auth0 4.17.1 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/.yardoc/checksums +22 -0
- data/.yardoc/complete +0 -0
- data/.yardoc/object_types +0 -0
- data/.yardoc/objects/root.dat +0 -0
- data/.yardoc/proxy_types +0 -0
- data/CHANGELOG.md +33 -0
- data/Gemfile +0 -1
- data/Gemfile.lock +19 -21
- data/README.md +1 -7
- data/Rakefile +0 -22
- data/auth0.gemspec +0 -1
- data/examples/ruby-api/.gitignore +0 -6
- data/lib/auth0/api/authentication_endpoints.rb +6 -220
- data/lib/auth0/api/v2/users.rb +7 -5
- data/lib/auth0/exception.rb +2 -7
- data/lib/auth0/mixins.rb +0 -1
- data/lib/auth0/mixins/access_token_struct.rb +2 -2
- data/lib/auth0/mixins/api_token_struct.rb +2 -2
- data/lib/auth0/mixins/initializer.rb +1 -7
- data/lib/auth0/mixins/permission_struct.rb +2 -2
- data/lib/auth0/mixins/validation.rb +1 -1
- data/lib/auth0/version.rb +1 -1
- data/spec/integration/lib/auth0/api/api_authentication_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_roles_spec.rb +1 -1
- data/spec/integration/lib/auth0/api/v2/api_users_spec.rb +1 -1
- data/spec/lib/auth0/api/v2/roles_spec.rb +4 -4
- data/spec/lib/auth0/api/v2/users_spec.rb +19 -9
- data/spec/support/credentials.rb +0 -19
- metadata +7 -31
- data/deploy_documentation.sh +0 -29
- data/doc_config/templates/default/fulldoc/html/css/full_list.css +0 -79
- data/doc_config/templates/default/fulldoc/html/css/style.css +0 -546
- data/doc_config/templates/default/layout/html/breadcrumb.erb +0 -11
- data/doc_config/templates/default/layout/html/footer.erb +0 -115
- data/doc_config/templates/default/layout/html/headers.erb +0 -17
- data/doc_config/templates/default/layout/html/layout.erb +0 -27
- data/lib/auth0/api/v1.rb +0 -19
- data/lib/auth0/api/v1/clients.rb +0 -58
- data/lib/auth0/api/v1/connections.rb +0 -68
- data/lib/auth0/api/v1/logs.rb +0 -43
- data/lib/auth0/api/v1/rules.rb +0 -57
- data/lib/auth0/api/v1/users.rb +0 -227
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +0 -703
@@ -1,703 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# rubocop:disable Metrics/BlockLength
|
4
|
-
require 'spec_helper'
|
5
|
-
describe Auth0::Api::AuthenticationEndpoints do
|
6
|
-
UP_AUTH = 'Username-Password-Authentication'.freeze
|
7
|
-
|
8
|
-
before :all do
|
9
|
-
dummy_instance = DummyClass.new
|
10
|
-
dummy_instance.extend(Auth0::Api::AuthenticationEndpoints)
|
11
|
-
|
12
|
-
@instance = dummy_instance
|
13
|
-
end
|
14
|
-
|
15
|
-
subject { @instance }
|
16
|
-
|
17
|
-
context '.api_token' do
|
18
|
-
it { expect(@instance).to respond_to(:api_token) }
|
19
|
-
it "is expected to POST to '/oauth/token'" do
|
20
|
-
allow(@instance).to receive(:post).with(
|
21
|
-
'/oauth/token',
|
22
|
-
grant_type: 'client_credentials',
|
23
|
-
client_id: @instance.client_id,
|
24
|
-
client_secret: @instance.client_secret,
|
25
|
-
audience: @instance.audience
|
26
|
-
).and_return('access_token' => 'AccessToken')
|
27
|
-
|
28
|
-
expect(@instance.api_token.token).to eql 'AccessToken'
|
29
|
-
end
|
30
|
-
|
31
|
-
it "is expected to POST to '/oauth/token' with a custom audience" do
|
32
|
-
allow(@instance).to receive(:post).with(
|
33
|
-
'/oauth/token',
|
34
|
-
grant_type: 'client_credentials',
|
35
|
-
client_id: @instance.client_id,
|
36
|
-
client_secret: @instance.client_secret,
|
37
|
-
audience: '__test_audience__'
|
38
|
-
).and_return('access_token' => 'AccessToken')
|
39
|
-
|
40
|
-
expect(
|
41
|
-
@instance.api_token(audience: '__test_audience__').token
|
42
|
-
).to eql 'AccessToken'
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context '.obtain_access_token' do
|
47
|
-
it { expect(@instance).to respond_to(:obtain_access_token) }
|
48
|
-
it "is expected to make post request to '/oauth/token'" do
|
49
|
-
allow(@instance).to receive(:post).with(
|
50
|
-
'/oauth/token', client_id: @instance.client_id, client_secret: @instance.client_secret, grant_type: 'client_credentials'
|
51
|
-
)
|
52
|
-
.and_return('access_token' => 'AccessToken')
|
53
|
-
|
54
|
-
expect(@instance).to receive(:post).with(
|
55
|
-
'/oauth/token', client_id: @instance.client_id, client_secret: @instance.client_secret, grant_type: 'client_credentials'
|
56
|
-
)
|
57
|
-
expect(@instance.obtain_access_token).to eql 'AccessToken'
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
context '.obtain_access_token social' do
|
62
|
-
it { expect(@instance).to respond_to(:obtain_access_token) }
|
63
|
-
it "is expected to make post request to '/oauth/access_token'" do
|
64
|
-
allow(@instance).to receive(:post).with(
|
65
|
-
'/oauth/access_token', client_id: @instance.client_id, access_token: 'access_token', connection: 'facebook',
|
66
|
-
scope: 'openid'
|
67
|
-
)
|
68
|
-
.and_return('access_token' => 'AccessToken')
|
69
|
-
expect(@instance).to receive(:post).with(
|
70
|
-
'/oauth/access_token', client_id: @instance.client_id, access_token: 'access_token', connection: 'facebook',
|
71
|
-
scope: 'openid'
|
72
|
-
)
|
73
|
-
expect(@instance.obtain_access_token('access_token', 'facebook', 'openid')).to eql 'AccessToken'
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
context '.obtain_user_tokens' do
|
78
|
-
it { expect(@instance).to respond_to(:obtain_user_tokens) }
|
79
|
-
it "is expected to make post request to '/oauth/token'" do
|
80
|
-
allow(@instance).to receive(:post).with(
|
81
|
-
'/oauth/token', client_id: @instance.client_id, client_secret: @instance.client_secret, grant_type: 'authorization_code',
|
82
|
-
connection: 'facebook', code: 'code', scope: 'openid', redirect_uri: 'uri'
|
83
|
-
)
|
84
|
-
.and_return('user_tokens' => 'UserToken')
|
85
|
-
expect(@instance).to receive(:post).with(
|
86
|
-
'/oauth/token', client_id: @instance.client_id, client_secret: @instance.client_secret, grant_type: 'authorization_code',
|
87
|
-
connection: 'facebook', code: 'code', scope: 'openid', redirect_uri: 'uri'
|
88
|
-
)
|
89
|
-
expect(@instance.obtain_user_tokens('code', 'uri')['user_tokens']).to eq 'UserToken'
|
90
|
-
end
|
91
|
-
it { expect { @instance.obtain_user_tokens('', '') }.to raise_error 'Must supply a valid code' }
|
92
|
-
it { expect { @instance.obtain_user_tokens('code', '') }.to raise_error 'Must supply a valid redirect_uri' }
|
93
|
-
end
|
94
|
-
|
95
|
-
context '.exchange_auth_code_for_tokens' do
|
96
|
-
it { is_expected.to respond_to(:exchange_auth_code_for_tokens) }
|
97
|
-
|
98
|
-
it 'is expected to make post request to /oauth/token with default params' do
|
99
|
-
allow(@instance).to receive(:post).with(
|
100
|
-
'/oauth/token',
|
101
|
-
client_id: @instance.client_id,
|
102
|
-
client_secret: @instance.client_secret,
|
103
|
-
grant_type: 'authorization_code',
|
104
|
-
code: '__test_auth_code__',
|
105
|
-
redirect_uri: nil
|
106
|
-
).and_return('access_token' => 'AccessToken')
|
107
|
-
|
108
|
-
is_expected.to receive(:post).with(
|
109
|
-
'/oauth/token',
|
110
|
-
client_id: @instance.client_id,
|
111
|
-
client_secret: @instance.client_secret,
|
112
|
-
grant_type: 'authorization_code',
|
113
|
-
code: '__test_auth_code__',
|
114
|
-
redirect_uri: nil
|
115
|
-
)
|
116
|
-
|
117
|
-
expect(
|
118
|
-
@instance.exchange_auth_code_for_tokens(
|
119
|
-
'__test_auth_code__'
|
120
|
-
)['access_token']
|
121
|
-
).to eq 'AccessToken'
|
122
|
-
end
|
123
|
-
|
124
|
-
it 'is expected to make post request to /oauth/token with custom params' do
|
125
|
-
allow(@instance).to receive(:post).with(
|
126
|
-
'/oauth/token',
|
127
|
-
grant_type: 'authorization_code',
|
128
|
-
client_id: '_test_custom_client_id__',
|
129
|
-
client_secret: '_test_custom_client_secret__',
|
130
|
-
code: '__test_auth_code__',
|
131
|
-
redirect_uri: '__test_redirect_uri__'
|
132
|
-
).and_return('access_token' => 'AccessToken')
|
133
|
-
|
134
|
-
is_expected.to receive(:post).with(
|
135
|
-
'/oauth/token',
|
136
|
-
grant_type: 'authorization_code',
|
137
|
-
client_id: '_test_custom_client_id__',
|
138
|
-
client_secret: '_test_custom_client_secret__',
|
139
|
-
code: '__test_auth_code__',
|
140
|
-
redirect_uri: '__test_redirect_uri__'
|
141
|
-
)
|
142
|
-
|
143
|
-
expect(
|
144
|
-
@instance.exchange_auth_code_for_tokens(
|
145
|
-
'__test_auth_code__',
|
146
|
-
redirect_uri: '__test_redirect_uri__',
|
147
|
-
client_id: '_test_custom_client_id__',
|
148
|
-
client_secret: '_test_custom_client_secret__'
|
149
|
-
)['access_token']
|
150
|
-
).to eq 'AccessToken'
|
151
|
-
end
|
152
|
-
|
153
|
-
it 'is expected to raise an error when the code is empty' do
|
154
|
-
expect do
|
155
|
-
@instance.exchange_auth_code_for_tokens(nil)
|
156
|
-
end.to raise_error 'Must provide an authorization code'
|
157
|
-
end
|
158
|
-
end
|
159
|
-
|
160
|
-
context '.exchange_refresh_token' do
|
161
|
-
it { is_expected.to respond_to(:exchange_refresh_token) }
|
162
|
-
|
163
|
-
it 'is expected to make post request to /oauth/token with default params' do
|
164
|
-
allow(@instance).to receive(:post).with(
|
165
|
-
'/oauth/token',
|
166
|
-
grant_type: 'refresh_token',
|
167
|
-
client_id: @instance.client_id,
|
168
|
-
client_secret: @instance.client_secret,
|
169
|
-
refresh_token: '__test_refresh_token__'
|
170
|
-
).and_return('access_token' => 'AccessToken')
|
171
|
-
|
172
|
-
is_expected.to receive(:post).with(
|
173
|
-
'/oauth/token',
|
174
|
-
grant_type: 'refresh_token',
|
175
|
-
client_id: @instance.client_id,
|
176
|
-
client_secret: @instance.client_secret,
|
177
|
-
refresh_token: '__test_refresh_token__'
|
178
|
-
)
|
179
|
-
|
180
|
-
expect(
|
181
|
-
@instance.exchange_refresh_token(
|
182
|
-
'__test_refresh_token__'
|
183
|
-
)['access_token']
|
184
|
-
).to eq 'AccessToken'
|
185
|
-
end
|
186
|
-
|
187
|
-
it 'is expected to make post request to /oauth/token with custom params' do
|
188
|
-
allow(@instance).to receive(:post).with(
|
189
|
-
'/oauth/token',
|
190
|
-
grant_type: 'refresh_token',
|
191
|
-
client_id: '_test_custom_client_id__',
|
192
|
-
client_secret: '_test_custom_client_secret__',
|
193
|
-
refresh_token: '__test_refresh_token__'
|
194
|
-
).and_return('access_token' => 'AccessToken')
|
195
|
-
|
196
|
-
is_expected.to receive(:post).with(
|
197
|
-
'/oauth/token',
|
198
|
-
grant_type: 'refresh_token',
|
199
|
-
client_id: '_test_custom_client_id__',
|
200
|
-
client_secret: '_test_custom_client_secret__',
|
201
|
-
refresh_token: '__test_refresh_token__'
|
202
|
-
)
|
203
|
-
|
204
|
-
expect(
|
205
|
-
@instance.exchange_refresh_token(
|
206
|
-
'__test_refresh_token__',
|
207
|
-
client_id: '_test_custom_client_id__',
|
208
|
-
client_secret: '_test_custom_client_secret__'
|
209
|
-
)['access_token']
|
210
|
-
).to eq 'AccessToken'
|
211
|
-
end
|
212
|
-
|
213
|
-
it 'is expected to raise an error when the refresh_token is empty' do
|
214
|
-
expect do
|
215
|
-
@instance.exchange_refresh_token(nil)
|
216
|
-
end.to raise_error 'Must provide a refresh token'
|
217
|
-
end
|
218
|
-
end
|
219
|
-
|
220
|
-
context '.login_with_resource_owner' do
|
221
|
-
it 'should respond to the login_with_resource_owner method' do
|
222
|
-
expect(@instance).to respond_to(:login_with_resource_owner)
|
223
|
-
end
|
224
|
-
|
225
|
-
it 'should make post to /oauth/token with default params' do
|
226
|
-
allow(@instance).to receive(:post).with(
|
227
|
-
'/oauth/token',
|
228
|
-
username: 'test@test.com',
|
229
|
-
password: 'test12345',
|
230
|
-
client_id: @instance.client_id,
|
231
|
-
client_secret: @instance.client_secret,
|
232
|
-
realm: nil,
|
233
|
-
audience: nil,
|
234
|
-
scope: 'openid',
|
235
|
-
grant_type: 'password'
|
236
|
-
).and_return('access_token' => 'AccessToken')
|
237
|
-
|
238
|
-
expect(
|
239
|
-
@instance.login_with_resource_owner('test@test.com', 'test12345').token
|
240
|
-
).to eq 'AccessToken'
|
241
|
-
end
|
242
|
-
|
243
|
-
it 'should make post to /oauth/token with custom params' do
|
244
|
-
allow(@instance).to receive(:post).with(
|
245
|
-
'/oauth/token',
|
246
|
-
username: 'test@test.com',
|
247
|
-
password: 'test12345',
|
248
|
-
client_id: '__custom_client_id__',
|
249
|
-
client_secret: '__custom_client_secret_',
|
250
|
-
realm: '__custom_realm__',
|
251
|
-
audience: '__custom_audience__',
|
252
|
-
scope: 'openid email',
|
253
|
-
grant_type: 'http://auth0.com/oauth/grant-type/password-realm'
|
254
|
-
).and_return('access_token' => 'AccessToken')
|
255
|
-
|
256
|
-
expect(
|
257
|
-
@instance.login_with_resource_owner(
|
258
|
-
'test@test.com',
|
259
|
-
'test12345',
|
260
|
-
client_id: '__custom_client_id__',
|
261
|
-
client_secret: '__custom_client_secret_',
|
262
|
-
realm: '__custom_realm__',
|
263
|
-
audience: '__custom_audience__',
|
264
|
-
scope: 'openid email'
|
265
|
-
).token
|
266
|
-
).to eq 'AccessToken'
|
267
|
-
end
|
268
|
-
|
269
|
-
it 'should raise an error with a blank username' do
|
270
|
-
expect do
|
271
|
-
@instance.login_with_resource_owner('', 'password')
|
272
|
-
end.to raise_error 'Must supply a valid login_name'
|
273
|
-
end
|
274
|
-
|
275
|
-
it 'should raise an error with a blank password' do
|
276
|
-
expect do
|
277
|
-
@instance.login_with_resource_owner('username', '')
|
278
|
-
end.to raise_error 'Must supply a valid password'
|
279
|
-
end
|
280
|
-
end
|
281
|
-
|
282
|
-
context '.login' do
|
283
|
-
it { expect(@instance).to respond_to(:login) }
|
284
|
-
it 'is expected to make post to /oauth/token' do
|
285
|
-
expect(@instance).to receive(:post).with(
|
286
|
-
'/oauth/token',
|
287
|
-
client_id: @instance.client_id,
|
288
|
-
username: 'test@test.com',
|
289
|
-
client_secret: @instance.client_secret,
|
290
|
-
password: 'test12345', scope: 'openid', connection: 'Username-Password-Authentication',
|
291
|
-
grant_type: 'password', id_token: nil, device: nil
|
292
|
-
)
|
293
|
-
@instance.login('test@test.com', 'test12345')
|
294
|
-
end
|
295
|
-
it { expect { @instance.login('', '') }.to raise_error 'Must supply a valid username' }
|
296
|
-
it { expect { @instance.login('username', '') }.to raise_error 'Must supply a valid password' }
|
297
|
-
end
|
298
|
-
|
299
|
-
# Auth0::API::AuthenticationEndpoints.signup
|
300
|
-
context '.signup' do
|
301
|
-
it { expect(@instance).to respond_to(:signup) }
|
302
|
-
|
303
|
-
it 'is expected to make a post request to /dbconnections/signup' do
|
304
|
-
expect(@instance).to receive(:post).with(
|
305
|
-
'/dbconnections/signup',
|
306
|
-
client_id: @instance.client_id,
|
307
|
-
email: 'test@test.com',
|
308
|
-
password: 'password',
|
309
|
-
connection: 'User'
|
310
|
-
)
|
311
|
-
@instance.signup('test@test.com', 'password', 'User')
|
312
|
-
end
|
313
|
-
|
314
|
-
it 'is expected to raise an error with an empty email' do
|
315
|
-
expect do
|
316
|
-
@instance.signup('', '')
|
317
|
-
end.to raise_error 'Must supply a valid email'
|
318
|
-
end
|
319
|
-
|
320
|
-
it 'is expected to raise an error with an empty password' do
|
321
|
-
expect do
|
322
|
-
@instance.signup('email', '')
|
323
|
-
end.to raise_error 'Must supply a valid password'
|
324
|
-
end
|
325
|
-
end
|
326
|
-
|
327
|
-
# Auth0::API::AuthenticationEndpoints.change_password
|
328
|
-
context '.change_password' do
|
329
|
-
it { expect(@instance).to respond_to(:change_password) }
|
330
|
-
|
331
|
-
it 'is expected to make post to /dbconnections/change_password' do
|
332
|
-
expect(@instance).to receive(:post).with(
|
333
|
-
'/dbconnections/change_password',
|
334
|
-
client_id: @instance.client_id,
|
335
|
-
email: 'test@test.com',
|
336
|
-
password: 'password',
|
337
|
-
connection: 'User'
|
338
|
-
)
|
339
|
-
@instance.change_password('test@test.com', 'password', 'User')
|
340
|
-
end
|
341
|
-
|
342
|
-
it 'is expected to raise an error with an empty email' do
|
343
|
-
expect do
|
344
|
-
@instance.change_password('', '', '')
|
345
|
-
end.to raise_error 'Must supply a valid email'
|
346
|
-
end
|
347
|
-
end
|
348
|
-
|
349
|
-
# Auth0::API::AuthenticationEndpoints.start_passwordless_email_flow
|
350
|
-
context '.start_passwordless_email_flow' do
|
351
|
-
it { expect(@instance).to respond_to(:start_passwordless_email_flow) }
|
352
|
-
|
353
|
-
it 'is expected to make post to /passwordless/start' do
|
354
|
-
expect(@instance).to receive(:post).with(
|
355
|
-
'/passwordless/start',
|
356
|
-
client_id: @instance.client_id,
|
357
|
-
client_secret: @instance.client_secret,
|
358
|
-
connection: 'email',
|
359
|
-
email: 'test@test.com',
|
360
|
-
send: 'code',
|
361
|
-
authParams: {
|
362
|
-
scope: 'scope',
|
363
|
-
protocol: 'protocol'
|
364
|
-
}
|
365
|
-
)
|
366
|
-
@instance.start_passwordless_email_flow(
|
367
|
-
'test@test.com',
|
368
|
-
'code',
|
369
|
-
scope: 'scope',
|
370
|
-
protocol: 'protocol'
|
371
|
-
)
|
372
|
-
end
|
373
|
-
|
374
|
-
it 'is expected to raise an error with an empty email' do
|
375
|
-
expect do
|
376
|
-
@instance.start_passwordless_email_flow('', '', '')
|
377
|
-
end.to raise_error 'Must supply a valid email'
|
378
|
-
end
|
379
|
-
end
|
380
|
-
|
381
|
-
# Auth0::API::AuthenticationEndpoints.start_passwordless_sms_flow
|
382
|
-
context '.start_passwordless_sms_flow' do
|
383
|
-
let(:phone_number) { Faker::PhoneNumber.cell_phone }
|
384
|
-
|
385
|
-
it { expect(@instance).to respond_to(:start_passwordless_sms_flow) }
|
386
|
-
|
387
|
-
it 'is expected to make post to /passwordless/start' do
|
388
|
-
expect(@instance).to receive(:post).with(
|
389
|
-
'/passwordless/start',
|
390
|
-
client_id: @instance.client_id,
|
391
|
-
client_secret: @instance.client_secret,
|
392
|
-
connection: 'sms',
|
393
|
-
phone_number: phone_number
|
394
|
-
)
|
395
|
-
@instance.start_passwordless_sms_flow(phone_number)
|
396
|
-
end
|
397
|
-
|
398
|
-
it 'is expected to raise an error with an empty phone number' do
|
399
|
-
expect do
|
400
|
-
@instance.start_passwordless_sms_flow('')
|
401
|
-
end.to raise_error 'Must supply a valid phone number'
|
402
|
-
end
|
403
|
-
end
|
404
|
-
|
405
|
-
context '.phone_login' do
|
406
|
-
let(:phone_number) { Faker::PhoneNumber.cell_phone }
|
407
|
-
let(:code) { Faker::Number.number(10) }
|
408
|
-
it { expect(@instance).to respond_to(:phone_login) }
|
409
|
-
it 'is expected to make post to /oauth/ro' do
|
410
|
-
expect(@instance).to receive(:post).with(
|
411
|
-
'/oauth/ro',
|
412
|
-
client_id: @instance.client_id, username: phone_number,
|
413
|
-
password: code, connection: 'sms',
|
414
|
-
scope: 'openid', grant_type: 'password'
|
415
|
-
)
|
416
|
-
@instance.phone_login(phone_number, code)
|
417
|
-
end
|
418
|
-
it { expect { @instance.phone_login('', '') }.to raise_error 'Must supply a valid phone number' }
|
419
|
-
it { expect { @instance.phone_login('phone', '') }.to raise_error 'Must supply a valid code' }
|
420
|
-
end
|
421
|
-
|
422
|
-
# Auth0::API::AuthenticationEndpoints.saml_metadata
|
423
|
-
context '.saml_metadata' do
|
424
|
-
it { expect(@instance).to respond_to(:saml_metadata) }
|
425
|
-
|
426
|
-
it 'is expected to make post to SAMLP metadata endpoint' do
|
427
|
-
expect(@instance).to receive(:get).with(
|
428
|
-
"/samlp/metadata/#{@instance.client_id}"
|
429
|
-
)
|
430
|
-
@instance.saml_metadata
|
431
|
-
end
|
432
|
-
end
|
433
|
-
|
434
|
-
# Auth0::API::AuthenticationEndpoints.wsfed_metadata
|
435
|
-
context '.wsfed_metadata' do
|
436
|
-
it { expect(@instance).to respond_to(:wsfed_metadata) }
|
437
|
-
|
438
|
-
it 'is expected to make post to WS-Fed metadata endpoint' do
|
439
|
-
expect(@instance).to receive(:get).with(
|
440
|
-
'/wsfed/FederationMetadata/2007-06/FederationMetadata.xml'
|
441
|
-
)
|
442
|
-
@instance.wsfed_metadata
|
443
|
-
end
|
444
|
-
end
|
445
|
-
|
446
|
-
context '.token_info' do
|
447
|
-
it { expect(@instance).to respond_to(:token_info) }
|
448
|
-
it 'is expected to make post to /tokeinfo' do
|
449
|
-
expect(@instance).to receive(:post).with('/tokeninfo', id_token: 'SomerandomToken')
|
450
|
-
@instance.token_info('SomerandomToken')
|
451
|
-
end
|
452
|
-
it { expect { @instance.token_info('') }.to raise_error 'Must supply a valid id_token' }
|
453
|
-
end
|
454
|
-
|
455
|
-
context '.refresh_delegation' do
|
456
|
-
it { expect(@instance).to respond_to(:refresh_delegation) }
|
457
|
-
it "is expected to make post request to '/delegation'" do
|
458
|
-
expect(@instance).to receive(:post).with(
|
459
|
-
'/delegation',
|
460
|
-
client_id: @instance.client_id,
|
461
|
-
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
462
|
-
refresh_token: 'id_token', target: '', api_type: '', scope: '',
|
463
|
-
additional_parameter: 'parameter'
|
464
|
-
)
|
465
|
-
@instance.refresh_delegation('id_token', '', '', '', additional_parameter: 'parameter')
|
466
|
-
end
|
467
|
-
it { expect { @instance.refresh_delegation('', '', '', '') }.to raise_error 'Must supply a valid token to refresh' }
|
468
|
-
end
|
469
|
-
|
470
|
-
context '.delegation' do
|
471
|
-
it { expect(@instance).to respond_to(:delegation) }
|
472
|
-
it "is expected to make post request to '/delegation'" do
|
473
|
-
expect(@instance).to receive(:post).with(
|
474
|
-
'/delegation',
|
475
|
-
client_id: @instance.client_id,
|
476
|
-
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
477
|
-
id_token: 'token',
|
478
|
-
target: 'target',
|
479
|
-
scope: '',
|
480
|
-
api_type: 'app'
|
481
|
-
)
|
482
|
-
@instance.delegation('token', 'target', '')
|
483
|
-
end
|
484
|
-
it "is expected to make post request to '/delegation'
|
485
|
-
with specified api_type" do
|
486
|
-
expect(@instance).to receive(:post).with(
|
487
|
-
'/delegation',
|
488
|
-
client_id: @instance.client_id,
|
489
|
-
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
490
|
-
id_token: 'id_token', target: '', scope: '',
|
491
|
-
api_type: 'salesforce_api'
|
492
|
-
)
|
493
|
-
@instance.delegation('id_token', '', '', 'salesforce_api')
|
494
|
-
end
|
495
|
-
it 'allows to pass extra parameters' do
|
496
|
-
expect(@instance).to receive(:post).with(
|
497
|
-
'/delegation',
|
498
|
-
client_id: @instance.client_id,
|
499
|
-
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
500
|
-
id_token: 'id_token', target: '', scope: '', api_type: '',
|
501
|
-
community_name: 'test-community', community_url: 'test-url'
|
502
|
-
)
|
503
|
-
@instance.delegation(
|
504
|
-
'id_token', '', '', '',
|
505
|
-
community_name: 'test-community', community_url: 'test-url'
|
506
|
-
)
|
507
|
-
end
|
508
|
-
it { expect { @instance.delegation('', nil, nil, nil) }.to raise_error 'Must supply a valid id_token' }
|
509
|
-
end
|
510
|
-
|
511
|
-
context '.impersonate' do
|
512
|
-
let(:user_id) { 'some_user_id' }
|
513
|
-
let(:impersonator_id) { 'some_other_user_id' }
|
514
|
-
let(:app_client_id) { 'app_client_id' }
|
515
|
-
it { expect(@instance).to respond_to(:impersonate) }
|
516
|
-
it do
|
517
|
-
expect { @instance.impersonate('', app_client_id, impersonator_id, {}) }.to raise_error(
|
518
|
-
'Must supply a valid user_id'
|
519
|
-
)
|
520
|
-
end
|
521
|
-
it do
|
522
|
-
expect { @instance.impersonate(user_id, app_client_id, '', {}) }.to raise_error(
|
523
|
-
'Must supply a valid impersonator_id'
|
524
|
-
)
|
525
|
-
end
|
526
|
-
it do
|
527
|
-
expect { @instance.impersonate(user_id, '', impersonator_id, {}) }.to raise_error(
|
528
|
-
'Must supply a valid app_client_id'
|
529
|
-
)
|
530
|
-
end
|
531
|
-
end
|
532
|
-
|
533
|
-
context '.unlink_user' do
|
534
|
-
it { expect(@instance).to respond_to(:unlink_user) }
|
535
|
-
it 'is expected to make post to /unlink' do
|
536
|
-
expect(@instance).to receive(:post).with('/unlink', access_token: 'access-token', user_id: 'user-id')
|
537
|
-
@instance.unlink_user('access-token', 'user-id')
|
538
|
-
end
|
539
|
-
it { expect { @instance.unlink_user('', '') }.to raise_error 'Must supply a valid access_token' }
|
540
|
-
it { expect { @instance.unlink_user('token', '') }.to raise_error 'Must supply a valid user_id' }
|
541
|
-
end
|
542
|
-
|
543
|
-
context '.user_info' do
|
544
|
-
it { is_expected.to respond_to(:user_info) }
|
545
|
-
it 'is expected to make post to /userinfo' do
|
546
|
-
is_expected.to receive(:get).with('/userinfo')
|
547
|
-
subject.user_info
|
548
|
-
end
|
549
|
-
end
|
550
|
-
|
551
|
-
context '.userinfo' do
|
552
|
-
it { is_expected.to respond_to(:user_info) }
|
553
|
-
it 'is expected to make a GET request to /userinfo' do
|
554
|
-
is_expected.to receive(:get).with('/userinfo', {}, { 'Authorization' => 'Bearer access-token' })
|
555
|
-
subject.userinfo 'access-token'
|
556
|
-
end
|
557
|
-
end
|
558
|
-
|
559
|
-
context '.authorization_url' do
|
560
|
-
let(:redirect_uri) { 'http://redirect.com' }
|
561
|
-
it { expect(@instance).to respond_to(:authorization_url) }
|
562
|
-
it 'is expected to return an authorization url' do
|
563
|
-
expect(@instance.authorization_url(redirect_uri).to_s).to eq(
|
564
|
-
"https://#{@instance.domain}/authorize?client_id=#{@instance.client_id}&response_type=code&"\
|
565
|
-
'redirect_uri=http%3A%2F%2Fredirect.com'
|
566
|
-
)
|
567
|
-
end
|
568
|
-
let(:additional_parameters) { { additional_parameters: { aparam1: 'test1' } } }
|
569
|
-
it 'is expected to return an authorization url with additionalParameters' do
|
570
|
-
expect(@instance.authorization_url(redirect_uri, additional_parameters).to_s).to eq(
|
571
|
-
"https://#{@instance.domain}/authorize?client_id=#{@instance.client_id}&response_type=code&"\
|
572
|
-
'redirect_uri=http%3A%2F%2Fredirect.com&aparam1=test1'
|
573
|
-
)
|
574
|
-
end
|
575
|
-
let(:state) { { state: 'state1' } }
|
576
|
-
it 'is expected to return an authorization url with additionalParameters' do
|
577
|
-
expect(@instance.authorization_url(redirect_uri, state).to_s).to eq(
|
578
|
-
"https://#{@instance.domain}/authorize?client_id=#{@instance.client_id}&response_type=code&"\
|
579
|
-
'redirect_uri=http%3A%2F%2Fredirect.com&state=state1'
|
580
|
-
)
|
581
|
-
end
|
582
|
-
let(:connection) { { connection: 'connection-1' } }
|
583
|
-
it 'is expected to return an authorization url with additionalParameters' do
|
584
|
-
expect(@instance.authorization_url(redirect_uri, connection).to_s).to eq(
|
585
|
-
"https://#{@instance.domain}/authorize?client_id=#{@instance.client_id}&response_type=code&"\
|
586
|
-
'connection=connection-1&redirect_uri=http%3A%2F%2Fredirect.com'
|
587
|
-
)
|
588
|
-
end
|
589
|
-
it { expect { @instance.authorization_url('', '') }.to raise_error 'Must supply a valid redirect_uri' }
|
590
|
-
end
|
591
|
-
|
592
|
-
# Auth0::API::AuthenticationEndpoints.logout_url
|
593
|
-
context '.logout_url' do
|
594
|
-
let(:return_to) { 'http://returnto.com' }
|
595
|
-
|
596
|
-
it { expect(@instance).to respond_to(:logout_url) }
|
597
|
-
|
598
|
-
it 'is expected to return a logout url' do
|
599
|
-
expect(@instance.logout_url(return_to).to_s).to eq(
|
600
|
-
"https://#{@instance.domain}/v2/logout?" \
|
601
|
-
'returnTo=http%3A%2F%2Freturnto.com'
|
602
|
-
)
|
603
|
-
end
|
604
|
-
|
605
|
-
it 'is expected to return a logout url with a client ID' do
|
606
|
-
expect(@instance.logout_url(return_to, include_client: true).to_s).to eq(
|
607
|
-
"https://#{@instance.domain}/v2/logout" \
|
608
|
-
"?returnTo=http%3A%2F%2Freturnto.com&client_id=#{@instance.client_id}"
|
609
|
-
)
|
610
|
-
end
|
611
|
-
|
612
|
-
it 'is expected to return a logout url with federated parameter' do
|
613
|
-
expect(@instance.logout_url(return_to, federated: true).to_s).to eq(
|
614
|
-
"https://#{@instance.domain}/v2/logout?" \
|
615
|
-
'returnTo=http%3A%2F%2Freturnto.com&federated=1'
|
616
|
-
)
|
617
|
-
end
|
618
|
-
end
|
619
|
-
|
620
|
-
# Auth0::API::AuthenticationEndpoints.samlp_url
|
621
|
-
context '.samlp_url' do
|
622
|
-
it { expect(@instance).to respond_to(:samlp_url) }
|
623
|
-
|
624
|
-
it 'is expected to get the samlp url' do
|
625
|
-
expect(@instance.samlp_url.to_s).to eq(
|
626
|
-
"https://#{@instance.domain}/samlp/#{@instance.client_id}" \
|
627
|
-
'?connection=Username-Password-Authentication'
|
628
|
-
)
|
629
|
-
end
|
630
|
-
|
631
|
-
it 'is expected to get the samlp url with fb connection' do
|
632
|
-
expect(@instance.samlp_url('facebook').to_s).to eq(
|
633
|
-
"https://#{@instance.domain}/samlp/#{@instance.client_id}" \
|
634
|
-
'?connection=facebook'
|
635
|
-
)
|
636
|
-
end
|
637
|
-
end
|
638
|
-
|
639
|
-
# Auth0::API::AuthenticationEndpoints.wsfed_url
|
640
|
-
context '.wsfed_url' do
|
641
|
-
it { expect(@instance).to respond_to(:wsfed_url) }
|
642
|
-
|
643
|
-
it 'is expected to get the wsfed url' do
|
644
|
-
expect(@instance.wsfed_url.to_s).to eq(
|
645
|
-
"https://#{@instance.domain}/wsfed/#{@instance.client_id}" \
|
646
|
-
"?whr=#{UP_AUTH}"
|
647
|
-
)
|
648
|
-
end
|
649
|
-
|
650
|
-
it 'is expected to get the wsfed url with fb connection' do
|
651
|
-
expect(@instance.wsfed_url('facebook').to_s).to eq(
|
652
|
-
"https://#{@instance.domain}/wsfed/#{@instance.client_id}?whr=facebook"
|
653
|
-
)
|
654
|
-
end
|
655
|
-
|
656
|
-
it 'is expected to get the wsfed url with wctx' do
|
657
|
-
expect(@instance.wsfed_url(UP_AUTH, { wctx: 'wctx_test' }).to_s).to eq(
|
658
|
-
"https://#{@instance.domain}/wsfed/#{@instance.client_id}" \
|
659
|
-
"?whr=#{UP_AUTH}&wctx=wctx_test"
|
660
|
-
)
|
661
|
-
end
|
662
|
-
|
663
|
-
it 'is expected to get the wsfed url with wtrealm and wreply' do
|
664
|
-
expect(@instance.wsfed_url(
|
665
|
-
UP_AUTH,
|
666
|
-
{
|
667
|
-
wtrealm: 'wtrealm_test',
|
668
|
-
wreply: 'wreply_test'
|
669
|
-
}
|
670
|
-
).to_s).to eq(
|
671
|
-
"https://#{@instance.domain}/wsfed/?whr=#{UP_AUTH}" \
|
672
|
-
'&wtrealm=wtrealm_test&wreply=wreply_test'
|
673
|
-
)
|
674
|
-
end
|
675
|
-
end
|
676
|
-
|
677
|
-
# Auth0::API::AuthenticationEndpoints.validate_id_token
|
678
|
-
context '.validate_id_token' do
|
679
|
-
it { expect(@instance).to respond_to(:validate_id_token) }
|
680
|
-
|
681
|
-
it 'is expected not to raise an error with default values' do
|
682
|
-
stub_request(:get, 'https://test.auth0.com/.well-known/jwks.json').to_return(body: JWKS_RESPONSE_1.to_json)
|
683
|
-
token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRlc3Qta2V5LTEifQ.eyJpc3MiOiJodHRwczovL3Rlc3QuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDEyMzQ1Njc4OSIsImF1ZCI6WyJfX3Rlc3RfYXVkaWVuY2VfXyIsIl9fdGVzdF9jbGllbnRfaWRfXyJdLCJleHAiOjI1MzgzMDExNDYsImlhdCI6MTU4NzU5MjU2MSwiYXpwIjoiX190ZXN0X2NsaWVudF9pZF9fIn0.X35Hfa1C9RtuJIj7Eky2iO4elY9XqCDRy8ieFAft63vGds9vhP38x8QHbJifmLs6vDEOySKfJMWhklp3oaXm6Tk6gyUQEaliW_pXUgZt8C3Xo125R8BMCDQeVJg8Abevbg6FpHpYztWpQuI609tmpoTczx7pXMmAneg6e4LNYvvtzaFD_0M0cxtjkm4OcevCJszNBru3tdXwRynkGbMYeXgoa_FumAshRvIvh-4dtkyNWsepo5IVTvixxF3FVoFaXOOycmFXh9gxOppG4lvE78AFB9AQ9LNS-DNhcXszbPs9KHMrg2bqhSL8Razqd3m2a1MXkdLMBD5DY499MVnb5w'
|
684
|
-
|
685
|
-
expect { @instance.validate_id_token(token) }.to_not raise_exception
|
686
|
-
end
|
687
|
-
|
688
|
-
it 'is expected not to raise an error with custom values' do
|
689
|
-
token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJpc3N1ZXIiLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsiYXVkaWVuY2UiLCJhbm90aGVyX2F1ZGllbmNlIl0sImV4cCI6MjUzODMwMTE0NiwiaWF0IjoxNTg3NTkyNTYxLCJub25jZSI6Im5vbmNlIiwiYXpwIjoiYXVkaWVuY2UiLCJhdXRoX3RpbWUiOjE1ODc2Nzg5NjF9.u39qTvuUmbzj5jsXjATXxjxJt0u064G1IAumoi18gm0'
|
690
|
-
|
691
|
-
expect do
|
692
|
-
@instance.validate_id_token(token,
|
693
|
-
algorithm: Auth0::Algorithm::HS256.secret('secret'),
|
694
|
-
leeway: 100,
|
695
|
-
nonce: 'nonce',
|
696
|
-
max_age: 2538301146,
|
697
|
-
issuer: 'issuer',
|
698
|
-
audience: 'audience')
|
699
|
-
end.to_not raise_exception
|
700
|
-
end
|
701
|
-
end
|
702
|
-
end
|
703
|
-
# rubocop:enable Metrics/BlockLength
|