auth0 4.1.0 → 4.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5662a97be797b89462c17138a8f056908bbd1bd9
-  data.tar.gz: 9973f4c3a23a12e1888c9da0751030def1259601
+SHA256:
+  metadata.gz: 50bf71ae1695273ad9f86de42239cff42c681c8c0841fde4f2002c1e045940b0
+  data.tar.gz: 4956b4307c7c2d93fd1d8e955c2f77fc1c6fdd57232674c1dc50a1d95507097b
 SHA512:
-  metadata.gz: 972202c41cb9e9f479f50479075daeaa33af13a3ac88ce94bff273267bad13b1f5ef56f03f300f9cd2845f576be9c91204c23dccac11f9a9dd51f5d1639cf316
-  data.tar.gz: cde76230c835cdf52f2e963edbd28bc794efb769c892739bfd70029954b6ad23c25a62b8a10285d21839d7c0fc09a300f005d6ab3cf2fd6147be2413b8761dcb
+  metadata.gz: 7cdbe3de507568e75af632efdd47c005c71425f0c884fb66863d63325ac5f4d162e0d129d648c306ad5747bb6d6634819431cd566420e06b87611b384f91b632
+  data.tar.gz: cc4d1e11073b11d8412615bf57586e3f173d649ae48f47b212104de5aaca6b294d86f06eeb3bbb7f13c3016a3ef4a2f57d5e6b87b08db776e730e36e9eb1a566

data/CHANGELOG.md

@@ -1,5 +1,43 @@
 # Change Log
 
+## [v4.4.0](https://github.com/auth0/ruby-auth0/tree/v4.4.0) (2018-02-19)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.2.0...v4.4.0)
+
+Note: If you are using the `login` endpoint, you will need to enable the [Resource Owner Password Grant](https://auth0.com/docs/clients/client-grant-types).
+
+**Closed issues:**
+
+- Vulnerable dependency: yard. [\#99]
+https://github.com/auth0/ruby-auth0/issues/99
+
+- Unsupported on latest ruby version. [\#83]
+https://github.com/auth0/ruby-auth0/issues/83
+
+- Outdated dependencies in ror-api example. [\#75]
+https://github.com/auth0/ruby-auth0/issues/75
+
+- Authentication Login is using `/oauth/ro` [\#89]
+https://github.com/auth0/ruby-auth0/issues/89
+
+**Merged pull requests:**
+
+- Add support to /api/v2/users-by-email [\#105](https://github.com/auth0/ruby-auth0/pull/105) ([edgurgel](https://github.com/edgurgel))
+
+## [v4.2.0](https://github.com/auth0/ruby-auth0/tree/v4.2.0) (2018-02-15)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.1.0...v4.2.0)
+
+**Closed issues:**
+
+- Vulnerable dependency: yard. [\#99]
+https://github.com/auth0/ruby-auth0/issues/99
+
+- Unsupported on latest ruby version. [\#83]
+https://github.com/auth0/ruby-auth0/issues/83
+
+- Outdated dependencies in ror-api example. [\#75]
+https://github.com/auth0/ruby-auth0/issues/75
+
+
 ## [v4.1.0](https://github.com/auth0/ruby-auth0/tree/v4.1.0) (2016-07-25)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v4.0.0...v4.1.0)
 

data/DEPLOYMENT.md

@@ -1,5 +1,14 @@
 ```
 bundle install
 bundle exec rake spec
-gem push auth0-X.Y.Z.gem
+bundle exec gem bump --version x.y.z
+bundle exec gem tag
+github_changelog_generator -t <YOUR TOKEN>
+bundle exec gem release
 ```
+
+> Note for the changelog:
+  * Review the changelog.
+  * Remove "unreleased" section.
+  * Make sure the tags are ordered.
+  * Commit / push the changelog to master.

data/Dockerfile

@@ -0,0 +1,5 @@
+FROM ruby:2.5
+
+WORKDIR /home/app
+
+COPY . /home/app

data/README.md

@@ -4,6 +4,7 @@ Ruby api client for [Auth0](https://auth0.com) platform
 [![Gem Version](https://badge.fury.io/rb/auth0.svg)](http://badge.fury.io/rb/auth0)
 [![Coverage Status](https://coveralls.io/repos/auth0/ruby-auth0/badge.svg?branch=master)](https://coveralls.io/r/auth0/ruby-auth0?branch=master)
 [![Dependency Status](https://gemnasium.com/auth0/ruby-auth0.svg)](https://gemnasium.com/auth0/ruby-auth0)
+[![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://www.rubydoc.info/github/auth0/ruby-auth0/master/frames)
 
 ## Installation
 
@@ -25,45 +26,41 @@ Using [APIv2](https://auth0.com/docs/api/v2)
 require "auth0"
 
 auth0 = Auth0Client.new(
-  :client_id => "YOUR CLIENT ID"
+  :client_id => "YOUR CLIENT ID",
   :token => "YOUR JWT HERE",
-  :domain => "<YOUR ACCOUNT>.auth0.com"  
+  :domain => "<YOUR ACCOUNT>.auth0.com",
+  :api_version => 2
 )
 
 puts auth0.get_users
 ```
 
-Using [APIv1](https://auth0.com/docs/api/v1)
+### Timeout
+You can setup a custom timeout in the Auth0Client. By default it is set to 10 seconds.
 
 ```ruby
 require "auth0"
 
 auth0 = Auth0Client.new(
   :client_id => "YOUR CLIENT ID",
-  :client_secret => "YOUR CLIENT SECRET",
+  :token => "YOUR JWT HERE",
   :domain => "<YOUR ACCOUNT>.auth0.com",
-  :api_version => "1"
+  :timeout => 15
 )
 
 puts auth0.get_users
 ```
 
-### Timeout
-You can setup a custom timeout in the Auth0Client. By default it is set to 10 minutes.
+## API Documentation
 
-```ruby
-require "auth0"
+Build API docs locally
 
-auth0 = Auth0Client.new(
-  :client_id => "YOUR CLIENT ID"
-  :token => "YOUR JWT HERE",
-  :domain => "<YOUR ACCOUNT>.auth0.com",
-  :timeout => 15
-)
-
-puts auth0.get_users
+``` bash
+bundle exec rake documentation
 ```
 
+To view API docs, go to `doc` folder and open `index.html`
+
 ## What is Auth0?
 
 Auth0 helps you to:

data/RUBYGEM.md

@@ -0,0 +1,9 @@
+# Publish the Gem on RubyGems.org
+
+To publish the gem set `RUBYGEMS_EMAIL` and `RUBYGEMS_PASSWORD` environment variables with your email and password from your RubyGems account respectively.
+Then run the following [Docker](https://docs.docker.com/engine/installation/) commands in the terminal to build and publish the gem.
+
+```bash
+docker build -t auth0-publish-rubygem .
+docker run --rm -e RUBYGEMS_EMAIL="$RUBYGEMS_EMAIL" -e RUBYGEMS_PASSWORD="$RUBYGEMS_PASSWORD" -it auth0-publish-rubygem /bin/sh publish_rubygem.sh
+```

data/auth0.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'rest-client', '~> 1.8.0'
+  s.add_runtime_dependency 'rest-client', '~> 2.0'
 
   s.add_development_dependency 'rake', '~> 10.4'
   s.add_development_dependency 'fuubar', '~> 2.0'
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rack', '~> 1.6.4'
   s.add_development_dependency 'simplecov', '~> 0.9'
   s.add_development_dependency 'faker', '~> 1.4'
-  s.add_development_dependency 'yard', '~> 0.8'
+  s.add_development_dependency 'yard', '~> 0.9.12'
   s.add_development_dependency 'gem-release', '~> 0.7'
   s.license = 'MIT'
 end

data/examples/ruby-api/.env.example

@@ -0,0 +1,2 @@
+AUTH0_CLIENT_ID={CLIENT_ID}
+AUTH0_CLIENT_SECRET={CLIENT_SECRET}

data/examples/ruby-on-rails-api/.env.example

@@ -0,0 +1,2 @@
+AUTH0_CLIENT_ID={CLIENT_ID}
+AUTH0_CLIENT_SECRET={CLIENT_SECRET}

data/examples/ruby-on-rails-api/Gemfile

@@ -1,17 +1,17 @@
 source 'https://rubygems.org'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '4.2.5.1'
+gem 'rails', '5.0.0.1'
 # Use sqlite3 as the database for Active Record
 gem 'sqlite3', groups: [:development, :test]
 
 gem 'pg'
 # Use SCSS for stylesheets
-gem 'sass-rails', '~> 5.0.4'
+gem 'sass-rails', '~> 5.0.6'
 # Use Uglifier as compressor for JavaScript assets
-gem 'uglifier', '>= 2.7.2'
+gem 'uglifier', '>= 3.0.3'
 # Use CoffeeScript for .js.coffee assets and views
-gem 'coffee-rails', '~> 4.1.1'
+gem 'coffee-rails', '~> 4.2.1'
 # See https://github.com/sstephenson/execjs#readme for more supported runtimes
 # gem 'therubyracer',  platforms: :ruby
 
@@ -20,11 +20,11 @@ gem 'jquery-rails'
 # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
 gem 'turbolinks'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem 'jbuilder', '~> 2.4.1'
+gem 'jbuilder', '~> 2.6.0'
 # bundle exec rake doc:rails generates the API under doc/api.
-gem 'sdoc', '~> 0.4.1', group: :doc
+gem 'sdoc', '~> 0.4.2', group: :doc
 # knock dependency
-gem 'knock', '~> 1.4.2'
+gem 'knock', '~> 2.0'
 
 # Dot env
 gem 'dotenv-rails', groups: [:development, :test]

data/examples/ruby-on-rails-api/app/controllers/secured_ping_controller.rb

@@ -1,11 +1,11 @@
 # Secured ping Controller
 class SecuredPingController < ApplicationController
-  before_action :authenticate
+  before_action :authenticate_user
 
   def ping
     render json: {
       message: "All good. You only get this message if you're authenticated.",
-      user: @current_user
+      user: current_user
     }
   end
 end

data/examples/ruby-on-rails-api/app/models/User.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  def self.from_token_payload payload
+    payload["sub"]
+  end
+end

data/examples/ruby-on-rails-api/config/initializers/knock.rb

@@ -1,19 +1,5 @@
 require 'base64'
 Knock.setup do |config|
-  ## Current user retrieval when validating token
-  ## --------------------------------------------
-  ##
-  ## This is how you can tell Knock how to retrieve the current_user.
-  ## By default, it assumes you have a model called `User` and that
-  ## the user_id is stored in the 'sub' claim.
-  ##
-  ## Default:
-  # config.current_user_from_token = -> (claims) { User.find claims['sub'] }
-
-  # !!!
-  # This is only to make the example test cases pass, you should use a real
-  # user model in your app instead.
-  config.current_user_from_token = -> (claims) { { id: claims['sub'] } }
 
   ## Expiration claim
   ## ----------------
@@ -44,10 +30,6 @@ Knock.setup do |config|
   # config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
 
   ## If using Auth0, uncomment the line below
-  # config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret }
-  config.token_secret_signature_key = lambda {
-    secret = Rails.application.secrets.auth0_client_secret
-    secret += '=' * (4 - secret.length.modulo(4))
-    Base64.decode64(secret.tr('-_', '+/'))
-  }
+  config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret }
+  
 end

data/lib/auth0/api/authentication_endpoints.rb

@@ -57,16 +57,17 @@ module Auth0
         raise Auth0::InvalidParameter, 'Must supply a valid username' if username.to_s.empty?
         raise Auth0::InvalidParameter, 'Must supply a valid password' if password.to_s.empty?
         request_params = {
-          client_id:  @client_id,
-          username:   username,
-          password:   password,
-          scope:      options.fetch(:scope, 'openid'),
-          connection: connection_name,
-          grant_type: options.fetch(:grant_type, password),
-          id_token:   id_token,
-          device:     options.fetch(:device, nil)
+          client_id:     @client_id,
+          client_secret: @client_secret,
+          username:      username,
+          password:      password,
+          scope:         options.fetch(:scope, 'openid'),
+          connection:    connection_name,
+          grant_type:    options.fetch(:grant_type, password),
+          id_token:      id_token,
+          device:        options.fetch(:device, nil)
         }
-        post('/oauth/ro', request_params)
+        post('/oauth/token', request_params)
       end
 
       # Signup using username/password

data/lib/auth0/api/v2.rb

@@ -8,6 +8,7 @@ require 'auth0/api/v2/jobs'
 require 'auth0/api/v2/rules'
 require 'auth0/api/v2/stats'
 require 'auth0/api/v2/users'
+require 'auth0/api/v2/users_by_email'
 require 'auth0/api/v2/user_blocks'
 require 'auth0/api/v2/tenants'
 require 'auth0/api/v2/tickets'
@@ -28,6 +29,7 @@ module Auth0
       include Auth0::Api::V2::Rules
       include Auth0::Api::V2::Stats
       include Auth0::Api::V2::Users
+      include Auth0::Api::V2::UsersByEmail
       include Auth0::Api::V2::UserBlocks
       include Auth0::Api::V2::Tenants
       include Auth0::Api::V2::Tickets

data/lib/auth0/api/v2/users.rb

@@ -102,6 +102,7 @@ module Auth0
           path = "#{users_path}/#{user_id}"
           patch(path, body)
         end
+        alias update_user patch_user
 
         # Delete a user's multifactor provider
         # @see https://auth0.com/docs/api/v2#!/Users/delete_multifactor_by_provider

data/lib/auth0/api/v2/users_by_email.rb

@@ -0,0 +1,35 @@
+module Auth0
+  module Api
+    module V2
+      # Methods to use the Users By Email endpoints
+      module UsersByEmail
+        attr_reader :users_by_email_path
+
+        # Retrieves a list of existing users by their email.
+        # @see https://auth0.com/docs/api/v2#!/Users/get_users
+        # @see https://auth0.com/docs/api/management/v2#!/Users_By_Email/get_users_by_email
+        # @param fields [string] A comma separated list of fields to include or exclude from the result.
+        # @param include_fields [boolean] True if the fields specified are to be included in the result, false otherwise.
+        # @param email [string] E-mail to be searched
+        #
+        # @return [json] Returns the list of existing users.
+        def users_by_email(email, options = {})
+          raise Auth0::InvalidParameter, 'Must supply a valid email' if email.to_s.empty?
+          request_params = {
+            fields:         options.fetch(:fields, nil),
+            include_fields: options.fetch(:include_fields, nil)
+          }
+          request_params[:email] = email
+          get(users_by_email_path, request_params)
+        end
+
+        private
+
+        # Users By Emails API path
+        def users_by_email_path
+          @users_by_email_path ||= '/api/v2/users-by-email'
+        end
+      end
+    end
+  end
+end

data/lib/auth0/exception.rb

@@ -15,6 +15,8 @@ module Auth0
   class ServerError < Auth0::Exception; end
   # exception for incorrect request, you've sent wrong params
   class BadRequest < Auth0::Exception; end
+  # exception for timeouts
+  class RequestTimeout < Auth0::Exception; end
   # exception for unset user_id, this might cause removal of
   # all users, or other unexpected behaviour
   class MissingUserId < Auth0::Exception; end

data/lib/auth0/mixins/httpproxy.rb

@@ -48,7 +48,12 @@ module Auth0
       def call(method, url, timeout, headers, body = nil)
         RestClient::Request.execute(method: method, url: url, timeout: timeout, headers: headers, payload: body)
       rescue RestClient::Exception => e
-        e.response
+        case e
+        when RestClient::RequestTimeout
+          raise Auth0::RequestTimeout
+        else
+          return e.response
+        end
       end
     end
   end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '4.1.0'.freeze
+  VERSION = '4.4.0'.freeze
 end

data/publish_rubygem.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Create directory for rubygems credentials
+mkdir /root/.gem
+# Get API key from rubygems.org
+curl -u "$RUBYGEMS_EMAIL":"$RUBYGEMS_PASSWORD" https://rubygems.org/api/v1/api_key.yaml > ~/.gem/credentials; chmod 0600 ~/.gem/credentials
+# Build Gem
+gem build auth0.gemspec
+# Publish Gem
+gem push auth0-*.gem

data/spec/integration/lib/auth0/api/api_authentication_spec.rb

@@ -3,7 +3,7 @@ describe Auth0::Api::AuthenticationEndpoints do
   attr_reader :client, :impersonate_user, :impersonator_user, :global_client, :password
 
   before(:all) do
-    @client = Auth0Client.new(v2_creds)
+    @client = Auth0Client.new(Credentials.v2_creds)
     impersonate_username = Faker::Internet.user_name
     impersonate_email = "#{entity_suffix}#{Faker::Internet.safe_email(impersonate_username)}"
     @password = Faker::Internet.password
@@ -36,11 +36,6 @@ describe Auth0::Api::AuthenticationEndpoints do
     it { expect(acces_token).to_not be_nil }
   end
 
-  describe '.login' do
-    let(:login) { global_client.login(impersonate_user['email'], password) }
-    it { expect(login).to(include('id_token', 'access_token', 'token_type')) }
-  end
-
   describe '.signup' do
     let(:signup_username) { Faker::Internet.user_name }
     let(:signup_email) { "#{entity_suffix}#{Faker::Internet.safe_email(signup_username)}" }
@@ -51,9 +46,9 @@ describe Auth0::Api::AuthenticationEndpoints do
 
   describe '.change_password' do
     let(:change_password) do
-      global_client.change_password(impersonate_user['user_id'], password)
+      global_client.change_password(impersonate_user['user_id'], '')
     end
-    it { expect(change_password).to eq '"We\'ve just sent you an email to reset your password."' }
+    it { expect(change_password).to(include('We\'ve just sent you an email to reset your password.')) }
   end
 
   skip '.start_passwordless_email_flow' do
@@ -80,39 +75,4 @@ describe Auth0::Api::AuthenticationEndpoints do
     let(:wsfed_metadata) { global_client.wsfed_metadata }
     it { expect(wsfed_metadata).to(include('<EntityDescriptor')) }
   end
-
-  describe '.token_info' do
-    let(:id_token) { global_client.login(impersonate_user['email'], password)['id_token'] }
-    let(:token_info) { global_client.token_info(id_token) }
-    it { expect(token_info).to(include('email', 'clientID', 'global_client_id')) }
-  end
-
-  describe '.delegation' do
-    let(:id_token) { global_client.login(impersonate_user['email'], password)['id_token'] }
-    let(:target) { global_client.clients[0]['clientID'] }
-    let(:delegation) { global_client.delegation(id_token, target) }
-    it { expect(delegation).to(include('token_type', 'expires_in', 'id_token')) }
-  end
-
-  describe '.impersonation' do
-    let(:impersonate_url) do
-      global_client.impersonate(impersonate_user['user_id'], ENV['CLIENT_ID'], impersonator_user['user_id'], {})
-    end
-    it { expect(impersonate_url).to_not be_nil }
-  end
-
-  describe '.unlink_user' do
-    let(:access_token) { global_client.login(impersonate_user['email'], password)['access_token'] }
-    let(:unlink_user) { global_client.unlink_user(access_token, impersonator_user['user_id']) }
-    it { expect(unlink_user).to eq 'OK' }
-  end
-
-  describe '.user_info' do
-    let(:access_token) { global_client.login(impersonate_user['email'], password)['access_token'] }
-    let(:credentials) { { client_id: ENV['CLIENT_ID'], token: access_token, domain: ENV['DOMAIN'] } }
-    let(:client) { Auth0Client.new(credentials) }
-    let(:user_info) { client.user_info }
-    it { expect(user_info['email']).to eq impersonate_user['email'] }
-    it { expect(user_info).to(include('clientID', 'identities', 'nickname', 'picture')) }
-  end
 end