aptible-auth 1.0.0 → 1.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ede2aea57edbfadb1a51756f9fa295e9f1c8b30c
-  data.tar.gz: 53b4f0c8b17c5a02656b8b4ed46bdb179e0db132
+SHA256:
+  metadata.gz: 41cc5579815eeb97458ce8ec7331660f45d72a4060048253561dc35f9e2d915f
+  data.tar.gz: 792e65542c8a8d367ae7c50217b19bc60fa37696f39c265bed0acb4b513e8f31
 SHA512:
-  metadata.gz: ccc21dfad37bfb72ba7fc3023f722f0d2735bc7810b184d74d06e6574c78a6dfa2e8a0c59ef7c8c21678e1f70a2f9e7f4bdcf9799ba15911bc5ea553f6e8c9e9
-  data.tar.gz: e9c29c5181097c1d90155086144c013453c7d11ffd5c1cfe3d6c922b025d28412adaea44e2ce7fa3da354b622a303e02878ff8778bb440b495f94edc33089a70
+  metadata.gz: ecadb75dec853d60d059c4d75202da98187e343482d93629c2919ee8cd4289d018f20f6ca58dc4cf99d3f5abf62fc565e1ee2f5d95882d3cf1a7b09d0ab2dff5
+  data.tar.gz: 967e56ed114a1580dba1affaeb12d55a1d7cb34e3535c19f775ab6c6793494a378f19f552d2b2ab339dab4b6b0e39a6c20a26d49da498ed431f4c3e82d890985

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+*   @dawenster

data/.gitignore

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.idea

data/.travis.yml

@@ -1,7 +1,7 @@
 sudo: false
 language: ruby
 rvm:
-  - "2.0"
-  - "2.1"
   - "2.2"
-  - jruby-9.0.5.0
+  - "2.3"
+  - "2.5"
+  - "2.6"

data/Gemfile

@@ -1,7 +1,2 @@
 source 'https://rubygems.org'
-
-gem 'activesupport', '~> 4.0'
-gem 'rack', '~> 1.6'
-
-# Specify your gem's dependencies in aptible-auth.gemspec
 gemspec

data/README.md

@@ -14,8 +14,6 @@ Add the following line to your application's Gemfile.
 
 And then run `bundle install`.
 
-A forked version of the OAuth2 gem is necessary until [intridea/oauth2#165](https://github.com/intridea/oauth2/pull/165) and [intridea/oauth2#166](https://github.com/intridea/oauth2/pull/166) are merged.
-
 ## Usage
 
 First, get a token:
@@ -60,7 +58,5 @@ end
 
 MIT License, see [LICENSE](LICENSE.md) for details.
 
-Copyright (c) 2014 [Aptible](https://www.aptible.com) and contributors.
-
-[<img src="https://s.gravatar.com/avatar/9b58236204e844e3181e43e05ddb0809?s=60" style="border-radius: 50%;" alt="@sandersonet" />](https://github.com/sandersonet)
+Copyright (c) 2019 [Aptible](https://www.aptible.com) and contributors.
 

data/Rakefile

@@ -4,5 +4,5 @@ begin
   require 'aptible/tasks'
   Aptible::Tasks.load_tasks
 rescue LoadError
-  $stderr.puts 'Skipping Aptible::Tasks initialization...'
+  warn 'Skipping Aptible::Tasks initialization...'
 end

data/aptible-auth.gemspec

@@ -1,4 +1,5 @@
 # encoding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
@@ -19,16 +20,14 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^spec/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'aptible-billing'
-  spec.add_dependency 'aptible-resource', '~> 1.0.0'
+  spec.add_dependency 'aptible-resource', '~> 1.0'
   spec.add_dependency 'gem_config'
-  spec.add_dependency 'oauth2-aptible', '~> 0.10.0'
+  spec.add_dependency 'oauth2', '~> 1.4'
 
-  spec.add_development_dependency 'bundler', '~> 1.3'
-  spec.add_development_dependency 'aptible-tasks', '>= 0.2.0'
+  spec.add_development_dependency 'aptible-tasks', '>= 0.6.0'
+  spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec', '~> 2.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-its'
-  spec.add_development_dependency 'pry'
   spec.add_development_dependency 'timecop', '~> 0.8.1'
 end

data/lib/aptible/auth/organization.rb

@@ -1,11 +1,10 @@
-require 'aptible/billing'
-
 module Aptible
   module Auth
     class Organization < Resource
       has_many :roles
       has_many :users
       has_many :invitations
+      has_many :whitelist_memberships
       belongs_to :security_officer
 
       field :id
@@ -22,17 +21,8 @@ module Aptible
       field :security_alert_email
       field :ops_alert_email
       field :security_officer_id
-
-      def billing_detail
-        @billing_detail ||= Aptible::Billing::BillingDetail.find(
-          id, token: token, headers: headers
-        )
-      end
-
-      def can_manage_compliance?
-        return false unless billing_detail
-        %w(production pilot).include?(billing_detail.plan)
-      end
+      field :enterprise
+      field :sso_enforced
 
       def privileged_roles
         roles.select(&:privileged?)
@@ -40,6 +30,7 @@ module Aptible
 
       def accounts
         return @accounts if @accounts
+
         require 'aptible/api'
 
         accounts = Aptible::Api::Account.all(token: token, headers: headers)
@@ -47,6 +38,17 @@ module Aptible
           (link = account.links[:organization]) && link.href == href
         end
       end
+
+      # SamlConfiguration is a dependent object that does not
+      # have a link until created. So, we create the link for it
+      # to allow HyperResource to successfully create the object.
+      # Afterwords, we can directly manage the SamlConfiguration
+      def create_saml_configuration!(params)
+        HyperResource::Link.new(
+          self,
+          'href' => "#{href}/saml_configurations"
+        ).post(self.class.normalize_params(params))
+      end
     end
   end
 end

data/lib/aptible/auth/reauthenticate_organization.rb

@@ -0,0 +1,6 @@
+module Aptible
+  module Auth
+    class ReauthenticateOrganization < Resource
+    end
+  end
+end

data/lib/aptible/auth/resource.rb

@@ -23,3 +23,6 @@ require 'aptible/auth/session'
 require 'aptible/auth/token'
 require 'aptible/auth/user'
 require 'aptible/auth/ssh_key'
+require 'aptible/auth/saml_configuration'
+require 'aptible/auth/whitelist_membership'
+require 'aptible/auth/reauthenticate_organization'

data/lib/aptible/auth/saml_configuration.rb

@@ -0,0 +1,16 @@
+module Aptible
+  module Auth
+    class SamlConfiguration < Resource
+      belongs_to :organization
+
+      field :id
+      field :entity_id
+      field :sign_in_url
+      field :name_format
+      field :certificate
+      field :handle
+      field :created_at, type: Time
+      field :updated_at, type: Time
+    end
+  end
+end

data/lib/aptible/auth/token.rb

@@ -1,4 +1,6 @@
 require 'oauth2'
+require 'oauth2/response_parser'
+require 'oauth2/strategy/token_exchange'
 
 module Aptible
   module Auth
@@ -144,7 +146,7 @@ module Aptible
         private_key = parse_private_key(secret)
         {
           private_key: private_key,
-          algorithm:  "RS#{key_length(private_key) / 2}"
+          algorithm: "RS#{key_length(private_key) / 2}"
         }
       end
 

data/lib/aptible/auth/user.rb

@@ -3,6 +3,7 @@ module Aptible
     class User < Resource
       has_many :roles
       has_many :ssh_keys
+      has_many :whitelist_memberhips
 
       field :id
       field :name

data/lib/aptible/auth/version.rb

@@ -1,5 +1,5 @@
 module Aptible
   module Auth
-    VERSION = '1.0.0'.freeze
+    VERSION = '1.2.3'.freeze
   end
 end

data/lib/aptible/auth/whitelist_membership.rb

@@ -0,0 +1,11 @@
+module Aptible
+  module Auth
+    class WhitelistMembership < Resource
+      belongs_to :organization
+      embeds_one :user
+
+      field :id
+      field :created_at, type: Time
+    end
+  end
+end

data/lib/oauth2/response_parser.rb

@@ -0,0 +1,5 @@
+# rubocop:disable all
+# NOTE: This code has been in oauth2 master since 2018 but is awaiting a 2.0 release of oauth2
+OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json']) do |body|
+  MultiJson.load(body) rescue body # rubocop:disable RescueModifier
+end

data/lib/oauth2/strategy/token_exchange.rb

@@ -0,0 +1,40 @@
+# rubocop:disable all
+module OAuth2
+  module Strategy
+    # The Token Exchange strategy
+    #
+    # @see https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-03#section-4.1
+    class TokenExchange < Base
+      GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:token-exchange'
+
+      # Not used for this strategy
+      #
+      # @raise [NotImplementedError]
+      def authorize_url
+        fail(NotImplementedError, 'The authorization endpoint is not used in this strategy')
+      end
+
+      # Retrieve an access token given the specified End User username and password.
+      #
+      # @param [String] username the End User username
+      # @param [String] password the End User password
+      # @param [Hash] params additional params
+      def get_token(actor_token, actor_token_type, subject_token, subject_token_type, params = {}, opts = {})
+        params = {'grant_type'          => GRANT_TYPE,
+                  'actor_token'         => actor_token,
+                  'actor_token_type'    => actor_token_type,
+                  'subject_token'       => subject_token,
+                  'subject_token_type'  => subject_token_type
+        }.merge(params)
+        @client.get_token(params, opts)
+      end
+    end
+  end
+
+  # Add strategy to OAuth2::Client
+  class Client
+    def token_exchange
+      @token_exchange ||= OAuth2::Strategy::TokenExchange.new(self)
+    end
+  end
+end

data/spec/aptible/auth/organization_spec.rb

@@ -1,36 +1,6 @@
 require 'spec_helper'
 
 describe Aptible::Auth::Organization do
-  describe '#can_manage_compliance?' do
-    before { subject.stub(:billing_detail) { billing_detail } }
-
-    context 'without a billing detail' do
-      let(:billing_detail) { nil }
-      it 'should return false' do
-        expect(subject.can_manage_compliance?).to eq false
-      end
-    end
-
-    context 'with a billing detail' do
-      let(:billing_detail) { double Aptible::Billing::BillingDetail }
-
-      it 'should return true with production plan' do
-        billing_detail.stub(:plan) { 'production' }
-        expect(subject.can_manage_compliance?).to eq true
-      end
-
-      it 'should return false with development plan' do
-        billing_detail.stub(:plan) { 'development' }
-        expect(subject.can_manage_compliance?).to eq false
-      end
-
-      it 'should return false with platform plan' do
-        billing_detail.stub(:plan) { 'platform' }
-        expect(subject.can_manage_compliance?).to eq false
-      end
-    end
-  end
-
   describe '#security_officer' do
     let(:user) { double 'Aptible::Auth::User' }
 

data/spec/aptible/auth/token_spec.rb

@@ -82,7 +82,7 @@ describe Aptible::Auth::Token do
     end
 
     describe '#authenticate_user' do
-      let(:args) { %w(user@example.com foobar) }
+      let(:args) { %w[user@example.com foobar] }
 
       before { oauth.stub_chain(:password, :get_token) { response } }
 
@@ -116,7 +116,7 @@ describe Aptible::Auth::Token do
     end
 
     describe '#authenticate_client' do
-      let(:args) { %w(id secret user@example.com) }
+      let(:args) { %w[id secret user@example.com] }
 
       before do
         subject.stub(:signing_params_from_secret) { { algorithm: 'foobar' } }

data/spec/oauth2/lib/token_exchange_spec.rb

@@ -0,0 +1,58 @@
+# rubocop:disable all
+require 'oauth2'
+require 'oauth2/strategy/token_exchange'
+RSpec.describe OAuth2::Strategy::TokenExchange do
+  let(:client) do
+    cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
+    cli.connection.build do |b|
+      b.adapter :test do |stub|
+        stub.post('/oauth/token') do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout']
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}']
+          end
+        end
+      end
+    end
+    cli
+  end
+  subject { client.token_exchange }
+
+  describe '#authorize_url' do
+    it 'raises NotImplementedError' do
+      expect { subject.authorize_url }.to raise_error(NotImplementedError)
+    end
+  end
+
+  %w(json formencoded).each do |mode|
+    describe "#get_token (#{mode})" do
+      before do
+        @mode = mode
+        @access = subject.get_token('actor token', 'actor token type', 'subject token', 'subject token type')
+      end
+
+      it 'returns AccessToken with same Client' do
+        expect(@access.client).to eq(client)
+      end
+
+      it 'returns AccessToken with #token' do
+        expect(@access.token).to eq('salmon')
+      end
+
+      it 'returns AccessToken with #refresh_token' do
+        expect(@access.refresh_token).to eq('trout')
+      end
+
+      it 'returns AccessToken with #expires_in' do
+        expect(@access.expires_in).to eq(600)
+      end
+
+      it 'returns AccessToken with #expires_at' do
+        expect(@access.expires_at).not_to be_nil
+      end
+    end
+  end
+
+end

metadata

@@ -1,43 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: aptible-auth
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.3
 platform: ruby
 authors:
 - Frank Macreery
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-27 00:00:00.000000000 Z
+date: 2020-09-29 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: aptible-billing
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: aptible-resource
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: gem_config
   requirement: !ruby/object:Gem::Requirement
@@ -53,47 +39,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: oauth2-aptible
+  name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: '1.4'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: aptible-tasks
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
-  name: aptible-tasks
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -136,20 +122,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: pry
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -171,6 +143,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -186,26 +159,32 @@ files:
 - lib/aptible/auth/invitation.rb
 - lib/aptible/auth/membership.rb
 - lib/aptible/auth/organization.rb
+- lib/aptible/auth/reauthenticate_organization.rb
 - lib/aptible/auth/resource.rb
 - lib/aptible/auth/role.rb
+- lib/aptible/auth/saml_configuration.rb
 - lib/aptible/auth/session.rb
 - lib/aptible/auth/ssh_key.rb
 - lib/aptible/auth/token.rb
 - lib/aptible/auth/user.rb
 - lib/aptible/auth/version.rb
+- lib/aptible/auth/whitelist_membership.rb
+- lib/oauth2/response_parser.rb
+- lib/oauth2/strategy/token_exchange.rb
 - spec/aptible/auth/agent_spec.rb
 - spec/aptible/auth/organization_spec.rb
 - spec/aptible/auth/resource_spec.rb
 - spec/aptible/auth/token_spec.rb
 - spec/aptible/auth/user_spec.rb
 - spec/aptible/auth_spec.rb
+- spec/oauth2/lib/token_exchange_spec.rb
 - spec/shared/set_env.rb
 - spec/spec_helper.rb
 homepage: https://github.com/aptible/aptible-auth-ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -220,9 +199,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Ruby client for auth.aptible.com
 test_files:
@@ -232,5 +210,6 @@ test_files:
 - spec/aptible/auth/token_spec.rb
 - spec/aptible/auth/user_spec.rb
 - spec/aptible/auth_spec.rb
+- spec/oauth2/lib/token_exchange_spec.rb
 - spec/shared/set_env.rb
 - spec/spec_helper.rb