1 files changed, 49 insertions, 0 deletions

diff --git a/rubocop/cop/rspec/httparty_basic_auth.rb b/rubocop/cop/rspec/httparty_basic_auth.rb
new file mode 100644
index 00000000000..529a5808662
--- /dev/null
+++ b/rubocop/cop/rspec/httparty_basic_auth.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module RSpec
+      # This cop checks for invalid credentials passed to HTTParty
+      #
+      # @example
+      #
+      #   # bad
+      #   HTTParty.get(url, basic_auth: { user: 'foo' })
+      #
+      #   # good
+      #   HTTParty.get(url, basic_auth: { username: 'foo' })
+      class HTTPartyBasicAuth < RuboCop::Cop::Cop
+        MESSAGE = "`basic_auth: { user: ... }` does not work - replace `user:` with `username:`".freeze
+
+        RESTRICT_ON_SEND = %i(get put post delete).freeze
+
+        def_node_matcher :httparty_basic_auth?, <<~PATTERN
+          (send
+            (const _ :HTTParty)
+            {#{RESTRICT_ON_SEND.map(&:inspect).join(' ')}}
+            <(hash
+              <(pair
+                (sym :basic_auth)
+                (hash
+                  <(pair $(sym :user) _) ...>
+                )
+              ) ...>
+            ) ...>
+          )
+        PATTERN
+
+        def on_send(node)
+          return unless m = httparty_basic_auth?(node)
+
+          add_offense(m, location: :expression, message: MESSAGE)
+        end
+
+        def autocorrect(node)
+          lambda do |corrector|
+            corrector.replace(node.loc.expression, 'username')
+          end
+        end
+      end
+    end
+  end
+end