➖ nkf not needed

pboling · pboling · commit 37ae001d648f · 2025-11-04T22:07:27.000-07:00
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
@@ -1,9 +1,9 @@
 {
-  "lib/omniauth-ldap/adaptor.rb:2352927785": [
-    [36, 7, 413, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 105664470],
-    [86, 17, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
-    [86, 30, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
-    [86, 37, 1, "Lint/AssignmentInCondition: Wrap assignment in parentheses if intentional", 177560]
+  "lib/omniauth-ldap/adaptor.rb:3906050285": [
+    [64, 7, 413, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 105664470],
+    [114, 17, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
+    [114, 30, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
+    [114, 37, 1, "Lint/AssignmentInCondition: Wrap assignment in parentheses if intentional", 177560]
   ],
   "spec/integration/middleware_spec.rb:4062046892": [
     [3, 16, 39, "RSpec/DescribeClass: The first argument to describe should be the class or module being tested.", 638096201],
@@ -15,29 +15,30 @@
     [4, 3, 12, "RSpec/BeforeAfterAll: Beware of using `before(:all)` as it may cause state to leak between tests. If you are using `rspec-rails`, and `use_transactional_fixtures` is enabled, then records created in `before(:all)` are not automatically rolled back.", 86334566],
     [70, 16, 5, "RSpec/ExpectActual: Provide the actual value you are testing to `expect(...)`.", 237881235]
   ],
-  "spec/omniauth-ldap/adaptor_spec.rb:3624298807": [
-    [72, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
-    [73, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
-    [74, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
-    [80, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
-    [81, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
-    [82, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310]
+  "spec/omniauth-ldap/adaptor_spec.rb:2715031579": [
+    [3, 1, 38, "RSpec/SpecFilePathFormat: Spec path should end with `omni_auth/ldap/adaptor*_spec.rb`.", 1973618936],
+    [206, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
+    [207, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
+    [208, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
+    [214, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
+    [215, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
+    [216, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310]
   ],
-  "spec/omniauth/adaptor_spec.rb:3492754784": [
+  "spec/omniauth/adaptor_spec.rb:1168013709": [
     [3, 1, 38, "RSpec/SpecFilePathFormat: Spec path should end with `omni_auth/ldap/adaptor*_spec.rb`.", 1973618936],
-    [42, 7, 38, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 3627954156],
-    [43, 7, 38, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 3627954156],
-    [80, 7, 48, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 2759780562]
+    [46, 7, 38, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 3627954156],
+    [47, 7, 38, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 3627954156],
+    [84, 7, 48, "RSpec/AnyInstance: Avoid stubbing using `allow_any_instance_of`.", 2759780562]
   ],
-  "spec/omniauth/strategies/ldap_spec.rb:3760791626": [
-    [13, 3, 54, "RSpec/LeakyConstantDeclaration: Stub class constant instead of declaring explicitly.", 2419068710],
-    [76, 13, 9, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1130140517],
-    [101, 17, 28, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3444838747],
-    [110, 17, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1584148894],
-    [121, 17, 32, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1515076977],
-    [129, 19, 19, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2526348694],
-    [141, 17, 56, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2413495789],
-    [156, 13, 9, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3182939526],
-    [189, 15, 19, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2526348694]
+  "spec/omniauth/strategies/ldap_spec.rb:86189447": [
+    [14, 3, 54, "RSpec/LeakyConstantDeclaration: Stub class constant instead of declaring explicitly.", 2419068710],
+    [90, 13, 9, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1130140517],
+    [145, 17, 28, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3444838747],
+    [154, 17, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1584148894],
+    [165, 17, 32, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1515076977],
+    [174, 19, 19, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2526348694],
+    [187, 17, 56, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2413495789],
+    [202, 13, 9, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3182939526],
+    [235, 15, 19, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2526348694]
   ]
 }
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -157,7 +157,6 @@ GEM
     net-ldap (0.20.0)
       base64
       ostruct
-    nkf (0.2.0)
     nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
     notiffany (0.1.3)
@@ -393,7 +392,6 @@ DEPENDENCIES
   kramdown-parser-gfm (~> 1.1)
   logger (~> 1.7)
   mutex_m (~> 0.2)
-  nkf
   omniauth-ldap!
   rack-test (~> 2.2)
   rake (~> 13.0)
diff --git a/README.md b/README.md
@@ -64,8 +64,8 @@ use OmniAuth::Strategies::LDAP,
   bind_dn: "default_bind_dn",
   password: "password",
   tls_options: {
-    ssl_version: 'TLSv1_2',
-    ciphers: ["AES-128-CBC", "AES-128-CBC-HMAC-SHA1", "AES-128-CBC-HMAC-SHA256"]
+    ssl_version: "TLSv1_2",
+    ciphers: ["AES-128-CBC", "AES-128-CBC-HMAC-SHA1", "AES-128-CBC-HMAC-SHA256"],
   }
 # Or, alternatively:
 # use OmniAuth::Strategies::LDAP, filter: '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))'
@@ -97,20 +97,6 @@ Compatible with MRI Ruby 2.0+, and concordant releases of JRuby, and TruffleRuby
 |------------------------------------------------|--------------------------------------------------------|
 | 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
 
-#### Ruby 3.4
-
-nkf/kconv has been part of Ruby since long ago.
-Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
-In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
-encoding support provided by String#encode, String#force_encoding, and similar methods.
-But this gem has not yet been updated to remove its dependency on nkf/kconv.
-
-As a result of all this you should add `nkf` to your Gemfile if you are using Ruby 3.4 or later.
-
-```ruby
-gem "nkf", "~> 0.1"
-```
-
 ### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/omniauth-ldap)](https://tidelift.com/subscription/pkg/rubygems-omniauth-ldap?utm_source=rubygems-omniauth-ldap&utm_medium=referral&utm_campaign=readme)
 
 Available as part of the Tidelift Subscription.
diff --git a/gemfiles/modular/optional.gemfile b/gemfiles/modular/optional.gemfile
@@ -3,9 +3,3 @@
 # Required for kettle-pre-release
 # URL parsing with Unicode support (falls back to URI if not available)
 gem "addressable", ">= 2.8", "< 3" # ruby >= 2.2
-
-# nkf/kconv has been part of Ruby since long ago.
-# Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
-# In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
-#   encoding support provided by String#encode, String#force_encoding, and similar methods.
-gem "nkf"                        # ruby >= 2.3
diff --git a/gitlab_omniauth-ldap.gemspec b/gitlab_omniauth-ldap.gemspec
@@ -98,11 +98,6 @@ Gem::Specification.new do |spec|
   spec.executables = []
 
   spec.add_dependency("net-ldap", "~> 0.16", "< 1")             # ruby >= 2.0
-  # nkf/kconv has been part of Ruby since long ago.
-  # Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
-  # In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
-  #   encoding support provided by String#encode, String#force_encoding, and similar methods.
-  # spec.add_dependency("nkf")                                  # ruby >= 2.3
   spec.add_dependency("omniauth", ">= 1", "< 3")                # ruby >= 0.0
   spec.add_dependency("pyu-ruby-sasl", ">= 0.0.3.3", "< 0.1")   # ruby >= 0.0
   spec.add_dependency("rack", ">= 1", "< 4")                    # ruby >= 0.0
diff --git a/lib/omniauth-ldap/adaptor.rb b/lib/omniauth-ldap/adaptor.rb
@@ -1,10 +1,6 @@
-# this code borrowed pieces from activeldap and net-ldap
+# frozen_string_literal: true
 
-# nkf/kconv has been part of Ruby since long ago.
-# Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
-# In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
-#   encoding support provided by String#encode, String#force_encoding, and similar methods.
-require "nkf"
+# this code borrowed pieces from activeldap and net-ldap
 
 # External Gems
 require "net/ldap"
@@ -21,8 +17,20 @@ class AuthenticationError < StandardError; end
       class ConnectionError < StandardError; end
 
       VALID_ADAPTER_CONFIGURATION_KEYS = [
-        :hosts, :host, :port, :encryption, :disable_verify_certificates, :bind_dn, :password, :try_sasl,
-        :sasl_mechanisms, :uid, :base, :allow_anonymous, :filter, :tls_options,
+        :hosts,
+        :host,
+        :port,
+        :encryption,
+        :disable_verify_certificates,
+        :bind_dn,
+        :password,
+        :try_sasl,
+        :sasl_mechanisms,
+        :uid,
+        :base,
+        :allow_anonymous,
+        :filter,
+        :tls_options,
 
         # Deprecated
         :method,
@@ -78,9 +86,13 @@ def initialize(configuration = {})
           hosts: @hosts,
           host: @host,
           port: @port,
-          encryption: encryption_options
+          encryption: encryption_options,
         }
-        @bind_method = @try_sasl ? :sasl : (@allow_anonymous||!@bind_dn||!@password ? :anonymous : :simple)
+        @bind_method = if @try_sasl
+          :sasl
+        else
+          ((@allow_anonymous || !@bind_dn || !@password) ? :anonymous : :simple)
+        end
 
         @auth = sasl_auths({username: @bind_dn, password: @password}).first if @bind_method == :sasl
         @auth ||= {
@@ -121,11 +133,11 @@ def bind_as(args = {})
 
       def encryption_options
         translated_method = translate_method
-        return nil unless translated_method
+        return unless translated_method
 
         {
           method: translated_method,
-          tls_options: tls_options(translated_method)
+          tls_options: tls_options(translated_method),
         }
       end
 
@@ -135,17 +147,16 @@ def translate_method
         normalized_method = method.to_s.downcase.to_sym
 
         unless ENCRYPTION_METHOD.has_key?(normalized_method)
-          available_methods = ENCRYPTION_METHOD.keys.collect {|m| m.inspect}.join(", ")
+          available_methods = ENCRYPTION_METHOD.keys.collect { |m| m.inspect }.join(", ")
           format = "%s is not one of the available connect methods: %s"
           raise ConfigurationError, format % [method.inspect, available_methods]
         end
 
         ENCRYPTION_METHOD[normalized_method]
       end
 
-
       def tls_options(translated_method)
-        return {} if translated_method == nil # (plain)
+        return {} if translated_method.nil? # (plain)
 
         options = default_options
 
@@ -217,7 +228,7 @@ def default_options
           # 1. The behavior of OpenSSL is undefined when verify_mode is not set.
           # 2. The net-ldap gem implementation verifies the certificate hostname
           #    unless verify_mode is set to VERIFY_NONE.
-          { verify_mode: OpenSSL::SSL::VERIFY_NONE }
+          {verify_mode: OpenSSL::SSL::VERIFY_NONE}
         else
           OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.dup
         end
@@ -230,7 +241,7 @@ def default_options
       def sanitize_hash_values(hash)
         hash.delete_if do |_, value|
           value.nil? ||
-          (value.is_a?(String) && value !~ /\S/)
+            (value.is_a?(String) && value !~ /\S/)
         end
       end
 
diff --git a/lib/omniauth/strategies/ldap.rb b/lib/omniauth/strategies/ldap.rb
@@ -71,7 +71,7 @@ def callback_phase
           @ldap_user_info = @adaptor.bind_as(filter: filter(@adaptor), size: 1, password: request.params["password"])
 
           unless @ldap_user_info
-            return fail!(:invalid_credentials, InvalidCredentialsError.new("Invalid credentials for #{request.params['username']}"))
+            return fail!(:invalid_credentials, InvalidCredentialsError.new("Invalid credentials for #{request.params["username"]}"))
           end
 
           @user_info = self.class.map_user(CONFIG, @ldap_user_info)
@@ -83,8 +83,8 @@ def callback_phase
 
       def filter(adaptor)
         if adaptor.filter && !adaptor.filter.empty?
-          username = Net::LDAP::Filter.escape(@options[:name_proc].call(request.params['username']))
-          Net::LDAP::Filter.construct(adaptor.filter % { username: username })
+          username = Net::LDAP::Filter.escape(@options[:name_proc].call(request.params["username"]))
+          Net::LDAP::Filter.construct(adaptor.filter % {username: username})
         else
           Net::LDAP::Filter.equals(adaptor.uid, @options[:name_proc].call(request.params["username"]))
         end
@@ -140,7 +140,7 @@ def map_user(mapper, object)
       protected
 
       def valid_request_method?
-        request.env['REQUEST_METHOD'] == 'POST'
+        request.env["REQUEST_METHOD"] == "POST"
       end
 
       def missing_credentials?
diff --git a/spec/omniauth-ldap/adaptor_spec.rb b/spec/omniauth-ldap/adaptor_spec.rb
diff --git a/spec/omniauth/adaptor_spec.rb b/spec/omniauth/adaptor_spec.rb
diff --git a/spec/omniauth/strategies/ldap_spec.rb b/spec/omniauth/strategies/ldap_spec.rb
