auth0 5.6.1 → 5.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d57247dc3db711110d8be1372f9679bdf5124e271ed9648c0a8f657c38daa76
-  data.tar.gz: 81946438f3e11d42d628ed9da89a446ee72f3b10ee638cf058804b9bce35948b
+  metadata.gz: e54c493b04d5d9dcae2e7f60a12a209f772b032bbc2b301d02653fb47562df76
+  data.tar.gz: f1c6e009ac351743fea12e8d75c95eb0998fadf0b8bdabf27def1d8f930a5a57
 SHA512:
-  metadata.gz: 057f873c48f31661967dcb8c9ec62ec275f0f5feef9777e1c88bb6e0fa16263522e4049e1c23d91f528c5f30d5c0404266ea21276e6bcdf3b716d70bbdf71f9d
-  data.tar.gz: ab73c8c4d3691f11d1f426c175f3de2f163ca241db2461300e66c90028ad5c01c8dd4e7b46a50e9e12f28649f667597a5cac386bbad0a396dd469617a639f1d5
+  metadata.gz: 0aa658cbecc69ea43c1016287ebff0e3c5fe048f1ddde87580548a4ae475198e1a8637479007e4e5340d101d2b69a949dd6bccdf5065b10c3cad1f76459d575c
+  data.tar.gz: a27dc61f747d7e777b45bbb707724eb58e7a73317403dab70b6eb590d8661cb14a05a7a1761d510fd8b6d41596845689c07abb98d71ba8be853b648c10bfb5f3

data/.circleci/config.yml

@@ -1,4 +1,6 @@
 version: 2.1
+orbs:
+  ship: auth0/ship@0.4.0
 
 matrix_ruby_versions: &matrix_ruby_versions
   matrix:
@@ -14,7 +16,7 @@ executors:
         type: string
         default: *default_ruby_version
     docker:
-      - image: circleci/ruby:<< parameters.ruby_version >>
+      - image: cimg/ruby:<< parameters.ruby_version >>
 
 jobs:
   run-tests:
@@ -27,6 +29,8 @@ jobs:
       ruby_version: << parameters.ruby_version >>
     steps:
       - checkout
+      - run: gem install bundler:1.17.2
+      - run: rm Gemfile.lock
       - restore_cache:
           key: gems-v2-{{ checksum "Gemfile.lock" }}
       - run: bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
@@ -41,4 +45,14 @@ workflows:
   tests:
     jobs:
       - run-tests:
-          <<: *matrix_ruby_versions
+          <<: *matrix_ruby_versions
+      - ship/ruby-publish:
+          context:
+            - publish-rubygems
+            - publish-gh
+          filters:
+            branches:
+              only:
+                - master
+          requires:
+            - run-tests

data/.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+
+  - package-ecosystem: "bundler" 
+    directory: "/" 
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

data/.github/workflows/semgrep.yml

@@ -0,0 +1,28 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+
+  push:
+    branches:
+      - master
+      - main
+
+  schedule:
+    - cron: '0 * * * *'
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    if: (github.repository_owner == 'auth0')
+    
+    steps:
+      - uses: actions/checkout@v3
+
+      - if: github.event.pull_request.draft == false && github.actor != 'dependabot[bot]'
+        run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

data/.gitignore

@@ -11,7 +11,6 @@ coverage
 *.swo
 spec/auth0.yml
 .env
-/Gemfile.lock
 /.yardoc/checksums
 /.yardoc/complete
 /.yardoc/object_types

data/CHANGELOG.md

@@ -1,4 +1,46 @@
-# Changelog
+# Change Log
+
+## [v5.8.1](https://github.com/auth0/ruby-auth0/tree/v5.8.1) (2022-06-30)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.8.0...v5.8.1)
+
+**Fixed**
+
+- FIX: delete_organizations_members does not send `members` in body [\#345](https://github.com/auth0/ruby-auth0/pull/345) ([T-800](https://github.com/T-800))
+
+**Security**
+
+- Security: Update dependencies lockfile [\#348](https://github.com/auth0/ruby-auth0/pull/348) ([evansims](https://github.com/evansims))
+
+## [v5.8.0](https://github.com/auth0/ruby-auth0/tree/v5.8.0) (2022-03-25)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.7.0...v5.8.0)
+
+**Added**
+
+- Add parameters for pager to device_credentials method [\#318](https://github.com/auth0/ruby-auth0/pull/318) ([shibayu36](https://github.com/shibayu36))
+
+**Fixed**
+
+- Cache RS256 JWKS by url to allow for multiple Auth0 tenants per runtime [\#325](https://github.com/auth0/ruby-auth0/pull/325) ([rmm5t](https://github.com/rmm5t))
+- Allow to pass nil to client_id arg of device_credentials [\#321](https://github.com/auth0/ruby-auth0/pull/321) ([shibayu36](https://github.com/shibayu36))
+
+**Security**
+
+- Bump nokogiri from 1.13.1 to 1.13.3 [\#320](https://github.com/auth0/ruby-auth0/pull/320) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v5.7.0](https://github.com/auth0/ruby-auth0/tree/v5.7.0) (2022-02-17)
+
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.6.1...v5.7.0)
+
+**Added**
+
+- [SDK-3118] Add attack protection endpoints [\#316](https://github.com/auth0/ruby-auth0/pull/316) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+**Fixed**
+
+- [SDK-3106] Fix up tests for Ruby 3 and rspec-mocks update [\#313](https://github.com/auth0/ruby-auth0/pull/313) ([stevehobbsdev](https://github.com/stevehobbsdev))
+- Fix #310: delete_organizations_member_roles should use delete_with_body instead of delete [\#311](https://github.com/auth0/ruby-auth0/pull/311) ([SanterreJo](https://github.com/SanterreJo))
 
 ## [v5.6.1](https://github.com/auth0/ruby-auth0/tree/v5.6.1) (2021-09-14)
 

data/Gemfile

@@ -8,6 +8,7 @@ group :development do
   gem 'coveralls', require: false
   gem 'rubocop', require: false
   gem 'rubocop-rails', require: false
+  gem 'irb', require: false
 end
 
 group :test do

data/Gemfile.lock

@@ -0,0 +1,241 @@
+PATH
+  remote: .
+  specs:
+    auth0 (5.8.1)
+      addressable (~> 2.8)
+      jwt (~> 2.3.0)
+      rest-client (~> 2.1)
+      retryable (~> 3.0)
+      zache (~> 0.12)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (7.0.3)
+      actionview (= 7.0.3)
+      activesupport (= 7.0.3)
+      rack (~> 2.0, >= 2.2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (7.0.3)
+      activesupport (= 7.0.3)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (7.0.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
+    builder (3.2.4)
+    codecov (0.6.0)
+      simplecov (>= 0.15, < 0.22)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.10)
+    coveralls (0.7.1)
+      multi_json (~> 1.3)
+      rest-client
+      simplecov (>= 0.7)
+      term-ansicolor
+      thor
+    crack (0.4.5)
+      rexml
+    crass (1.0.6)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
+    dotenv (2.7.6)
+    dotenv-rails (2.7.6)
+      dotenv (= 2.7.6)
+      railties (>= 3.2)
+    erubi (1.10.0)
+    faker (2.21.0)
+      i18n (>= 1.8.11, < 2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    fuubar (2.5.1)
+      rspec-core (~> 3.0)
+      ruby-progressbar (~> 1.4)
+    gem-release (0.7.4)
+    guard (2.17.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashdiff (1.0.1)
+    http-accept (1.7.0)
+    http-cookie (1.0.5)
+      domain_name (~> 0.5)
+    i18n (1.10.0)
+      concurrent-ruby (~> 1.0)
+    io-console (0.5.11)
+    irb (1.4.1)
+      reline (>= 0.3.0)
+    json (2.6.2)
+    jwt (2.3.0)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    loofah (2.18.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    lumberjack (1.2.8)
+    method_source (0.9.2)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
+    mini_portile2 (2.8.0)
+    minitest (5.16.1)
+    multi_json (1.15.0)
+    nenv (0.3.0)
+    netrc (0.11.0)
+    nokogiri (1.13.6)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-nav (0.3.0)
+      pry (>= 0.9.10, < 0.13.0)
+    public_suffix (4.0.7)
+    racc (1.6.0)
+    rack (2.2.3.1)
+    rack-test (0.8.3)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.4.3)
+      loofah (~> 2.3)
+    railties (7.0.3)
+      actionpack (= 7.0.3)
+      activesupport (= 7.0.3)
+      method_source
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.1)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    regexp_parser (2.5.0)
+    reline (0.3.1)
+      io-console (~> 0.5)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    retryable (3.0.5)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.31.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.18.0)
+      parser (>= 3.1.1.0)
+    rubocop-rails (2.15.1)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.7.0, < 2.0)
+    ruby-progressbar (1.11.0)
+    shellany (0.0.1)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    sync (0.5.0)
+    term-ansicolor (1.7.1)
+      tins (~> 1.0)
+    terminal-notifier-guard (1.7.0)
+    thor (1.2.1)
+    timecop (0.9.5)
+    tins (1.31.1)
+      sync
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.8.2)
+    unicode-display_width (2.2.0)
+    vcr (6.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    zache (0.12.0)
+    zeitwerk (2.6.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  auth0!
+  bundler
+  codecov
+  coveralls
+  dotenv-rails (~> 2.0)
+  faker (~> 2.0)
+  fuubar (~> 2.0)
+  gem-release (~> 0.7)
+  guard-rspec (~> 4.5)
+  irb
+  pry (~> 0.10)
+  pry-nav (~> 0.2)
+  rack (~> 2.1)
+  rack-test (~> 0.6)
+  rake (~> 13.0)
+  rspec (~> 3.5)
+  rubocop
+  rubocop-rails
+  simplecov
+  terminal-notifier-guard
+  timecop
+  vcr
+  webmock
+
+BUNDLED WITH
+   1.17.2

data/README.md

@@ -45,7 +45,7 @@ end
 ... and a Controller to handle that route:
 
 ```ruby
-# app/controllers/all_users_controllers.rb
+# app/controllers/all_users_controller.rb
 require 'auth0'
 
 class AllUsersController < ApplicationController

data/auth0.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
 
   s.add_runtime_dependency 'rest-client', '~> 2.1'
-  s.add_runtime_dependency 'jwt', '~> 2.2'
+  s.add_runtime_dependency 'jwt', '~> 2.3.0'
   s.add_runtime_dependency 'zache', '~> 0.12'
   s.add_runtime_dependency 'addressable', '~> 2.8'
   s.add_runtime_dependency 'retryable', '~> 3.0'

data/lib/auth0/api/authentication_endpoints.rb

@@ -152,7 +152,7 @@ module Auth0
       # @param password [string] User's new password. This is only available
       #   on legacy tenants with change password v1 flow enabled
       # @param connection_name [string] Database connection name
-      # @deprecated Use {#password_reset} instead.
+      # @deprecated Use {#reset_password} instead.
       def change_password(email, password, connection_name = UP_AUTH)
         raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
 

data/lib/auth0/api/v2/attack_protection.rb

@@ -0,0 +1,79 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the attack-protection endpoints
+      module AttackProtection
+        attr_reader :attack_protection_path
+
+        # Get breached password detection settings
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/get_breached_password_detection
+        # @return [json] The configuration for breached password detection
+        def breached_password_detection
+          get(breached_password_settings_path)
+        end
+        alias get_breached_password_detection_settings breached_password_detection
+
+        # Update breached password detection settings
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_breached_password_detection
+        # @param body [hash] See https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_breached_password_detection for available options
+        # @return [json] The configuration for breached password detection
+        def patch_breached_password_detection(body)
+          patch(breached_password_settings_path, body)
+        end
+
+        # Get brute force protection settings.
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/get_brute_force_protection
+        # @return [json] The configuration for brute force protection
+        def brute_force_protection
+          get(brute_force_protection_settings_path)
+        end
+        alias get_brute_force_protection_settings brute_force_protection
+
+        # Update brute force protection settings.
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_brute_force_protection
+        # @param body [hash] See https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_brute_force_protection for available options
+        # @return [json] The configuration for brute force protection
+        def patch_brute_force_protection(body)
+          patch(brute_force_protection_settings_path, body)
+        end
+        alias update_brute_force_protection_settings patch_brute_force_protection
+
+        # Get suspicious IP throttling settings
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/get_suspicious_ip_throttling
+        # @return The configuration for suspicious IP throttling
+        def suspicious_ip_throttling
+          get(suspicious_ip_throttling_settings_path)
+        end
+        alias get_suspicious_ip_throttling_settings suspicious_ip_throttling
+
+        # Update suspicious IP throttling settings
+        # @see https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_suspicious_ip_throttling
+        # @param body [hash] See https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_suspicious_ip_throttling for available options
+        # @return The configuration for suspicious IP throttling
+        def patch_suspicious_ip_throttling(body)
+          patch(suspicious_ip_throttling_settings_path, body)
+        end
+        alias update_suspicious_ip_throttling_settings patch_suspicious_ip_throttling
+
+        private
+        
+        def attack_protection_path
+          @attack_protection_path ||= '/api/v2/attack-protection'
+        end
+        alias update_breached_password_detection_settings patch_breached_password_detection
+        
+        def breached_password_settings_path
+          "#{attack_protection_path}/breached-password-detection"
+        end
+
+        def brute_force_protection_settings_path
+          "#{attack_protection_path}/brute-force-protection"
+        end
+
+        def suspicious_ip_throttling_settings_path
+          "#{attack_protection_path}/suspicious-ip-throttling"
+        end
+      end
+    end
+  end
+end

data/lib/auth0/api/v2/device_credentials.rb

@@ -13,18 +13,23 @@ module Auth0
         #   * :include_fields [boolean] True if the fields specified are to be included in the result, false otherwise.
         #   * :user_id [string] The user_id of the devices to retrieve.
         #   * :type [string] Type of credentials to retrieve. Must be 'public_key', 'refresh_token' or 'rotating_refresh_token'
+        #   * :page [integer] The page number. Zero based
+        #   * :per_page [integer] The amount of entries per page
+        #   * :include_totals [boolean] Return results inside an object that contains the total result count (true) or as a direct array of results (false, default).
         #
         # @return [json] Returns the list of existing devices for the specified client_id.
         # rubocop:disable Metrics/AbcSize
-        def device_credentials(client_id, options = {})
+        def device_credentials(client_id = nil, options = {})
           request_params = {
             fields: options.fetch(:fields, nil),
             include_fields: options.fetch(:include_fields, nil),
             user_id: options.fetch(:user_id, nil),
             client_id: client_id,
-            type: options.fetch(:type, nil)
+            type: options.fetch(:type, nil),
+            page: options.fetch(:page, nil),
+            per_page: options.fetch(:per_page, nil),
+            include_totals: options.fetch(:include_totals, nil)
           }
-          raise Auth0::InvalidParameter, 'Must supply a valid client_id' if client_id.to_s.empty?
           if !request_params[:type].nil? && !%w(public_key refresh_token rotating_refresh_token).include?(request_params[:type])
             raise Auth0::InvalidParameter, 'Type must be one of \'public_key\', \'refresh_token\', \'rotating_refresh_token\''
           end

data/lib/auth0/api/v2/organizations.rb

@@ -267,7 +267,7 @@ module Auth0
           body = {}
           body[:members] = members
 
-          delete(path, body)
+          delete_with_body(path, body)
         end
         alias remove_organizations_members delete_organizations_members
 
@@ -320,7 +320,7 @@ module Auth0
           body = {}
           body[:roles] = roles
 
-          delete(path, body)
+          delete_with_body(path, body)
         end
         alias remove_organizations_member_roles delete_organizations_member_roles
 

data/lib/auth0/api/v2.rb

@@ -23,6 +23,7 @@ require 'auth0/api/v2/logs'
 require 'auth0/api/v2/log_streams'
 require 'auth0/api/v2/resource_servers'
 require 'auth0/api/v2/guardian'
+require 'auth0/api/v2/attack_protection'
 
 module Auth0
   module Api
@@ -53,6 +54,7 @@ module Auth0
       include Auth0::Api::V2::ResourceServers
       include Auth0::Api::V2::Tenants
       include Auth0::Api::V2::Tickets
+      include Auth0::Api::V2::AttackProtection
     end
   end
 end

data/lib/auth0/mixins/validation.rb

@@ -286,7 +286,7 @@ module Auth0
 
             # Clear the JWK set cache.
             def remove_jwks
-              @@cache.remove(:jwks)
+              @@cache.remove_by { true }
             end
           end
 
@@ -311,13 +311,13 @@ module Auth0
             result = fetch_jwks if force
 
             if result
-              @@cache.put(:jwks, result, lifetime: @lifetime)
+              @@cache.put(@jwks_url, result, lifetime: @lifetime)
               return result
             end
 
-            previous_value = @@cache.last(:jwks)
+            previous_value = @@cache.last(@jwks_url)
 
-            @@cache.get(:jwks, lifetime: @lifetime, dirty: true) do
+            @@cache.get(@jwks_url, lifetime: @lifetime, dirty: true) do
               new_value = fetch_jwks
 
               raise Auth0::InvalidIdToken, 'Could not fetch the JWK set' unless new_value || previous_value

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.6.1'.freeze
+  VERSION = '5.8.1'.freeze
 end