Add MultilineMethodCallIndentation cop

.rubocop.yml

@@ -227,6 +227,10 @@ Layout/MultilineHashBraceLayout:
 Layout/MultilineMethodCallBraceLayout:
   Enabled: true
 
+Layout/MultilineMethodCallIndentation:
+  Enabled: true
+  EnforcedStyle: indented
+
 Layout/MultilineMethodDefinitionBraceLayout:
   Enabled: true
   EnforcedStyle: symmetrical

app/controllers/accounts/personal_keys_controller.rb

@@ -40,7 +40,7 @@ def send_new_personal_key_notifications
       end
 
       telephony_responses = MfaContext.new(current_user).
-                            phone_configurations.map do |phone_configuration|
+        phone_configurations.map do |phone_configuration|
         phone = phone_configuration.phone
         Telephony.send_personal_key_regeneration_notice(
           to: phone,

app/controllers/application_controller.rb

@@ -317,15 +317,23 @@ def reauthn?
 
   def confirm_two_factor_authenticated(id = nil)
     return prompt_to_sign_in_with_request_id(id) if user_needs_new_session_with_request_id?(id)
+
     authenticate_user!(force: true)
-    return prompt_to_setup_mfa unless two_factor_enabled?
-    return prompt_to_verify_mfa unless user_fully_authenticated?
-    return prompt_to_setup_mfa if service_provider_mfa_policy.
-                                  user_needs_sp_auth_method_setup?
-    return prompt_to_setup_non_restricted_mfa if two_factor_kantara_enabled?
-    return prompt_to_verify_sp_required_mfa if service_provider_mfa_policy.
-                                               user_needs_sp_auth_method_verification?
+
+    if !two_factor_enabled?
+      return prompt_to_setup_mfa
+    elsif !user_fully_authenticated?
+      return prompt_to_verify_mfa
+    elsif service_provider_mfa_policy.user_needs_sp_auth_method_setup?
+      return prompt_to_setup_mfa
+    elsif two_factor_kantara_enabled?
+      return prompt_to_setup_non_restricted_mfa
+    elsif service_provider_mfa_policy.user_needs_sp_auth_method_verification?
+      return prompt_to_verify_sp_required_mfa
+    end
+
     enforce_total_session_duration_timeout
+
     true
   end
 

app/controllers/concerns/unconfirmed_user_concern.rb

@@ -45,8 +45,9 @@ def stop_if_invalid_token
   end
 
   def email_confirmation_token_validator
-    @email_confirmation_token_validator ||= EmailConfirmationTokenValidator.
-                                            new(@email_address, current_user)
+    @email_confirmation_token_validator ||= begin
+      EmailConfirmationTokenValidator.new(@email_address, current_user)
+    end
   end
 
   def process_valid_confirmation_token

app/controllers/openid_connect/authorization_controller.rb

@@ -45,9 +45,12 @@ def check_sp_handoff_bounced
 
     def confirm_user_is_authenticated_with_fresh_mfa
       bump_auth_count unless user_fully_authenticated?
-      return confirm_two_factor_authenticated(request_id) unless user_fully_authenticated? &&
-                                                                 service_provider_mfa_policy.
-                                                                 auth_method_confirms_to_sp_request?
+
+      unless user_fully_authenticated? && service_provider_mfa_policy.
+          auth_method_confirms_to_sp_request?
+        return confirm_two_factor_authenticated(request_id)
+      end
+
       redirect_to user_two_factor_authentication_url if device_not_remembered?
     end
 
@@ -82,7 +85,7 @@ def profile_or_identity_needs_verification?
 
     def track_authorize_analytics(result)
       analytics_attributes = result.to_h.except(:redirect_uri).
-                             merge(user_fully_authenticated: user_fully_authenticated?)
+        merge(user_fully_authenticated: user_fully_authenticated?)
 
       analytics.openid_connect_request_authorization(**analytics_attributes)
     end

app/controllers/saml_idp_controller.rb

@@ -85,7 +85,7 @@ def confirm_user_is_authenticated_with_fresh_mfa
     bump_auth_count unless user_fully_authenticated?
     return confirm_two_factor_authenticated(request_id) unless user_fully_authenticated? &&
                                                                service_provider_mfa_policy.
-                                                               auth_method_confirms_to_sp_request?
+                                                                 auth_method_confirms_to_sp_request?
     redirect_to user_two_factor_authentication_url if remember_device_expired_for_sp?
   end
 

app/controllers/users/email_confirmations_controller.rb

@@ -17,8 +17,12 @@ def email_address
     end
 
     def email_confirmation_token_validator
-      @email_confirmation_token_validator ||= EmailConfirmationTokenValidator.
-                                              new(email_address, current_user)
+      @email_confirmation_token_validator ||= begin
+        EmailConfirmationTokenValidator.new(
+          email_address,
+          current_user,
+        )
+      end
     end
 
     def email_address_already_confirmed?

app/decorators/user_decorator.rb

@@ -99,7 +99,7 @@ def no_longer_locked_out?
 
   def recent_events
     events = Event.where(user_id: user.id).order('created_at DESC').limit(MAX_RECENT_EVENTS).
-             map(&:decorate)
+      map(&:decorate)
     (events + identity_events).sort_by(&:happened_at).reverse
   end
 

app/forms/openid_connect_token_form.rb

@@ -69,7 +69,7 @@ def find_identity_with_code
     return if code.blank? || code.include?("\x00")
 
     @identity = ServiceProviderIdentity.where(session_uuid: code).
-                order(updated_at: :desc).first
+      order(updated_at: :desc).first
   end
 
   def pkce?

app/jobs/reports/doc_auth_drop_off_rates_per_sprint_report.rb

@@ -33,7 +33,7 @@ def generate_sprints(ret, date, today_date)
           start = date
           finish = date.next_day(14)
           ret << Db::DocAuthLog::BlanketDropOffRatesAllSpsInRange.new.
-                 call('Sprint', fmt(start), fmt(finish))
+            call('Sprint', fmt(start), fmt(finish))
           date = finish
         end
       end

app/jobs/reports/doc_auth_drop_off_rates_report.rb

@@ -67,62 +67,62 @@ def generate_overall_report_all_sps(ret)
 
     def overall_drop_off_rates_all_sps_all_time(ret)
       ret << Db::DocAuthLog::OverallDropOffRatesAllSpsAllTime.new.
-             call('Overall drop off rates for all SPs all time')
+        call('Overall drop off rates for all SPs all time')
     end
 
     def overall_drop_off_rates_all_sps_last_24_hours(ret)
       ret << Db::DocAuthLog::OverallDropOffRatesAllSpsInRange.new.
-             call('Overall drop off rates for all SPs last 24 hours', Date.yesterday, today)
+        call('Overall drop off rates for all SPs last 24 hours', Date.yesterday, today)
     end
 
     def overall_drop_off_rates_all_sps_last_30_days(ret)
       ret << Db::DocAuthLog::OverallDropOffRatesAllSpsInRange.new.
-             call('Overall drop off rates for all SPs last 30 days', today - 30.days, today)
+        call('Overall drop off rates for all SPs last 30 days', today - 30.days, today)
     end
 
     def blanket_drop_off_rates_all_sps_all_time(ret)
       ret << Db::DocAuthLog::BlanketDropOffRatesAllSpsAllTime.new.
-             call('Blanket drop off rates for all SPs all time')
+        call('Blanket drop off rates for all SPs all time')
     end
 
     def blanket_drop_off_rates_all_sps_last_24_hours(ret)
       ret << Db::DocAuthLog::BlanketDropOffRatesAllSpsInRange.new.
-             call('Blanket drop off rates for all SPs last 24 hours', Date.yesterday, today)
+        call('Blanket drop off rates for all SPs last 24 hours', Date.yesterday, today)
     end
 
     def blanket_drop_off_rates_all_sps_last_30_days(ret)
       ret << Db::DocAuthLog::BlanketDropOffRatesAllSpsInRange.new.
-             call('Blanket drop off rates for all SPs last 30 days', today - 30.days, today)
+        call('Blanket drop off rates for all SPs last 30 days', today - 30.days, today)
     end
 
     def blanket_drop_off_rates_per_sp_all_time(ret, sp)
       ret << Db::DocAuthLog::BlanketDropOffRatesPerSpAllTime.new.
-             call('Blanket drop off rates per SP all time', sp.issuer)
+        call('Blanket drop off rates per SP all time', sp.issuer)
     end
 
     def blanket_drop_off_rates_per_sp_last_24_hours(ret, sp)
       ret << Db::DocAuthLog::BlanketDropOffRatesPerSpInRange.new.
-             call('Blanket drop off rates last 24 hours', sp.issuer, Date.yesterday, today)
+        call('Blanket drop off rates last 24 hours', sp.issuer, Date.yesterday, today)
     end
 
     def blanket_drop_off_rates_per_sp_last_30_days(ret, sp)
       ret << Db::DocAuthLog::BlanketDropOffRatesPerSpInRange.new.
-             call('Blanket drop off rates last 30 days', sp.issuer, today - 30.days, today)
+        call('Blanket drop off rates last 30 days', sp.issuer, today - 30.days, today)
     end
 
     def overall_drop_off_rates_per_sp_all_time(ret, sp)
       ret << Db::DocAuthLog::OverallDropOffRatesPerSpAllTime.new.
-             call('Overall drop off rates per SP all time', sp.issuer)
+        call('Overall drop off rates per SP all time', sp.issuer)
     end
 
     def overall_drop_off_rates_per_sp_last_24_hours(ret, sp)
       ret << Db::DocAuthLog::OverallDropOffRatesPerSpInRange.new.
-             call('Overall drop off rates last 24 hours', sp.issuer, Date.yesterday, today)
+        call('Overall drop off rates last 24 hours', sp.issuer, Date.yesterday, today)
     end
 
     def overall_drop_off_rates_per_sp_last_30_days(ret, sp)
       ret << Db::DocAuthLog::OverallDropOffRatesPerSpInRange.new.
-             call('Overall drop off rates last 30 days', sp.issuer, today - 30.days, today)
+        call('Overall drop off rates last 30 days', sp.issuer, today - 30.days, today)
     end
 
     def today

app/models/in_person_enrollment.rb

@@ -24,11 +24,11 @@ class InPersonEnrollment < ApplicationRecord
   # Find enrollments that need a status check via the USPS API
   def self.needs_usps_status_check(check_interval)
     where(status: :pending).
-    and(
-      where(status_check_attempted_at: check_interval).
-      or(where(status_check_attempted_at: nil)),
-    ).
-    order(status_check_attempted_at: :asc)
+      and(
+        where(status_check_attempted_at: check_interval).
+        or(where(status_check_attempted_at: nil)),
+      ).
+      order(status_check_attempted_at: :asc)
   end
 
   # Does this enrollment need a status check via the USPS API?

app/services/idv/gpo_mail.rb

@@ -22,9 +22,9 @@ def any_mail_sent?
 
     def user_mail_events
       @user_mail_events ||= current_user.events.
-                            gpo_mail_sent.
-                            order('updated_at DESC').
-                            limit(MAX_MAIL_EVENTS)
+        gpo_mail_sent.
+        order('updated_at DESC').
+        limit(MAX_MAIL_EVENTS)
     end
 
     def max_events?

config/initializers/devise.rb

@@ -33,7 +33,7 @@
   if auth.env['action_dispatch.cookies']
     expected_cookie_value = "#{user.class}-#{user.id}"
     actual_cookie_value = auth.env['action_dispatch.cookies'].
-                          signed[TwoFactorAuthenticatable::REMEMBER_2FA_COOKIE]
+      signed[TwoFactorAuthenticatable::REMEMBER_2FA_COOKIE]
     bypass_by_cookie = actual_cookie_value == expected_cookie_value
   end
 

spec/controllers/concerns/idv/threat_metrix_concern_spec.rb

@@ -16,7 +16,7 @@ def index; end
 
     before do
       allow(IdentityConfig.store).to receive(:proofing_device_profiling_collecting_enabled).
-      and_return(ff_enabled)
+        and_return(ff_enabled)
     end
 
     context 'ff is set' do

spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb

@@ -140,7 +140,7 @@
           with(:mfa_verify_backup_code, success: false)
 
         expect(@analytics).to receive(:track_event).
-                          with('Multi-Factor Authentication: max attempts reached')
+          with('Multi-Factor Authentication: max attempts reached')
         expect(PushNotification::HttpPush).to receive(:deliver).
           with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user))
 

spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb

@@ -172,7 +172,7 @@
           with(properties)
 
         expect(@analytics).to receive(:track_event).
-                          with('Multi-Factor Authentication: max attempts reached')
+          with('Multi-Factor Authentication: max attempts reached')
         expect(PushNotification::HttpPush).to receive(:deliver).
           with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user))
 

spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb

@@ -156,7 +156,7 @@
         expect(@analytics).to receive(:track_mfa_submit_event).
           with(properties)
         expect(@analytics).to receive(:track_event).
-                          with('Multi-Factor Authentication: max attempts reached')
+          with('Multi-Factor Authentication: max attempts reached')
         expect(PushNotification::HttpPush).to receive(:deliver).
           with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user))
 

spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb

@@ -211,7 +211,7 @@
         )
 
         expect(@analytics).to receive(:track_event).
-                          with('Multi-Factor Authentication: max attempts reached')
+          with('Multi-Factor Authentication: max attempts reached')
         expect(PushNotification::HttpPush).to receive(:deliver).
           with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user))
 

spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb

@@ -94,7 +94,7 @@
         expect(@analytics).to receive(:track_mfa_submit_event).
           with(attributes)
         expect(@analytics).to receive(:track_event).
-                          with('Multi-Factor Authentication: max attempts reached')
+          with('Multi-Factor Authentication: max attempts reached')
         expect(@irs_attempts_api_tracker).to receive(:track_event).
           with(:mfa_verify_totp, success: false)
         expect(PushNotification::HttpPush).to receive(:deliver).

spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb

@@ -151,8 +151,8 @@
           let(:view_context) { ActionController::Base.new.view_context }
           before do
             allow_any_instance_of(TwoFactorAuthCode::WebauthnAuthenticationPresenter).
-            to receive(:multiple_factors_enabled?).
-            and_return(true)
+              to receive(:multiple_factors_enabled?).
+              and_return(true)
           end
 
           it 'redirects to webauthn show page' do
@@ -175,8 +175,8 @@
         context 'User only has webauthn as an MFA method' do
           before do
             allow_any_instance_of(TwoFactorAuthCode::WebauthnAuthenticationPresenter).
-            to receive(:multiple_factors_enabled?).
-            and_return(false)
+              to receive(:multiple_factors_enabled?).
+              and_return(false)
           end
 
           it 'redirects to webauthn error page ' do

spec/controllers/users/additional_mfa_required_controller_spec.rb

@@ -28,7 +28,7 @@
     let(:enforcement_date) { Time.zone.today + 6.days }
     before do
       allow(IdentityConfig.store).to receive(:kantara_restriction_enforcement_date).
-      and_return(enforcement_date)
+        and_return(enforcement_date)
     end
 
     context 'before enforcement date' do
@@ -55,7 +55,7 @@
 
         user.reload
         expect(user.non_restricted_mfa_required_prompt_skip_date).
-        to eq Time.zone.today
+          to eq Time.zone.today
       end
 
       it 'does not allow unauthenticated users' do

spec/controllers/users/email_confirmations_controller_spec.rb

@@ -14,9 +14,9 @@
           )).ordered
 
         expect(PushNotification::HttpPush).to receive(:deliver).once.
-            with(PushNotification::RecoveryInformationChangedEvent.new(
-              user: user,
-            )).ordered
+          with(PushNotification::RecoveryInformationChangedEvent.new(
+            user: user,
+          )).ordered
 
         add_email_form = AddUserEmailForm.new
         add_email_form.submit(user, email: new_email)

spec/controllers/users/rules_of_use_controller_spec.rb

@@ -147,7 +147,7 @@
       it 'logs a failure analytics event' do
         stub_analytics
         expect(@analytics).to receive(:track_event).
-            with('Rules of Use Submitted', hash_including(success: false))
+          with('Rules of Use Submitted', hash_including(success: false))
 
         action
       end

spec/controllers/users/service_provider_revoke_controller_spec.rb

@@ -67,7 +67,7 @@
           subject
         end
       end.to change { @identity.reload.deleted_at&.to_i }.
-      from(nil).to(now.to_i)
+        from(nil).to(now.to_i)
 
       expect(response).to redirect_to(account_connected_accounts_path)
     end

spec/controllers/users/two_factor_authentication_setup_controller_spec.rb

@@ -107,8 +107,8 @@
       stub_attempts_tracker
 
       expect(@irs_attempts_api_tracker).to receive(:track_event).
-      with(:mfa_enroll_options_selected, success: true,
-                                         mfa_device_types: ['voice', 'auth_app'])
+        with(:mfa_enroll_options_selected, success: true,
+                                           mfa_device_types: ['voice', 'auth_app'])
 
       patch :create, params: {
         two_factor_options_form: {

spec/features/account/backup_codes_spec.rb

@@ -55,8 +55,8 @@
       click_continue
 
       generated_at = user.backup_code_configurations.
-                     order(created_at: :asc).first.created_at.
-                     in_time_zone('UTC')
+        order(created_at: :asc).first.created_at.
+        in_time_zone('UTC')
       formatted_generated_at = l(generated_at, format: t('time.formats.event_timestamp'))
 
       expected_message = "#{t('account.index.backup_codes_exist')} #{formatted_generated_at}"