auth0 4.17.0 → 5.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (357) hide show
  1. checksums.yaml +4 -4
  2. data/.version +1 -0
  3. data/CHANGELOG.md +407 -22
  4. data/README.md +80 -178
  5. data/auth0.gemspec +10 -15
  6. data/lib/auth0/api/authentication_endpoints.rb +162 -249
  7. data/lib/auth0/api/v2/actions.rb +209 -0
  8. data/lib/auth0/api/v2/attack_protection.rb +79 -0
  9. data/lib/auth0/api/v2/branding.rb +65 -0
  10. data/lib/auth0/api/v2/client_grants.rb +27 -2
  11. data/lib/auth0/api/v2/clients.rb +42 -0
  12. data/lib/auth0/api/v2/connections.rb +14 -5
  13. data/lib/auth0/api/v2/device_credentials.rb +12 -7
  14. data/lib/auth0/api/v2/grants.rb +49 -0
  15. data/lib/auth0/api/v2/jobs.rb +18 -5
  16. data/lib/auth0/api/v2/logs.rb +2 -2
  17. data/lib/auth0/api/v2/organizations.rb +407 -0
  18. data/lib/auth0/api/v2/refresh_tokens.rb +34 -0
  19. data/lib/auth0/api/v2/roles.rb +7 -3
  20. data/lib/auth0/api/v2/sessions.rb +43 -0
  21. data/lib/auth0/api/v2/tickets.rb +14 -2
  22. data/lib/auth0/api/v2/users.rb +203 -12
  23. data/lib/auth0/api/v2.rb +18 -4
  24. data/lib/auth0/client_assertion.rb +45 -0
  25. data/lib/auth0/exception.rb +17 -8
  26. data/lib/auth0/mixins/access_token_struct.rb +2 -2
  27. data/lib/auth0/mixins/api_token_struct.rb +2 -3
  28. data/lib/auth0/mixins/httpproxy.rb +98 -36
  29. data/lib/auth0/mixins/initializer.rb +6 -9
  30. data/lib/auth0/mixins/permission_struct.rb +2 -2
  31. data/lib/auth0/mixins/token_management.rb +35 -0
  32. data/lib/auth0/mixins/validation.rb +33 -6
  33. data/lib/auth0/mixins.rb +2 -1
  34. data/lib/auth0/version.rb +1 -1
  35. metadata +58 -632
  36. data/.bundle/config +0 -4
  37. data/.circleci/config.yml +0 -23
  38. data/.env.example +0 -2
  39. data/.gemrelease +0 -2
  40. data/.github/CODEOWNERS +0 -1
  41. data/.github/ISSUE_TEMPLATE.md +0 -39
  42. data/.github/PULL_REQUEST_TEMPLATE.md +0 -35
  43. data/.github/stale.yml +0 -20
  44. data/.gitignore +0 -14
  45. data/.rspec +0 -3
  46. data/.rubocop.yml +0 -10
  47. data/.rubocop_todo.yml +0 -5
  48. data/CODE_OF_CONDUCT.md +0 -3
  49. data/DEPLOYMENT.md +0 -61
  50. data/Dockerfile +0 -5
  51. data/Gemfile +0 -19
  52. data/Gemfile.lock +0 -227
  53. data/Guardfile +0 -37
  54. data/RUBYGEM.md +0 -9
  55. data/Rakefile +0 -53
  56. data/codecov.yml +0 -22
  57. data/deploy_documentation.sh +0 -29
  58. data/doc_config/templates/default/fulldoc/html/css/full_list.css +0 -79
  59. data/doc_config/templates/default/fulldoc/html/css/style.css +0 -546
  60. data/doc_config/templates/default/layout/html/breadcrumb.erb +0 -11
  61. data/doc_config/templates/default/layout/html/footer.erb +0 -115
  62. data/doc_config/templates/default/layout/html/headers.erb +0 -17
  63. data/doc_config/templates/default/layout/html/layout.erb +0 -27
  64. data/examples/ruby-api/.env.example +0 -2
  65. data/examples/ruby-api/.gitignore +0 -86
  66. data/examples/ruby-api/Gemfile +0 -8
  67. data/examples/ruby-api/README.md +0 -24
  68. data/examples/ruby-api/config.ru +0 -2
  69. data/examples/ruby-api/main.rb +0 -33
  70. data/examples/ruby-on-rails-api/.env.example +0 -2
  71. data/examples/ruby-on-rails-api/.gitignore +0 -18
  72. data/examples/ruby-on-rails-api/Gemfile +0 -48
  73. data/examples/ruby-on-rails-api/README.md +0 -27
  74. data/examples/ruby-on-rails-api/Rakefile +0 -6
  75. data/examples/ruby-on-rails-api/app/assets/images/.keep +0 -0
  76. data/examples/ruby-on-rails-api/app/assets/javascripts/application.js +0 -16
  77. data/examples/ruby-on-rails-api/app/assets/stylesheets/application.css +0 -15
  78. data/examples/ruby-on-rails-api/app/controllers/application_controller.rb +0 -8
  79. data/examples/ruby-on-rails-api/app/controllers/concerns/.keep +0 -0
  80. data/examples/ruby-on-rails-api/app/controllers/ping_controller.rb +0 -6
  81. data/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb +0 -11
  82. data/examples/ruby-on-rails-api/app/helpers/application_helper.rb +0 -3
  83. data/examples/ruby-on-rails-api/app/mailers/.keep +0 -0
  84. data/examples/ruby-on-rails-api/app/models/.keep +0 -0
  85. data/examples/ruby-on-rails-api/app/models/User.rb +0 -5
  86. data/examples/ruby-on-rails-api/app/models/concerns/.keep +0 -0
  87. data/examples/ruby-on-rails-api/app/views/layouts/application.html.erb +0 -14
  88. data/examples/ruby-on-rails-api/bin/bundle +0 -3
  89. data/examples/ruby-on-rails-api/bin/rails +0 -4
  90. data/examples/ruby-on-rails-api/bin/rake +0 -4
  91. data/examples/ruby-on-rails-api/bin/setup +0 -29
  92. data/examples/ruby-on-rails-api/config/application.rb +0 -23
  93. data/examples/ruby-on-rails-api/config/boot.rb +0 -4
  94. data/examples/ruby-on-rails-api/config/database.yml +0 -27
  95. data/examples/ruby-on-rails-api/config/environment.rb +0 -5
  96. data/examples/ruby-on-rails-api/config/environments/development.rb +0 -37
  97. data/examples/ruby-on-rails-api/config/environments/production.rb +0 -83
  98. data/examples/ruby-on-rails-api/config/environments/test.rb +0 -41
  99. data/examples/ruby-on-rails-api/config/initializers/backtrace_silencers.rb +0 -7
  100. data/examples/ruby-on-rails-api/config/initializers/cookies_serializer.rb +0 -3
  101. data/examples/ruby-on-rails-api/config/initializers/dotenv.rb +0 -4
  102. data/examples/ruby-on-rails-api/config/initializers/filter_parameter_logging.rb +0 -4
  103. data/examples/ruby-on-rails-api/config/initializers/inflections.rb +0 -16
  104. data/examples/ruby-on-rails-api/config/initializers/knock.rb +0 -35
  105. data/examples/ruby-on-rails-api/config/initializers/mime_types.rb +0 -4
  106. data/examples/ruby-on-rails-api/config/initializers/session_store.rb +0 -3
  107. data/examples/ruby-on-rails-api/config/initializers/wrap_parameters.rb +0 -14
  108. data/examples/ruby-on-rails-api/config/locales/en.yml +0 -23
  109. data/examples/ruby-on-rails-api/config/routes.rb +0 -58
  110. data/examples/ruby-on-rails-api/config/secrets.yml +0 -28
  111. data/examples/ruby-on-rails-api/config.ru +0 -4
  112. data/examples/ruby-on-rails-api/db/schema.rb +0 -15
  113. data/examples/ruby-on-rails-api/db/seeds.rb +0 -7
  114. data/examples/ruby-on-rails-api/lib/assets/.keep +0 -0
  115. data/examples/ruby-on-rails-api/lib/tasks/.keep +0 -0
  116. data/examples/ruby-on-rails-api/log/.keep +0 -0
  117. data/examples/ruby-on-rails-api/public/404.html +0 -67
  118. data/examples/ruby-on-rails-api/public/422.html +0 -67
  119. data/examples/ruby-on-rails-api/public/500.html +0 -66
  120. data/examples/ruby-on-rails-api/public/favicon.ico +0 -0
  121. data/examples/ruby-on-rails-api/public/robots.txt +0 -5
  122. data/examples/ruby-on-rails-api/test/controllers/.keep +0 -0
  123. data/examples/ruby-on-rails-api/test/fixtures/.keep +0 -0
  124. data/examples/ruby-on-rails-api/test/helpers/.keep +0 -0
  125. data/examples/ruby-on-rails-api/test/integration/.keep +0 -0
  126. data/examples/ruby-on-rails-api/test/mailers/.keep +0 -0
  127. data/examples/ruby-on-rails-api/test/models/.keep +0 -0
  128. data/examples/ruby-on-rails-api/test/ping_controller_test.rb +0 -8
  129. data/examples/ruby-on-rails-api/test/secured_ping_controller_test.rb +0 -26
  130. data/examples/ruby-on-rails-api/test/test_helper.rb +0 -16
  131. data/lib/auth0/api/v1/clients.rb +0 -58
  132. data/lib/auth0/api/v1/connections.rb +0 -68
  133. data/lib/auth0/api/v1/logs.rb +0 -43
  134. data/lib/auth0/api/v1/rules.rb +0 -57
  135. data/lib/auth0/api/v1/users.rb +0 -227
  136. data/lib/auth0/api/v1.rb +0 -19
  137. data/publish_rubygem.sh +0 -10
  138. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_change_password/should_trigger_a_password_reset.yml +0 -63
  139. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_email.yml +0 -54
  140. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_incorrect_password.yml +0 -54
  141. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_fail_with_an_invalid_audience.yml +0 -55
  142. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_custom_audience.yml +0 -117
  143. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_login_with_resource_owner/should_login_successfully_with_a_default_scope.yml +0 -119
  144. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_saml_metadata/should_retrieve_SAML_metadata.yml +0 -57
  145. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_fail_as_not_authorized.yml +0 -55
  146. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_userinfo/should_return_the_userinfo.yml +0 -118
  147. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/_wsfed_metadata/should_retrieve_WSFED_metadata.yml +0 -55
  148. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/create_test_user.yml +0 -58
  149. data/spec/fixtures/vcr_cassettes/Auth0_Api_AuthenticationEndpoints/delete_test_user.yml +0 -54
  150. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_check_if_ip_is_blocked/should_return_200_response_code.yml +0 -65
  151. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Anomaly/_remove_ip_block/should_remove_an_IP_successfully.yml +0 -60
  152. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_add_token_to_blacklist/should_add_a_token_to_the_blacklist.yml +0 -56
  153. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Blacklists/_blacklisted_tokens/should_get_the_added_token_from_the_blacklist.yml +0 -59
  154. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_at_least_1_result.yml +0 -62
  155. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_first_page_of_one_result.yml +0 -66
  156. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_client_grants/should_return_the_test_client_grant.yml +0 -62
  157. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_delete_client_grant/should_delete_the_test_client_grant.yml +0 -54
  158. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/_patch_client_grant/should_update_the_test_client_grant.yml +0 -64
  159. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client.yml +0 -118
  160. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/create_test_client_grant.yml +0 -64
  161. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client.yml +0 -54
  162. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ClientGrants/delete_test_client_grant.yml +0 -54
  163. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_exclude_and_include_fields_properly.yml +0 -91
  164. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/_filters/should_include_the_specified_fields.yml +0 -63
  165. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_client/should_get_the_test_client.yml +0 -92
  166. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_fields_not_specified.yml +0 -60
  167. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_exclude_the_specified_fields.yml +0 -132
  168. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_include_the_specified_fields.yml +0 -63
  169. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/_filters/should_paginate_results.yml +0 -65
  170. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_clients/should_get_at_least_one_client.yml +0 -132
  171. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_delete_client/should_delete_the_test_client_without_an_error.yml +0 -54
  172. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_patch_client/should_update_the_client_with_the_correct_attributes.yml +0 -94
  173. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/create_test_client.yml +0 -118
  174. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_exclude_the_fields_indicated.yml +0 -63
  175. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/_filters/should_include_the_fields_indicated.yml +0 -61
  176. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connection/should_find_the_correct_connection.yml +0 -63
  177. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_include_previously-created_connection_when_filtered.yml +0 -59
  178. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_exclude_the_fields_indicated_from_filtered_results.yml +0 -59
  179. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/_filters/should_should_include_the_fields_indicated_from_filtered_results.yml +0 -59
  180. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_include_the_previously_created_connection.yml +0 -59
  181. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_connections/should_not_be_empty.yml +0 -59
  182. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection/should_delete_the_connection.yml +0 -54
  183. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_delete_connection_user/should_delete_the_user_created.yml +0 -110
  184. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml +0 -66
  185. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_connection.yml +0 -65
  186. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/create_test_user.yml +0 -68
  187. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_delete_device_credential/should_delete_the_test_credential_without_an_error.yml +0 -54
  188. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/_filter_by_type/should_exclude_the_test_credential.yml +0 -59
  189. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_have_at_least_1_entry.yml +0 -62
  190. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/_device_credentials/should_include_the_test_credential.yml +0 -62
  191. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_credential.yml +0 -62
  192. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/create_test_user.yml +0 -68
  193. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_credential.yml +0 -54
  194. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_DeviceCredentials/delete_test_user.yml +0 -54
  195. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_configure_provider/should_configure_a_new_email_provider.yml +0 -63
  196. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_delete_the_existing_email_provider_without_an_error.yml +0 -54
  197. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_delete_provider/should_throw_an_error_trying_to_get_the_email_provider.yml +0 -51
  198. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_with_specific_fields.yml +0 -60
  199. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/_filters/should_get_the_existing_email_provider_without_specific_fields.yml +0 -61
  200. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_get_provider/should_get_the_existing_email_provider.yml +0 -61
  201. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/_update_provider/should_update_the_existing_email_provider.yml +0 -63
  202. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Emails/delete_existing_provider.yml +0 -54
  203. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_create_an_export_users_job_successfully.yml +0 -61
  204. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_export_users_and_get_job/should_get_the_export_users_job.yml +0 -117
  205. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_create_an_import_users_job_successfully.yml +0 -60
  206. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_import_users_and_get_job/should_get_the_import_users_job.yml +0 -116
  207. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_create_a_new_verification_email_job.yml +0 -119
  208. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_get_the_completed_verification_email.yml +0 -175
  209. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/_send_verification_email_and_get_job/should_reject_an_invalid_client_id.yml +0 -109
  210. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/delete_imported_user.yml +0 -110
  211. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Jobs/search_for_connection_id.yml +0 -59
  212. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_match_the_created_log_entry.yml +0 -265
  213. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_log/should_not_be_empty.yml +0 -265
  214. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_fields_not_specified.yml +0 -61
  215. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_exclude_the_specified_fields.yml +0 -75
  216. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_have_one_log_entry.yml +0 -76
  217. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_filters/should_include_the_specified_fields.yml +0 -62
  218. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/_logs/_from/should_take_one_log_entry.yml +0 -258
  219. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/create_test_user.yml +0 -68
  220. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_disabled_rule.yml +0 -54
  221. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_enabled_rule.yml +0 -54
  222. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Logs/delete_test_user.yml +0 -54
  223. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_delete_resource_server/should_delete_the_test_server_without_an_error.yml +0 -54
  224. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_patch_resource_server/should_update_the_resource_server_with_the_correct_attributes.yml +0 -61
  225. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_server/should_get_the_test_server.yml +0 -59
  226. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_get_the_test_server.yml +0 -59
  227. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_at_least_1_result.yml +0 -59
  228. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/_resource_servers/should_return_the_first_page_of_one_result.yml +0 -64
  229. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/create_test_server.yml +0 -61
  230. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_ResourceServers/delete_test_server.yml +0 -54
  231. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_permissions/should_add_a_Permission_to_the_Role_successfully.yml +0 -69
  232. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_add_role_users/should_add_a_User_to_the_Role_successfully.yml +0 -69
  233. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_delete_role/should_delete_the_Role_successfully.yml +0 -62
  234. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role/should_get_the_Role_successfully.yml +0 -67
  235. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_exactly_1_Permission.yml +0 -67
  236. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_permissions/should_get_the_added_Permission_from_the_Role_successfully.yml +0 -67
  237. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_exactly_1_User.yml +0 -67
  238. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_role_users/should_get_the_added_User_from_the_Role_successfully.yml +0 -67
  239. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_get_roles/should_get_the_Role_successfully.yml +0 -67
  240. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_remove_role_permissions/should_remove_a_Permission_from_the_Role_successfully.yml +0 -64
  241. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/_update_role/should_update_the_Role_successfully.yml +0 -69
  242. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_api.yml +0 -69
  243. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_role.yml +0 -69
  244. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/create_test_user.yml +0 -69
  245. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_api.yml +0 -62
  246. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Roles/delete_test_user.yml +0 -62
  247. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_disabled_rule_without_an_error.yml +0 -54
  248. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_delete_rule/should_delete_the_test_enabled_rule_without_an_error.yml +0 -54
  249. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_fields_not_specified.yml +0 -62
  250. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_exclude_the_specified_fields.yml +0 -62
  251. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/_filters/should_include_the_specified_fields.yml +0 -61
  252. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rule/should_get_a_specific_rule.yml +0 -62
  253. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_exclude_fields_not_specified.yml +0 -60
  254. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_include_the_specified_fields.yml +0 -61
  255. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_disabled_rule.yml +0 -63
  256. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_at_least_1_enabled_rule.yml +0 -62
  257. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/_filters/should_return_paginated_results.yml +0 -128
  258. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_rules/should_return_at_least_1_rule.yml +0 -64
  259. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_update_rule/should_update_the_disabled_rule_to_be_enabled.yml +0 -64
  260. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_disabled_rule.yml +0 -65
  261. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/create_test_enabled_rule.yml +0 -65
  262. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_active_users/should_have_at_least_one_active_user.yml +0 -59
  263. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Stats/_daily_stats/should_have_at_least_one_stats_entry_for_the_timeframe.yml +0 -63
  264. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings/should_get_the_tenant_settings.yml +0 -95
  265. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_exclude_a_field_not_requested.yml +0 -61
  266. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_get_tenant_settings_with_specific_fields/should_include_the_field_requested.yml +0 -61
  267. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_revert_the_tenant_name.yml +0 -96
  268. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_update_the_tenant_settings_with_a_new_tenant_name.yml +0 -96
  269. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_email_verification/should_create_an_email_verification_ticket.yml +0 -63
  270. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/_post_password_change/should_create_a_password_change_ticket.yml +0 -63
  271. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/create_test_user.yml +0 -68
  272. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tickets/delete_test_user.yml +0 -54
  273. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_permissions/should_add_a_Permissions_for_a_User_successfully.yml +0 -67
  274. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_roles/should_add_a_Role_to_a_User_successfully.yml +0 -62
  275. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_User_successfully.yml +0 -60
  276. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user/should_delete_the_secondary_User_successfully.yml +0 -60
  277. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_delete_user_provider/should_attempt_to_delete_the_MFA_provider_for_the_User.yml +0 -60
  278. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_enrollments/should_get_Enrollments_for_a_User_successfully.yml +0 -65
  279. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_exactly_1_Permission_for_a_User_successfully.yml +0 -65
  280. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_permissions/should_get_the_correct_Permission_for_a_User_successfully.yml +0 -65
  281. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_get_user_roles/should_get_Roles_for_a_User_successfully.yml +0 -65
  282. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_invalidate_browsers/should_invalidate_MFA_browsers_for_the_User_successfully.yml +0 -62
  283. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_link_user_account/should_link_two_Users_successfully.yml +0 -67
  284. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_patch_user/should_patch_the_User_successfully.yml +0 -68
  285. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_permissions/should_remove_a_Permission_from_a_User_successfully.yml +0 -62
  286. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_remove_user_roles/should_remove_a_Role_from_a_User_successfully.yml +0 -62
  287. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_unlink_user_account/should_unlink_two_Users_successfully.yml +0 -65
  288. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_fields_not_indicated.yml +0 -65
  289. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_exclude_the_fields_indicated.yml +0 -65
  290. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/_filters/should_include_the_fields_indicated.yml +0 -65
  291. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user/should_retrieve_the_created_user.yml +0 -65
  292. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_user_logs/should_get_Logs_for_a_User_successfully.yml +0 -69
  293. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v2_search_engine_query.yml +0 -65
  294. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/is_expected_to_find_a_user_with_a_v3_search_engine_query.yml +0 -65
  295. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_exclude_the_indicated_fields_when_paginated.yml +0 -65
  296. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_include_the_indicated_fields_when_paginated.yml +0 -65
  297. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_not_include_other_fields_when_paginated.yml +0 -65
  298. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/_filters/should_return_the_correct_number_of_results_when_paginated.yml +0 -65
  299. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_users/should_have_at_least_one_user.yml +0 -65
  300. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_secondary_test_user.yml +0 -67
  301. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_api.yml +0 -67
  302. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_role.yml +0 -67
  303. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/create_test_user.yml +0 -67
  304. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_api.yml +0 -60
  305. data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/delete_test_role.yml +0 -60
  306. data/spec/integration/lib/auth0/api/api_authentication_spec.rb +0 -120
  307. data/spec/integration/lib/auth0/api/v2/api_anomaly_spec.rb +0 -17
  308. data/spec/integration/lib/auth0/api/v2/api_blacklist_spec.rb +0 -27
  309. data/spec/integration/lib/auth0/api/v2/api_client_grants_spec.rb +0 -75
  310. data/spec/integration/lib/auth0/api/v2/api_clients_spec.rb +0 -166
  311. data/spec/integration/lib/auth0/api/v2/api_connections_spec.rb +0 -159
  312. data/spec/integration/lib/auth0/api/v2/api_device_credentials_spec.rb +0 -128
  313. data/spec/integration/lib/auth0/api/v2/api_email_spec.rb +0 -117
  314. data/spec/integration/lib/auth0/api/v2/api_jobs_spec.rb +0 -124
  315. data/spec/integration/lib/auth0/api/v2/api_logs_spec.rb +0 -91
  316. data/spec/integration/lib/auth0/api/v2/api_resource_servers_spec.rb +0 -130
  317. data/spec/integration/lib/auth0/api/v2/api_roles_spec.rb +0 -145
  318. data/spec/integration/lib/auth0/api/v2/api_rules_spec.rb +0 -177
  319. data/spec/integration/lib/auth0/api/v2/api_stats_spec.rb +0 -22
  320. data/spec/integration/lib/auth0/api/v2/api_tenants_spec.rb +0 -59
  321. data/spec/integration/lib/auth0/api/v2/api_tickets_spec.rb +0 -59
  322. data/spec/integration/lib/auth0/api/v2/api_user_blocks_spec.rb +0 -73
  323. data/spec/integration/lib/auth0/api/v2/api_users_spec.rb +0 -300
  324. data/spec/integration/lib/auth0/auth0_client_spec.rb +0 -90
  325. data/spec/lib/auth0/api/authentication_endpoints_spec.rb +0 -703
  326. data/spec/lib/auth0/api/v2/anomaly_spec.rb +0 -26
  327. data/spec/lib/auth0/api/v2/blacklists_spec.rb +0 -25
  328. data/spec/lib/auth0/api/v2/client_grants_spec.rb +0 -76
  329. data/spec/lib/auth0/api/v2/clients_spec.rb +0 -104
  330. data/spec/lib/auth0/api/v2/connections_spec.rb +0 -140
  331. data/spec/lib/auth0/api/v2/device_credentials_spec.rb +0 -73
  332. data/spec/lib/auth0/api/v2/emails_spec.rb +0 -47
  333. data/spec/lib/auth0/api/v2/guardian_spec.rb +0 -154
  334. data/spec/lib/auth0/api/v2/jobs_spec.rb +0 -128
  335. data/spec/lib/auth0/api/v2/log_streams_spec.rb +0 -84
  336. data/spec/lib/auth0/api/v2/logs_spec.rb +0 -48
  337. data/spec/lib/auth0/api/v2/prompts_spec.rb +0 -88
  338. data/spec/lib/auth0/api/v2/resource_servers_spec.rb +0 -86
  339. data/spec/lib/auth0/api/v2/roles_spec.rb +0 -362
  340. data/spec/lib/auth0/api/v2/rules_spec.rb +0 -95
  341. data/spec/lib/auth0/api/v2/stats_spec.rb +0 -22
  342. data/spec/lib/auth0/api/v2/tenants_spec.rb +0 -26
  343. data/spec/lib/auth0/api/v2/tickets_spec.rb +0 -63
  344. data/spec/lib/auth0/api/v2/user_blocks_spec.rb +0 -52
  345. data/spec/lib/auth0/api/v2/users_by_email_spec.rb +0 -21
  346. data/spec/lib/auth0/api/v2/users_spec.rb +0 -542
  347. data/spec/lib/auth0/client_spec.rb +0 -153
  348. data/spec/lib/auth0/mixins/httpproxy_spec.rb +0 -304
  349. data/spec/lib/auth0/mixins/initializer_spec.rb +0 -30
  350. data/spec/lib/auth0/mixins/validation_spec.rb +0 -466
  351. data/spec/spec_helper.rb +0 -63
  352. data/spec/support/credentials.rb +0 -30
  353. data/spec/support/dummy_class.rb +0 -18
  354. data/spec/support/dummy_class_for_proxy.rb +0 -5
  355. data/spec/support/dummy_class_for_restclient.rb +0 -2
  356. data/spec/support/import_users.json +0 -13
  357. data/spec/support/stub_response.rb +0 -1
@@ -1,466 +0,0 @@
1
- # rubocop:disable Metrics/BlockLength
2
- require 'spec_helper'
3
-
4
- RSA_PUB_KEY_JWK_1 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-1' }.freeze
5
- RSA_PUB_KEY_JWK_2 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-2' }.freeze
6
- JWKS_RESPONSE_1 = { 'keys': [RSA_PUB_KEY_JWK_1] }.freeze
7
- JWKS_RESPONSE_2 = { 'keys': [RSA_PUB_KEY_JWK_2] }.freeze
8
- JWKS_URL = 'https://tokens-test.auth0.com/.well-known/jwks.json'.freeze
9
- HMAC_SHARED_SECRET = 'secret'.freeze
10
-
11
- LEEWAY = 60
12
- CLOCK = 1587592561 # Apr 22 2020 21:56:01 UTC
13
- CONTEXT = { algorithm: Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET), leeway: LEEWAY, audience: 'tokens-test-123', issuer: 'https://tokens-test.auth0.com/', clock: CLOCK }.freeze
14
-
15
- describe Auth0::Mixins::Validation::IdTokenValidator do
16
- subject { @instance }
17
-
18
- context 'instance' do
19
- it 'is expected respond to :validate' do
20
- instance = Auth0::Mixins::Validation::IdTokenValidator.new({})
21
-
22
- expect(instance).to respond_to(:validate)
23
- end
24
- end
25
-
26
- context 'ID token decoding' do
27
- expected_error = 'ID token could not be decoded'
28
- instance = Auth0::Mixins::Validation::IdTokenValidator.new({})
29
-
30
- it 'is expected to raise an error with a nil id_token' do
31
- expect { instance.validate(nil) }.to raise_exception(expected_error)
32
- end
33
-
34
- it 'is expected to raise an error with an empty id_token' do
35
- expect { instance.validate('') }.to raise_exception(expected_error)
36
- end
37
-
38
- it 'is expected to raise an error with an invalid format' do
39
- expect { instance.validate('a.b') }.to raise_exception(expected_error)
40
- expect { instance.validate('a.b.') }.to raise_exception(expected_error)
41
- expect { instance.validate('a.b.c.d') }.to raise_exception(expected_error)
42
- end
43
-
44
- it 'is expected to raise an error with an invalid encoding' do
45
- expect { instance.validate('a.b.c') }.to raise_exception(expected_error)
46
- end
47
- end
48
-
49
- context 'algorithm verification' do
50
- token = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
51
-
52
- it 'is expected to raise an error with an unsupported algorithm' do
53
- instance = Auth0::Mixins::Validation::IdTokenValidator.new({ algorithm: 'ES256' })
54
-
55
- expect { instance.validate(token) }.to raise_exception('Signature algorithm of "ES256" is not supported')
56
- end
57
-
58
- it 'is expected to raise an error when the algorithm does not match the alg header value' do
59
- algorithm = Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET)
60
- instance = Auth0::Mixins::Validation::IdTokenValidator.new({ algorithm: algorithm })
61
-
62
- expect { instance.validate(token) }.to raise_exception('Signature algorithm of "ES256" is not supported. Expected the ID token to be signed with "HS256"')
63
- end
64
- end
65
-
66
- context 'HS256 signature verification' do
67
- before :each do
68
- algorithm = Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET)
69
- @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ algorithm: algorithm }))
70
- end
71
-
72
- it 'is expected not to raise an error with a valid signature' do
73
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
74
-
75
- expect { @instance.validate(token) }.not_to raise_exception
76
- end
77
-
78
- it 'is expected to raise an error with an invalid signature' do
79
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.invalidsignature'
80
-
81
- expect { @instance.validate(token) }.to raise_exception('Invalid ID token signature')
82
- end
83
- end
84
-
85
- context 'RS256 signature verification' do
86
- before :each do
87
- stub_jwks
88
- algorithm = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
89
- @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ algorithm: algorithm }))
90
- end
91
-
92
- after :each do
93
- Auth0::Algorithm::RS256.remove_jwks
94
- WebMock.reset!
95
- end
96
-
97
- it 'is expected not to raise an error with a valid signature' do
98
- token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTEifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.jE00ARUiAwrKEoAMwbioKYj4bUZjmg31V7McDtIPsJJ16rYcvI-e5mtSSMgCmAom6t-WA7dsSWCJUlBCW2nAMvyCZ-hj8HG9Z0RmQEiwig9Fk22avoX94zdx65TwAeDfn2uMRaX_ps3TJcn4nymUtMp8Lps_vMw15eJerKThlSO4KuLTrvDDdRaCRamAd7jxuzhiwOt0mB0TVD55b5itA02pGuyapbjQXvvLYEx8OgpyIaAkB9Ry25abgjev0bSw2kjFZckG3lv9QgvZM85m9l3Rbrc6msNPGfMDFWGyT3Tu2ObqnSEA-57hZeuCbFrOya3vUwgSlc66rfvZj2xpzg'
99
-
100
- expect { @instance.validate(token) }.not_to raise_exception
101
- end
102
-
103
- it 'is expected to raise an error with an invalid signature' do
104
- token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTEifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.invalidsignature'
105
-
106
- expect { @instance.validate(token) }.to raise_exception('Invalid ID token signature')
107
- end
108
-
109
- it 'is expected to raise an error when the public key cannot be found' do
110
- token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTIifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.r2ksgiiM8zGJ6byea_Fq_zWWEmUdOnwQLVdb5JzgdBv1GUQFp-4LNaRhcga4FIrbKgxaPeewGLTq2VqfjmNJUNfARcE3QEacQ_JEHkC6zKZIiqcu4msHl8X9HXyHxOPHMTTjYMjauPzET7UH_oLxF68DDDQqvKX9VqLsncpyC-KdTCFTLGlFSq6pxmYt6gwrF2Uo15Gzc6qe2I9-MTXCYd44VW1zQi6GhNJNKbXH6U3bf7nof0ot1PSjBXXuLgf6d3qumTStECCjIUmdBb6FiEX4SSRI4MgHWj4q0LyN28baRpYwYPhVnjzUxOP7OLjKiHs45ORBhuAWhrJnuR_uBQ'
111
-
112
- expect { @instance.validate(token) }.to raise_exception('Could not find a public key for Key ID (kid) "test-key-2"')
113
- end
114
-
115
- it 'is expected to fetch the JWK set from the url if the public key cannot be found and the cache is not empty' do
116
- token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTIifQ.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.r2ksgiiM8zGJ6byea_Fq_zWWEmUdOnwQLVdb5JzgdBv1GUQFp-4LNaRhcga4FIrbKgxaPeewGLTq2VqfjmNJUNfARcE3QEacQ_JEHkC6zKZIiqcu4msHl8X9HXyHxOPHMTTjYMjauPzET7UH_oLxF68DDDQqvKX9VqLsncpyC-KdTCFTLGlFSq6pxmYt6gwrF2Uo15Gzc6qe2I9-MTXCYd44VW1zQi6GhNJNKbXH6U3bf7nof0ot1PSjBXXuLgf6d3qumTStECCjIUmdBb6FiEX4SSRI4MgHWj4q0LyN28baRpYwYPhVnjzUxOP7OLjKiHs45ORBhuAWhrJnuR_uBQ'
117
- Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
118
- stub_jwks(JWKS_RESPONSE_2)
119
- @instance.validate(token)
120
-
121
- expect(a_request(:get, JWKS_URL)).to have_been_made.twice
122
- end
123
- end
124
-
125
- context 'context validation' do
126
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.Hn38QVtN_mWN0c-jOa-Fqq69kXpbBp0THsvE-CQ47Ps'
127
-
128
- it 'is expected to raise an error with a non-integer leeway' do
129
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ leeway: '1' }))
130
-
131
- expect { instance.validate(token) }.to raise_exception('Must supply a valid leeway')
132
- end
133
-
134
- it 'is expected to raise an error with a negative leeway' do
135
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ leeway: -1 }))
136
-
137
- expect { instance.validate(token) }.to raise_exception('Must supply a valid leeway')
138
- end
139
-
140
- it 'is expected to raise an error with an empty nonce' do
141
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: '' }))
142
-
143
- expect { instance.validate(token) }.to raise_exception('Must supply a valid nonce')
144
- end
145
-
146
- it 'is expected to raise an error with an empty issuer' do
147
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ issuer: '' }))
148
-
149
- expect { instance.validate(token) }.to raise_exception('Must supply a valid issuer')
150
- end
151
-
152
- it 'is expected to raise an error with an empty audience' do
153
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ audience: '' }))
154
-
155
- expect { instance.validate(token) }.to raise_exception('Must supply a valid audience')
156
- end
157
-
158
- it 'is expected to raise an error with a non-integer max_age' do
159
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: '1' }))
160
-
161
- expect { instance.validate(token) }.to raise_exception('Must supply a valid max_age')
162
- end
163
-
164
- it 'is expected to raise an error with a negative max_age' do
165
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: -1 }))
166
-
167
- expect { instance.validate(token) }.to raise_exception('Must supply a valid max_age')
168
- end
169
- end
170
-
171
- context 'claims validation' do
172
- before :all do
173
- @instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT)
174
- end
175
-
176
- it 'is expected to raise an error with a missing iss' do
177
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.QL2B2tqJhlW9rc8HQ3PQKkjDufBeSvtRBtJmRPdQ5K8'
178
-
179
- expect { @instance.validate(token) }.to raise_exception('Issuer (iss) claim must be a string present in the ID token')
180
- end
181
-
182
- it 'is expected to raise an error with a invalid iss' do
183
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb21ldGhpbmctZWxzZSIsInN1YiI6ImF1dGgwfDEyMzQ1Njc4OSIsImF1ZCI6WyJ0b2tlbnMtdGVzdC0xMjMiLCJleHRlcm5hbC10ZXN0LTk5OSJdLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.AhMMouDlGMdxTYrY9Cn-p8svJ8ssKmsHeT6JNRVTh10'
184
-
185
- expect { @instance.validate(token) }.to raise_exception("Issuer (iss) claim mismatch in the ID token; expected \"#{CONTEXT[:issuer]}\", found \"something-else\"")
186
- end
187
-
188
- it 'is expected to raise an error with a missing sub' do
189
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0._4sUXtAZYpGrO3QaYArXnk2JivCqixa7hgHhH3w4SlY'
190
-
191
- expect { @instance.validate(token) }.to raise_exception('Subject (sub) claim must be a string present in the ID token')
192
- end
193
-
194
- it 'is expected to raise an error with a missing aud' do
195
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.TlwnBmGUKe0SElSYKxPqsG1mujkK2t1CwDJGGiWRdXA'
196
-
197
- expect { @instance.validate(token) }.to raise_exception('Audience (aud) claim must be a string or array of strings present in the ID token')
198
- end
199
-
200
- it 'is expected to raise an error with an invalid string aud' do
201
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOiJleHRlcm5hbC10ZXN0LTk5OSIsImV4cCI6MTU4Nzc2NTM2MSwiaWF0IjoxNTg3NTkyNTYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.-Tf5CIi2bZ51UdgqxFWQNXpJJmK5GgsetcVoVrQwHIA'
202
-
203
- expect { @instance.validate(token) }.to raise_exception("Audience (aud) claim mismatch in the ID token; expected \"#{CONTEXT[:audience]}\", found \"external-test-999\"")
204
- end
205
-
206
- it 'is expected to raise an error with an invalid array aud' do
207
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsiZXh0ZXJuYWwtdGVzdC05OTgiLCJleHRlcm5hbC10ZXN0LTk5OSJdLCJleHAiOjE1ODc3NjUzNjEsImlhdCI6MTU4NzU5MjU2MSwibm9uY2UiOiJhMWIyYzNkNGU1IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.Q1GRVL5g3RLQqG5sEV_cc8WW_oiZzFIAfzRfBdxMW2s'
208
-
209
- expect { @instance.validate(token) }.to raise_exception("Audience (aud) claim mismatch in the ID token; expected \"#{CONTEXT[:audience]}\" but was not one of \"external-test-998, external-test-999\"")
210
- end
211
-
212
- it 'is expected to raise an error with a missing exp' do
213
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiaWF0IjoxNTg3NTkyNTYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.aoLiQX3sHsf1bEbc0axbjJ9qV6hhomtEzJq-FT8OGF0'
214
-
215
- expect { @instance.validate(token) }.to raise_exception('Expiration Time (exp) claim must be a number present in the ID token')
216
- end
217
-
218
- it 'is expected to raise an error with a invalid exp' do
219
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NTkyNTYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.A8Pc0vlCG5Ufez7VIoRqXTYpJehalTEgGX9cR2xJLkU'
220
- clock = CLOCK + LEEWAY + 1
221
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ clock: clock }))
222
-
223
- expect { instance.validate(token) }.to raise_exception("Expiration Time (exp) claim mismatch in the ID token; current time \"#{clock}\" is after expiration time \"1587592621\"")
224
- end
225
-
226
- it 'is expected to raise an error with a missing iat' do
227
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJub25jZSI6ImExYjJjM2Q0ZTUiLCJhenAiOiJ0b2tlbnMtdGVzdC0xMjMiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.Jea6UVJsAK7Hnb494f_WIQCIbaLTnnCvMenSY1Y2toc'
228
-
229
- expect { @instance.validate(token) }.to raise_exception('Issued At (iat) claim must be a number present in the ID token')
230
- end
231
-
232
- it 'is expected not to raise an error with a missing but not required nonce' do
233
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.-o5grnyODbBdRgzcrn7Sf9Hb6eOC0x_U2i3YjVgHN0U'
234
-
235
- expect { @instance.validate(token) }.not_to raise_exception
236
- end
237
-
238
- it 'is expected to raise an error with a missing but required nonce' do
239
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.-o5grnyODbBdRgzcrn7Sf9Hb6eOC0x_U2i3YjVgHN0U'
240
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: 'a1b2c3d4e5' }))
241
-
242
- expect { instance.validate(token) }.to raise_exception('Nonce (nonce) claim must be a string present in the ID token')
243
- end
244
-
245
- it 'is expected to raise an error with an invalid nonce' do
246
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiMDAwOTk5IiwiYXpwIjoidG9rZW5zLXRlc3QtMTIzIiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.XqQPdFN4m5kmTUQQi_mAJu0LQOeUTS9lF2J_xWc_j-0'
247
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ nonce: 'a1b2c3d4e5' }))
248
-
249
- expect { instance.validate(token) }.to raise_exception('Nonce (nonce) claim mismatch in the ID token; expected "a1b2c3d4e5", found "000999"')
250
- end
251
-
252
- it 'is expected to raise an error with a missing azp' do
253
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF1dGhfdGltZSI6MTU4NzY3ODk2MX0.LrgYkIbWrxMq6jvvkL1lxWL237ii1IBhtN2o_tDxFns'
254
-
255
- expect { @instance.validate(token) }.to raise_exception('Authorized Party (azp) claim must be a string present in the ID token')
256
- end
257
-
258
- it 'is expected to raise an error with an invalid azp' do
259
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6ImV4dGVybmFsLXRlc3QtOTk5IiwiYXV0aF90aW1lIjoxNTg3Njc4OTYxfQ.3DX-LY3B4UngDML-9nv11Sv89ECJpRpOLeWnkF1vAFY'
260
-
261
- expect { @instance.validate(token) }.to raise_exception("Authorized Party (azp) claim mismatch in the ID token; expected \"tokens-test-123\", found \"external-test-999\"")
262
- end
263
-
264
- it 'is expected to raise an error with a missing auth_time' do
265
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyJ9.JqUotnjHbGW0FcHz1s1YsRkce9Sbpsv2AEBDMpcUhp8'
266
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: 120 }))
267
-
268
- expect { instance.validate(token) }.to raise_exception('Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified')
269
- end
270
-
271
- it 'is expected to raise an error with a invalid auth_time' do
272
- token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNTg3NzY1MzYxLCJpYXQiOjE1ODc1OTI1NjEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTU4NzU5MjU2MX0.B7eWHJPHjhOh0ALjIQi0ro6zVsqGIeHd0gpRZsv6Hg8'
273
- max_age = 120
274
- auth_time = CLOCK + LEEWAY + max_age
275
- clock = auth_time + 1
276
- instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ max_age: max_age, clock: clock }))
277
-
278
- expect { instance.validate(token) }.to raise_exception("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time \"#{clock}\" is after last auth at \"#{auth_time}\"")
279
- end
280
- end
281
- end
282
-
283
- describe Auth0::Algorithm::HS256 do
284
- context 'class' do
285
- it 'is expected to respond to :secret' do
286
- expect(Auth0::Algorithm::HS256).to respond_to(:secret)
287
- end
288
-
289
- it 'is expected not to respond to :new' do
290
- expect(Auth0::Algorithm::HS256).not_to respond_to(:new)
291
- end
292
- end
293
-
294
- context 'instance' do
295
- it 'is expected to respond to :secret' do
296
- instance = Auth0::Algorithm::HS256.secret('secret')
297
-
298
- expect(instance).to respond_to(:secret)
299
- end
300
-
301
- it 'is expected to return the secret' do
302
- instance = Auth0::Algorithm::HS256.secret('secret')
303
-
304
- expect(instance.secret).to eq('secret')
305
- end
306
-
307
- it 'is expected to return the algorithm name' do
308
- instance = Auth0::Algorithm::HS256.secret('secret')
309
-
310
- expect(instance.name).to eq('HS256')
311
- end
312
- end
313
-
314
- context 'parameters' do
315
- expected_error = 'Must supply a valid secret'
316
-
317
- it 'is expected to raise an error with a nil secret' do
318
- expect { Auth0::Algorithm::HS256.secret(nil) }.to raise_exception(expected_error)
319
- end
320
-
321
- it 'is expected to raise an error with an empty secret' do
322
- expect { Auth0::Algorithm::HS256.secret('') }.to raise_exception(expected_error)
323
- end
324
- end
325
- end
326
-
327
- describe Auth0::Algorithm::RS256 do
328
- before :each do
329
- stub_jwks
330
- end
331
-
332
- after :each do
333
- Auth0::Algorithm::RS256.remove_jwks
334
- WebMock.reset!
335
- end
336
-
337
- context 'class' do
338
- it 'is expected to respond to :jwks_url' do
339
- expect(Auth0::Algorithm::RS256).to respond_to(:jwks_url)
340
- end
341
-
342
- it 'is expected not to respond to :new' do
343
- expect(Auth0::Algorithm::RS256).not_to respond_to(:new)
344
- end
345
- end
346
-
347
- context 'instance' do
348
- it 'is expected to respond to :jwks' do
349
- instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
350
-
351
- expect(instance).to respond_to(:jwks)
352
- end
353
-
354
- it 'is expected to respond to :fetched_jwks?' do
355
- instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
356
-
357
- expect(instance).to respond_to(:fetched_jwks?)
358
- end
359
-
360
- it 'is expected to return a jwks' do
361
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
362
-
363
- expect(instance.jwks).to have_key('keys') and contain_exactly(a_hash_including(kid: 'test-key-1'))
364
- end
365
-
366
- it 'is expected to return if the jwks was fetched from the url' do
367
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
368
- instance.jwks
369
-
370
- expect(instance.fetched_jwks?).to eq(true)
371
- end
372
-
373
- it 'is expected to return if the jwks was fetched from the cache' do
374
- Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
375
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
376
- instance.jwks
377
-
378
- expect(instance.fetched_jwks?).to eq(false)
379
- end
380
-
381
- it 'is expected to return the algorithm name' do
382
- instance = Auth0::Algorithm::RS256.jwks_url('jwks url')
383
-
384
- expect(instance.name).to eq('RS256')
385
- end
386
- end
387
-
388
- context 'parameters' do
389
- it 'is expected to raise an error with a nil jwks_url' do
390
- expect { Auth0::Algorithm::RS256.jwks_url(nil) }.to raise_exception('Must supply a valid jwks_url')
391
- end
392
-
393
- it 'is expected to raise an error with an empty jwks_url' do
394
- expect { Auth0::Algorithm::RS256.jwks_url('') }.to raise_exception('Must supply a valid jwks_url')
395
- end
396
-
397
- it 'is expected to raise an error with a non-integer lifetime' do
398
- expect { Auth0::Algorithm::RS256.jwks_url('jwks url', lifetime: '1') }.to raise_exception('Must supply a valid lifetime')
399
- end
400
-
401
- it 'is expected to raise an error with a negative lifetime' do
402
- expect { Auth0::Algorithm::RS256.jwks_url('jwks url', lifetime: -1) }.to raise_exception('Must supply a valid lifetime')
403
- end
404
- end
405
-
406
- context 'cache' do
407
- it 'is expected to fetch the jwks from the url when the cache is empty' do
408
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
409
- instance.jwks
410
-
411
- expect(a_request(:get, JWKS_URL)).to have_been_made.once
412
- end
413
-
414
- it 'is expected to fetch the jwks from the url when the cache is expired' do
415
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL, lifetime: 0)
416
- instance.jwks
417
- instance.jwks
418
-
419
- expect(a_request(:get, JWKS_URL)).to have_been_made.twice
420
- end
421
-
422
- it 'is not expected to fetch the jwks from the url when there is a value cached' do
423
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
424
- instance.jwks
425
- instance.jwks
426
-
427
- expect(a_request(:get, JWKS_URL)).to have_been_made.once
428
- end
429
-
430
- it 'is expected to forcibly fetch the jwks from the url' do
431
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
432
- instance.jwks
433
- instance.jwks(force: true)
434
-
435
- expect(a_request(:get, JWKS_URL)).to have_been_made.twice
436
- end
437
-
438
- it 'is expected to forcibly fetch the jwks from the url and cache it' do
439
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
440
- instance.jwks(force: true)
441
- instance.jwks
442
-
443
- expect(a_request(:get, JWKS_URL)).to have_been_made.once
444
- end
445
-
446
- it 'is expected to return the last cached value if the jwks could not be fetched' do
447
- Auth0::Algorithm::RS256.jwks_url(JWKS_URL).jwks
448
- stub_request(:get, JWKS_URL).to_return(body: 'invalid')
449
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
450
-
451
- expect(instance.jwks).to have_key('keys') and contain_exactly(a_hash_including(kid: 'test-key-1'))
452
- end
453
-
454
- it 'is expected to raise an error if the jwks could not be fetched and the cache is empty' do
455
- stub_request(:get, JWKS_URL).to_return(body: 'invalid')
456
- instance = Auth0::Algorithm::RS256.jwks_url(JWKS_URL)
457
-
458
- expect { instance.jwks }.to raise_exception('Could not fetch the JWK set')
459
- end
460
- end
461
- end
462
- # rubocop:enable Metrics/BlockLength
463
-
464
- def stub_jwks(stub = JWKS_RESPONSE_1)
465
- stub_request(:get, JWKS_URL).to_return(body: stub.to_json)
466
- end
data/spec/spec_helper.rb DELETED
@@ -1,63 +0,0 @@
1
- require 'pry'
2
- require 'rack/test'
3
- require 'faker'
4
- require 'json'
5
- require 'auth0'
6
-
7
- require 'simplecov'
8
- SimpleCov.start
9
-
10
- if ENV['CI'] == 'true'
11
- require 'codecov'
12
- SimpleCov.formatter = SimpleCov::Formatter::Codecov
13
- end
14
-
15
- require 'dotenv'
16
- Dotenv.load
17
-
18
- require 'webmock/rspec'
19
- WebMock.allow_net_connect!
20
-
21
- require 'vcr'
22
- VCR.configure do |config|
23
- # Uncomment the line below to record new VCR cassettes.
24
- # When this is commented out, VCR will reject all outbound HTTP calls.
25
- config.allow_http_connections_when_no_cassette = true
26
- config.cassette_library_dir = 'spec/fixtures/vcr_cassettes'
27
- config.configure_rspec_metadata!
28
- config.hook_into :webmock
29
- config.filter_sensitive_data('CLIENT_SECRET') { ENV['CLIENT_SECRET'] }
30
- config.filter_sensitive_data('API_TOKEN') { ENV['MASTER_JWT'] }
31
-
32
- ENV['DOMAIN'] = 'auth0-sdk-tests.auth0.com'
33
- ENV['CLIENT_ID'] = '2cnWuug6zaFX1j0ge1P99jAUn0F4XSuI'
34
- end
35
-
36
- $LOAD_PATH.unshift File.expand_path('..', __FILE__)
37
- $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
38
-
39
- Dir['./lib/*.rb'].each { |f| require f }
40
- Dir['./lib/api/**/*.rb'].each { |f| require f }
41
- Dir['./spec/support/**/*.rb'].each { |f| require f }
42
- Dir['./spec/support/*.rb'].each { |f| require f }
43
-
44
- require 'rspec'
45
- RSpec.configure do |config|
46
- config.filter_run focus: true
47
- config.run_all_when_everything_filtered = true
48
- config.include Credentials
49
- end
50
-
51
- def wait(time, increment = 5, elapsed_time = 0, &block)
52
- yield
53
- rescue RSpec::Expectations::ExpectationNotMetError => e
54
- raise e if elapsed_time >= time
55
- sleep increment
56
- wait(time, increment, elapsed_time + increment, &block)
57
- end
58
-
59
- def entity_suffix
60
- 'rubytest'
61
- end
62
-
63
- puts "Entity suffix is #{entity_suffix}"
@@ -1,30 +0,0 @@
1
- module Credentials
2
- module_function
3
-
4
- def v1_creds
5
- {
6
- client_id: ENV['CLIENT_ID'],
7
- client_secret: ENV['CLIENT_SECRET'],
8
- domain: ENV['DOMAIN'],
9
- api_version: 1
10
- }
11
- end
12
-
13
- def v1_global_creds
14
- {
15
- client_id: ENV['GLOBAL_CLIENT_ID'],
16
- client_secret: ENV['GLOBAL_CLIENT_SECRET'],
17
- domain: ENV['DOMAIN'],
18
- api_version: 1
19
- }
20
- end
21
-
22
- def v2_creds
23
- {
24
- domain: ENV.fetch( 'DOMAIN', 'DOMAIN' ),
25
- client_id: ENV.fetch( 'CLIENT_ID', 'CLIENT_ID' ),
26
- client_secret: ENV.fetch( 'CLIENT_SECRET', 'TEST_CLIENT_SECRET' ),
27
- token: ENV.fetch( 'MASTER_JWT', 'TEST_MASTER_JWT' )
28
- }
29
- end
30
- end
@@ -1,18 +0,0 @@
1
- class DummyClass
2
- include Auth0::Mixins::Headers
3
-
4
- attr_reader :domain, :client_id, :client_secret, :audience
5
-
6
- def initialize
7
- @domain = 'test.auth0.com'
8
- @client_id = '__test_client_id__'
9
- @client_secret = '__test_client_secret__'
10
- @audience = "https://#{@domain}/api/v2/"
11
- end
12
-
13
- %i(get post put patch delete delete_with_body).each do |method|
14
- define_method(method) do |_path, _body = {}|
15
- true
16
- end
17
- end
18
- end
@@ -1,5 +0,0 @@
1
- class DummyClassForProxy
2
- include Auth0::Mixins::HTTPProxy
3
- include Auth0::Mixins::Headers
4
- @base_uri = 'http://auth0.com'
5
- end
@@ -1,2 +0,0 @@
1
- class DummyClassForRestClient < RestClient::Exception
2
- end
@@ -1,13 +0,0 @@
1
- [
2
- {
3
- "email": "john.doe@contoso.com",
4
- "email_verified": false,
5
- "app_metadata": {
6
- "roles": ["admin"],
7
- "plan": "premium"
8
- },
9
- "user_metadata": {
10
- "theme": "light"
11
- }
12
- }
13
- ]
@@ -1 +0,0 @@
1
- StubResponse = Struct.new(:body, :success?, :code, :headers)