auth0 5.8.1 → 5.10.0

data/lib/auth0/mixins/httpproxy.rb

@@ -8,11 +8,12 @@ module Auth0
     # for now, if you want to feel free to use your own http client
     module HTTPProxy
       attr_accessor :headers, :base_uri, :timeout, :retry_count
-      DEAFULT_RETRIES = 3
+      DEFAULT_RETRIES = 3
       MAX_ALLOWED_RETRIES = 10
       MAX_REQUEST_RETRY_JITTER = 250
       MAX_REQUEST_RETRY_DELAY = 1000
-      MIN_REQUEST_RETRY_DELAY = 100
+      MIN_REQUEST_RETRY_DELAY = 250
+      BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
       %i(get post post_file put patch delete delete_with_body).each do |method|
@@ -26,14 +27,14 @@ module Auth0
 
       def retry_options
         sleep_timer = lambda do |attempt|
-          wait = 1000 * 2**attempt # Exponential delay with each subsequent request attempt.
-          wait += rand(wait..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = BASE_DELAY * (2**attempt-1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait+1..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
           wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
           wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
           wait / 1000.to_f.round(2) # convert ms to seconds
         end
 
-        tries = 1 + [Integer(retry_count || DEAFULT_RETRIES), MAX_ALLOWED_RETRIES].min # Cap retries at MAX_ALLOWED_RETRIES
+        tries = 1 + [Integer(retry_count || DEFAULT_RETRIES), MAX_ALLOWED_RETRIES].min # Cap retries at MAX_ALLOWED_RETRIES
 
         {
           tries: tries,
@@ -72,15 +73,13 @@ module Auth0
 
       def request(method, uri, body = {}, extra_headers = {})
         result = if method == :get
-          # Mutate the headers property to add parameters.
-          add_headers({params: body})
-          # Merge custom headers into existing ones for this req.
-          # This prevents future calls from using them.
-          get_headers = headers.merge extra_headers
-          # Make the call with extra_headers, if provided.
+          @headers ||= {}
+          get_headers = @headers.merge({params: body}).merge(extra_headers)
           call(:get, encode_uri(uri), timeout, get_headers)
         elsif method == :delete
-          call(:delete, encode_uri(uri), timeout, add_headers({params: body}))
+          @headers ||= {}
+          delete_headers = @headers.merge({ params: body })
+          call(:delete, encode_uri(uri), timeout, delete_headers)
         elsif method == :delete_with_body
           call(:delete, encode_uri(uri), timeout, headers, body.to_json)
         elsif method == :post_file

data/lib/auth0/mixins/token_management.rb

@@ -6,7 +6,6 @@ module Auth0
 
       def initialize_token(options)
         @token = options[:access_token] || options[:token]
-        
         # default expiry to an hour if a token was given but no expires_at
         @token_expires_at = @token ? options[:token_expires_at] || Time.now.to_i + 3600 : nil 
 
@@ -15,6 +14,7 @@ module Auth0
       end
 
       def get_token
+        # pp @token_expires_at
         has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
         
         if (@token.nil? || has_expired) && @client_id && @client_secret

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.8.1'.freeze
+  VERSION = '5.10.0'.freeze
 end

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Clients/_patch_client/should_update_the_client_with_the_correct_attributes.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/clients/SftKo9ySyHnMPezQUFd0C70GBoNFM21F?fields=jwt_configuration&include_fields=false
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/clients/SftKo9ySyHnMPezQUFd0C70GBoNFM21F
     body:
       encoding: UTF-8
       string: '{"custom_login_page_on":false,"sso":true}'
@@ -12,6 +12,7 @@ http_interactions:
       User-Agent:
       - rest-client/2.1.0 (darwin19.6.0 x86_64) ruby/2.7.0p0
       Content-Type:
+
       - application/json
       Auth0-Client:
       - eyJuYW1lIjoicnVieS1hdXRoMCIsInZlcnNpb24iOiI1LjUuMCIsImVudiI6eyJydWJ5IjoiMi43LjAifX0=

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Connections/_update_connection/should_update_the_connection.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/connections/con_WltM0fv20JCnxOuY?email=rubytest-210908-rubytest-210908-username@auth0.com
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/connections/con_WltM0fv20JCnxOuY
     body:
       encoding: UTF-8
       string: '{"options":{"mfa":{"active":true,"return_enroll_settings":true},"passwordPolicy":"excellent","strategy_version":2,"brute_force_protection":true}}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Rules/_update_rule/should_update_the_disabled_rule_to_be_enabled.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/rules/rul_bsg64xEPZz4WOkXz?fields=stage&include_fields=false
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/rules/rul_bsg64xEPZz4WOkXz
     body:
       encoding: UTF-8
       string: '{"enabled":true}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_revert_the_tenant_name.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings?fields=support_email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings
     body:
       encoding: UTF-8
       string: '{"friendly_name":"Auth0"}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Tenants/_update_tenant_settings/should_update_the_tenant_settings_with_a_new_tenant_name.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings?fields=support_email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/tenants/settings
     body:
       encoding: UTF-8
       string: '{"friendly_name":"Auth0-CHANGED"}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_add_user_roles/should_add_a_Role_to_a_User_successfully.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: post
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9/roles?per_page=2
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9/roles
     body:
       encoding: UTF-8
       string: '{"roles":["rol_2VZOCes8HgBar3Tp"]}'

data/spec/fixtures/vcr_cassettes/Auth0_Api_V2_Users/_patch_user/should_patch_the_User_successfully.yml

@@ -2,7 +2,7 @@
 http_interactions:
 - request:
     method: patch
-    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9?fields=email&include_fields=true
+    uri: https://auth0-sdk-tests.auth0.com/api/v2/users/auth0%7C613282adac819400692c0dd9
     body:
       encoding: UTF-8
       string: '{"email_verified":true,"user_metadata":{"addresses":{"home_address":"742

data/spec/lib/auth0/api/v2/connections_spec.rb

@@ -18,7 +18,8 @@ describe Auth0::Api::V2::Connections do
         fields: nil,
         include_fields: nil,
         page: nil,
-        per_page: nil
+        per_page: nil,
+        include_totals: nil
       })
       expect { @instance.connections }.not_to raise_error
     end
@@ -31,7 +32,8 @@ describe Auth0::Api::V2::Connections do
         strategy: nil,
         name: nil,
         page: nil,
-        per_page: nil
+        per_page: nil,
+        include_totals: nil
       })
       expect {
         @instance.connections(fields: 'name', include_fields: true)
@@ -46,7 +48,8 @@ describe Auth0::Api::V2::Connections do
         strategy: nil,
         name: nil,
         page: nil,
-        per_page: nil
+        per_page: nil,
+        include_totals: nil
       })
       expect {
         @instance.connections(fields: ['name','strategy'], include_fields: true)
@@ -61,12 +64,29 @@ describe Auth0::Api::V2::Connections do
         strategy: nil,
         name: nil,
         fields: nil,
-        include_fields: nil
+        include_fields: nil,
+        include_totals: nil
       })
       expect {
         @instance.connections(page: 1, per_page: 10)
       }.not_to raise_error
     end
+
+    it 'is expected to include totals' do
+      expect(@instance).to receive(:get).with(
+        '/api/v2/connections', {
+        page: 1,
+        per_page: 10,
+        strategy: nil,
+        name: nil,
+        fields: nil,
+        include_fields: nil,
+        include_totals: true
+      })
+      expect {
+        @instance.connections(page: 1, per_page: 10, include_totals: true)
+      }.not_to raise_error
+    end
   end
 
   context '.create_connection' do

data/spec/lib/auth0/api/v2/jobs_spec.rb

@@ -67,6 +67,7 @@ describe Auth0::Api::V2::Jobs do
         format: 'csv',
         limit: 10
       })
+
       @instance.export_users(
         fields: ['author'],
         connection_id: 'test-connection',
@@ -74,6 +75,23 @@ describe Auth0::Api::V2::Jobs do
         limit: 10
       )
     end
+
+    it 'sends post to /api/v2/jobs/users-exports with export_as field' do
+      expect(@instance).to receive(:post).with(
+        '/api/v2/jobs/users-exports', {
+        fields: [{ name: 'author', export_as: 'writer' }],
+        connection_id: 'test-connection',
+        format: 'csv',
+        limit: 10
+      })
+      
+      @instance.export_users(
+        fields: [{ name: 'author', export_as: 'writer' }],
+        connection_id: 'test-connection',
+        format: 'csv',
+        limit: 10
+      )
+    end
   end
 
   context '.send_verification_email' do

data/spec/lib/auth0/api/v2/users_spec.rb

@@ -139,6 +139,21 @@ describe Auth0::Api::V2::Users do
     end
   end
 
+  context '.delete_user_authenticators' do
+    it 'is expected to respond to a delete_user_authenticators method' do
+      expect(@instance).to respond_to(:delete_user_authenticators)
+    end
+
+    it 'is expected to delete /api/v2/users/userId/authenticators' do
+      expect(@instance).to receive(:delete).with('/api/v2/users/USER_ID/authenticators')
+      @instance.delete_user_authenticators('USER_ID')
+    end
+
+    it 'is expected to raise an exception when the user ID is empty' do
+      expect { @instance.delete_user_authenticators(nil) }.to raise_exception(Auth0::MissingUserId)
+    end
+  end
+
   context '.delete_user_provider' do
     it 'is expected to respond to a delete_user_provider method' do
       expect(@instance).to respond_to(:delete_user_provider)

data/spec/lib/auth0/mixins/httpproxy_spec.rb

@@ -494,12 +494,13 @@ describe Auth0::Mixins::HTTPProxy do
   end
 
   context "Renewing tokens" do
-    before :each do
-      @token_instance = DummyClassForTokens.new(
+    let(:httpproxy_instance) {
+      DummyClassForTokens.new(
         client_id: 'test-client-id',
         client_secret: 'test-client-secret',
-        domain: 'auth0.com')
-    end
+        domain: 'auth0.com',
+      )
+    }
 
     %i(get delete).each do |http_method|
       context "for #{http_method}" do
@@ -507,7 +508,7 @@ describe Auth0::Mixins::HTTPProxy do
           expect(RestClient::Request).to receive(:execute).with(hash_including(
             method: :post,
             url: 'https://auth0.com/oauth/token',
-          ) ).and_return(StubResponse.new({ 
+          )).and_return(StubResponse.new({ 
             "access_token" => "access_token", 
             "expires_in" => 86400}, 
             true, 
@@ -515,11 +516,10 @@ describe Auth0::Mixins::HTTPProxy do
 
           expect(RestClient::Request).to receive(:execute).with(hash_including(
             method: http_method,
-            url: 'https://auth0.com/test',
-            headers: { params: {}, "Authorization" => "Bearer access_token" }
+            url: 'https://auth0.com/test'
           )).and_return(StubResponse.new('Some random text here', true, 200))
 
-          expect { @token_instance.send(http_method, '/test') }.not_to raise_error
+          expect { httpproxy_instance.send(http_method, '/test') }.not_to raise_error
         end
       end
     end
@@ -539,24 +539,24 @@ describe Auth0::Mixins::HTTPProxy do
           expect(RestClient::Request).to receive(:execute).with(hash_including(
             method: http_method,
             url: 'https://auth0.com/test',
-            headers: { "Authorization" => "Bearer access_token" }
+            headers: hash_including( "Authorization" => "Bearer access_token")
           )).and_return(StubResponse.new('Some random text here', true, 200))
 
-          expect { @token_instance.send(http_method, '/test') }.not_to raise_error
+          expect { httpproxy_instance.send(http_method, '/test') }.not_to raise_error
         end
       end
     end
   end
 
   context "Using cached tokens" do
-    before :each do
-      @token_instance = DummyClassForTokens.new(
+    let(:httpproxy_instance) {
+      DummyClassForTokens.new(
         client_id: 'test-client-id',
         client_secret: 'test-client-secret',
         domain: 'auth0.com',
         token: 'access_token',
         token_expires_at: Time.now.to_i + 86400)
-    end
+    }
 
     %i(get delete).each do |http_method|
       context "for #{http_method}" do
@@ -569,10 +569,10 @@ describe Auth0::Mixins::HTTPProxy do
           expect(RestClient::Request).to receive(:execute).with(hash_including(
             method: http_method,
             url: 'https://auth0.com/test',
-            headers: { params: {}, "Authorization" => "Bearer access_token" }
+            headers: hash_including(params: {}, "Authorization" => "Bearer access_token")
           )).and_return(StubResponse.new('Some random text here', true, 200))
 
-          expect { @token_instance.send(http_method, '/test') }.not_to raise_error
+          expect { httpproxy_instance.send(http_method, '/test') }.not_to raise_error
         end
       end
     end
@@ -588,10 +588,46 @@ describe Auth0::Mixins::HTTPProxy do
           expect(RestClient::Request).to receive(:execute).with(hash_including(
             method: http_method,
             url: 'https://auth0.com/test',
-            headers: { "Authorization" => "Bearer access_token" }
+            headers: hash_including("Authorization" => "Bearer access_token")
           )).and_return(StubResponse.new('Some random text here', true, 200))
 
-          expect { @token_instance.send(http_method, '/test') }.not_to raise_error
+          expect { httpproxy_instance.send(http_method, '/test') }.not_to raise_error
+        end
+      end
+    end
+  end
+
+  context 'Normal operation' do
+    let(:httpproxy_instance) {
+      DummyClassForTokens.new(
+        client_id: 'test-client-id',
+        client_secret: 'test-client-secret',
+        domain: 'auth0.com',
+        token: 'access_token',
+        token_expires_at: Time.now.to_i + 86400)
+    }
+
+    # This sets up a test matrix to verify that both :get and :delete calls (the only two HTTP methods in the proxy that mutated headers)
+    # don't bleed query params into subsequent calls to :post :patch and :put.
+    %i(get delete).each do |http_get_delete|
+      %i(post patch put).each do |http_ppp|
+        it "should not bleed :#{http_get_delete} headers/parameters to the subsequent :#{http_ppp} request" do
+          expect(RestClient::Request).to receive(:execute).with(hash_including(
+            method: http_get_delete,
+            url: "https://auth0.com/test-#{http_get_delete}",
+            headers: hash_including(params: { email: 'test@test.com' })
+          )).and_return(StubResponse.new('OK', true, 200))
+
+          # email: parameter that is sent in the GET request should not appear
+          # as a parameter in the `headers` hash for the subsequent PATCH request.
+          expect(RestClient::Request).to receive(:execute).with(hash_including(
+            method: http_ppp,
+            url: "https://auth0.com/test-#{http_ppp}",
+            headers: hash_not_including(:params)
+          )).and_return(StubResponse.new('OK', true, 200))
+
+          expect { httpproxy_instance.send(http_get_delete, "/test-#{http_get_delete}", { email: 'test@test.com' }) }.not_to raise_error
+          expect { httpproxy_instance.send(http_ppp, "/test-#{http_ppp}") }.not_to raise_error
         end
       end
     end

data/spec/lib/auth0/mixins/token_management_spec.rb

@@ -110,16 +110,11 @@ describe Auth0::Mixins::TokenManagement do
 
     it 'does not renew existing token if no token_expires_at' do
       params[:token] = 'test-token'
+      instance.instance_variable_set '@token_expires_at', nil
 
-      expect(RestClient::Request).not_to receive(:execute).with(hash_including(
-        method: :post,
-        url: 'https://samples.auth0.com/oauth/token',
-      ))
+      expect(RestClient::Request).not_to receive(:execute)
 
       instance.send(:get_token)
-
-      expect(instance.instance_variable_get('@token')).to eq('test-token')
-      expect(instance.instance_variable_get('@token_expires_at')).to be_nil
     end
   end
 end

data/spec/spec_helper.rb

@@ -13,8 +13,8 @@ require 'simplecov'
 SimpleCov.start
 
 if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
+  require 'simplecov-cobertura'
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
 end
 
 require 'dotenv'
@@ -51,6 +51,10 @@ RSpec.configure do |config|
   config.filter_run focus: true
   config.run_all_when_everything_filtered = true
   config.include Credentials
+
+  config.expect_with :rspec do |c|
+    c.max_formatted_output_length = 1000000
+  end
 end
 
 def wait(time, increment = 5, elapsed_time = 0, &block)