saml-kit 1.0.15 → 1.0.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 589e2c267c9eef495616d9ecac88c78b2961baee78ae9d8fa404f566260b3c9c
-  data.tar.gz: f9bbb3af185e370d62ffab5182801a110b436e7c13b93997536f5856642abbd0
+  metadata.gz: 870747d355b7bcad61bc1d7c502492b74d34e3d374b11134b0f39acebf5b6bb0
+  data.tar.gz: 3c683b3ce55dcefc468e2e5ff4c9a103fd82b4f314b4e0e2bc41e0f6461b1c3d
 SHA512:
-  metadata.gz: b4931f06f5fc42b83dd0cdcb27485cce1bb85dac1973a97a47be244b7bbcbda9b2ecf33cd7055c7e9f035a00f0d81840cf6e224c1a7d12834bc7d9901de7cc44
-  data.tar.gz: b60f4263ffe6fb7804d5a708dab81e9168b14435929a2c3ec0c338c76854b5e73694bab32b51ef95f84dbecdc231f20a6285a153e15e9346facbf860bb4276cd
+  metadata.gz: 01243f10344d2615911d3d9d139e2a39f3a08afe1c66badf311208947d16ee51276977df6e32a52ca085962e952bc470f72e07982c944b40d6b36d11450e453c
+  data.tar.gz: 84d3a97162a0f01cc2a31b484539a97f92ff452c5c406020318d32a3e3719381825e02c3fd0ce08e43d4597f8701587e1e047f9e0e19ad57bdaf87f122225de5

data/Rakefile

@@ -2,16 +2,12 @@
 
 require 'bundler/audit/task'
 require 'bundler/gem_tasks'
-require 'reek/rake/task'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new(:rubocop)
 Bundler::Audit::Task.new
-Reek::Rake::Task.new(:reek) do |task|
-  task.config_file = '.reek'
-end
 
-task lint: [:rubocop, :reek, 'bundle:audit']
+task lint: [:rubocop, 'bundle:audit']
 task default: :spec

data/exe/saml-kit-create-self-signed-certificate

@@ -3,11 +3,15 @@
 
 require 'saml/kit'
 
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-create-self-signed-certificate")
+message = "Use the 'saml-kit-cli' gem instead."\
+  ' saml-kit-create-self-signed-certificate'
+Saml::Kit.deprecate(message)
 
 puts 'Enter Passphrase:'
 passphrase = STDIN.read.strip
-certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
+certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(
+  passphrase: passphrase
+)
 
 puts '** BEGIN File Format **'
 print certificate

data/exe/saml-kit-decode-http-post

@@ -3,7 +3,8 @@
 
 require 'saml/kit'
 
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-post")
+message = "Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-post"
+Saml::Kit.deprecate(message)
 
 saml = STDIN.read
 binding = Saml::Kit::Bindings::HttpPost.new(location: '')

data/exe/saml-kit-decode-http-redirect

@@ -3,7 +3,8 @@
 
 require 'saml/kit'
 
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-redirect*")
+message = "Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-redirect*"
+Saml::Kit.deprecate(message)
 
 input = STDIN.read
 binding = Saml::Kit::Bindings::HttpRedirect.new(location: '')

data/lib/saml/kit/assertion.rb

@@ -8,10 +8,14 @@ module Saml
     class Assertion
       include ActiveModel::Validations
       include Translatable
+      include XmlParseable
+      extend Forwardable
       XPATH = [
         '/samlp:Response/saml:Assertion',
         '/samlp:Response/saml:EncryptedAssertion'
       ].join('|')
+      def_delegators :conditions, :started_at, :expired_at, :audiences
+      def_delegators :attribute_statement, :attributes
 
       validate :must_be_decryptable
       validate :must_match_issuer, if: :decryptable?
@@ -20,15 +24,17 @@ module Saml
       attr_reader :name
       attr_accessor :occurred_at
 
-      def initialize(node, configuration: Saml::Kit.configuration, private_keys: [])
+      def initialize(
+        node, configuration: Saml::Kit.configuration, private_keys: []
+      )
         @name = 'Assertion'
-        @node = node
+        @to_nokogiri = node
         @configuration = configuration
         @occurred_at = Time.current
         @cannot_decrypt = false
         @encrypted = false
-        private_keys = (configuration.private_keys(use: :encryption) + private_keys).uniq
-        decrypt(::Xml::Kit::Decryption.new(private_keys: private_keys))
+        keys = configuration.private_keys(use: :encryption) + private_keys
+        decrypt(::Xml::Kit::Decryption.new(private_keys: keys.uniq))
       end
 
       def issuer
@@ -39,6 +45,10 @@ module Saml
         at_xpath('./saml:Subject/saml:NameID').try(:text)
       end
 
+      def name_id_format
+        at_xpath('./saml:Subject/saml:NameID').attribute('Format').try(:value)
+      end
+
       def signed?
         signature.present?
       end
@@ -56,23 +66,13 @@ module Saml
         now > drifted_started_at && !expired?(now)
       end
 
-      def attributes
-        @attributes ||= search('./saml:AttributeStatement/saml:Attribute').inject({}) do |memo, item|
-          memo[item.attribute('Name').value] = item.at_xpath('./saml:AttributeValue', Saml::Kit::Document::NAMESPACES).try(:text)
-          memo
-        end.with_indifferent_access
+      def attribute_statement
+        @attribute_statement ||=
+          AttributeStatement.new(search('./saml:AttributeStatement'))
       end
 
-      def started_at
-        parse_date(at_xpath('./saml:Conditions/@NotBefore').try(:value))
-      end
-
-      def expired_at
-        parse_date(at_xpath('./saml:Conditions/@NotOnOrAfter').try(:value))
-      end
-
-      def audiences
-        search('./saml:Conditions/saml:AudienceRestriction/saml:Audience').map(&:text)
+      def conditions
+        @conditions ||= Conditions.new(search('./saml:Conditions'))
       end
 
       def encrypted?
@@ -84,16 +84,8 @@ module Saml
         !@cannot_decrypt
       end
 
-      def present?
-        @node.present?
-      end
-
-      def to_xml(pretty: nil)
-        pretty ? @node.to_xml(indent: 2) : to_s
-      end
-
       def to_s
-        @node.to_s
+        @to_nokogiri.to_s
       end
 
       private
@@ -104,22 +96,14 @@ module Saml
         encrypted_assertion = at_xpath('./xmlenc:EncryptedData')
         @encrypted = encrypted_assertion.present?
         return unless @encrypted
-        @node = decryptor.decrypt_node(encrypted_assertion)
+        @to_nokogiri = decryptor.decrypt_node(encrypted_assertion)
       rescue Xml::Kit::DecryptionError => error
         @cannot_decrypt = true
         Saml::Kit.logger.error(error)
       end
 
-      def parse_date(value)
-        DateTime.parse(value)
-      rescue StandardError => error
-        Saml::Kit.logger.error(error)
-        Time.at(0).to_datetime
-      end
-
       def must_match_issuer
-        return if audiences.empty?
-        return if audiences.include?(configuration.entity_id)
+        return if audiences.empty? || audiences.include?(configuration.entity_id)
         errors[:audience] << error_message(:must_match_issuer)
       end
 
@@ -130,7 +114,6 @@ module Saml
 
       def must_have_valid_signature
         return if !signed? || signature.valid?
-
         signature.errors.each do |attribute, message|
           errors.add(attribute, message)
         end
@@ -139,15 +122,6 @@ module Saml
       def must_be_decryptable
         errors.add(:base, error_message(:cannot_decrypt)) unless decryptable?
       end
-
-      def at_xpath(xpath)
-        return unless @node
-        @node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
-      end
-
-      def search(xpath)
-        @node.search(xpath, Saml::Kit::Document::NAMESPACES)
-      end
     end
   end
 end

data/lib/saml/kit/attribute_statement.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    class AttributeStatement
+      include XmlParseable
+
+      attr_reader :content
+
+      def initialize(node)
+        @to_nokogiri = node
+        @content = node.to_s
+      end
+
+      def attributes
+        @attributes ||= search('./saml:Attribute').inject({}) do |memo, item|
+          namespace = Saml::Kit::Document::NAMESPACES
+          attribute = item.at_xpath('./saml:AttributeValue', namespace)
+          memo[item.attribute('Name').value] = attribute.try(:text)
+          memo
+        end.with_indifferent_access
+      end
+    end
+  end
+end

data/lib/saml/kit/authentication_request.rb

@@ -11,9 +11,17 @@ module Saml
     #    end
     #
     #    <?xml version="1.0" encoding="UTF-8"?>
-    #    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ca3a0e72-9530-41f1-9518-c53716de88b2" Version="2.0" IssueInstant="2017-12-19T16:27:44Z" Destination="http://hartmann.info" AssertionConsumerServiceURL="https://carroll.com/acs">
+    #    <samlp:AuthnRequest
+    #      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    #      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    #      ID="_ca3a0e72-9530-41f1-9518-c53716de88b2"
+    #      Version="2.0"
+    #      IssueInstant="2017-12-19T16:27:44Z"
+    #      Destination="http://hartmann.info"
+    #      AssertionConsumerServiceURL="https://carroll.com/acs">
     #      <saml:Issuer>Day of the Dangerous Cousins</saml:Issuer>
-    #      <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+    #      <samlp:NameIDPolicy
+    #        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
     #    </samlp:AuthnRequest>
     #
     # Example:
@@ -25,13 +33,16 @@ module Saml
       # Create an instance of an AuthnRequest document.
       #
       # @param xml [String] the raw xml.
-      # @param configuration [Saml::Kit::Configuration] defaults to the global configuration.
+      # @param configuration [Saml::Kit::Configuration] defaults to the global
+      # configuration.
       def initialize(xml, configuration: Saml::Kit.configuration)
         super(xml, name: 'AuthnRequest', configuration: configuration)
       end
 
       # Extract the AssertionConsumerServiceURL from the AuthnRequest
-      #    <samlp:AuthnRequest AssertionConsumerServiceURL="https://carroll.com/acs"></samlp:AuthnRequest>
+      #    <samlp:AuthnRequest
+      #      AssertionConsumerServiceURL="https://carroll.com/acs">
+      #    </samlp:AuthnRequest>
       def assertion_consumer_service_url
         at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
       end
@@ -42,23 +53,31 @@ module Saml
 
       # Extract the NameIDPolicy from the AuthnRequest
       #    <samlp:AuthnRequest>
-      #      <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+      #      <samlp:NameIDPolicy
+      #        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
       #    </samlp:AuthnRequest>
       def name_id_policy
         at_xpath('./*/samlp:NameIDPolicy/@Format').try(:value)
       end
 
       # Generate a Response for a specific user.
-      # @param user [Object] this is a custom user object that can be used for generating a nameid and assertion attributes.
-      # @param binding [Symbol] the SAML binding to use `:http_post` or `:http_redirect`.
-      # @param configuration [Saml::Kit::Configuration] the configuration to use to build the response.
-      def response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration)
-        response_binding = provider.assertion_consumer_service_for(binding: binding)
-        response = Saml::Kit::Response.builder(user, self, configuration: configuration) do |builder|
-          builder.embed_signature = provider.want_assertions_signed
-          yield builder if block_given?
-        end
-        response_binding.serialize(response, relay_state: relay_state)
+      # @param user [Object] this is a custom user object that can be used for
+      # generating a nameid and assertion attributes.
+      # @param binding [Symbol] the SAML binding to use
+      # `:http_post` or `:http_redirect`.
+      # @param configuration [Saml::Kit::Configuration] the configuration to
+      # use to build the response.
+      def response_for(
+        user, binding:, relay_state: nil, configuration: Saml::Kit.configuration
+      )
+        response =
+          Response.builder(user, self, configuration: configuration) do |x|
+            x.embed_signature = provider.want_assertions_signed
+            yield x if block_given?
+          end
+        provider
+          .assertion_consumer_service_for(binding: binding)
+          .serialize(response, relay_state: relay_state)
       end
     end
   end

data/lib/saml/kit/bindings/binding.rb

@@ -56,13 +56,10 @@ module Saml
             SAMLRequest: params[:SAMLRequest] || params['SAMLRequest'],
             SAMLResponse: params[:SAMLResponse] || params['SAMLResponse'],
           }
-          if parameters[:SAMLRequest].present?
-            parameters[:SAMLRequest]
-          elsif parameters[:SAMLResponse].present?
-            parameters[:SAMLResponse]
-          else
-            raise ArgumentError, 'SAMLRequest or SAMLResponse parameter is required.'
-          end
+          return parameters[:SAMLRequest] if parameters[:SAMLRequest].present?
+          return parameters[:SAMLResponse] if parameters[:SAMLResponse].present?
+          message = 'SAMLRequest or SAMLResponse parameter is required.'
+          raise ArgumentError, message
         end
       end
     end

data/lib/saml/kit/bindings/http_post.rb

@@ -19,8 +19,9 @@ module Saml
         def serialize(builder, relay_state: nil)
           builder.destination = location
           document = builder.build
+          xml = document.to_xml
           saml_params = {
-            document.query_string_parameter => Base64.strict_encode64(document.to_xml),
+            document.query_string_parameter => Base64.strict_encode64(xml),
           }
           saml_params['RelayState'] = relay_state if relay_state.present?
           [location, saml_params]
@@ -28,7 +29,10 @@ module Saml
 
         def deserialize(params, configuration: Saml::Kit.configuration)
           xml = decode(saml_param_from(params))
-          Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
+          Saml::Kit::Document.to_saml_document(
+            xml,
+            configuration: configuration
+          )
         end
       end
     end

data/lib/saml/kit/bindings/http_redirect.rb

@@ -20,7 +20,8 @@ module Saml
           builder.embed_signature = false
           builder.destination = location
           document = builder.build
-          [UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
+          url_builder = UrlBuilder.new(configuration: builder.configuration)
+          [url_builder.build(document, relay_state: relay_state), {}]
         end
 
         def deserialize(params, configuration: Saml::Kit.configuration)
@@ -34,18 +35,20 @@ module Saml
 
         def deserialize_document_from(params, configuration)
           xml = inflate(decode(unescape(saml_param_from(params))))
-          Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
+          Saml::Kit::Document.to_saml_document(
+            xml,
+            configuration: configuration
+          )
         end
 
         def ensure_valid_signature(params, document)
           signature = params[:Signature]
-          algorithm = params[:SigAlg]
           provider = document.provider
-          return if signature.blank? || algorithm.blank?
+          return if signature.blank? || params[:SigAlg].blank?
           return if provider.nil?
 
           return document.signature_verified! if provider.verify(
-            algorithm_for(algorithm),
+            algorithm_for(params[:SigAlg]),
             decode(signature),
             canonicalize(params)
           )

data/lib/saml/kit/bindings/url_builder.rb

@@ -17,17 +17,16 @@ module Saml
           @configuration = configuration
         end
 
-        def build(saml_document, relay_state: nil)
-          destination = saml_document.destination
+        def build(document, relay_state: nil)
+          destination = document.destination
           if configuration.sign?
-            payload = canonicalize(saml_document, relay_state)
+            payload = canonicalize(document, relay_state)
             "#{destination}?#{payload}&Signature=#{signature_for(payload)}"
           else
-            payload = to_query_string(
-              saml_document.query_string_parameter => serialize(saml_document.to_xml),
+            "#{destination}?" + to_query_string(
+              document.query_string_parameter => serialize(document.to_xml),
               'RelayState' => relay_state
             )
-            "#{destination}?#{payload}"
           end
         end
 
@@ -39,8 +38,9 @@ module Saml
         end
 
         def canonicalize(saml_document, relay_state)
+          xml = saml_document.to_xml
           to_query_string(
-            saml_document.query_string_parameter => serialize(saml_document.to_xml),
+            saml_document.query_string_parameter => serialize(xml),
             'RelayState' => relay_state,
             'SigAlg' => ::Xml::Kit::Namespaces::SHA256
           )

data/lib/saml/kit/bindings.rb

@@ -11,9 +11,10 @@ module Saml
     # the different SAML bindings that are
     # supported by this gem.
     module Bindings
-      HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'.freeze
-      HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'.freeze
-      HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'.freeze
+      BINDINGS_2_0 = 'urn:oasis:names:tc:SAML:2.0:bindings'.freeze
+      HTTP_ARTIFACT = "#{BINDINGS_2_0}:HTTP-Artifact".freeze
+      HTTP_POST = "#{BINDINGS_2_0}:HTTP-POST".freeze
+      HTTP_REDIRECT = "#{BINDINGS_2_0}:HTTP-Redirect".freeze
       ALL = {
         http_post: HTTP_POST,
         http_redirect: HTTP_REDIRECT,

data/lib/saml/kit/builders/assertion.rb

@@ -9,7 +9,9 @@ module Saml
         include XmlTemplatable
         extend Forwardable
 
-        def_delegators :@response_builder, :request, :issuer, :reference_id, :now, :configuration, :user, :version, :destination
+        def_delegators :@response_builder,
+          :request, :issuer, :reference_id, :now, :configuration, :user,
+          :version, :destination
 
         def initialize(response_builder, embed_signature)
           @response_builder = response_builder
@@ -17,7 +19,7 @@ module Saml
         end
 
         def name_id_format
-          request.try(:name_id_format) || Saml::Kit::Namespaces::PERSISTENT
+          request.try(:name_id_format)
         end
 
         def name_id
@@ -62,7 +64,8 @@ module Saml
           {
             AuthnInstant: now.iso8601,
             SessionIndex: reference_id,
-            SessionNotOnOrAfter: configuration.session_timeout.since(now).utc.iso8601,
+            SessionNotOnOrAfter:
+            configuration.session_timeout.since(now).utc.iso8601,
           }
         end
       end

data/lib/saml/kit/builders/authentication_request.rb

@@ -7,7 +7,8 @@ module Saml
       # {include:file:spec/saml/kit/builders/authentication_request_spec.rb}
       class AuthenticationRequest
         include XmlTemplatable
-        attr_accessor :id, :now, :issuer, :assertion_consumer_service_url, :name_id_format, :destination
+        attr_accessor :id, :now, :issuer, :assertion_consumer_service_url
+        attr_accessor :name_id_format, :destination
         attr_accessor :version
         attr_reader :configuration
 
@@ -36,7 +37,8 @@ module Saml
             Destination: destination,
           }
           if assertion_consumer_service_url.present?
-            options[:AssertionConsumerServiceURL] = assertion_consumer_service_url
+            options[:AssertionConsumerServiceURL] =
+              assertion_consumer_service_url
           end
           options
         end

data/lib/saml/kit/builders/encrypted_assertion.rb

@@ -10,7 +10,9 @@ module Saml
         extend Forwardable
 
         attr_reader :assertion
-        def_delegators :@response_builder, :configuration, :encryption_certificate
+        def_delegators :@response_builder,
+          :configuration,
+          :encryption_certificate
 
         def initialize(response_builder, assertion)
           @response_builder = response_builder

data/lib/saml/kit/builders/identity_provider_metadata.rb

@@ -13,7 +13,9 @@ module Saml
         attr_reader :logout_urls, :single_sign_on_urls
         attr_reader :configuration
         attr_reader :metadata
-        def_delegators :metadata, :id, :id=, :entity_id, :entity_id=, :organization_name, :organization_name=, :organization_url, :organization_url=, :contact_email, :contact_email=, :to_xml
+        def_delegators :metadata, :id, :id=, :entity_id, :entity_id=,
+          :organization_name, :organization_name=, :organization_url,
+          :organization_url=, :contact_email, :contact_email=, :to_xml
 
         def initialize(configuration: Saml::Kit.configuration)
           @attributes = []
@@ -24,16 +26,24 @@ module Saml
           @name_id_formats = [Namespaces::PERSISTENT]
           @single_sign_on_urls = []
           @want_authn_requests_signed = true
-          @metadata = Saml::Kit::Builders::Metadata.new(configuration: configuration)
+          @metadata = Saml::Kit::Builders::Metadata.new(
+            configuration: configuration
+          )
           @metadata.identity_provider = self
         end
 
         def add_single_sign_on_service(url, binding: :http_post)
-          @single_sign_on_urls.push(location: url, binding: Bindings.binding_for(binding))
+          @single_sign_on_urls.push(
+            location: url,
+            binding: Bindings.binding_for(binding)
+          )
         end
 
         def add_single_logout_service(url, binding: :http_post)
-          @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
+          @logout_urls.push(
+            location: url,
+            binding: Bindings.binding_for(binding)
+          )
         end
 
         def build

data/lib/saml/kit/builders/metadata.rb

@@ -22,14 +22,18 @@ module Saml
         end
 
         def build_service_provider
-          @service_provider = Saml::Kit::ServiceProviderMetadata.builder(configuration: configuration) do |xx|
-            yield xx if block_given?
+          @service_provider = Saml::Kit::ServiceProviderMetadata.builder(
+            configuration: configuration
+          ) do |x|
+            yield x if block_given?
           end
         end
 
         def build_identity_provider
-          @identity_provider = Saml::Kit::IdentityProviderMetadata.builder(configuration: configuration) do |xx|
-            yield xx if block_given?
+          @identity_provider = Saml::Kit::IdentityProviderMetadata.builder(
+            configuration: configuration
+          ) do |x|
+            yield x if block_given?
           end
         end
 

data/lib/saml/kit/builders/null.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 module Saml

data/lib/saml/kit/builders/response.rb

@@ -13,7 +13,9 @@ module Saml
         attr_accessor :issuer, :destination
         attr_reader :configuration
 
-        def initialize(user, request = nil, configuration: Saml::Kit.configuration)
+        def initialize(
+          user, request = nil, configuration: Saml::Kit.configuration
+        )
           @user = user
           @request = request
           @id = ::Xml::Kit::Id.generate
@@ -23,23 +25,30 @@ module Saml
           @status_code = Namespaces::SUCCESS
           @status_message = nil
           @issuer = configuration.entity_id
-          @encryption_certificate = request.try(:provider).try(:encryption_certificates).try(:last)
+          @encryption_certificate = request.try(:provider)
+            .try(:encryption_certificates).try(:last)
           @encrypt = encryption_certificate.present?
           @configuration = configuration
         end
 
         def build
-          Saml::Kit::Response.new(to_xml, request_id: request.try(:id), configuration: configuration)
+          Saml::Kit::Response.new(
+            to_xml,
+            request_id: request.try(:id),
+            configuration: configuration
+          )
         end
 
         def assertion=(value)
-          @assertion = value ? value : Null.new
+          @assertion = value || Null.new
         end
 
         def assertion
           @assertion ||=
             begin
-              assertion = Saml::Kit::Builders::Assertion.new(self, embed_signature)
+              assertion = Saml::Kit::Builders::Assertion.new(
+                self, embed_signature
+              )
               if encrypt
                 Saml::Kit::Builders::EncryptedAssertion.new(self, assertion)
               else

data/lib/saml/kit/builders/service_provider_metadata.rb

@@ -12,7 +12,9 @@ module Saml
         attr_accessor :want_assertions_signed
         attr_reader :configuration
         attr_reader :metadata
-        def_delegators :metadata, :id, :id=, :entity_id, :entity_id=, :organization_name, :organization_name=, :organization_url, :organization_url=, :contact_email, :contact_email=, :to_xml
+        def_delegators :metadata, :id, :id=, :entity_id, :entity_id=,
+          :organization_name, :organization_name=, :organization_url,
+          :organization_url=, :contact_email, :contact_email=, :to_xml
 
         def initialize(configuration: Saml::Kit.configuration)
           @acs_urls = []
@@ -20,7 +22,9 @@ module Saml
           @logout_urls = []
           @name_id_formats = [Namespaces::PERSISTENT]
           @want_assertions_signed = true
-          @metadata = Saml::Kit::Builders::Metadata.new(configuration: configuration)
+          @metadata = Saml::Kit::Builders::Metadata.new(
+            configuration: configuration
+          )
           @metadata.service_provider = self
         end
 
@@ -29,7 +33,10 @@ module Saml
         end
 
         def add_single_logout_service(url, binding: :http_post)
-          @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
+          @logout_urls.push(
+            location: url,
+            binding: Bindings.binding_for(binding)
+          )
         end
 
         def build