authy 2.7.5 → 3.0.0

data/lib/authy.rb

@@ -6,11 +6,9 @@ require 'json'
 
 require 'authy/version'
 require 'authy/url_helpers'
-require 'authy/core_ext'
 require 'authy/response'
 require 'authy/models/user'
 require 'authy/config'
 require 'authy/api'
-require 'authy/phone_intelligence'
 require 'authy/phone_verification'
 require 'authy/onetouch'

data/lib/authy/api.rb

@@ -1,12 +1,6 @@
-require 'logger'
+require "logger"
 
 module Authy
-
-  AUTHY_LOGGER = Logger.new(STDOUT)
-  #
-  #  Authy.api_key = 'foo'
-  #  Authy.api_uri = 'http://test-authy-api.heroku.com/'
-  #
   class API
     MIN_TOKEN_SIZE = 6
     MAX_TOKEN_SIZE = 12
@@ -25,7 +19,7 @@ module Authy
       }
 
       url = "#{Authy.api_uri}/protected/json/users/new"
-      response = http_client.post(url, :body => escape_query(params), :header => default_header(api_key: api_key))
+      response = http_client.post(url, :body => escape_query(params), :header => default_header(params: { api_key: api_key }))
 
       Authy::User.new(response)
     end
@@ -36,19 +30,18 @@ module Authy
     # :force (true|false) force to check even if the cellphone is not confirmed
     #
     def self.verify(params)
-      token = params.delete(:token) || params.delete('token')
-      user_id = params.delete(:id) || params.delete('id')
+      token = params.delete(:token) || params.delete("token")
+      user_id = params.delete(:id) || params.delete("id")
 
-      return invalid_response('Token format is invalid') unless token_is_safe?(token)
-      return invalid_response('User id is invalid') unless is_digit?(user_id)
+      return invalid_response("Token format is invalid") unless token_is_safe?(token)
+      return invalid_response("User id is invalid") unless is_digit?(user_id)
 
-      params[:force] = true if params[:force].nil? && params['force'].nil?
+      params[:force] = true if params[:force].nil? && params["force"].nil?
 
       response = get_request("protected/json/verify/:token/:user_id", params.merge({
-          "token" => token,
-          "user_id" => user_id
-        })
-      )
+        "token" => token,
+        "user_id" => user_id
+      }))
 
       return verify_response(response) if response.ok?
       return response
@@ -58,7 +51,7 @@ module Authy
     # :id user id
     # :force force sms
     def self.request_sms(params)
-      user_id = params.delete(:id) || params.delete('id')
+      user_id = params.delete(:id) || params.delete("id")
 
       get_request("protected/json/sms/:user_id", params.merge({"user_id" => user_id}))
     end
@@ -68,14 +61,14 @@ module Authy
     # :qr_size qr size
     # :qr_label context for qr code
     def self.request_qr_code(params)
-      user_id = params.delete(:id) || params.delete('id')
-      qr_size = params.delete(:qr_size) || params.delete('qr_size') || 300
-      qr_label = params.delete(:qr_label) || params.delete('qr_label') || ""
+      user_id = params.delete(:id) || params.delete("id")
+      qr_size = params.delete(:qr_size) || params.delete("qr_size") || 300
+      qr_label = params.delete(:qr_label) || params.delete("qr_label") || ""
 
-      return invalid_response('User id is invalid') unless is_digit?(user_id)
-      return invalid_response('Qr image size is invalid') unless is_digit?(qr_size)
+      return invalid_response("User id is invalid") unless is_digit?(user_id)
+      return invalid_response("Qr image size is invalid") unless is_digit?(qr_size)
 
-      response = post_request("protected/json/users/:user_id/secret" ,params.merge({
+      response = post_request("protected/json/users/:user_id/secret", params.merge({
         "user_id" => user_id,
         "qr_size" => qr_size,
         "label" => qr_label
@@ -86,19 +79,38 @@ module Authy
     # :id user id
     # :force force phone_call
     def self.request_phone_call(params)
-      user_id = params.delete(:id) || params.delete('id')
+      user_id = params.delete(:id) || params.delete("id")
 
       get_request("protected/json/call/:user_id", params.merge({"user_id" => user_id}))
     end
 
     # options:
     # :id user id
-    def self.delete_user(params)
+    def self.request_email(params)
+      user_id = params.delete(:id) || params.delete('id')
+
+      post_request("protected/json/email/:user_id", params.merge({"user_id" => user_id}))
+    end
+
+    # options:
+    # :id user id
+    # :email user's new email
+    def self.update_user(params)
       user_id = params.delete(:id) || params.delete('id')
 
-      post_request("protected/json/users/delete/:user_id", params.merge({"user_id" =>user_id}))
+      post_request("protected/json/users/:user_id/update", params.merge({"user_id" => user_id}))
     end
 
+    # options:
+    # :id user id
+    def self.delete_user(params)
+      user_id = params.delete(:id) || params.delete("id")
+
+      post_request("protected/json/users/delete/:user_id", params.merge({"user_id" => user_id}))
+    end
+
+    # options:
+    # :id user id
     def self.user_status(params)
       user_id = params.delete(:id) || params.delete("id")
       get_request("protected/json/users/:user_id/status", params.merge({"user_id" => user_id}))
@@ -113,12 +125,12 @@ module Authy
       state, error = validate_for_url(uri_params, params)
 
       response = if state
-                   url = "#{Authy.api_uri}/#{eval_uri(uri, params)}"
-                   params = clean_uri_params(uri_params, params)
-                   http_client.post(url, :body => escape_query(params), header: header_)
-                 else
-                   build_error_response(error)
-                 end
+          url = "#{Authy.api_uri}/#{eval_uri(uri, params)}"
+          params = clean_uri_params(uri_params, params)
+          http_client.post(url, :body => escape_query(params), header: header_)
+        else
+          build_error_response(error)
+        end
       Authy::Response.new(response)
     end
 
@@ -128,24 +140,24 @@ module Authy
       uri_params = keys_to_verify(uri, params)
       state, error = validate_for_url(uri_params, params)
       response = if state
-                   url = "#{Authy.api_uri}/#{eval_uri(uri, params)}"
-                   params = clean_uri_params(uri_params, params)
-                   http_client.get(url, params, header_)
-                 else
-                   build_error_response(error)
-                 end
+          url = "#{Authy.api_uri}/#{eval_uri(uri, params)}"
+          params = clean_uri_params(uri_params, params)
+          http_client.get(url, params, header_)
+        else
+          build_error_response(error)
+        end
       Authy::Response.new(response)
     end
 
     def self.build_error_response(error = "blank uri param found")
       OpenStruct.new({
-        'status' => 400,
-        'body' => {
-          'success' => false,
-          'message' => error,
-          'errors' => {
-            'message' => error
-          }
+        "status" => 400,
+        "body" => {
+          "success" => false,
+          "message" => error,
+          "errors" => {
+            "message" => error,
+          },
         }.to_json
       })
     end
@@ -158,32 +170,26 @@ module Authy
       !!(/^\d+$/.match str.to_s)
     end
 
-    def self.invalid_response(str="Invalid resonse")
+    def self.invalid_response(str = "Invalid resonse")
       response = build_error_response(str)
       return Authy::Response.new(response)
     end
 
     def self.verify_response(response)
-      return response if response['token'] == 'is valid'
-      response = build_error_response('Token is invalid')
+      return response if response["token"] == "is valid"
+      response = build_error_response("Token is invalid")
       return Authy::Response.new(response)
     end
 
-    def self.default_header(api_key: nil, params: {})
+    def self.default_header(params: {})
+      api_key = params.delete(:api_key) || params.delete("api_key")
+
       header = {
         "X-Authy-API-Key" => api_key || Authy.api_key,
         "User-Agent" => Authy.user_agent
       }
 
-      api_key_ = params.delete(:api_key) || params.delete("api_key")
-
-      if api_key_ && api_key_.strip != ""
-        AUTHY_LOGGER.warn("[DEPRECATED]: The Authy API key should not be sent as a parameter. Please send the HTTP header 'X-Authy-API-Key' instead.")
-        header["X-Authy-API-Key"] = api_key_
-      end
-
       return header
     end
-
   end
 end

data/lib/authy/onetouch.rb

@@ -23,7 +23,7 @@ module Authy
       begin
         self.clean_hash!(details)
         self.clean_hash!(hidden_details)
-        self.clean_logos!(logos)
+        logos = self.clean_logos!(logos)
       rescue => e
         return invalid_response("Invalid parameters: #{e.message}")
       end

data/lib/authy/phone_verification.rb

@@ -6,8 +6,11 @@ module Authy
     #   :phone_number The persons phone number.
     #   :custom_code Pass along any generated custom code.
     #   :custom_message Custom Message.
+    #   :code_length Length of code to be sent(4-10).
+    #   :locale The language of the message received by user.
     def self.start(params)
-      params[:via] = "sms" unless %w(sms, call).include?(params[:via])
+      warn "Authy Phone Verification has been superseded by the Twilio Verify API. Check https://twil.io/verify-start-ruby to see how to start a verification with the Twilio Verify API."
+      params[:via] = "sms" unless %w(sms call).include?(params[:via])
 
       post_request("protected/json/phones/verification/start", params)
     end
@@ -17,8 +20,8 @@ module Authy
     #   :phone_number The persons phone number.
     #   :verification_code The verification code entered by the user.
     def self.check(params)
+      warn "Authy Phone Verification has been superseded by the Twilio Verify API. Check https://twil.io/verify-check-ruby to see how to check a verification the Twilio Verify API."
       get_request("protected/json/phones/verification/check", params)
     end
-
   end
 end

data/lib/authy/url_helpers.rb

@@ -30,10 +30,6 @@ module Authy
         [ true, ""]
       end
 
-      def escape_for_url(field)
-        URI.escape(field.to_s.strip, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
-      end
-
       def to_param(left, right)
         HTTP::Message.escape(left) + '=' +  HTTP::Message.escape(right.to_s)
       end

data/lib/authy/version.rb

@@ -1,3 +1,3 @@
 module Authy
-  VERSION = "2.7.5"
+  VERSION = "3.0.0"
 end

data/spec/authy/api_spec.rb

@@ -1,9 +1,17 @@
-require 'spec_helper'
+require "spec_helper"
+
+class Utils
+  include Authy::URL
+end
 
 describe "Authy::API" do
+  let(:headers) { { "X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})" } }
+  let(:user_id) { 81547 }
+  let(:invalid_api_key) { "invalid_api_key" }
+
   describe "request headers" do
     it "contains api key and user agent in header" do
-      expect_any_instance_of(HTTPClient).to receive(:request).twice.with(any_args, hash_including(header: { "X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})" }) ) { double(ok?: true, body: "", status: 200) }
+      expect_any_instance_of(HTTPClient).to receive(:request).twice.with(any_args, hash_including(header: headers)) { double(ok?: true, body: "", status: 200) }
 
       url = "protected/json/foo/2"
       Authy::API.get_request(url, {})
@@ -12,50 +20,130 @@ describe "Authy::API" do
   end
 
   describe "Registering users" do
-    it "should find or create a user" do
-      user = Authy::API.register_user(
+    let(:register_user_url) { "#{Authy.api_uri}/protected/json/users/new" }
+
+    it "should register a user successfully" do
+      user_attributes = {
         email: generate_email,
         cellphone: generate_cellphone,
         country_code: 1
-      )
+      }
+      response_json = {
+        "message" => "User created successfully.",
+        "user" => { "id" => user_id },
+        "success" => true
+      }.to_json
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, register_user_url, {
+          :body => Utils.escape_query(
+            :user => user_attributes,
+            :send_install_link_via_sms => true
+          ),
+          :header => headers
+        })
+        .and_return(double(:status => 200, :body => response_json))
+
+      user = Authy::API.register_user(user_attributes)
 
       expect(user).to be_kind_of(Authy::Response)
       expect(user).to be_kind_of(Authy::User)
       expect(user).to_not be_nil
       expect(user.id).to_not be_nil
-      expect(user.id).to be_kind_of(Integer)
+      expect(user.id).to be(user_id)
     end
 
     it "should return the error messages as a hash" do
-      user = Authy::API.register_user(
+      user_attributes = {
         email: generate_email,
         cellphone: "abc-1234",
         country_code: 1
-      )
+      }
+      response_json = {
+        "cellphone" => "is invalid",
+        "message" => "User was not valid",
+        "success" => false,
+        "errors" => {
+          "cellphone" => "is invalid",
+          "message" => "User was not valid"
+        },
+        "error_code" => "60027"
+      }.to_json
+
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, register_user_url, {
+          :body => Utils.escape_query(
+            :user => user_attributes,
+            :send_install_link_via_sms => true
+          ),
+          :header => headers
+        })
+        .and_return(double(:status => 400, :body => response_json))
+
+      user = Authy::API.register_user(user_attributes)
 
       expect(user.errors).to be_kind_of(Hash)
-      expect(user.errors['cellphone']).to include 'is invalid'
+      expect(user.errors["cellphone"]).to include "is invalid"
     end
 
     it "should allow to override the API key" do
-      user = Authy::API.register_user(
+      response_json = {
+        "error_code" => "60001",
+        "message" => "Invalid API key",
+        "errors" => {"message" => "Invalid API key"},
+        "success" => false
+      }.to_json
+      user_attributes = {
         email: generate_email,
         cellphone: generate_cellphone,
         country_code: 1,
-        api_key: "invalid_api_key"
-      )
+        api_key: invalid_api_key
+      }
+
+      headers["X-Authy-API-Key"] = invalid_api_key
+
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, register_user_url, {
+          :body => Utils.escape_query(
+            :user => user_attributes.reject { |k,v| k === :api_key },
+            :send_install_link_via_sms => true
+          ),
+          :header => headers
+        })
+        .and_return(double(:status => 401, :body => response_json))
+
+      user = Authy::API.register_user(user_attributes)
 
       expect(user).to_not be_ok
-      expect(user.errors['message']).to match(/invalid api key/i)
+      expect(user.errors["message"]).to match(/invalid api key/i)
     end
 
     it "should allow overriding send_install_link_via_sms default" do
-      user = Authy::API.register_user(
+      response_json = {
+        "message" => "User created successfully.",
+        "user" => { "id" => user_id },
+        "success" => true
+      }.to_json
+      user_attributes = {
         email: generate_email,
         cellphone: generate_cellphone,
         country_code: 1,
-        send_install_link_via_sms: false # Default is true. See http://docs.authy.com/totp.html#totp-api
-      )
+        send_install_link_via_sms: false
+      }
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, register_user_url, {
+          :body => Utils.escape_query(
+            :user => user_attributes.reject { |k,v| k === :send_install_link_via_sms },
+            :send_install_link_via_sms => false
+          ),
+          :header => headers
+        })
+        .and_return(double(:status => 200, :body => response_json))
+
+        user = Authy::API.register_user(user_attributes)
 
       expect(user).to be_kind_of(Authy::Response)
       expect(user).to be_kind_of(Authy::User)
@@ -63,90 +151,98 @@ describe "Authy::API" do
       expect(user.id).to_not be_nil
       expect(user.id).to be_kind_of(Integer)
     end
-
   end
 
-  describe "verificating tokens" do
-    before do
-      @email = generate_email
-      @cellphone = generate_cellphone
-      @user = Authy::API.register_user(
-        email: @email,
-        cellphone: @cellphone,
-        country_code: 1
-      )
-      expect(@user).to be_ok
-    end
+  describe "verifying tokens" do
+    let(:token) { "123456" }
+    let(:verify_url) { "#{Authy.api_uri}/protected/json/verify/#{token}/#{user_id}" }
 
-    it "should fail to validate a given token if the user is not registered" do
-      response = Authy::API.verify(token: 'invalid_token', id: @user.id)
+    it "should fail to validate a given token if the token is the wrong format" do
+      expect(Authy::API.http_client).to receive(:request).never
+      response = Authy::API.verify(token: "invalid_token", id: user_id)
 
       expect(response).to be_kind_of(Authy::Response)
       expect(response.ok?).to be_falsey
-      expect(response.errors['message']).to include 'Token format is invalid'
+      expect(response.errors["message"]).to include "Token format is invalid"
     end
 
     it "should allow to override the API key" do
-      response = Authy::API.verify(token: '123456', id: @user['id'], api_key: "invalid_api_key")
+      response_json = {
+        "error_code" => "60001",
+        "message" => "Invalid API key",
+        "errors" => {"message" => "Invalid API key"},
+        "success" => false
+      }.to_json
+      headers["X-Authy-API-Key"] = invalid_api_key
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:get, verify_url, {
+          :query => { :force => true },
+          :header => headers,
+          :follow_redirect => nil
+        })
+        .and_return(double(:status => 401, :body => response_json))
+
+      response = Authy::API.verify(token: "123456", id: user_id, api_key: invalid_api_key)
 
       expect(response).to_not be_ok
-      expect(response.errors['message']).to match(/invalid api key/i)
+      expect(response.errors["message"]).to match(/invalid api key/i)
     end
 
     it "should escape the params" do
+      expect(Authy::API.http_client).to receive(:request).never
       expect do
-        Authy::API.verify(token: '[=#%@$&#(!@);.,', id: @user['id'])
+        Authy::API.verify(token: "[=#%@$&#(!@);.,", id: user_id)
       end.to_not raise_error
     end
 
     it "should escape the params if have white spaces" do
+      expect(Authy::API.http_client).to receive(:request).never
       expect do
-        Authy::API.verify(token: "token with space", id: @user['id'])
+        Authy::API.verify(token: "token with space", id: user_id)
       end.to_not raise_error
     end
 
     it "should fail if a param is missing" do
-      response = Authy::API.verify(id: @user['id'])
+      expect(Authy::API.http_client).to receive(:request).never
+      response = Authy::API.verify(id: user_id)
       expect(response).to be_kind_of(Authy::Response)
       expect(response).to_not be_ok
-      expect(response["message"]).to include('Token format is invalid')
+      expect(response["message"]).to include("Token format is invalid")
     end
 
-    it 'fails when token format is invalid' do
-      response = Authy::API.verify(token: '0000', id: @user.id)
+    it "fails when token format is invalid" do
+      expect(Authy::API.http_client).to receive(:request).never
+      response = Authy::API.verify(token: "0000", id: user_id)
 
       expect(response.ok?).to be_falsey
       expect(response).to be_kind_of(Authy::Response)
-      expect(response.errors['message']).to eq 'Token format is invalid'
+      expect(response.errors["message"]).to eq "Token format is invalid"
     end
   end
 
   describe "requesting qr code for other authenticator apps" do
-    before do
-      @user = Authy::API.register_user(email: generate_email, cellphone: generate_cellphone, country_code: 1)
-      expect(@user).to be_ok
-    end
-
     it "should request qrcode" do
-      url = "#{Authy.api_uri}/protected/json/users/#{Authy::API.escape_for_url(@user.id)}/secret"
-      expect_any_instance_of(HTTPClient).to receive(:request).with(:post, url, body: "qr_size=300&label=example+app+name", header: {"X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})"}) { double(ok?: true, body: "", status: 200) }
-      response = Authy::API.send("request_qr_code", id: @user.id, qr_size: 300, qr_label: "example app name")
+      url = "#{Authy.api_uri}/protected/json/users/#{user_id}/secret"
+      expect_any_instance_of(HTTPClient).to receive(:request).with(:post, url, body: "qr_size=300&label=example+app+name", header: { "X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})" }) { double(ok?: true, body: "", status: 200) }
+      response = Authy::API.send("request_qr_code", id: user_id, qr_size: 300, qr_label: "example app name")
       expect(response).to be_ok
     end
 
-
     context "user id is not a number" do
       it "should not be ok" do
+        expect(Authy::API.http_client).to receive(:request).never
         response = Authy::API.send("request_qr_code", id: "tony")
-        expect(response.errors['message']).to eq "User id is invalid"
+        expect(response.errors["message"]).to eq "User id is invalid"
         expect(response).to_not be_ok
       end
     end
 
     context "qr size is not a number" do
       it "should return the right error" do
-        response = Authy::API.send("request_qr_code", id: @user.id, qr_size: "notanumber")
-        expect(response.errors['message']).to eq "Qr image size is invalid"
+        expect(Authy::API.http_client).to receive(:request).never
+        response = Authy::API.send("request_qr_code", id: user_id, qr_size: "notanumber")
+        expect(response.errors["message"]).to eq "Qr image size is invalid"
         expect(response).to_not be_ok
       end
     end
@@ -155,58 +251,212 @@ describe "Authy::API" do
   ["sms", "phone_call"].each do |kind|
     title = kind.upcase
     describe "Requesting #{title}" do
-      before do
-        @user = Authy::API.register_user(email: generate_email, cellphone: generate_cellphone, country_code: 1)
-        expect(@user).to be_ok
-      end
+      let(:uri_param) { kind == "phone_call" ? "call" : kind }
+      let(:url) { "#{Authy.api_uri}/protected/json/#{uri_param}/#{user_id}" }
 
       it "should request a #{title} token" do
-        uri_param = kind == "phone_call" ? "call" : kind
-        url = "#{Authy.api_uri}/protected/json/#{uri_param}/#{Authy::API.escape_for_url(@user.id)}"
-        expect_any_instance_of(HTTPClient).to receive(:request).with(:get, url, {query:{}, header:{ "X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})" }, follow_redirect:nil}) { double(ok?: true, body: "", status: 200) }
-        response = Authy::API.send("request_#{kind}", id: @user.id)
+        expect_any_instance_of(HTTPClient).to receive(:request).with(:get, url, { query: {}, header: { "X-Authy-API-Key" => Authy.api_key, "User-Agent" => "AuthyRuby/#{Authy::VERSION} (#{RUBY_PLATFORM}, Ruby #{RUBY_VERSION})" }, follow_redirect: nil }) { double(ok?: true, body: "", status: 200) }
+        response = Authy::API.send("request_#{kind}", id: user_id)
         expect(response).to be_ok
       end
 
       it "should allow to override the API key" do
-        response = Authy::API.send("request_#{kind}", id: @user.id, api_key: "invalid_api_key")
+        response_json = {
+          "error_code" => "60001",
+          "message" => "Invalid API key",
+          "errors" => {"message" => "Invalid API key"},
+          "success" => false
+        }.to_json
+        headers["X-Authy-API-Key"] = invalid_api_key
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:get, url, {
+          :header => headers,
+          :query => {},
+          :follow_redirect => nil
+        })
+        .and_return(double(:status => 401, :body => response_json))
+        response = Authy::API.send("request_#{kind}", id: user_id, api_key: invalid_api_key)
         expect(response).to_not be_ok
-        expect(response.errors['message']).to match(/invalid api key/i)
+        expect(response.errors["message"]).to match(/invalid api key/i)
       end
 
       it "should request a #{title} token using custom actions" do
-        response = Authy::API.send("request_#{kind}", id: @user.id, action: "custom action?", action_message: "Action message $%^?@#")
+        response_json = {
+          :success => true
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:get, url, {
+          :header => headers,
+          :query => {
+            :action => "custom action?",
+            :action_message => "Action message $%^?@#"
+          },
+          :follow_redirect => nil
+        })
+        .and_return(double(:status => 200, :body => response_json))
+        response = Authy::API.send("request_#{kind}", id: user_id, action: "custom action?", action_message: "Action message $%^?@#")
         expect(response).to be_ok
       end
 
       context "user doesn't exist" do
         it "should not be ok" do
+          url = "#{Authy.api_uri}/protected/json/#{uri_param}/tony"
+          response_json = {
+            "message" => "User not found.",
+            "success" => false,
+            "errors" => { "message" => "User not found." },
+            "error_code" => "60026"
+          }.to_json
+          expect(Authy::API.http_client).to receive(:request)
+          .once
+          .with(:get, url, {
+            :header => headers,
+            :query => { },
+            :follow_redirect => nil
+          })
+          .and_return(double(:status => 404, :body => response_json))
           response = Authy::API.send("request_#{kind}", id: "tony")
-          expect(response.errors['message']).to eq "User not found."
+          expect(response.errors["message"]).to eq "User not found."
           expect(response).to_not be_ok
         end
       end
     end
   end
 
-  describe "delete users" do
+  describe "Requesting email" do
+    it "should request an email token" do
+      response_json = {
+        "success" => true,
+        "message" => "Email token was sent",
+        "email" => "recipient@foo.com",
+        "email_id" => "EMa364aa751cc280d8c22772307e2c5760"
+      }.to_json
+      url = "#{Authy.api_uri}/protected/json/email/#{user_id}"
+
+      expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, url, body: "", header: headers)
+        .and_return(double(ok?: true, body: response_json, status: 200))
+      response = Authy::API.request_email(id: user_id)
+      expect(response).to be_ok
+    end
+
     context "user doesn't exist" do
       it "should not be ok" do
-        response = Authy::API.delete_user(id: "tony")
+        url = "#{Authy.api_uri}/protected/json/email/tony"
+        response_json = {
+          "message" => "User not found.",
+          "success" => false,
+          "errors" => {
+            "message" => "User not found."
+          },
+          "error_code" => "60026"
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, url, {
+          :header => headers,
+          :body => ""
+        })
+        .and_return(double(:status => 404, :body => response_json))
+        response = Authy::API.request_email(id: "tony")
+        expect(response.errors['message']).to eq "User not found."
+        expect(response).to_not be_ok
+      end
+    end
+  end
+
+  describe "update user email" do
+    context "user doesn't exist" do
+      it "should not be ok" do
+        url = "#{Authy.api_uri}/protected/json/users/tony/update"
+        response_json = {
+          "message" => "User not found.",
+          "success" => false,
+          "errors" => {
+            "message" => "User not found."
+          },
+          "error_code" => "60026"
+        }.to_json
+        new_email = generate_email
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, url, {
+          :header => headers,
+          :body => Utils.escape_query(:email => new_email)
+        })
+        .and_return(double(:status => 404, :body => response_json))
+
+        response = Authy::API.update_user(id: "tony", email: new_email)
         expect(response.errors['message']).to eq "User not found."
         expect(response).to_not be_ok
       end
     end
 
     context "user exists" do
-      before do
-        @user = Authy::API.register_user(email: generate_email, cellphone: generate_cellphone, country_code: 1)
-        expect(@user).to be_ok
+      it "should be ok" do
+        response_json = {
+          "message" => "User was updated successfully",
+          "success" => true
+        }.to_json
+        url = "#{Authy.api_uri}/protected/json/users/#{user_id}/update"
+        new_email = generate_email
+        expect(Authy::API.http_client).to receive(:request)
+          .once
+          .with(:post, url, body: Utils.escape_query({
+            email: new_email
+          }), header: headers)
+          .and_return(double(ok?: true, body: response_json, status: 200))
+        response = Authy::API.update_user(id: user_id, email: new_email)
+        expect(response.message).to eq "User was updated successfully"
+        expect(response).to be_ok
       end
+    end
+  end
 
+  describe "delete users" do
+    context "user doesn't exist" do
+      it "should not be ok" do
+        url = "#{Authy.api_uri}/protected/json/users/delete/tony"
+        response_json = {
+          "message" => "User not found.",
+          "success" => false,
+          "errors" => {
+            "message" => "User not found."
+          },
+          "error_code" => "60026"
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, url, {
+          :header => headers,
+          :body => ""
+        })
+        .and_return(double(:status => 404, :body => response_json))
+        response = Authy::API.delete_user(id: "tony")
+        expect(response.errors["message"]).to eq "User not found."
+        expect(response).to_not be_ok
+      end
+    end
+
+    context "user exists" do
+      let(:url) { "#{Authy.api_uri}/protected/json/users/delete/31567" }
       it "should be ok" do
-        response = Authy::API.delete_user(id: @user.id)
-        expect(response.message).to eq "User was added to remove."
+        response_json = {
+          "message" => "User removed from application",
+          "success" => false
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:post, url, {
+          :header => headers,
+          :body => ""
+        })
+        .and_return(double(:status => 200, :body => response_json))
+        response = Authy::API.delete_user(id: 31567)
+        expect(response.message).to eq "User removed from application"
         expect(response).to be_ok
       end
     end
@@ -215,6 +465,23 @@ describe "Authy::API" do
   describe "user status" do
     context "user doesn't exist" do
       it "should not be ok" do
+        url = "#{Authy.api_uri}/protected/json/users/tony/status"
+        response_json = {
+          "message" => "User not found.",
+          "success" => false,
+          "errors" => {
+            "message" => "User not found."
+          },
+          "error_code" => "60026"
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:get, url, {
+          :header => headers,
+          :query => {},
+          :follow_redirect => nil
+        })
+        .and_return(double(:status => 404, :body => response_json))
         response = Authy::API.user_status(id: "tony")
         expect(response.errors["message"]).to eq "User not found."
         expect(response).to_not be_ok
@@ -222,13 +489,42 @@ describe "Authy::API" do
     end
 
     context "user exists" do
-      before do
-        @user = Authy::API.register_user(email: generate_email, cellphone: generate_cellphone, country_code: 1)
-        expect(@user).to be_ok
-      end
-
       it "should be ok" do
-        response = Authy::API.user_status(id: @user.id)
+        url = "#{Authy.api_uri}/protected/json/users/290907/status"
+        response_json = {
+          "status" => {
+            "authy_id" => 290907,
+            "confirmed" => true,
+            "registered" => false,
+            "country_code" => 1,
+            "phone_number" => "XXX-XXX-1118",
+            "email" => "alfvawmu@authy.com",
+            "devices" => [],
+            "has_hard_token" => false,
+            "account_disabled" => false,
+            "detailed_devices" => [{
+              "device_type" => "authy",
+              "os_type" => "unknown",
+              "registration_device_id" => nil,
+              "registration_method" => nil,
+              "device_id" => 290908,
+              "last_sync_date" => 0,
+              "creation_date" => 1433868212
+            }],
+            "deleted_devices" => []
+          },
+          "message" => "User status.",
+          "success" => true
+        }.to_json
+        expect(Authy::API.http_client).to receive(:request)
+        .once
+        .with(:get, url, {
+          :header => headers,
+          :query => {},
+          :follow_redirect => nil
+        })
+        .and_return(double(:status => 200, :body => response_json))
+        response = Authy::API.user_status(id: 290907)
         expect(response.status).to be_kind_of(Hash)
         expect(response).to be_ok
       end
@@ -236,13 +532,9 @@ describe "Authy::API" do
   end
 
   describe "blank params" do
-    before do
-      @user = Authy::API.register_user(email: generate_email, cellphone: generate_cellphone, country_code: 1)
-      expect(@user).to be_ok
-    end
-
     [:request_sms, :request_phone_call, :delete_user].each do |method|
       it "should return a proper response with the errors for #{method}" do
+        expect(Authy::API.http_client).to receive(:request).never
         response = Authy::API.send(method, id: nil)
         expect(response).to_not be_ok
         expect(response.message).to eq "user_id is blank."
@@ -250,25 +542,26 @@ describe "Authy::API" do
     end
 
     it "should return a prope response with the errors for verify" do
+      expect(Authy::API.http_client).to receive(:request).never
       response = Authy::API.verify({})
       expect(response).to_not be_ok
       expect(response.message).to eq "Token format is invalid"
     end
   end
 
-  describe '.token_is_safe?' do
-    it 'checks minimum token size' do
-      expect(Authy::API.send(:token_is_safe?, '1')).to be false
+  describe ".token_is_safe?" do
+    it "checks minimum token size" do
+      expect(Authy::API.send(:token_is_safe?, "1")).to be false
     end
 
-    it 'checks valid characters' do
-      expect(Authy::API.send(:token_is_safe?, '123456')).to be true
-      expect(Authy::API.send(:token_is_safe?, '123456a')).to be false
+    it "checks valid characters" do
+      expect(Authy::API.send(:token_is_safe?, "123456")).to be true
+      expect(Authy::API.send(:token_is_safe?, "123456a")).to be false
     end
 
-    it 'checks maximum token size' do
-      expect(Authy::API.send(:token_is_safe?, '123456789098')).to be true
-      expect(Authy::API.send(:token_is_safe?, '1234567890987')).to be false
+    it "checks maximum token size" do
+      expect(Authy::API.send(:token_is_safe?, "123456789098")).to be true
+      expect(Authy::API.send(:token_is_safe?, "1234567890987")).to be false
     end
   end
 end