auth0 5.0.1 → 5.1.0

data/spec/lib/auth0/api/v2/tickets_spec.rb

@@ -59,5 +59,60 @@ describe Auth0::Api::V2::Tickets do
                                                new_password: nil)
       expect {@instance.post_password_change}.not_to raise_error
     end
+    
+    it 'expect client to accept organization_id' do
+      expect(@instance).to receive(:post).with('/api/v2/tickets/password-change',
+        result_url: nil,
+        user_id: nil,
+        connection_id: nil,
+        email: nil,
+        ttl_sec: nil,
+        mark_email_as_verified: nil,
+        includeEmailInRedirect: nil,
+        new_password: nil,
+        client_id: '123',
+        organization_id: '999'
+      )
+      expect {
+        @instance.post_password_change(
+          result_url: nil,
+          user_id: nil,
+          connection_id: nil,
+          email: nil,
+          ttl_sec: nil,
+          mark_email_as_verified: nil,
+          includeEmailInRedirect: nil,
+          new_password: nil,
+          client_id: '123',
+          organization_id: '999')
+      }.not_to raise_error
+    end
+
+    it 'expect client to accept client_id' do
+      expect(@instance).to receive(:post).with('/api/v2/tickets/password-change',
+        result_url: nil,
+        user_id: nil,
+        connection_id: nil,
+        email: nil,
+        ttl_sec: nil,
+        mark_email_as_verified: nil,
+        includeEmailInRedirect: nil,
+        new_password: nil,
+        client_id: '123'
+      )
+      expect {
+        @instance.post_password_change(
+          result_url: nil,
+          user_id: nil,
+          connection_id: nil,
+          email: nil,
+          ttl_sec: nil,
+          mark_email_as_verified: nil,
+          includeEmailInRedirect: nil,
+          new_password: nil,
+          client_id: '123'
+        )
+      }.not_to raise_error
+    end
   end
 end

data/spec/lib/auth0/api/v2/users_spec.rb

@@ -549,4 +549,23 @@ describe Auth0::Api::V2::Users do
       end.not_to raise_error
     end
   end
+
+  context '.get_user_organizations' do
+    it 'is expected to respond to a get_user_organizations method' do
+      expect(@instance).to respond_to(:get_user_organizations)
+    end
+
+    it 'is expected to raise an exception when the user ID is empty' do
+      expect { @instance.get_user_organizations(nil) }.to raise_exception(Auth0::MissingUserId)
+    end
+
+    it 'is expected to get users organizations' do
+      expect(@instance).to receive(:get).with(
+        '/api/v2/users/USER_ID/organizations'
+      )
+      expect do
+        @instance.get_user_organizations('USER_ID')
+      end.not_to raise_error
+    end
+  end
 end

data/spec/lib/auth0/client_spec.rb

@@ -29,7 +29,7 @@ describe Auth0::Client do
   let(:client_id) { '__test_client_id__' }
   let(:client_secret) { '__test_client_secret__' }
   let(:access_token) { '__test_access_token__' }
-  let(:audience) { "https://#{domain}/api/v2/" }
+  let(:organization) { '__test_organization__'}
 
   describe 'V2 client with token' do
 
@@ -84,13 +84,12 @@ describe Auth0::Client do
       it_should_behave_like 'Authentication API client'
     end
 
-    context 'with token, audience, and client_secret' do
+    context 'with token and client_secret' do
       let(:subject) do
         Auth0::Client.new(
           token: access_token,
           domain: domain,
           client_secret: client_secret,
-          audience: audience
         )
       end
       it_should_behave_like 'v2 API client'
@@ -99,19 +98,53 @@ describe Auth0::Client do
   end
 
   describe 'V2 client without token' do
+    context 'should try to get an API token' do
+      before do
+        stub_api_token
+      end
 
-    before do
-      stub_api_token
+      let(:subject) do
+        Auth0::Client.new(
+          domain: domain,
+          client_id: client_id,
+          client_secret: client_secret,
+        )
+      end
+      it_should_behave_like 'v2 API client'
+      it_should_behave_like 'Authentication API client'
     end
 
-    context 'should try to get an API token' do
+    context 'when try to get an API tokenwith api_identifier' do
+      let(:api_identifier) { 'https://samples.api_identifier/api/v2/' }
+
+      before do
+        stub_api_token_with_api_identifier 
+      end
 
       let(:subject) do
         Auth0::Client.new(
           domain: domain,
           client_id: client_id,
           client_secret: client_secret,
-          audience: audience
+          api_identifier: api_identifier
+        )
+      end
+
+      it_should_behave_like 'v2 API client'
+      it_should_behave_like 'Authentication API client'  
+    end
+
+    context 'when try to get an API tokenwith organization' do
+      before do
+        stub_api_token_with_organization
+      end
+
+      let(:subject) do
+        Auth0::Client.new(
+          domain: domain,
+          client_id: client_id,
+          client_secret: client_secret,
+          organization: organization
         )
       end
       it_should_behave_like 'v2 API client'
@@ -125,7 +158,6 @@ describe Auth0::Client do
           Auth0::Client.new(
             domain: domain,
             client_id: client_id,
-            audience: audience
           )
         end.to raise_error('Must supply a valid API token')
       end
@@ -140,7 +172,45 @@ describe Auth0::Client do
             grant_type: 'client_credentials',
             client_id: client_id,
             client_secret: client_secret,
-            audience: audience
+            audience: "https://#{domain}/api/v2/"
+          }
+        )
+      )
+      .to_return(
+        headers: { 'Content-Type' => 'application/json' },
+        body: '{"access_token":"__test_access_token__"}',
+        status: 200
+      )
+  end
+
+  def stub_api_token_with_api_identifier
+    stub_request(:post, "https://#{domain}/oauth/token")
+      .with(
+        body: hash_including(
+          {
+            grant_type: 'client_credentials',
+            client_id: client_id,
+            client_secret: client_secret,
+            audience: api_identifier
+          }
+        )
+      )
+      .to_return(
+        headers: { 'Content-Type' => 'application/json' },
+        body: '{"access_token":"__test_access_token__"}',
+        status: 200
+      )
+  end
+
+  def stub_api_token_with_organization
+    stub_request(:post, "https://#{domain}/oauth/token")
+      .with(
+        body: hash_including(
+          {
+            grant_type: 'client_credentials',
+            client_id: client_id,
+            client_secret: client_secret,
+            organization: organization
           }
         )
       )

data/spec/lib/auth0/mixins/validation_spec.rb

@@ -143,6 +143,12 @@ describe Auth0::Mixins::Validation::IdTokenValidator do
       expect { instance.validate(token) }.to raise_exception('Must supply a valid nonce')
     end
 
+    it 'is expected to raise an error with an empty organization' do
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: '' }))
+
+      expect { instance.validate(token) }.to raise_exception('Must supply a valid organization')
+    end
+
     it 'is expected to raise an error with an empty issuer' do
       instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ issuer: '' }))
 
@@ -277,6 +283,32 @@ describe Auth0::Mixins::Validation::IdTokenValidator do
 
       expect { instance.validate(token) }.to raise_exception("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time \"#{clock}\" is after last auth at \"#{auth_time}\"")
     end
+
+    it 'is expected not to raise an error when org_id exsist in the token, but not required' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      expect { @instance.validate(token) }.not_to raise_exception
+    end
+
+    it 'is expected to raise an error with a missing but required organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE4MTg1LCJpYXQiOjE2MTY0NDUzODUsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTc4NX0.UMo5pmgceXO9lIKzbk7X0ZhE5DOe0IP2LfMKdUj03zQ'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+
+      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token')
+    end
+
+    it 'is expected to raise an error with an invalid organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' }))
+
+      expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "a1b2c3d4e5", found "testOrg"')
+    end
+
+    it 'is expected to NOT raise an error with a valid organization' do
+      token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I'
+      instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'testOrg' }))
+
+      expect { instance.validate(token) }.not_to raise_exception
+    end
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: auth0
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.1.0
 platform: ruby
 authors:
 - Auth0
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-05 00:00:00.000000000 Z
+date: 2021-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -362,6 +362,7 @@ files:
 - lib/auth0/api/v2.rb
 - lib/auth0/api/v2/anomaly.rb
 - lib/auth0/api/v2/blacklists.rb
+- lib/auth0/api/v2/branding.rb
 - lib/auth0/api/v2/client_grants.rb
 - lib/auth0/api/v2/clients.rb
 - lib/auth0/api/v2/connections.rb
@@ -371,6 +372,7 @@ files:
 - lib/auth0/api/v2/jobs.rb
 - lib/auth0/api/v2/log_streams.rb
 - lib/auth0/api/v2/logs.rb
+- lib/auth0/api/v2/organizations.rb
 - lib/auth0/api/v2/prompts.rb
 - lib/auth0/api/v2/resource_servers.rb
 - lib/auth0/api/v2/roles.rb
@@ -583,6 +585,7 @@ files:
 - spec/integration/lib/auth0/auth0_client_spec.rb
 - spec/lib/auth0/api/v2/anomaly_spec.rb
 - spec/lib/auth0/api/v2/blacklists_spec.rb
+- spec/lib/auth0/api/v2/branding_spec.rb
 - spec/lib/auth0/api/v2/client_grants_spec.rb
 - spec/lib/auth0/api/v2/clients_spec.rb
 - spec/lib/auth0/api/v2/connections_spec.rb
@@ -592,6 +595,7 @@ files:
 - spec/lib/auth0/api/v2/jobs_spec.rb
 - spec/lib/auth0/api/v2/log_streams_spec.rb
 - spec/lib/auth0/api/v2/logs_spec.rb
+- spec/lib/auth0/api/v2/organizations_spec.rb
 - spec/lib/auth0/api/v2/prompts_spec.rb
 - spec/lib/auth0/api/v2/resource_servers_spec.rb
 - spec/lib/auth0/api/v2/roles_spec.rb
@@ -632,7 +636,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Auth0 API Client
@@ -826,6 +830,7 @@ test_files:
 - spec/integration/lib/auth0/auth0_client_spec.rb
 - spec/lib/auth0/api/v2/anomaly_spec.rb
 - spec/lib/auth0/api/v2/blacklists_spec.rb
+- spec/lib/auth0/api/v2/branding_spec.rb
 - spec/lib/auth0/api/v2/client_grants_spec.rb
 - spec/lib/auth0/api/v2/clients_spec.rb
 - spec/lib/auth0/api/v2/connections_spec.rb
@@ -835,6 +840,7 @@ test_files:
 - spec/lib/auth0/api/v2/jobs_spec.rb
 - spec/lib/auth0/api/v2/log_streams_spec.rb
 - spec/lib/auth0/api/v2/logs_spec.rb
+- spec/lib/auth0/api/v2/organizations_spec.rb
 - spec/lib/auth0/api/v2/prompts_spec.rb
 - spec/lib/auth0/api/v2/resource_servers_spec.rb
 - spec/lib/auth0/api/v2/roles_spec.rb