Commit 7fccbed

@@ -6,32 +6,38 @@ class TokensController < ApplicationController
     response.headers['Pragma'] = 'no-cache'
 
     if params[:grant_type] == 'authorization_code'
-      authorization = current_client.authorizations.active.find_by!(code: params[:code])
-      @access_token, @refresh_token = authorization.issue_tokens_to(current_client)
+      authorization =
+        current_client.authorizations.active.find_by!(code: params[:code])
+      @access_token, @refresh_token =
+        authorization.issue_tokens_to(current_client)
     elsif params[:grant_type] == 'refresh_token'
       refresh_token = params[:refresh_token]
       jti = Token.claims_for(refresh_token, token_type: :refresh)[:jti]
-      @access_token, @refresh_token = Token.find_by!(uuid: jti).issue_tokens_to(current_client)
+      token = Token.find_by!(uuid: jti)
+      @access_token, @refresh_token = token.issue_tokens_to(current_client)
     elsif params[:grant_type] == 'client_credentials'
       @access_token = current_client.access_token
     elsif params[:grant_type] == 'password'
       user = User.login(params[:username], params[:password])
-      return render "bad_request", formats: :json, status: :bad_request unless user
       @access_token, @refresh_token = user.issue_tokens_to(current_client)
     elsif params[:grant_type] == 'urn:ietf:params:oauth:grant-type:saml2-bearer'
-      assertion = Saml::Kit::Assertion.new(Base64.urlsafe_decode64(params[:assertion]))
-      return render "bad_request", formats: :json, status: :bad_request if assertion.invalid?
-      user = assertion.name_id_format == Saml::Kit::Namespaces::PERSISTENT ?
-        User.find_by!(uuid: assertion.name_id) :
-        User.find_by!(email: assertion.name_id)
+      assertion = Saml::Kit::Assertion.new(
+        Base64.urlsafe_decode64(params[:assertion])
+      )
+      return bad_request if assertion.invalid?
+      user = if assertion.name_id_format == Saml::Kit::Namespaces::PERSISTENT
+               User.find_by!(uuid: assertion.name_id)
+             else
+               User.find_by!(email: assertion.name_id)
+             end
       @access_token, @refresh_token = user.issue_tokens_to(current_client)
     else
-      return render "bad_request", formats: :json, status: :bad_request
+      return bad_request
     end
     render formats: :json
   rescue StandardError => error
     Rails.logger.error(error)
-    render "bad_request", formats: :json, status: :bad_request
+    bad_request
   end
 
   private
@@ -42,6 +48,11 @@ class TokensController < ApplicationController
     @current_client = authenticate_with_http_basic do |client_id, client_secret|
       Client.find_by(uuid: client_id)&.authenticate(client_secret)
     end
-    render "invalid_client", formats: :json, status: :unauthorized unless current_client
+    return if current_client
+    render "invalid_client", formats: :json, status: :unauthorized
+  end
+
+  def bad_request
+    render "bad_request", formats: :json, status: :bad_request
   end
 end

@@ -15,7 +15,9 @@ class Client < ApplicationRecord
 
   def access_token
     transaction do
-      Token.active.where(subject: self, audience: self).update_all(revoked_at: Time.now)
+      Token
+        .active.where(subject: self, audience: self)
+        .update_all(revoked_at: Time.now)
       Token.create!(subject: self, audience: self, token_type: :access)
     end
   end