descope 1.0.4 → 1.0.6

data/spec/integration/lib.descope/api/v1/auth/otp_spec.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Auth::OTP do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::OTP)
+    @instance = dummy_instance
+    @user = build(:user)
+    @test_user = @client.create_test_user(**@user)['user']
+    @client.create_test_user(**@user)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  # SIGN INs
+  context 'test otp sign-in methods' do
+    it 'should sign in a new test user with otp via EMAIL' do
+      res = @client.generate_otp_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: @test_user['loginIds'][0]
+      )
+      @client.logger.info("res: #{res}")
+      @client.otp_verify_code(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: @user[:login_id],
+        code: res['code']
+      )
+    end
+
+    it 'should sign in a new test user with otp via SMS' do
+      res = @client.generate_otp_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::SMS,
+        login_id: @test_user['loginIds'][0]
+      )
+      @client.logger.info("res: #{res}")
+      @client.otp_verify_code(
+        method: Descope::Mixins::Common::DeliveryMethod::SMS,
+        login_id: @user[:login_id],
+        code: res['code']
+      )
+    end
+  end
+
+  # SIGN UPs
+  context 'test otp sign-up methods' do
+    it 'should sign up with otp via email' do
+      email = 'someone@example.com'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url, { loginId: email, email: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::EMAIL, login_id: email)
+      end.not_to raise_error
+    end
+
+    it 'should sign up with otp via SMS' do
+      phone = '+12123354465'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(Descope::Mixins::Common::DeliveryMethod::SMS), { loginId: phone, phone: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::SMS, login_id: phone)
+      end.not_to raise_error
+    end
+
+    it 'should sign up with otp via voice' do
+      phone = '+12123354465'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(Descope::Mixins::Common::DeliveryMethod::VOICE), { loginId: phone, phone: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::VOICE, login_id: phone)
+      end.not_to raise_error
+    end
+
+    it 'should fail to signup with invalid phone number via SMS' do
+      phone = '1$234.90'
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::SMS, login_id: phone)
+      end.to raise_error(Descope::AuthException, "Invalid pattern for phone number: #{phone}")
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/auth/password_spec.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rotp'
+
+describe Descope::Api::V1::Auth::Password do
+  before(:all) do
+    @password = SpecUtils.generate_password
+    @new_password = SpecUtils.generate_password
+    @user = build(:user)
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  context 'test password methods' do
+    it 'should get password policy' do
+      # Get the configured password policy for the project.
+      res = @client.get_password_policy
+      @client.logger.info("Password policy: #{res}")
+    end
+
+    it 'should sign up with password' do
+      res = @client.password_sign_up(login_id: @user[:login_id], password: @password, user: @user)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should sign in with password' do
+      res = @client.password_sign_in(login_id: @user[:login_id], password: @password)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should replace the password' do
+      res = @client.password_replace(login_id: @user[:login_id], old_password: @password, new_password: @new_password)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should login with new password' do
+      res = @client.password_sign_in(login_id: @user[:login_id], password: @new_password)
+      expect { res }.not_to raise_error
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/auth/totp_spec.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rotp'
+
+describe Descope::Api::V1::Auth::TOTP do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test totp methods' do
+    it 'should sign up with totp' do
+      # Initiate a TOTP sign-up process for a new end user.
+      # Descope will generate a TOTP key (also called a secret or seed) that will be entered into the end user's
+      # authenticator app so that TOTP codes can be successfully verified.
+      # The new end user will be registered after the full TOTP sign-up flow has successfully completed.
+
+      user = build(:user)
+
+      @client.logger.info('1. Sign up TOTP')
+      totp_key = @client.totp_sign_up(login_id: user[:login_id], user:)['key']
+      totp = ROTP::TOTP.new(totp_key)
+      p "Current OTP: #{totp.now}"
+
+      @client.logger.info('2. TOTP sign in')
+      login_res = @client.totp_sign_in_code(login_id: user[:login_id], code: totp.now)
+      @client.logger.info("login_res: #{login_res}")
+      refresh_token = login_res['refreshSessionToken']['jwt']
+
+      @client.logger.info('3. Verify email')
+      my_details = @client.me(refresh_token)
+      expect(my_details['email']).to eq(user[:email])
+    end
+
+    it 'should add or update totp key' do
+      # Add or update TOTP key for existing end user
+      # Update the email address of an end user, after verifying the authenticity of the end user using OTP.
+
+      user = build(:user)
+
+      @client.logger.info('1. Sign up TOTP')
+      totp_key = @client.totp_sign_up(login_id: user[:login_id], user:)['key']
+      totp = ROTP::TOTP.new(totp_key)
+      p "Current OTP: #{totp.now}"
+
+      @client.logger.info('2. TOTP sign in')
+      login_res = @client.totp_sign_in_code(login_id: user[:login_id], code: totp.now)
+      @client.logger.info("login_res: #{login_res}")
+      refresh_token = login_res['refreshSessionToken']['jwt']
+
+      @client.logger.info('3. Add or update TOTP key')
+      new_key = @client.totp_add_update_key(login_id: user[:login_id], refresh_token:)['key']
+      new_totp = ROTP::TOTP.new(new_key)
+      p "New OTP: #{totp.now}"
+
+      @client.logger.info('4. TOTP sign in with new key')
+      login_res = @client.totp_sign_in_code(login_id: user[:login_id], code: new_totp.now)
+      refresh_token = login_res['refreshSessionToken']['jwt']
+
+      @client.logger.info('5. Verify email')
+      my_details = @client.me(refresh_token)
+      expect(my_details['email']).to eq(user[:email])
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/management/access_key_spec.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::AccessKey do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  context 'perform access key methods like create, delete load' do
+    before(:all) do
+      @key_name = 'Ruby SDK Test Key'
+
+      keys = @client.search_all_access_keys['keys']
+      keys.each do |key|
+        if key['name'] == @key_name
+          @client.delete_access_key(key['id'])
+          @client.logger.info("deleting test access key #{@key_name}")
+        end
+      end
+
+      res = @client.search_all_tenants(names: ['some-new-tenant'])
+      res['tenants'].each do |tenant|
+        @client.delete_tenant(tenant['id'])
+      end
+
+      @client.logger.info('Creating tenant with name: some-new-tenant')
+      @tenant_id = @client.create_tenant(name: 'some-new-tenant')['id']
+      @client.logger.info('creating access key')
+      @access_key = @client.create_access_key(name: @key_name, key_tenants: [{ tenant_id: @tenant_id }])
+      sleep 60
+    end
+
+    it 'should create the access key and load it' do
+      response = @client.load_access_key(@access_key['key']['id'])
+      expect(response['key']['name']).to eq(@key_name)
+    end
+
+    it 'should update the access key' do
+      new_name = 'Ruby SDK Test Key Updated'
+      @client.logger.info("access key id: #{@access_key['key']['id']}")
+      response = @client.update_access_key(id: @access_key['key']['id'], name: new_name)
+      expect(response['key']['name']).to eq(new_name)
+    end
+
+    it 'should deactivate the access key' do
+      response = @client.deactivate_access_key(@access_key['key']['id'])
+      @client.logger.info("deactivate key response: #{response}")
+      # expect(response['key']['status']).to eq('DEACTIVATED')
+    end
+
+    it 'should activate the access key' do
+      response = @client.activate_access_key(@access_key['key']['id'])
+      @client.logger.info("activate key response: #{response}")
+    end
+
+    after(:all) do
+      @client.delete_access_key(@access_key['key']['id'])
+      @client.delete_tenant(@tenant_id)
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/management/audit_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::Audit do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    @client.logger.info('Deleting all tenants for Ruby SDK...')
+    @client.search_all_tenants(names: ['Ruby-SDK-test'])['tenants'].each do |tenant|
+      @client.logger.info("Deleting tenant: #{tenant['name']}")
+      @client.delete_tenant(tenant['id'])
+    end
+    @client.logger.info('Cleanup completed. Starting tests...')
+  end
+
+  after(:all) do
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        puts "Deleting ruby spec test user #{user['loginIds'][0]}"
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  it 'should search the audit trail for user operations' do
+    res = @client.audit_search(actions: ['LoginSucceed'])
+    expect(res).to be_a(Hash)
+    expect(res['audits']).to be_a(Array)
+  end
+
+  it 'should create a new audit event' do
+    # Create tenants
+    @client.logger.info('creating Ruby-SDK-test tenant')
+    tenant_id = @client.create_tenant(name: 'Ruby-SDK-test')['id']
+
+    # Create a user (actor)
+    user = build(:user)
+    created_user = @client.create_user(**user)['user']
+
+    expect do
+      res = @client.audit_create_event(
+        action: 'pencil.created',
+        type: 'info',
+        tenant_id:,
+        actor_id: created_user['loginIds'][0],
+        data: { 'key' => 'value' }
+      )
+      expect(res).to eq({})
+    end.not_to raise_error
+  end
+end

data/spec/integration/lib.descope/api/v1/management/authz_spec.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::Authz do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    puts 'authz schema delete'
+  end
+
+  context 'authz ops' do
+    before(:all) do
+      @client.authz_delete_schema
+    end
+
+    it 'should create a new schema' do
+      puts 'Creating the ReBAC schema...'
+      schema = {
+        name: '1.0',
+        namespaces: [
+          {
+            name: 'group',
+            relationDefinitions: [
+              {
+                name: 'member'
+              },
+              {
+                name: 'owner'
+              }
+            ]
+          },
+          {
+            name: 'note',
+            relationDefinitions: [
+              {
+                name: 'owner'
+              },
+              {
+                name: 'editor',
+                complexDefinition: {
+                  nType: 'union',
+                  children: [
+                    {
+                      nType: 'child',
+                      expression: {
+                        neType: 'self'
+                      }
+                    },
+                    {
+                      nType: 'child',
+                      expression: {
+                        neType: 'targetSet',
+                        targetRelationDefinition: 'owner',
+                        targetRelationDefinitionNamespace: 'note'
+                      }
+                    }
+                  ]
+                }
+              },
+              {
+                name: 'viewer',
+                complexDefinition: {
+                  nType: 'union',
+                  children: [
+                    {
+                      nType: 'child',
+                      expression: {
+                        neType: 'self'
+                      }
+                    },
+                    {
+                      nType: 'child',
+                      expression: {
+                        neType: 'targetSet',
+                        targetRelationDefinition: 'editor',
+                        targetRelationDefinitionNamespace: 'note'
+                      }
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        ]
+      }
+      @client.authz_save_schema(schema:, upgrade: true)
+    end
+
+    it 'should create relation definition' do
+      @client.authz_save_relation_definition(
+        relation_definition: {
+          name: 'owner'
+        },
+        namespace: 'group'
+      )
+      @client.authz_save_relation_definition(
+        relation_definition: {
+          name: 'member'
+        },
+        namespace: 'group'
+      )
+      @client.authz_save_relation_definition(
+        relation_definition: {
+          name: 'owner'
+        },
+        namespace: 'note'
+      )
+      @client.authz_save_relation_definition(
+        relation_definition: {
+          name: 'editor',
+          complexDefinition: {
+            nType: 'union',
+            children: [
+              {
+                nType: 'child',
+                expression: {
+                  neType: 'self'
+                }
+              },
+              {
+                nType: 'child',
+                expression: {
+                  neType: 'targetSet',
+                  targetRelationDefinition: 'owner',
+                  targetRelationDefinitionNamespace: 'note'
+                }
+              }
+            ]
+          }
+        },
+        namespace: 'note'
+      )
+      @client.authz_save_relation_definition(
+        relation_definition: {
+          name: 'viewer',
+          complexDefinition: {
+            nType: 'union',
+            children: [
+              {
+                nType: 'child',
+                expression: {
+                  neType: 'self'
+                }
+              },
+              {
+                nType: 'child',
+                expression: {
+                  neType: 'targetSet',
+                  targetRelationDefinition: 'editor',
+                  targetRelationDefinitionNamespace: 'note'
+                }
+              }
+            ]
+          }
+        },
+        namespace: 'note'
+      )
+    end
+
+    it 'should create a relation between a resource and user' do
+      @client.authz_create_relations(
+        [
+          {
+            "resource": 'some-doc',
+            "relationDefinition": 'owner',
+            "namespace": 'note',
+            "target": 'user1'
+          }
+        ]
+      )
+
+      # Check if target has the relevant relation
+      # The answer should be true because an owner is also a viewer
+      relations = @client.authz_has_relations?(
+        [
+          {
+            "resource": 'some-doc',
+            "relationDefinition": 'viewer',
+            "namespace": 'note',
+            "target": 'user1'
+          }
+        ]
+      )
+      expect(relations['relationQueries'][0]['hasRelation']).to be_truthy
+    end
+  end
+end

data/spec/integration/lib.descope/api/v1/management/flow_spec.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::Flow do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  it 'should return a list of flows' do
+    flows = @client.list_or_search_flows['flows']
+    expect(flows.length).to be > 5
+  end
+
+  it 'should search for the sign-up-or-in flow' do
+    flows = @client.list_or_search_flows(['sign-up-or-in'])['flows']
+    expect(flows.length).to eq(1)
+    expect(flows[0]['name']).to eq('Sign Up or In')
+  end
+
+  it 'should export the sign-up-or-in flow' do
+    export = @client.export_flow('sign-up-or-in')
+    expect(export['flow']['name']).to eq('Sign Up or In')
+    expect(export['screens'].length).to be > 1
+  end
+
+  it 'should import the sign-up-or-in flow' do
+    flow = @client.export_flow('sign-up-or-in')
+    imported_flow = @client.import_flow(flow_id: 'sign-up-or-in', flow: flow['flow'], screens: flow['screens'])
+    expect(imported_flow).not_to be_nil
+  end
+
+  it 'should export the current project theme' do
+    theme = @client.export_theme
+    expect(theme['theme']['cssTemplate']).not_to be_empty
+  end
+
+  it 'should import the current project theme' do
+    export_theme = @client.export_theme
+    export_theme_current_version = export_theme['theme']['version']
+    imported_theme = @client.import_theme(export_theme)
+    expect(imported_theme['theme']['version']).to be(export_theme_current_version + 1)
+  end
+end

data/spec/integration/lib.descope/api/v1/management/permissions_spec.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::Permission do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    @client.load_all_permissions['permissions'].each do |perm|
+      if perm['description'] == 'Ruby SDK'
+        puts "Deleting permission: #{perm['name']}"
+        @client.delete_permission(perm['name'])
+      end
+    end
+  end
+
+  it 'should create update and delete a permission' do
+    @client.create_permission(name: 'test_permission', description: 'Ruby SDK')
+    all_permissions = @client.load_all_permissions['permissions']
+    expect(all_permissions.any? { |perm| perm['name'] == 'test_permission' }).to eq(true)
+    @client.update_permission(name: 'test_permission', new_name: 'test_permission_2')
+    all_permissions = @client.load_all_permissions['permissions']
+    expect(all_permissions.any? { |perm| perm['name'] == 'test_permission_2' }).to eq(true)
+    @client.delete_permission('test_permission_2')
+    all_permissions = @client.load_all_permissions['permissions']
+    expect(all_permissions.any? { |perm| perm['name'] == 'test_permission_2' }).to eq(false)
+  end
+end

data/spec/integration/lib.descope/api/v1/management/project_spec.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Management::Project do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+    @export_output = @client.export_project
+  end
+
+  context 'Test project methods' do
+    after(:all) do
+      @client.rename_project('Ruby-SDK-Prod')
+    end
+
+    it 'should rename a project' do
+      @client.rename_project('TEST-Ruby-SDK-Prod')
+    end
+
+    it 'should export a project' do
+      expect(@export_output).to_not be_empty
+      expect(@export_output).to be_a(Hash)
+    end
+
+    it 'should import a project' do
+      @client.import_project(files: @export_output['files'])
+    end
+  end
+end