RubyGems - descope - Versions diffs - 1.0.4 - Mend

descope 1.0.4

Files changed (197) hide show

checksums.yaml +7 -0
data/.github/workflows/ci.yaml +54 -0
data/.gitignore +59 -0
data/.release-please-manifest.json +3 -0
data/.rubocop.yml +10 -0
data/.rubocop_todo.yml +10 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +90 -0
data/Gemfile +22 -0
data/Gemfile.lock +204 -0
data/LICENSE +21 -0
data/README.md +1171 -0
data/Rakefile +31 -0
data/descope.gemspec +34 -0
data/examples/ruby/Gemfile +4 -0
data/examples/ruby/Gemfile.lock +41 -0
data/examples/ruby/access_key_app.rb +45 -0
data/examples/ruby/enchantedlink_app.rb +65 -0
data/examples/ruby/magiclink_app.rb +81 -0
data/examples/ruby/management/Gemfile +5 -0
data/examples/ruby/management/Gemfile.lock +38 -0
data/examples/ruby/management/access_key_app.rb +71 -0
data/examples/ruby/management/audit_app.rb +25 -0
data/examples/ruby/management/authz_app.rb +135 -0
data/examples/ruby/management/authz_files.json +229 -0
data/examples/ruby/management/flow_app.rb +57 -0
data/examples/ruby/management/permission_app.rb +56 -0
data/examples/ruby/management/role_app.rb +58 -0
data/examples/ruby/management/tenant_app.rb +60 -0
data/examples/ruby/management/user_app.rb +60 -0
data/examples/ruby/oauth_app.rb +39 -0
data/examples/ruby/otp_app.rb +50 -0
data/examples/ruby/password_app.rb +76 -0
data/examples/ruby/saml_app.rb +38 -0
data/examples/ruby-on-rails-api/descope/.dockerignore +37 -0
data/examples/ruby-on-rails-api/descope/.gitattributes +9 -0
data/examples/ruby-on-rails-api/descope/.gitignore +40 -0
data/examples/ruby-on-rails-api/descope/.node-version +1 -0
data/examples/ruby-on-rails-api/descope/.ruby-version +1 -0
data/examples/ruby-on-rails-api/descope/Dockerfile +75 -0
data/examples/ruby-on-rails-api/descope/Gemfile +67 -0
data/examples/ruby-on-rails-api/descope/Gemfile.lock +284 -0
data/examples/ruby-on-rails-api/descope/Procfile.dev +3 -0
data/examples/ruby-on-rails-api/descope/README.md +54 -0
data/examples/ruby-on-rails-api/descope/Rakefile +6 -0
data/examples/ruby-on-rails-api/descope/app/assets/builds/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/config/manifest.js +3 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/descope.jpeg +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/favicon.ico +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/logo192.png +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/images/logo512.png +0 -0
data/examples/ruby-on-rails-api/descope/app/assets/stylesheets/application.bootstrap.scss +67 -0
data/examples/ruby-on-rails-api/descope/app/channels/application_cable/channel.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/channels/application_cable/connection.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/controllers/application_controller.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/controllers/concerns/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/controllers/homepage_controller.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/controllers/session_controller.rb +66 -0
data/examples/ruby-on-rails-api/descope/app/helpers/application_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/helpers/homepage_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/helpers/session_helper.rb +2 -0
data/examples/ruby-on-rails-api/descope/app/javascript/App.css +53 -0
data/examples/ruby-on-rails-api/descope/app/javascript/application.js +5 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/App.jsx +4 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Dashboard.jsx +60 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Home.jsx +27 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Login.jsx +45 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/Profile.jsx +81 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/index.html +11 -0
data/examples/ruby-on-rails-api/descope/app/javascript/components/index.jsx +24 -0
data/examples/ruby-on-rails-api/descope/app/javascript/controllers/application.js +9 -0
data/examples/ruby-on-rails-api/descope/app/javascript/controllers/index.js +5 -0
data/examples/ruby-on-rails-api/descope/app/javascript/reportWebVitals.js +13 -0
data/examples/ruby-on-rails-api/descope/app/javascript/routes/index.jsx +17 -0
data/examples/ruby-on-rails-api/descope/app/jobs/application_job.rb +7 -0
data/examples/ruby-on-rails-api/descope/app/mailers/application_mailer.rb +4 -0
data/examples/ruby-on-rails-api/descope/app/models/application_record.rb +3 -0
data/examples/ruby-on-rails-api/descope/app/models/concerns/.keep +0 -0
data/examples/ruby-on-rails-api/descope/app/views/homepage/index.html.erb +2 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/application.html.erb +16 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.html.erb +13 -0
data/examples/ruby-on-rails-api/descope/app/views/layouts/mailer.text.erb +1 -0
data/examples/ruby-on-rails-api/descope/app/views/session/index.html.erb +2 -0
data/examples/ruby-on-rails-api/descope/bin/bundle +109 -0
data/examples/ruby-on-rails-api/descope/bin/dev +11 -0
data/examples/ruby-on-rails-api/descope/bin/docker-entrypoint +8 -0
data/examples/ruby-on-rails-api/descope/bin/rails +4 -0
data/examples/ruby-on-rails-api/descope/bin/rake +4 -0
data/examples/ruby-on-rails-api/descope/bin/setup +36 -0
data/examples/ruby-on-rails-api/descope/build.js +30 -0
data/examples/ruby-on-rails-api/descope/config/application.rb +42 -0
data/examples/ruby-on-rails-api/descope/config/boot.rb +4 -0
data/examples/ruby-on-rails-api/descope/config/cable.yml +10 -0
data/examples/ruby-on-rails-api/descope/config/config.yml +9 -0
data/examples/ruby-on-rails-api/descope/config/credentials.yml.enc +1 -0
data/examples/ruby-on-rails-api/descope/config/database.yml +25 -0
data/examples/ruby-on-rails-api/descope/config/environment.rb +5 -0
data/examples/ruby-on-rails-api/descope/config/environments/development.rb +76 -0
data/examples/ruby-on-rails-api/descope/config/environments/production.rb +97 -0
data/examples/ruby-on-rails-api/descope/config/environments/test.rb +64 -0
data/examples/ruby-on-rails-api/descope/config/initializers/assets.rb +13 -0
data/examples/ruby-on-rails-api/descope/config/initializers/content_security_policy.rb +25 -0
data/examples/ruby-on-rails-api/descope/config/initializers/filter_parameter_logging.rb +8 -0
data/examples/ruby-on-rails-api/descope/config/initializers/inflections.rb +16 -0
data/examples/ruby-on-rails-api/descope/config/initializers/load_config.rb +12 -0
data/examples/ruby-on-rails-api/descope/config/initializers/permissions_policy.rb +13 -0
data/examples/ruby-on-rails-api/descope/config/locales/en.yml +31 -0
data/examples/ruby-on-rails-api/descope/config/puma.rb +35 -0
data/examples/ruby-on-rails-api/descope/config/routes.rb +18 -0
data/examples/ruby-on-rails-api/descope/config/storage.yml +34 -0
data/examples/ruby-on-rails-api/descope/config.ru +6 -0
data/examples/ruby-on-rails-api/descope/db/seeds.rb +9 -0
data/examples/ruby-on-rails-api/descope/lib/assets/.keep +0 -0
data/examples/ruby-on-rails-api/descope/lib/tasks/.keep +0 -0
data/examples/ruby-on-rails-api/descope/log/.keep +0 -0
data/examples/ruby-on-rails-api/descope/package-lock.json +19680 -0
data/examples/ruby-on-rails-api/descope/package.json +51 -0
data/examples/ruby-on-rails-api/descope/public/404.html +67 -0
data/examples/ruby-on-rails-api/descope/public/422.html +67 -0
data/examples/ruby-on-rails-api/descope/public/500.html +66 -0
data/examples/ruby-on-rails-api/descope/public/apple-touch-icon-precomposed.png +0 -0
data/examples/ruby-on-rails-api/descope/public/apple-touch-icon.png +0 -0
data/examples/ruby-on-rails-api/descope/public/favicon.ico +0 -0
data/examples/ruby-on-rails-api/descope/public/robots.txt +1 -0
data/examples/ruby-on-rails-api/descope/storage/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/pids/.keep +0 -0
data/examples/ruby-on-rails-api/descope/tmp/storage/.keep +0 -0
data/examples/ruby-on-rails-api/descope/vendor/.keep +0 -0
data/examples/ruby-on-rails-api/descope/yarn.lock +10780 -0
data/lib/descope/api/v1/auth/enchantedlink.rb +156 -0
data/lib/descope/api/v1/auth/magiclink.rb +170 -0
data/lib/descope/api/v1/auth/oauth.rb +72 -0
data/lib/descope/api/v1/auth/otp.rb +186 -0
data/lib/descope/api/v1/auth/password.rb +100 -0
data/lib/descope/api/v1/auth/saml.rb +48 -0
data/lib/descope/api/v1/auth/totp.rb +72 -0
data/lib/descope/api/v1/auth.rb +452 -0
data/lib/descope/api/v1/management/access_key.rb +81 -0
data/lib/descope/api/v1/management/audit.rb +82 -0
data/lib/descope/api/v1/management/authz.rb +165 -0
data/lib/descope/api/v1/management/common.rb +147 -0
data/lib/descope/api/v1/management/flow.rb +55 -0
data/lib/descope/api/v1/management/password.rb +58 -0
data/lib/descope/api/v1/management/permission.rb +48 -0
data/lib/descope/api/v1/management/project.rb +53 -0
data/lib/descope/api/v1/management/role.rb +48 -0
data/lib/descope/api/v1/management/scim.rb +206 -0
data/lib/descope/api/v1/management/sso_settings.rb +153 -0
data/lib/descope/api/v1/management/tenant.rb +71 -0
data/lib/descope/api/v1/management/user.rb +619 -0
data/lib/descope/api/v1/management.rb +38 -0
data/lib/descope/api/v1/session.rb +84 -0
data/lib/descope/api/v1.rb +13 -0
data/lib/descope/client.rb +6 -0
data/lib/descope/exception.rb +50 -0
data/lib/descope/mixins/common.rb +129 -0
data/lib/descope/mixins/headers.rb +15 -0
data/lib/descope/mixins/http.rb +133 -0
data/lib/descope/mixins/initializer.rb +80 -0
data/lib/descope/mixins/logging.rb +30 -0
data/lib/descope/mixins/validation.rb +79 -0
data/lib/descope/mixins.rb +22 -0
data/lib/descope/version.rb +7 -0
data/lib/descope.rb +9 -0
data/lib/descope_client.rb +5 -0
data/release-please-config.json +18 -0
data/renovate.json +6 -0
data/spec/factories/user.rb +16 -0
data/spec/lib.descope/api/v1/auth/enchantedlink_spec.rb +159 -0
data/spec/lib.descope/api/v1/auth/magiclink_spec.rb +282 -0
data/spec/lib.descope/api/v1/auth/oauth_spec.rb +117 -0
data/spec/lib.descope/api/v1/auth/otp_spec.rb +285 -0
data/spec/lib.descope/api/v1/auth/password_spec.rb +124 -0
data/spec/lib.descope/api/v1/auth/saml_spec.rb +55 -0
data/spec/lib.descope/api/v1/auth/totp_spec.rb +70 -0
data/spec/lib.descope/api/v1/auth_spec.rb +372 -0
data/spec/lib.descope/api/v1/management/access_key_spec.rb +118 -0
data/spec/lib.descope/api/v1/management/audit_spec.rb +78 -0
data/spec/lib.descope/api/v1/management/authz_spec.rb +336 -0
data/spec/lib.descope/api/v1/management/flow_spec.rb +78 -0
data/spec/lib.descope/api/v1/management/password_spec.rb +25 -0
data/spec/lib.descope/api/v1/management/permission_spec.rb +81 -0
data/spec/lib.descope/api/v1/management/project_spec.rb +63 -0
data/spec/lib.descope/api/v1/management/role_spec.rb +85 -0
data/spec/lib.descope/api/v1/management/scim_spec.rb +312 -0
data/spec/lib.descope/api/v1/management/sso_settings_spec.rb +172 -0
data/spec/lib.descope/api/v1/management/tenant_spec.rb +141 -0
data/spec/lib.descope/api/v1/management/user_spec.rb +667 -0
data/spec/lib.descope/api/v1/session_spec.rb +117 -0
data/spec/lib.descope/client_spec.rb +40 -0
data/spec/spec_helper.rb +72 -0
data/spec/support/client_config.rb +14 -0
data/spec/support/dummy_class.rb +36 -0
data/spec/support/utils.rb +32 -0
metadata +420 -0

data/lib/descope/api/v1/management/audit.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Audit
+          include Descope::Api::V1::Management::Common
+          def audit_search(
+            user_ids: nil,
+            actions: nil,
+            exclude_actions: nil,
+            devices: nil,
+            methods: nil,
+            geos: nil,
+            remote_addresses: nil,
+            login_ids: nil,
+            tenants: nil,
+            no_tenants: false,
+            text: nil,
+            from_ts: nil,
+            to_ts: nil
+          )
+            # Search the audit trail up to last 30 days based on given parameters
+            # user_ids (Array): Optional list of user IDs to filter by
+            # actions (Array): Optional list of actions to filter by
+            # excluded_actions (Array): Optional list of actions to exclude
+            # devices (Array): Optional list of devices to filter by. Current devices supported are "Bot"/"Mobile"/"Desktop"/"Tablet"/"Unknown"
+            # methods (Array): Optional list of methods to filter by. Current auth methods are "otp"/"totp"/"magiclink"/"oauth"/"saml"/"password"
+            # geos (Array): Optional list of geos to filter by. Geo is currently country code like "US", "IL", etc.
+            # remote_addresses (Array): Optional list of remote addresses to filter by
+            # login_ids (Array): Optional list of login IDs to filter by
+            # tenants (Array): Optional list of tenants to filter by
+            # no_tenants (bool): Should audits without any tenants always be included
+            # text (str): Free text search across all fields
+            # from_ts (datetime): Retrieve records newer than given time but not older than 30 days
+            # to_ts (datetime): Retrieve records older than given time
+            request_params = {
+              noTenants: no_tenants
+            }
+            request_params[:userIds] = user_ids unless user_ids.nil?
+            request_params[:actions] = actions unless actions.nil?
+            request_params[:excludeActions] = exclude_actions unless exclude_actions.nil?
+            request_params[:devices] = devices unless devices.nil?
+            request_params[:methods] = methods unless methods.nil?
+            request_params[:geos] = geos unless geos.nil?
+            request_params[:remoteAddresses] = remote_addresses unless remote_addresses.nil?
+            request_params[:externalIds] = login_ids unless login_ids.nil?
+            request_params[:tenants] = tenants unless tenants.nil?
+            request_params[:text] = text unless text.nil?
+            request_params[:from] = from_ts.to_i * 1000 unless from_ts.nil?
+            request_params[:to] = to_ts.to_i * 1000 unless to_ts.nil?
+            res = post(AUDIT_SEARCH, request_params)
+            raise Descope::AuthException, "could not get audits: #{res}" if res['audits'].nil?
+            { 'audits' => res['audits'].map { |audit| convert_audit_record(audit) } }
+          end
+          private
+          def convert_audit_record(audit)
+            {
+              'projectId' => audit['projectId'] || '',
+              'userId' => audit['userId'] || '',
+              'action' => audit['action'] || '',
+              'occurred' => audit['occurred'] || '',
+              'device' => audit['device'] || '',
+              'method' => audit['method'] || '',
+              'geo' => audit['geo'] || '',
+              'remoteAddress' => audit['remoteAddress'] || '',
+              'loginIds' => audit['externalIds'] || '',
+              'tenants' => audit['tenants'] || '',
+              'data' => audit['data'] || ''
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/authz.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Authz
+          include Descope::Api::V1::Management::Common
+          def authz_save_schema(schema: nil, upgrade: false)
+            #  Create or update the ReBAC schema.
+            #  In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.
+            #  Args:
+            #  schema (dict): the schema dict with format
+            #       {
+            #           "name": "name-of-schema",
+            #           "namespaces": [
+            #               {
+            #                   "name": "name-of-namespace",
+            #                   "relationDefinitions": [
+            #                       {
+            #                           "name": "name-of-relation-definition",
+            #                           "complexDefinition": {
+            #                               "nType": "one of child|union|intersect|sub",
+            #                               "children": "optional list of node children - same format as complexDefinition",
+            #                               "expression": {
+            #                                   "neType": "one of self|targetSet|relationLeft|relationRight",
+            #                                   "relationDefinition": "name of relation definition for relationLeft and relationRight",
+            #                                   "relationDefinitionNamespace": "the namespace for the rd above",
+            #                                   "targetRelationDefinition": "relation definition for targetSet and relationLeft/right",
+            #                                   "targetRelationDefinitionNamespace": "the namespace for above"
+            #                               }
+            #                           }
+            #                       }
+            #                   ]
+            #               }
+            #           ]
+            #       }
+            #   Schema name can be used for projects to track versioning.
+            #  @see https://docs.descope.com/api/openapi/authz/operation/SaveSchema/
+            request_params = { schema:, upgrade: }
+            post(AUTHZ_SCHEMA_SAVE, request_params)
+          end
+          def authz_delete_schema
+            # Delete the schema for the project which will also delete all relations.
+            post(AUTHZ_SCHEMA_DELETE)
+          end
+          def authz_load_schema
+            # Load the schema for the project.
+            post(AUTHZ_SCHEMA_LOAD)
+          end
+          def authz_save_namespace(namespace: nil, old_name: nil, schema_name: nil)
+            # Create or update the given namespace
+            # Will not delete relation definitions not mentioned in the namespace.
+            request_params = { namespace: namespace }
+            request_params[:oldName] = old_name unless old_name.nil?
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_NS_SAVE, request_params)
+          end
+          def authz_delete_namespace(name: nil, schema_name: nil)
+            # Delete the given namespace
+            request_params = { name: name }
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_NS_DELETE, request_params)
+          end
+          def authz_save_relation_definition(relation_definition: nil, namespace: nil, old_name: nil, schema_name: nil)
+            # Create or update the given relation definition
+            #  Will not delete relation definitions not mentioned in the namespace.
+            request_params = {
+              relationDefinition: relation_definition,
+              namespace:
+            }
+            request_params[:old_name] = old_name unless old_name.nil?
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_RD_SAVE, request_params)
+          end
+          def authz_delete_relation_definition(name: nil, namespace: nil, schema_name: nil)
+            # Delete the given relation definition
+            request_params = { name: , namespace:  }
+            request_params[:schemaName] = schema_name unless schema_name.nil?
+            post(AUTHZ_RD_DELETE, request_params)
+          end
+          def authz_create_relations(relations = nil)
+            # Create the given relations based on the existing schema
+            #  relations (Array[]): the relations to create. Each in the following format:
+            #   {
+            #       "resource": "id of the resource that has the relation",
+            #       "relationDefinition": "the relation definition for the relation",
+            #       "namespace": "namespace for the relation definition",
+            #       "target": "the target that has the relation - usually users or other resources",
+            #       "targetSetResource": "if the target is a group that has another relation",
+            #       "targetSetRelationDefinition": "the relation definition for the targetSet group",
+            #       "targetSetRelationDefinitionNamespace": "the namespace for the relation definition for the targetSet group",
+            #       "query": {
+            #           "tenants": ["t1", "t2"],
+            #           "roles": ["r1", "r2"],
+            #           "text": "full-text-search",
+            #           "statuses": ["enabled|disabled|invited"],
+            #           "ssoOnly": True|False,
+            #           "withTestUser": True|False,
+            #           "customAttributes": {
+            #               "key": "value",
+            #               ...
+            #           }
+            #       }
+            #   }
+            #   Each relation should have exactly one of: target, targetSet, query
+            #   Regarding query above, it should be specified if the target is a set of users that matches the query - all fields are optional
+            post(AUTHZ_RE_CREATE, { relations: })
+          end
+          def authz_delete_relations(relations = nil)
+            # Delete the given relations based on the existing schema
+            post(AUTHZ_RE_DELETE, { relations: })
+          end
+          def authz_delete_relations_for_resources(resources = nil)
+            # Delete all relations for the given resources
+            post(AUTHZ_RE_DELETE_RESOURCES, { resources: })
+          end
+          def authz_has_relations?(relation_queries = nil)
+            # Queries the given relations to see if they exist returning true if they do
+            post(AUTHZ_RE_HAS_RELATIONS, { relationQueries: relation_queries })
+          end
+          def authz_who_can_access?(resource: nil, relation_definition: nil, namespace: nil)
+            #  Finds the list of targets (usually users) who can access the given resource with the given RD
+            request_params = {
+              resource:,
+              relationDefinition: relation_definition,
+              namespace:
+            }
+            post(AUTHZ_RE_WHO, request_params)
+          end
+          def authz_resource_relations(resources: nil)
+            post(AUTHZ_RE_RESOURCE, { resources: })
+          end
+          def authz_target_relations(targets: nil)
+            # Returns the list of all defined relations (not recursive) for the given targets.
+            post(AUTHZ_RE_TARGETS, { targets: })
+          end
+          def authz_what_can_target_access?(target: nil)
+            # Returns the list of all relations for the given target including derived relations from the schema tree.
+            res = post(AUTHZ_RE_TARGET_ALL, { target: })
+            raise Descope::AuthException, "could not get relation for target: #{res}" if res['relations'].nil?
+            res['relations']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/common.rb ADDED Viewed

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Common Management constants
+        module Common
+          # tenant
+          TENANT_CREATE_PATH = '/v1/mgmt/tenant/create'
+          TENANT_UPDATE_PATH = '/v1/mgmt/tenant/update'
+          TENANT_DELETE_PATH = '/v1/mgmt/tenant/delete'
+          TENANT_LOAD_PATH = '/v1/mgmt/tenant'
+          TENANT_LOAD_ALL_PATH = '/v1/mgmt/tenant/all'
+          TENANT_SEARCH_ALL_PATH = '/v1/mgmt/tenant/search'
+          PASSWORD_SETTINGS_PATH = '/v1/mgmt/password/settings'
+          # userUSER_CREATE_PATH
+          USER_CREATE_PATH = '/v1/mgmt/user/create'
+          USER_CREATE_BATCH_PATH = '/v1/mgmt/user/create/batch'
+          USER_UPDATE_PATH = '/v1/mgmt/user/update'
+          USER_DELETE_PATH = '/v1/mgmt/user/delete'
+          USER_LOGOUT_PATH = '/v1/mgmt/user/logout'
+          USER_DELETE_ALL_TEST_USERS_PATH = '/v1/mgmt/user/test/delete/all'
+          USER_LOAD_PATH = '/v1/mgmt/user'
+          USERS_SEARCH_PATH = '/v1/mgmt/user/search'
+          USER_GET_PROVIDER_TOKEN = '/v1/mgmt/user/provider/token'
+          USER_UPDATE_STATUS_PATH = '/v1/mgmt/user/update/status'
+          USER_UPDATE_LOGIN_ID_PATH = '/v1/mgmt/user/update/loginid'
+          USER_UPDATE_EMAIL_PATH = '/v1/mgmt/user/update/email'
+          USER_UPDATE_PHONE_PATH = '/v1/mgmt/user/update/phone'
+          USER_UPDATE_NAME_PATH = '/v1/mgmt/user/update/name'
+          USER_UPDATE_PICTURE_PATH = '/v1/mgmt/user/update/picture'
+          USER_UPDATE_CUSTOM_ATTRIBUTE_PATH = '/v1/mgmt/user/update/customAttribute'
+          USER_ADD_ROLE_PATH = '/v1/mgmt/user/update/role/add'
+          USER_REMOVE_ROLE_PATH = '/v1/mgmt/user/update/role/remove'
+          USER_SET_PASSWORD_PATH = '/v1/mgmt/user/password/set'
+          USER_EXPIRE_PASSWORD_PATH = '/v1/mgmt/user/password/expire'
+          USER_ADD_TENANT_PATH = '/v1/mgmt/user/update/tenant/add'
+          USER_REMOVE_TENANT_PATH = '/v1/mgmt/user/update/tenant/remove'
+          USER_GENERATE_OTP_FOR_TEST_PATH = '/v1/mgmt/tests/generate/otp'
+          USER_GENERATE_MAGIC_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/magiclink'
+          USER_GENERATE_ENCHANTED_LINK_FOR_TEST_PATH = '/v1/mgmt/tests/generate/enchantedlink'
+          USER_GENERATE_EMBEDDED_LINK_PATH = '/v1/mgmt/user/signin/embeddedlink'
+          # access key
+          ACCESS_KEY_CREATE_PATH = '/v1/mgmt/accesskey/create'
+          ACCESS_KEY_LOAD_PATH = '/v1/mgmt/accesskey'
+          ACCESS_KEYS_SEARCH_PATH = '/v1/mgmt/accesskey/search'
+          ACCESS_KEY_UPDATE_PATH = '/v1/mgmt/accesskey/update'
+          ACCESS_KEY_DEACTIVATE_PATH = '/v1/mgmt/accesskey/deactivate'
+          ACCESS_KEY_ACTIVATE_PATH = '/v1/mgmt/accesskey/activate'
+          ACCESS_KEY_DELETE_PATH = '/v1/mgmt/accesskey/delete'
+          # sso
+          SSO_SETTINGS_PATH = '/v2/mgmt/sso/settings'
+          SSO_OIDC_PATH = '/v1/mgmt/sso/oidc' # configure ssp settings via oidc
+          SSO_OIDC_CREATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
+          SSO_OIDC_UPDATE_APP_PATH = '/v1/mgmt/sso/idp/app/oidc/create'
+          SSO_SAML_PATH = '/v1/mgmt/sso/saml' # configure ssp settings via saml
+          SSO_SAML_METADATA_PATH = '/v1/mgmt/sso/saml/metadata' # configure ssp settings via saml metadata
+          # SCIM
+          SCIM_GROUPS_PATH = '/scim/v2/Groups'
+          SCIM_RESOURCE_TYPES_PATH = '/scim/v2/ResourceTypes'
+          SCIM_SERVICE_PROVIDER_CONFIG_PATH = '/scim/v2/ServiceProviderConfig'
+          SCIM_USERS_PATH = '/scim/v2/Users'
+          # jwt
+          UPDATE_JWT_PATH = '/v1/mgmt/jwt/update'
+          # permission
+          PERMISSION_CREATE_PATH = '/v1/mgmt/permission/create'
+          PERMISSION_UPDATE_PATH = '/v1/mgmt/permission/update'
+          PERMISSION_DELETE_PATH = '/v1/mgmt/permission/delete'
+          PERMISSION_LOAD_ALL_PATH = '/v1/mgmt/permission/all'
+          # role
+          ROLE_CREATE_PATH = '/v1/mgmt/role/create'
+          ROLE_UPDATE_PATH = '/v1/mgmt/role/update'
+          ROLE_DELETE_PATH = '/v1/mgmt/role/delete'
+          ROLE_LOAD_ALL_PATH = '/v1/mgmt/role/all'
+          # flow
+          FLOW_LIST_PATH = '/v1/mgmt/flow/list'
+          FLOW_IMPORT_PATH = '/v1/mgmt/flow/import'
+          FLOW_EXPORT_PATH = '/v1/mgmt/flow/export'
+          # theme
+          THEME_IMPORT_PATH = '/v1/mgmt/theme/import'
+          THEME_EXPORT_PATH = '/v1/mgmt/theme/export'
+          # group
+          GROUP_LOAD_ALL_PATH = '/v1/mgmt/group/all'
+          GROUP_LOAD_ALL_FOR_MEMBER_PATH = '/v1/mgmt/group/member/all'
+          GROUP_LOAD_ALL_GROUP_MEMBERS_PATH = '/v1/mgmt/group/members'
+          # Audit
+          AUDIT_SEARCH = '/v1/mgmt/audit/search'
+          # Authz ReBAC
+          AUTHZ_SCHEMA_SAVE = '/v1/mgmt/authz/schema/save'
+          AUTHZ_SCHEMA_DELETE = '/v1/mgmt/authz/schema/delete'
+          AUTHZ_SCHEMA_LOAD = '/v1/mgmt/authz/schema/load'
+          AUTHZ_NS_SAVE = '/v1/mgmt/authz/ns/save'
+          AUTHZ_NS_DELETE = '/v1/mgmt/authz/ns/delete'
+          AUTHZ_RD_SAVE = '/v1/mgmt/authz/rd/save'
+          AUTHZ_RD_DELETE = '/v1/mgmt/authz/rd/delete'
+          AUTHZ_RE_CREATE = '/v1/mgmt/authz/re/create'
+          AUTHZ_RE_DELETE = '/v1/mgmt/authz/re/delete'
+          AUTHZ_RE_DELETE_RESOURCES = '/v1/mgmt/authz/re/deleteresources'
+          AUTHZ_RE_HAS_RELATIONS = '/v1/mgmt/authz/re/has'
+          AUTHZ_RE_WHO = '/v1/mgmt/authz/re/who'
+          AUTHZ_RE_RESOURCE = '/v1/mgmt/authz/re/resource'
+          AUTHZ_RE_TARGETS = '/v1/mgmt/authz/re/targets'
+          AUTHZ_RE_TARGET_ALL = '/v1/mgmt/authz/re/targetall'
+          # Project
+          PROJECT_UPDATE_NAME = '/v1/mgmt/project/update/name'
+          PROJECT_CLONE = '/v1/mgmt/project/clone'
+          PROJECT_EXPORT_PATH = '/v1/mgmt/project/export'
+          PROJECT_IMPORT_PATH = '/v1/mgmt/project/import'
+          PROJECT_DELETE_PATH = '/v1/mgmt/project/delete'
+          def associated_tenants_to_hash_array(associated_tenants = [])
+            # Represents a tenant association for a User or Access Key. The tenant_id is required to denote
+            # which tenant the user or access key belongs to. The role_names array is an optional list of
+            # roles for the user or access key in this specific tenant.
+            # @param [Array] associated_tenants - list of associated tenants in the format of
+            #  [{tenant_id: 'tenant_id', role_names: ['role_name1', 'role_name2']}]
+            associated_tenants = associated_tenants.nil? ? [] : associated_tenants
+            associated_tenant_list = []
+            associated_tenants.each do |tenant|
+              associated_tenant_list.append(
+                {
+                  "tenantId": tenant[:tenant_id],
+                  "roleNames": tenant[:role_names]
+                }
+              )
+            end
+            associated_tenant_list
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/flow.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Flow
+          include Descope::Api::V1::Management::Common
+          #        List all project flows
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ListFlows/
+          # To list all flows, send an empty body such as: { } or { "ids": [] }.
+          #
+          # To search for a flow or several flows, send a body with the flowIds you want to search such as { "ids": ["sign-in"] } or { "ids": ["sign-in", "sign-up"] }.
+          def list_or_search_flows(ids = [])
+            request_params = { ids: }
+            post(FLOW_LIST_PATH, request_params)
+          end
+          # Export the given flow id flow and screens.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportFlow/
+          def export_flow(flow_id = nil)
+            request_params = { flowId: flow_id }
+            post(FLOW_EXPORT_PATH, request_params)
+          end
+          # Import the given flow and screens.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportFlow/
+          def import_flow(flow_id: nil, flow: nil, screens: nil)
+            request_params = {
+              flowId: flow_id,
+              flow:,
+              screens:
+            }
+            post(FLOW_IMPORT_PATH, request_params)
+          end
+          # Export the current project theme.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ExportTheme/
+          def export_theme
+            post(THEME_EXPORT_PATH)
+          end
+          # Import the current project theme.
+          # @see https://docs.descope.com/api/openapi/flowmanagement/operation/ImportTheme/
+          def import_theme(theme)
+            request_params = { theme: }
+            post(THEME_IMPORT_PATH, request_params)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/password.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Password
+          include Descope::Api::V1::Management::Common
+          def get_password_settings(tenant_id)
+            # Get password settings for the provided tenant id.
+            get(PASSWORD_SETTINGS_PATH, { tenantId: tenant_id })
+          end
+          def update_password_settings(settings)
+            unless settings.is_a?(Hash)
+              raise Descope::ArgumentException.new('Password settings must be a Hash', code: 400)
+            end
+            # Update password settings for the provided tenant id.
+            body = compose_settings_body(settings)
+            post(PASSWORD_SETTINGS_PATH, body)
+          end
+          private
+          # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          def compose_settings_body(settings)
+            body = {}
+            body['minLength'] = settings[:min_length] if settings.key?(:min_length)
+            body['lowercase'] = settings[:lowercase] if settings.key?(:lowercase)
+            body['uppercase'] = settings[:uppercase] if settings.key?(:uppercase)
+            body['number'] = settings[:number] if settings.key?(:number)
+            body['nonAlphanumeric'] = settings[:non_alphanumeric] if settings.key?(:non_alphanumeric)
+            body['expiration'] = settings[:expiration] if settings.key?(:expiration)
+            body['expirationWeeks'] = settings[:expiration_weeks] if settings.key?(:expiration_weeks)
+            body['reuse'] = settings[:reuse] if settings.key?(:reuse)
+            body['reuseAmount'] = settings[:reuse_amount] if settings.key?(:reuse_amount)
+            body['lock'] = settings[:lock] if settings.key?(:lock)
+            body['lockAttempts'] = settings[:lock_attempts] if settings.key?(:lock_attempts)
+            body['emailServiceProvider'] = settings[:email_service_provider] if settings.key?(:email_service_provider)
+            body['emailSubject'] = settings[:email_subject] if settings.key?(:email_subject)
+            body['emailBody'] = settings[:email_body] if settings.key?(:email_body)
+            body['resetAuthMethod'] = settings[:reset_auth_method] if settings.key?(:reset_auth_method)
+            body['emailBodyPlainText'] = settings[:email_body_plain_text] if settings.key?(:email_body_plain_text)
+            if settings.key?(:use_email_body_plain_text)
+              body['useEmailBodyPlainText'] = settings[:use_email_body_plain_text]
+            end
+            body['tenantId'] = settings[:tenant_id] if settings.key?(:tenant_id)
+            body['enabled'] = settings[:enabled] if settings.key?(:enabled)
+            body
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/permission.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Permission
+          include Descope::Mixins::Validation
+          include Descope::Api::V1::Management::Common
+          def create_permission(name:, description: nil)
+            # Create a new permission.
+            # @see https://docs.descope.com/api/openapi/permissionmanagement/operation/CreatePermission/
+            request_params = {
+              name:,
+              description:
+            }
+            post(PERMISSION_CREATE_PATH, request_params)
+          end
+          def update_permission(name: nil, new_name: nil, description: nil)
+            # Update an existing permission with the given various fields. IMPORTANT: All parameters are used as overrides
+            # to the existing permission. Empty fields will override populated fields. Use carefully.
+            # @see https://docs.descope.com/api/openapi/permissionmanagement/operation/UpdatePermission/
+            request_params = {
+              name:,
+              newName: new_name,
+              description:
+            }
+            post(PERMISSION_UPDATE_PATH, request_params)
+          end
+          def delete_permission(name = nil)
+            # Delete an existing permission. IMPORTANT: This action is irreversible. Use carefully.
+            post(PERMISSION_DELETE_PATH, { name: })
+          end
+          def load_all_permissions
+            # Load all permissions.
+            get(PERMISSION_LOAD_ALL_PATH)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/project.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Project
+          include Descope::Api::V1::Management::Common
+          def rename_project(name)
+            # Rename a project.
+            post(PROJECT_UPDATE_NAME, { name: })
+          end
+          def export_project
+            # Exports all settings and configurations for a project and returns the
+            #   raw JSON files response as an object.
+            #    - This action is supported only with a pro license or above.
+            #    - Users, tenants and access keys are not cloned.
+            #    - Secrets, keys and tokens are not stripped from the exported data.
+            #   @returns a HASH containing the exported JSON files payload.
+            post(PROJECT_EXPORT_PATH)
+          end
+          def import_project(files: nil, excludes: nil)
+            # Import a project.
+            # The argument of files should be the output of the export project endpoint
+            body = { files: }
+            body[:excludes] = excludes unless excludes.nil?
+            post(PROJECT_IMPORT_PATH, body)
+          end
+          def delete_project
+            # Delete the current project. IMPORTANT: This action is irreversible. Use carefully.
+            post(PROJECT_DELETE_PATH)
+          end
+          def clone_project(name: nil, tag: nil)
+            # Clone the current project, including its settings and configurations.
+            # - This action is supported only with a pro license or above.
+            # - Users, tenants and access keys are not cloned.
+            request_params = {
+              name:,
+              tag:
+            }
+            post(PROJECT_CLONE, request_params)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/role.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Role
+          include Descope::Api::V1::Management::Common
+          def create_role(name: nil, description: nil, permission_names: nil)
+            # Create a new role.
+            permission_names ||= []
+            request_params = {
+              name:,
+              description:,
+              permissionNames: permission_names
+            }
+            post(ROLE_CREATE_PATH, request_params)
+          end
+          def update_role(name: nil, new_name: nil, description: nil, permission_names: nil)
+            # Update an existing role with the given various fields. IMPORTANT: All parameters are used as overrides
+            # to the existing role. Empty fields will override populated fields. Use carefully.
+            permission_names ||= []
+            request_params = {
+              name:,
+              newName: new_name,
+              description:,
+              permissionNames: permission_names
+            }
+            post(ROLE_UPDATE_PATH, request_params)
+          end
+          def delete_role(name)
+            # Delete an existing role. IMPORTANT: This action is irreversible. Use carefully.
+            post(ROLE_DELETE_PATH, { name: })
+          end
+          def load_all_roles
+            # Load all roles.
+            get(ROLE_LOAD_ALL_PATH)
+          end
+        end
+      end
+    end
+  end
+end