ -21,7 +23,8 @@ module MAuth
       # authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
       # is set. Otherwise will fall back to v1 when v2 authentication fails
       def authenticate!(object)
-        if object.protocol_version == 2
+        case object.protocol_version
+        when 2
           begin
             authenticate_v2!(object)
           rescue InauthenticError => e
@@ -33,9 +36,9 @@ module MAuth
 
             log_authentication_request(object)
             authenticate_v1!(object)
-            logger.warn("Completed successful authentication attempt after fallback to v1")
+            logger.warn('Completed successful authentication attempt after fallback to v1')
           end
-        elsif object.protocol_version == 1
+        when 1
           if v2_only_authenticate?
             # If v2 is required but not present and v1 is present we raise MissingV2Error
             msg = 'This service requires mAuth v2 mcc-authentication header but only v1 x-mws-authentication is present'
@@ -54,13 +57,13 @@ module MAuth
 
       private
 
-      # Note: This log is likely consumed downstream and the contents SHOULD NOT
+      # NOTE: This log is likely consumed downstream and the contents SHOULD NOT
       # be changed without a thorough review of downstream consumers.
       def log_authentication_request(object)
         object_app_uuid = object.signature_app_uuid || '[none provided]'
         object_token = object.signature_token || '[none provided]'
         logger.info(
-          "Mauth-client attempting to authenticate request from app with mauth" \
+          'Mauth-client attempting to authenticate request from app with mauth' \
           " app uuid #{object_app_uuid} to app with mauth app uuid #{client_app_uuid}" \
           " using version #{object_token}."
         )
@@ -71,7 +74,7 @@ module MAuth
       end
 
       def time_within_valid_range!(object, time_signed, now = Time.now)
-        return if  (-ALLOWED_DRIFT_SECONDS..ALLOWED_DRIFT_SECONDS).cover?(now.to_i - time_signed)
+        return if (-ALLOWED_DRIFT_SECONDS..ALLOWED_DRIFT_SECONDS).cover?(now.to_i - time_signed)
 
         msg = "Time verification failed. #{time_signed} not within #{ALLOWED_DRIFT_SECONDS} of #{now}"
         log_inauthentic(object, msg)

data/lib/mauth/client/local_authenticator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/client/security_token_cacher'
 require 'mauth/client/signer'
 require 'openssl'
@@ -25,11 +27,13 @@ module MAuth
 
         # do a simple percent reencoding variant of the path
         object.attributes_for_signing[:request_url] = CGI.escape(original_request_uri.to_s)
-        expected_for_percent_reencoding = object.string_to_sign_v1(time: object.x_mws_time, app_uuid: object.signature_app_uuid)
+        expected_for_percent_reencoding = object.string_to_sign_v1(time: object.x_mws_time,
+          app_uuid: object.signature_app_uuid)
 
         # do a moderately complex Euresource-style reencoding of the path
         object.attributes_for_signing[:request_url] = euresource_escape(original_request_uri.to_s)
-        expected_euresource_style_reencoding = object.string_to_sign_v1(time: object.x_mws_time, app_uuid: object.signature_app_uuid)
+        expected_euresource_style_reencoding = object.string_to_sign_v1(time: object.x_mws_time,
+          app_uuid: object.signature_app_uuid)
 
         # reset the object original request_uri, just in case we need it again
         object.attributes_for_signing[:request_url] = original_request_uri
@@ -44,8 +48,8 @@ module MAuth
         end
 
         unless verify_signature_v1!(actual, expected_no_reencoding) ||
-           verify_signature_v1!(actual, expected_euresource_style_reencoding) ||
-           verify_signature_v1!(actual, expected_for_percent_reencoding)
+               verify_signature_v1!(actual, expected_euresource_style_reencoding) ||
+               verify_signature_v1!(actual, expected_for_percent_reencoding)
           msg = "Signature verification failed for #{object.class}"
           log_inauthentic(object, msg)
           raise InauthenticError, msg
@@ -93,8 +97,8 @@ module MAuth
         actual = Base64.decode64(object.signature)
 
         unless verify_signature_v2!(object, actual, pubkey, expected_no_reencoding) ||
-           verify_signature_v2!(object, actual, pubkey, expected_euresource_style_reencoding) ||
-           verify_signature_v2!(object, actual, pubkey, expected_for_percent_reencoding)
+               verify_signature_v2!(object, actual, pubkey, expected_euresource_style_reencoding) ||
+               verify_signature_v2!(object, actual, pubkey, expected_for_percent_reencoding)
           msg = "Signature inauthentic for #{object.class}"
           log_inauthentic(object, msg)
           raise InauthenticError, msg
@@ -113,7 +117,7 @@ module MAuth
         raise InauthenticError, msg
       end
 
-      # Note: RFC 3986 (https://www.ietf.org/rfc/rfc3986.txt) reserves the forward slash "/"
+      # NOTE: RFC 3986 (https://www.ietf.org/rfc/rfc3986.txt) reserves the forward slash "/"
       #   and number sign "#" as component delimiters. Since these are valid URI components,
       #   they are decoded back into characters here to avoid signature invalidation
       def euresource_escape(str)
@@ -139,7 +143,6 @@ module MAuth
       def security_token_cacher
         @security_token_cacher ||= SecurityTokenCacher.new(self)
       end
-
     end
   end
 end

data/lib/mauth/client/remote_authenticator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # methods for remotely authenticating a request by sending it to the mauth service
 
 module MAuth
@@ -8,7 +10,11 @@ module MAuth
       # takes an incoming request object (no support for responses currently), and errors if the
       # object is not authentic according to its signature
       def signature_valid_v1!(object)
-        raise ArgumentError, "Remote Authenticator can only authenticate requests; received #{object.inspect}" unless object.is_a?(MAuth::Request)
+        unless object.is_a?(MAuth::Request)
+          raise ArgumentError,
+            "Remote Authenticator can only authenticate requests; received #{object.inspect}"
+        end
+
         authentication_ticket = {
           'verb' => object.attributes_for_signing[:verb],
           'app_uuid' => object.signature_app_uuid,
@@ -41,15 +47,17 @@ module MAuth
 
       def make_mauth_request(authentication_ticket)
         begin
-          response = mauth_connection.post("/mauth/#{mauth_api_version}/authentication_tickets.json", 'authentication_ticket' => authentication_ticket)
+          request_body = JSON.generate(authentication_ticket: authentication_ticket)
+          response = mauth_connection.post("/mauth/#{mauth_api_version}/authentication_tickets.json", request_body)
         rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
           msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
           logger.error("Unable to authenticate with MAuth. Exception #{msg}")
           raise UnableToAuthenticateError, msg
         end
-        if (200..299).cover?(response.status)
+        case response.status
+        when 200..299
           nil
-        elsif response.status == 412 || response.status == 404
+        when 412, 404
           # the mAuth service responds with 412 when the given request is not authentically signed.
           # older versions of the mAuth service respond with 404 when the given app_uuid
           # does not exist, which is also considered to not be authentically signed. newer
@@ -62,12 +70,14 @@ module MAuth
       end
 
       def mauth_connection
-        require 'faraday'
-        require 'faraday_middleware'
-        @mauth_connection ||= ::Faraday.new(mauth_baseurl, faraday_options) do |builder|
-          builder.use MAuth::Faraday::MAuthClientUserAgent
-          builder.use FaradayMiddleware::EncodeJson
-          builder.adapter ::Faraday.default_adapter
+        @mauth_connection ||= begin
+          require 'faraday'
+
+          ::Faraday.new(mauth_baseurl,
+            faraday_options.merge(headers: { 'Content-Type' => 'application/json' })) do |builder|
+            builder.use MAuth::Faraday::MAuthClientUserAgent
+            builder.adapter ::Faraday.default_adapter
+          end
         end
       end
     end

data/lib/mauth/client/security_token_cacher.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'faraday-http-cache'
 require 'mauth/faraday'
 
@@ -5,12 +7,11 @@ module MAuth
   class Client
     module LocalAuthenticator
       class SecurityTokenCacher
-
         def initialize(mauth_client)
           @mauth_client = mauth_client
           # TODO: should this be UnableToSignError?
           @mauth_client.assert_private_key(
-            UnableToAuthenticateError.new("Cannot fetch public keys from mAuth service without a private key!")
+            UnableToAuthenticateError.new('Cannot fetch public keys from mAuth service without a private key!')
           )
         end
 
@@ -41,7 +42,7 @@ module MAuth
         def security_token_from(response_body)
           JSON.parse response_body
         rescue JSON::ParserError => e
-          msg =  "mAuth service responded with unparseable json: #{response_body}\n#{e.class}: #{e.message}"
+          msg = "mAuth service responded with unparseable json: #{response_body}\n#{e.class}: #{e.message}"
           @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
           raise UnableToAuthenticateError, msg
         end

data/lib/mauth/client/signer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'openssl'
 require 'mauth/errors'
 
@@ -5,7 +7,7 @@ require 'mauth/errors'
 
 module MAuth
   class Client
-    SIGNING_DIGEST = OpenSSL::Digest::SHA512.new
+    SIGNING_DIGEST = OpenSSL::Digest.new('SHA512')
 
     module Signer
       UNABLE_TO_SIGN_ERR = UnableToSignError.new('mAuth client cannot sign without a private key!')
@@ -40,14 +42,14 @@ module MAuth
       def signed_headers_v1(object, attributes = {})
         attributes = { time: Time.now.to_i.to_s, app_uuid: client_app_uuid }.merge(attributes)
         string_to_sign = object.string_to_sign_v1(attributes)
-        signature = self.signature_v1(string_to_sign)
+        signature = signature_v1(string_to_sign)
         { 'X-MWS-Authentication' => "#{MWS_TOKEN} #{client_app_uuid}:#{signature}", 'X-MWS-Time' => attributes[:time] }
       end
 
       def signed_headers_v2(object, attributes = {})
         attributes = { time: Time.now.to_i.to_s, app_uuid: client_app_uuid }.merge(attributes)
         string_to_sign = object.string_to_sign_v2(attributes)
-        signature = self.signature_v2(string_to_sign)
+        signature = signature_v2(string_to_sign)
         {
           'MCC-Authentication' => "#{MWSV2_TOKEN} #{client_app_uuid}:#{signature}#{AUTH_HEADER_DELIMITER}",
           'MCC-Time' => attributes[:time]

data/lib/mauth/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'uri'
 require 'openssl'
 require 'base64'
@@ -24,9 +26,9 @@ module MAuth
   # that the object responds to the methods of MAuth::Signable and/or MAuth::Signed (as
   # appropriate)
   class Client
-    MWS_TOKEN = 'MWS'.freeze
-    MWSV2_TOKEN = 'MWSV2'.freeze
-    AUTH_HEADER_DELIMITER = ';'.freeze
+    MWS_TOKEN = 'MWS'
+    MWSV2_TOKEN = 'MWSV2'
+    AUTH_HEADER_DELIMITER = ';'
 
     include AuthenticatorBase
     include Signer
@@ -53,7 +55,7 @@ module MAuth
       # find the app_root (relative to which we look for yaml files). note that this
       # is different than MAuth::Client.root, the root of the mauth-client library.
       app_root = options['root'] || begin
-        if Object.const_defined?('Rails') && ::Rails.respond_to?(:root) && ::Rails.root
+        if Object.const_defined?(:Rails) && ::Rails.respond_to?(:root) && ::Rails.root
           Rails.root
         else
           ENV['RAILS_ROOT'] || ENV['RACK_ROOT'] || ENV['APP_ROOT'] || '.'
@@ -62,7 +64,7 @@ module MAuth
 
       # find the environment (with which yaml files are keyed)
       env = options['environment'] || begin
-        if Object.const_defined?('Rails') && ::Rails.respond_to?(:environment)
+        if Object.const_defined?(:Rails) && ::Rails.respond_to?(:environment)
           Rails.environment
         else
           ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
@@ -82,16 +84,17 @@ module MAuth
           errmessage = "#{mauth_config_yml} config has no key #{env} - it has keys #{whole_config.keys.inspect}"
           whole_config[env] || raise(MAuth::Client::ConfigurationError, errmessage)
         else
-          raise MAuth::Client::ConfigurationError, "could not find mauth config yaml file. this file may be " \
+          raise MAuth::Client::ConfigurationError,
+            'could not find mauth config yaml file. this file may be ' \
             "placed in #{default_loc}, specified with the mauth_config_yml option, or specified with the " \
-            "MAUTH_CONFIG_YML environment variable."
+            'MAUTH_CONFIG_YML environment variable.'
         end
       end
 
       unless mauth_config.key?('logger')
         # the logger. Rails.logger if it exists, otherwise, no logger
         mauth_config['logger'] = options['logger'] || begin
-          if Object.const_defined?('Rails') && ::Rails.respond_to?(:logger)
+          if Object.const_defined?(:Rails) && ::Rails.respond_to?(:logger)
             Rails.logger
           end
         end
@@ -122,22 +125,24 @@ module MAuth
       if given_config['private_key_file'] && !given_config['private_key']
         given_config['private_key'] = File.read(given_config['private_key_file'])
       end
-      @config['private_key'] = case given_config['private_key']
-       when nil
-         nil
-       when String
-         OpenSSL::PKey::RSA.new(given_config['private_key'])
-       when OpenSSL::PKey::RSA
-         given_config['private_key']
-       else
-         raise MAuth::Client::ConfigurationError, "unrecognized value given for 'private_key' - this may be a " \
-           "String, a OpenSSL::PKey::RSA, or omitted; instead got: #{given_config['private_key'].inspect}"
-      end
+      @config['private_key'] =
+        case given_config['private_key']
+        when nil
+          nil
+        when String
+          OpenSSL::PKey::RSA.new(given_config['private_key'])
+        when OpenSSL::PKey::RSA
+          given_config['private_key']
+        else
+          raise MAuth::Client::ConfigurationError,
+            "unrecognized value given for 'private_key' - this may be a " \
+            "String, a OpenSSL::PKey::RSA, or omitted; instead got: #{given_config['private_key'].inspect}"
+        end
       @config['app_uuid'] = given_config['app_uuid']
       @config['mauth_baseurl'] = given_config['mauth_baseurl']
       @config['mauth_api_version'] = given_config['mauth_api_version']
       @config['logger'] = given_config['logger'] || begin
-        if Object.const_defined?('Rails') && Rails.logger
+        if Object.const_defined?(:Rails) && Rails.logger
           Rails.logger
         else
           require 'logger'
@@ -151,26 +156,25 @@ module MAuth
       request_config.merge!(symbolize_keys(given_config['faraday_options'])) if given_config['faraday_options']
       @config['faraday_options'] = { request: request_config } || {}
       @config['ssl_certs_path'] = given_config['ssl_certs_path'] if given_config['ssl_certs_path']
-      @config['v2_only_authenticate'] = given_config['v2_only_authenticate'].to_s.downcase == 'true'
-      @config['v2_only_sign_requests'] = given_config['v2_only_sign_requests'].to_s.downcase == 'true'
-      @config['disable_fallback_to_v1_on_v2_failure'] = given_config['disable_fallback_to_v1_on_v2_failure'].to_s.downcase == 'true'
-      @config['v1_only_sign_requests'] = given_config['v1_only_sign_requests'].to_s.downcase == 'true'
+      @config['v2_only_authenticate'] = given_config['v2_only_authenticate'].to_s.casecmp('true').zero?
+      @config['v2_only_sign_requests'] = given_config['v2_only_sign_requests'].to_s.casecmp('true').zero?
+      @config['disable_fallback_to_v1_on_v2_failure'] =
+        given_config['disable_fallback_to_v1_on_v2_failure'].to_s.casecmp('true').zero?
+      @config['v1_only_sign_requests'] = given_config['v1_only_sign_requests'].to_s.casecmp('true').zero?
 
       if @config['v2_only_sign_requests'] && @config['v1_only_sign_requests']
-        raise MAuth::Client::ConfigurationError, "v2_only_sign_requests and v1_only_sign_requests may not both be true"
+        raise MAuth::Client::ConfigurationError, 'v2_only_sign_requests and v1_only_sign_requests may not both be true'
       end
 
       # if 'authenticator' was given, don't override that - including if it was given as nil / false
       if given_config.key?('authenticator')
         @config['authenticator'] = given_config['authenticator']
+      elsif client_app_uuid && private_key
+        @config['authenticator'] = LocalAuthenticator
+      # MAuth::Client can authenticate locally if it's provided a client_app_uuid and private_key
       else
-        if client_app_uuid && private_key
-          # MAuth::Client can authenticate locally if it's provided a client_app_uuid and private_key
-          @config['authenticator'] = LocalAuthenticator
-        else
-          # otherwise, it will authenticate remotely (requests only)
-          @config['authenticator'] = RemoteRequestAuthenticator
-        end
+        # otherwise, it will authenticate remotely (requests only)
+        @config['authenticator'] = RemoteRequestAuthenticator
       end
       extend @config['authenticator'] if @config['authenticator']
     end
@@ -184,11 +188,11 @@ module MAuth
     end
 
     def mauth_baseurl
-      @config['mauth_baseurl'] || raise(MAuth::Client::ConfigurationError, "no configured mauth_baseurl!")
+      @config['mauth_baseurl'] || raise(MAuth::Client::ConfigurationError, 'no configured mauth_baseurl!')
     end
 
     def mauth_api_version
-      @config['mauth_api_version'] || raise(MAuth::Client::ConfigurationError, "no configured mauth_api_version!")
+      @config['mauth_api_version'] || raise(MAuth::Client::ConfigurationError, 'no configured mauth_api_version!')
     end
 
     def private_key
@@ -235,7 +239,7 @@ module MAuth
 
     # Changes all keys in the top level of the hash to symbols.  Does not affect nested hashes inside this one.
     def symbolize_keys(hash)
-      hash.keys.each do |key|
+      hash.keys.each do |key| # rubocop:disable Style/HashEachMethods
         hash[(key.to_sym rescue key) || key] = hash.delete(key)
       end
       hash
@@ -243,7 +247,7 @@ module MAuth
   end
 
   module ConfigFile
-    GITHUB_URL = 'https://github.com/mdsol/mauth-client-ruby'.freeze
+    GITHUB_URL = 'https://github.com/mdsol/mauth-client-ruby'
     @config = {}
 
     def self.load(path)
@@ -251,12 +255,17 @@ module MAuth
         raise "File #{path} not found. Please visit #{GITHUB_URL} for details."
       end
 
-      @config[path] ||= YAML.load_file(path)
+      @config[path] ||= yaml_safe_load_file(path)
       unless @config[path]
         raise "File #{path} does not contain proper YAML information. Visit #{GITHUB_URL} for details."
       end
 
       @config[path]
     end
+
+    def self.yaml_safe_load_file(path)
+      yml_data = File.read(path)
+      YAML.safe_load(yml_data, aliases: true)
+    end
   end
 end

data/lib/mauth/core_ext.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Hash
   # like stringify_keys, but does not attempt to stringify anything other than Symbols.
   # other keys are left alone.

data/lib/mauth/dice_bag/mauth_templates.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'dice_bag'
 
 class MauthTemplate < DiceBag::AvailableTemplates
@@ -14,6 +16,6 @@ class MauthInitializerTemplate < DiceBag::AvailableTemplates
   end
 
   def templates
-    [File.join(File.dirname(__FILE__), 'mauth.rb.dice')] if Object.const_defined?('Rails')
+    [File.join(File.dirname(__FILE__), 'mauth.rb.dice')] if Object.const_defined?(:Rails)
   end
 end

data/lib/mauth/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module MAuth
   # mAuth client was unable to verify the authenticity of a signed object (this does NOT mean the
   # object is inauthentic). typically due to a failure communicating with the mAuth service, in

data/lib/mauth/fake/rack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/rack'
 
 module MAuth
@@ -14,30 +16,32 @@ module MAuth
     # (rather than switching to this fake one), as all this does is add those keys to the request env.
     class RequestAuthenticationFaker < MAuth::Rack::RequestAuthenticator
       class << self
-        def is_authentic?
+        def is_authentic? # rubocop:disable Naming/PredicateName
           @is_authentic.nil? ? true : @is_authentic
         end
 
-        def authentic=(is_auth = true)
+        def authentic=(is_auth = true) # rubocop:disable Style/OptionalBooleanParameter
           @is_authentic = is_auth
         end
       end
 
       def call(env)
         retval = if should_authenticate?(env)
-          mauth_request = MAuth::Rack::Request.new(env)
-          env['mauth.protocol_version'] = mauth_request.protocol_version
+                   mauth_request = MAuth::Rack::Request.new(env)
+                   env['mauth.protocol_version'] = mauth_request.protocol_version
 
-          if self.class.is_authentic?
-            @app.call(env.merge!('mauth.app_uuid' => mauth_request.signature_app_uuid, 'mauth.authentic' => true))
-          else
-            response_for_inauthentic_request(env)
-          end
-        else
-          @app.call(env)
-        end
+                   if self.class.is_authentic?
+                     @app.call(env.merge!('mauth.app_uuid' => mauth_request.signature_app_uuid,
+                       'mauth.authentic' => true))
+                   else
+                     response_for_inauthentic_request(env)
+                   end
+                 else
+                   @app.call(env)
+                 end
 
-        # ensure that the next request is marked authenic unless the consumer of this middleware explicitly deems otherwise
+        # ensure that the next request is marked authenic unless the consumer of this middleware explicitly deems
+        # otherwise
         self.class.authentic = true
 
         retval

data/lib/mauth/faraday.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/middleware'
 require 'mauth/request_and_response'
 
@@ -31,6 +33,7 @@ module MAuth
     # passed to a Mauth::Client for signing
     class Request < MAuth::Request
       attr_reader :request_env
+
       def initialize(request_env)
         @request_env = request_env
       end
@@ -59,6 +62,7 @@ module MAuth
     class Response < MAuth::Response
       include Signed
       attr_reader :response_env
+
       def initialize(response_env)
         @response_env = response_env
       end
@@ -86,7 +90,7 @@ module MAuth
 
     # add MAuth-Client's user-agent to a request
     class MAuthClientUserAgent
-      def initialize(app, agent_base = "Mauth-Client")
+      def initialize(app, agent_base = 'Mauth-Client')
         @app = app
         @agent_base = agent_base
       end

data/lib/mauth/middleware.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/core_ext'
 module MAuth
   # base class for middleware, common to both Faraday and Rack
@@ -15,9 +17,9 @@ module MAuth
     # this method may be overloaded to provide more flexibility in providing a MAuth::Client
     def mauth_client
       require 'mauth/client'
-      # @_mauth_client ivar only used here for caching; should not be used by other methods, in
+      # @mauth_client ivar only used here for caching; should not be used by other methods, in
       # order that overloading #mauth_client will work
-      @_mauth_client ||= @config['mauth_client'] || MAuth::Client.new(@config)
+      @mauth_client ||= @config['mauth_client'] || MAuth::Client.new(@config)
     end
   end
 end

data/lib/mauth/proxy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mauth/client'
 require 'faraday'
 require 'rack'
@@ -7,6 +9,8 @@ module MAuth
   # proxy them to a target URI. the responses from the target may be authenticated, with MAuth
   # (and are by default).
   class Proxy
+    EXCLUDED_RESPONSE_HEADERS = %w[Content-Length Transfer-Encoding].map(&:downcase)
+
     # target_uri is the base relative to which requests are made.
     #
     # options:
@@ -38,12 +42,11 @@ module MAuth
         end
       end
       @persistent_headers = {}
-      if options[:headers]
-        options[:headers].each do |cur|
-          raise "Headers must be in the format of [key]:[value]" unless cur.include?(':')
-          key, throw_away, value = cur.partition(':')
-          @persistent_headers[key.strip] = value.strip
-        end
+      options[:headers]&.each do |cur|
+        raise 'Headers must be in the format of [key]:[value]' unless cur.include?(':')
+
+        key, _throw_away, value = cur.partition(':')
+        @persistent_headers[key.strip] = value.strip
       end
     end
 
@@ -56,20 +59,20 @@ module MAuth
       request_headers = {}
       request_env.each do |k, v|
         if k.start_with?('HTTP_') && k != 'HTTP_HOST'
-          name = k.sub(/\AHTTP_/, '')
+          name = k.delete_prefix('HTTP_')
           request_headers[name] = v
         end
       end
       request_headers.merge!(@persistent_headers)
       if @browser_proxy
-        target_uri = request_env["REQUEST_URI"]
+        target_uri = request_env['REQUEST_URI']
         connection = @target_uris.any? { |u| target_uri.start_with? u } ? @signer_connection : @unsigned_connection
         response = connection.run_request(request_method, target_uri, request_body, request_headers)
       else
         response = @connection.run_request(request_method, request.fullpath, request_body, request_headers)
       end
       response_headers = response.headers.reject do |name, _value|
-        %w(Content-Length Transfer-Encoding).map(&:downcase).include?(name.downcase)
+        EXCLUDED_RESPONSE_HEADERS.include?(name.downcase)
       end
       [response.status, response_headers, [response.body || '']]
     end