aptible-auth 0.11.8 → 0.11.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 520acb00965a2fa94b34f7a9b50b1748c63448f7
-  data.tar.gz: 9b277167812d2a3224f5dd51c4ab61e687d814cf
+  metadata.gz: 981b35248a15b30129e3bd155aae3ef7cedc59ac
+  data.tar.gz: ae3b8a9e77e095f0c71a1d923629ee65af15c4bc
 SHA512:
-  metadata.gz: 3f369a8ffa25f60c40ac9c1a6b9515ad50630a5b170c42504107d08c2631f7dce8603a0ead649636435fe735bc4793b77d99c585229e15d54f3387cf0fb32687
-  data.tar.gz: 00dfd3edec0ea8318ace8c803a137f96de6b9503648cb78d62c4a93b9330a4e88e7cd872ac105820c5420a736322c768ea32ff484c34c07f2857e391731a8cec
+  metadata.gz: 83312c36af6756eaa8599516ad25cdfbf96d61d64829609b31de3e63fea97a8ea24595a38529d807d75ba46e04341f82b8b3e9d46c796b4493110c3db336e9fa
+  data.tar.gz: 8e152096f8680ef4a670bd10138f3061a68385c147c5769f7039f804b663a94131451a33d0c68c11300c7ee57e3245c6882af71da1e22b5fc7b103b841134b9f

data/.travis.yml

@@ -1,4 +1,7 @@
 sudo: false
+language: ruby
 rvm:
   - 2.0.0
-  - jruby
+  - 2.1.0
+  - 2.2.0
+  - jruby-9.0.5.0

data/aptible-auth.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'aptible-billing'
+  spec.add_dependency 'activesupport', '~> 4.0'
   spec.add_dependency 'aptible-resource', '>= 0.3.1'
   spec.add_dependency 'stripe', '>= 1.13.0'
   spec.add_dependency 'gem_config'
@@ -31,4 +32,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec', '~> 2.0'
   spec.add_development_dependency 'rspec-its'
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'timecop', '~> 0.8.1'
 end

data/lib/aptible/auth/role.rb

@@ -7,7 +7,7 @@ module Aptible
 
       field :id
       field :name
-      field :privileged, type: Aptible::Resource::Boolean
+      field :type
       field :created_at, type: Time
       field :updated_at, type: Time
 

data/lib/aptible/auth/token.rb

@@ -47,6 +47,11 @@ module Aptible
 
       def authenticate_client(id, secret, subject, options = {})
         options[:scope] ||= 'manage'
+        # Unlike other methods, the assertion token grant requirs an "exp"
+        # parameter rather than expires_in, but since we'd like to expose a
+        # consistent API to consumers, we override it here
+        expires_in = options.delete(:expires_in)
+        options[:exp] = Time.now.utc.to_i + expires_in if expires_in
         oauth_token = oauth.assertion.get_token({
           iss: id,
           sub: subject
@@ -68,7 +73,8 @@ module Aptible
         options[:scope] ||= 'manage'
         oauth_token = oauth.token_exchange.get_token(
           actor_token, 'urn:ietf:params:oauth:token-type:jwt',
-          subject_token, subject_token_type, options)
+          subject_token, subject_token_type, options
+        )
         apply_oauth_response(oauth_token)
       end
 
@@ -93,7 +99,9 @@ module Aptible
         elsif (email = options.delete(:user_email))
           authenticate_impersonate(email, 'aptible:user:email', options)
         else
+          # rubocop:disable Style/SignalException
           fail 'Unrecognized options'
+          # rubocop:enable Style/SignalException
         end
       end
 
@@ -137,7 +145,7 @@ module Aptible
       end
 
       def parse_private_key(string)
-        if string =~ /\A-----/
+        if string.start_with?('-----')
           OpenSSL::PKey::RSA.new(string)
         else
           formatted_string = <<-PRIVATE_KEY.gsub(/^\s+/, '')

data/lib/aptible/auth/user.rb

@@ -12,73 +12,14 @@ module Aptible
       field :created_at, type: Time
       field :updated_at, type: Time
 
-      # rubocop:disable MethodLength
-      def set_organization_roles(organization, roles)
-        self.roles.each do |role|
-          next unless role.organization.id == organization.id
-          next if roles.map(&:id).include? role.id
-
-          role_membership = role.memberships.find do |membership|
-            membership.user.id == id
-          end
-
-          role_membership.destroy
-        end
-
-        add_to_roles(roles)
-      end
-      # rubocop:enable MethodLength
-
       def organizations
         roles.map(&:organization).uniq(&:id)
       end
 
-      def organization_roles(organization)
-        roles.select do |role|
-          role.links['organization'].href == organization.href
-        end
-      end
-
-      def organization_privileged_roles(organization)
-        privileged_roles.select do |role|
-          role.links['organization'].href == organization.href
-        end
-      end
-
       def operations
         # TODO: Implement query params for /operations
         []
       end
-
-      def privileged_organizations
-        privileged_roles.map(&:organization)
-      end
-
-      def privileged_roles
-        @privileged_roles ||= roles.select(&:privileged?)
-      end
-
-      # rubocop:disable PredicateName
-      def is_billing_contact?(organization)
-        organization.billing_contact_id && organization.billing_contact_id == id
-      end
-
-      def has_role?(role)
-        roles.select { |user_role| role.id == user_role.id }.count > 0
-      end
-      # rubocop:enable PredicateName
-
-      def can_manage?(organization)
-        privileged_organizations.map(&:id).include? organization.id
-      end
-
-      def add_to_roles(roles)
-        roles.each { |role| add_to_role(role) }
-      end
-
-      def add_to_role(role)
-        role.create_membership(user: self, token: token) unless has_role? role
-      end
     end
   end
 end

data/lib/aptible/auth/version.rb

@@ -1,5 +1,5 @@
 module Aptible
   module Auth
-    VERSION = '0.11.8'
+    VERSION = '0.11.10'.freeze
   end
 end

data/spec/aptible/auth/organization_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Aptible::Auth::Organization do
   describe '#can_manage_compliance?' do
-    before { subject.stub(:billing_detail)  { billing_detail } }
+    before { subject.stub(:billing_detail) { billing_detail } }
 
     context 'without a billing detail' do
       let(:billing_detail) { nil }

data/spec/aptible/auth/resource_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Aptible::Auth::Resource do
-  its(:namespace) { should eq 'Aptible::Auth'  }
+  its(:namespace) { should eq 'Aptible::Auth' }
   its(:root_url) { should eq 'https://auth.aptible.com' }
 
   describe '#bearer_token' do

data/spec/aptible/auth/token_spec.rb

@@ -112,6 +112,20 @@ describe Aptible::Auth::Token do
       subject.authenticate_client(*args)
     end
 
+    it 'should replace expires_in in exp' do
+      args << { expires_in: 1800 }
+      Timecop.freeze do
+        expect(oauth.assertion).to receive(:get_token).with(
+          iss: 'id',
+          sub: 'user@example.com',
+          exp: Time.now.to_i + 1800,
+          algorithm: 'foobar',
+          scope: 'manage'
+        )
+        subject.authenticate_client(*args)
+      end
+    end
+
     it 'should set the access_token' do
       subject.authenticate_client(*args)
       expect(subject.access_token).to eq 'access_token'
@@ -158,7 +172,7 @@ describe Aptible::Auth::Token do
     end
 
     it 'should return a correct :private_key for Base64-only keys' do
-      stripped_key = private_key_string.gsub(/^-.*-$/, '').gsub("\n", '')
+      stripped_key = private_key_string.gsub(/^-.*-$/, '').delete("\n")
       params = subject.call(stripped_key)
       expect(params[:private_key]).to be_a OpenSSL::PKey::RSA
     end

data/spec/aptible/auth/user_spec.rb

@@ -1,35 +1,6 @@
 require 'spec_helper'
 
 describe Aptible::Auth::User do
-  describe '#can_manage?' do
-    let(:developer) { double 'Aptible::Auth::Role' }
-    let(:owner) { double 'Aptible::Auth::Role' }
-    let(:org) { double 'Aptible::Auth::Organization' }
-
-    before do
-      org.stub(:id) { 1 }
-      developer.stub(:organization) { org }
-      allow(developer).to receive(:privileged?).and_return(false)
-      owner.stub(:organization) { org }
-      allow(owner).to receive(:privileged?).and_return(true)
-    end
-
-    it 'should return false if not member of org privileged role' do
-      subject.stub(:roles) { [developer] }
-      expect(subject.can_manage?(org)).to eq false
-    end
-
-    it 'should return true if member of org privileged role' do
-      subject.stub(:roles) { [developer, owner] }
-      expect(subject.can_manage?(org)).to eq true
-    end
-
-    it 'should return false if member of no roles' do
-      subject.stub(:roles) { [] }
-      expect(subject.can_manage?(org)).to eq false
-    end
-  end
-
   describe '#organizations' do
     let(:so) { double 'Aptible::Auth::Role' }
     let(:owner) { double 'Aptible::Auth::Role' }
@@ -51,89 +22,4 @@ describe Aptible::Auth::User do
       expect(subject.organizations.count).to eq 1
     end
   end
-
-  describe '#roles' do
-    let(:so) { double 'Aptible::Auth::Role' }
-    let(:owner) { double 'Aptible::Auth::Role' }
-
-    before do
-      so.stub(:id) { 1 }
-      owner.stub(:id) { 2 }
-    end
-
-    it 'should have role' do
-      subject.stub(:roles) { [so] }
-      expect(subject.has_role?(so)).to eq true
-      expect(subject.has_role?(owner)).to eq false
-    end
-  end
-
-  describe '#set_organization_roles' do
-    let(:so) { double 'Aptible::Auth::Role' }
-    let(:owner) { double 'Aptible::Auth::Role' }
-    let(:org) { double 'Aptible::Auth::Organization' }
-    let(:owner_membership) { double 'Aptible::Auth::Membership' }
-    let(:so_membership) { double 'Aptible::Auth::Membership' }
-
-    before do
-      org.stub(:id) { 1 }
-
-      so.stub(:organization) { org }
-      so.stub(:id) { 1 }
-
-      owner.stub(:organization) { org }
-      owner.stub(:id) { 2 }
-
-      allow(Aptible::Auth::Role).to receive(:find)
-        .with(1, token: 'token').and_return(so)
-      allow(Aptible::Auth::Role).to receive(:find)
-        .with(2, token: 'token').and_return(owner)
-    end
-
-    it 'should overwrite existing memberships' do
-      subject.stub(:roles) { [so] }
-      subject.stub(:token) { 'token' }
-      subject.stub(:headers) { {} }
-      so_membership.stub(:user) { subject }
-      so_membership.stub(:role) { so }
-      so.stub(:memberships) { [so_membership] }
-      owner.stub(:memberships) { [] }
-
-      expect(so_membership).to receive(:destroy)
-      expect(owner).to receive(:create_membership)
-        .with(user: subject, token: 'token')
-
-      subject.set_organization_roles(org, [owner])
-    end
-
-    it 'should create new memberships' do
-      subject.stub(:roles) { [] }
-      subject.stub(:token) { 'token' }
-      subject.stub(:headers) { {} }
-      so.stub(:memberships) { [] }
-      owner.stub(:memberships) { [] }
-
-      expect(so).to receive(:create_membership)
-        .with(user: subject, token: 'token')
-      expect(owner).to receive(:create_membership)
-        .with(user: subject, token: 'token')
-
-      subject.set_organization_roles(org, [so, owner])
-    end
-
-    it 'should delete all existing memberships' do
-      subject.stub(:roles) { [so, owner] }
-      so.stub(:memberships) { [so_membership] }
-      owner.stub(:memberships) { [owner_membership] }
-      so_membership.stub(:user) { subject }
-      so_membership.stub(:role) { so }
-      owner_membership.stub(:user) { subject }
-      owner_membership.stub(:role) { owner }
-
-      expect(so_membership).to receive(:destroy)
-      expect(owner_membership).to receive(:destroy)
-
-      subject.set_organization_roles(org, [])
-    end
-  end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,8 @@
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 
+Bundler.require :development
+
 # Load shared spec files
 Dir["#{File.dirname(__FILE__)}/shared/**/*.rb"].each do |file|
   require file

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aptible-auth
 version: !ruby/object:Gem::Version
-  version: 0.11.8
+  version: 0.11.10
 platform: ruby
 authors:
 - Frank Macreery
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-21 00:00:00.000000000 Z
+date: 2016-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aptible-billing
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: aptible-resource
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +178,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
 description: Ruby client for auth.aptible.com
 email:
 - frank@macreery.com