descope 1.0.4

data/lib/descope/api/v1/management/scim.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module SCIM
+          include Descope::Api::V1::Management::Common
+
+          def scim_search_groups(filter: nil, start_index: nil, count: nil, excluded_attributes: nil)
+            # Search SCIM Groups
+            url = compose_scim_search_groups_url(filter, start_index, count, excluded_attributes)
+            get(url)
+          end
+
+          def scim_create_group(group_id: nil, display_name: nil, members: nil, external_id: nil,
+                                excluded_attributes: nil)
+            # Create SCIM Group
+            body = compose_scim_create_group_body(group_id, display_name, members, external_id, excluded_attributes)
+            post(SCIM_GROUPS_PATH, body)
+          end
+
+          def scim_load_group(group_id: nil, display_name: nil, external_id: nil, excluded_attributes: nil)
+            # Load SCIM Group, using a valid access key.
+            validate_scim_group_id(group_id)
+            url = compose_scim_create_group_url(group_id, display_name, external_id, excluded_attributes)
+            get(url)
+          end
+
+          def scim_update_group(group_id: nil, display_name: nil, members: nil, external_id: nil,
+                                excluded_attributes: nil)
+            # Update SCIM Group, using a valid access key.
+            validate_scim_group_id(group_id)
+            body = compose_scim_update_group_body(group_id, display_name, members, external_id, excluded_attributes)
+            patch("#{SCIM_GROUPS_PATH}/#{group_id}", body)
+          end
+
+          def scim_delete_group(group_id)
+            # Delete SCIM Group, using a valid access key.
+            validate_scim_group_id(group_id)
+            url = "#{SCIM_GROUPS_PATH}/#{group_id}"
+            delete(url)
+          end
+
+          def scim_patch_group(group_id: nil, user_id: nil, operations: nil)
+            # Patch SCIM Group, using a valid access key.
+            validate_scim_group_id(group_id)
+            url = compose_scim_patch_group_url(group_id, user_id, operations)
+            patch(url)
+          end
+
+          # SCIM Users
+          def scim_load_resource_types
+            # Load SCIM Resource Types, using a valid access key.
+            get(SCIM_RESOURCE_TYPES_PATH)
+          end
+
+          def scim_load_service_provider_config
+            # Load SCIM Service Provider Config, using a valid access key.
+            get(SCIM_SERVICE_PROVIDER_CONFIG_PATH)
+          end
+
+          def scim_search_users(filter: nil, start_index: nil, count: nil)
+            # Search SCIM Users, using a valid access key.
+            url = compose_scim_search_users_url(filter, start_index, count)
+            get(url)
+          end
+
+          def scim_create_user(user_id: nil, display_name: nil, emails: nil,
+                               phone_numbers: nil, active: nil, name: nil, user_name: nil)
+            # Create SCIM User, using a valid access key.
+            validate_user_id(user_id)
+            body = compose_scim_create_user_body(user_id, display_name, emails, phone_numbers, active, name, user_name)
+            post(SCIM_USERS_PATH, body)
+          end
+
+          def scim_load_user(user_id)
+            # Load SCIM User, using a valid access key.
+            validate_user_id(user_id)
+            url = "#{SCIM_USERS_PATH}/#{user_id}"
+            get(url)
+          end
+
+          def scim_update_user(user_id)
+            # Update SCIM User, using a valid access key.
+            validate_user_id(user_id)
+            url = "#{SCIM_USERS_PATH}/#{user_id}"
+            patch(url)
+          end
+
+          def scim_delete_user(user_id)
+            # Delete SCIM User, using a valid access key.
+            validate_user_id(user_id)
+            url = "#{SCIM_USERS_PATH}/#{user_id}"
+            delete(url)
+          end
+
+          def scim_patch_user(user_id: nil, group_id: nil, operations: nil)
+            # Patch SCIM User, using a valid access key.
+            validate_user_id(user_id)
+            validate_scim_group_id(group_id)
+            body = compose_scim_patch_user_body(user_id, group_id, operations)
+            patch(SCIM_USERS_PATH, body)
+          end
+
+          private
+
+          def compose_scim_search_groups_url(filter, start_index, count, excluded_attributes)
+            url = "#{SCIM_GROUPS_PATH}?"
+            url += "filter=#{filter}&" unless filter.nil?
+            url += "startIndex=#{start_index}&" unless start_index.nil?
+            url += "count=#{count}&" unless count.nil?
+            url += "excludedAttributes=#{excluded_attributes}&" unless excluded_attributes.nil?
+            url
+          end
+
+          def compose_scim_create_group_body(group_id, display_name, members, external_id, excluded_attributes)
+            body = {}
+            body['id'] = group_id unless group_id.nil?
+            body['displayName'] = display_name unless display_name.nil?
+            body['members'] = members unless members.nil?
+            body['externalId'] = external_id unless external_id.nil?
+            body['excludedAttributes'] = excluded_attributes unless excluded_attributes.nil?
+            body
+          end
+
+          def compose_scim_create_group_url(group_id, display_name, external_id, excluded_attributes)
+            display_name = CGI.escape(display_name) unless display_name.nil?
+            url = "#{SCIM_GROUPS_PATH}/#{group_id}?"
+            url += "displayName=#{display_name}&" unless display_name.nil?
+            url += "externalId=#{external_id}&" unless external_id.nil?
+            url += "excludedAttributes=#{excluded_attributes}" unless excluded_attributes.nil?
+            url
+          end
+
+          def compose_scim_update_group_body(group_id, display_name, members, external_id, excluded_attributes)
+            body = {}
+            body[:groupId] = group_id unless group_id.nil?
+            body[:displayName] = display_name unless display_name.nil?
+            body[:members] = members unless members.nil?
+            body[:externalId] = external_id unless external_id.nil?
+            body[:excludedAttributes] = excluded_attributes unless excluded_attributes.nil?
+            body
+          end
+
+          def compose_scim_patch_group_url(group_id, user_id, operations)
+            url = "#{SCIM_GROUPS_PATH}/#{group_id}&"
+            url += "userId=#{user_id}&" unless user_id.nil?
+            url += "operations=#{compose_operations_param(operations)}&" unless operations.nil?
+            url
+          end
+
+          def compose_scim_search_users_url(filter, start_index, count)
+            url = "#{SCIM_USERS_PATH}?"
+            url += "filter=#{filter}&" unless filter.nil?
+            url += "startIndex=#{start_index}&" unless start_index.nil?
+            url += "count=#{count}&" unless count.nil?
+            url
+          end
+
+          def compose_scim_create_user_body(user_id, display_name, emails, phone_numbers, active, name, user_name)
+            raise AuthException.new('name must be a hash of these fields: given_name, family_name, last_name') if !name.nil? && !name.is_a?(Hash)
+
+            body = {}
+            body[:userId] = user_id unless user_id.nil?
+            body[:displayName] = display_name unless display_name.nil?
+            body[:emails] = emails unless emails.nil?
+            body[:phoneNumbers] = phone_numbers unless phone_numbers.nil?
+            body[:active] = active unless active.nil?
+            body[:name] = {} unless name.nil?
+            body[:name][:givenName] = name[:given_name] unless name[:given_name].nil?
+            body[:name][:familyName] = name[:family_name] unless name[:family_name].nil?
+            body[:name][:middleName] = name[:middle_name] unless name[:middle_name].nil?
+            body[:userName] = user_name unless user_name.nil?
+            body
+          end
+
+          def compose_operations_param(operations)
+            operations_params = []
+            if operations.is_a?(Array)
+              operations.each do |op|
+                operations_params << {
+                  op: op[:op],
+                  path: op[:path],
+                  valueString: op[:value_string],
+                  valueBoolean: op[:value_boolean],
+                  valueArray: op[:value_array]
+                }
+              end
+            end
+            operations_params
+          end
+
+          def compose_scim_patch_user_body(user_id, group_id, operations)
+            body = {}
+            body[:userId] = user_id unless user_id.nil?
+            body[:groupId] = group_id unless group_id.nil?
+            body[:operations] = operations unless operations.nil?
+            body
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/sso_settings.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module SSOSettings
+          include Descope::Api::V1::Management::Common
+
+          def get_sso_settings(tenant_id)
+            # Get SSO settings for the provided tenant id.
+            get(SSO_SETTINGS_PATH, { tenantId: tenant_id })
+          end
+
+          def delete_sso_settings(tenant_id)
+            # Delete SSO settings for the provided tenant id.
+            delete(SSO_SETTINGS_PATH, { tenantId: tenant_id })
+          end
+
+          def create_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil)
+            body = {}
+            body[:id] = id if id
+            body[:name] = name if name
+            body[:description] = description if description
+            body[:enabled] = enabled if enabled
+            body[:logo] = logo if logo
+            body[:loginPageUrl] = login_page_url if login_page_url
+            post(SSO_OIDC_CREATE_APP_PATH, body)
+          end
+
+          def update_sso_oidc_app(id: nil, name: nil, description: nil, enabled: nil, logo: nil, login_page_url: nil)
+            body = {}
+            body[:id] = id if id
+            body[:name] = name if name
+            body[:description] = description if description
+            body[:enabled] = enabled if enabled
+            body[:logo] = logo if logo
+            body[:loginPageUrl] = login_page_url if login_page_url
+            put(SSO_OIDC_UPDATE_APP_PATH, body)
+          end
+
+          def configure_sso_oidc(tenant_id: nil, settings: nil, redirect_url: nil, domain: nil)
+            raise Descope::ArgumentException.new('SSO settings must be a Hash', code: 400) unless settings.is_a?(Hash)
+
+            # Configure tenant SSO OIDC Settings, using a valid management key.
+            request_params = {
+              tenantId: tenant_id,
+              settings: compose_settings_body(settings),
+              redirectUrl: redirect_url,
+              domain:
+            }
+            post(SSO_OIDC_PATH, request_params)
+          end
+
+          def configure_sso_saml(tenant_id: nil, settings: nil, redirect_url: nil, domain: nil)
+            raise Descope::ArgumentException.new('SSO SAML settings must be a Hash', code: 400) unless settings.is_a?(Hash)
+
+            # Configure tenant SSO SAML Settings, using a valid management key.
+            request_params = {
+              tenantId: tenant_id,
+              settings: compose_settings_body(settings),
+              redirectUrl: redirect_url,
+              domain:
+            }
+            post(SSO_SAML_PATH, request_params)
+          end
+
+          def configure_sso_saml_metadata(tenant_id: nil, settings: nil, redirect_url: nil, domain: nil)
+            # Configure tenant SSO SAML Metadata, using a valid management key.
+            post(SSO_SAML_METADATA_PATH, compose_metadata_body(tenant_id, settings, redirect_url, domain))
+          end
+
+          private
+
+          # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          def compose_settings_body(settings)
+
+            body = {}
+            body[:name] = settings[:name] if settings.key?(:name)
+            body[:clientId] = settings[:client_id] if settings.key?(:client_id)
+            body[:clientSecret] = settings[:client_secret] if settings.key?(:client_secret)
+            body[:redirectUrl] = settings[:redirect_url] if settings.key?(:redirect_url)
+            body[:authUrl] = settings[:auth_url] if settings.key?(:auth_url)
+            body[:tokenUrl] = settings[:token_url] if settings.key?(:token_url)
+            body[:userDataUrl] = settings[:user_data_url] if settings.key?(:user_data_url)
+            body[:scope] = settings[:scope] if settings.key?(:scope)
+            body[:JWKsUrl] = settings[:jwks_url] if settings.key?(:jwks_url)
+            user_mappings = settings[:user_attr_mapping] if settings.key?(:user_attr_mapping)
+
+            # rubocop:disable Metrics/LineLength
+            unless user_mappings.nil? || user_mappings.empty?
+              body[:userAttrMapping] = {}
+              body[:userAttrMapping][:loginId] = user_mappings[:login_id] if settings[:user_attr_mapping].key?(:login_id)
+              body[:userAttrMapping][:username] = user_mappings[:username] if settings[:user_attr_mapping].key?(:username)
+              body[:userAttrMapping][:name] = user_mappings[:name] if settings[:user_attr_mapping].key?(:name)
+              body[:userAttrMapping][:email] = user_mappings[:email] if settings[:user_attr_mapping].key?(:email)
+              body[:userAttrMapping][:phoneNumber] = user_mappings[:phone_number] if settings[:user_attr_mapping].key?(:phone_number)
+              body[:userAttrMapping][:verifiedEmail] = user_mappings[:verified_email] if settings[:user_attr_mapping].key?(:verified_email)
+              body[:userAttrMapping][:verifiedPhone] = user_mappings[:verified_phone] if settings[:user_attr_mapping].key?(:verified_phone)
+              body[:userAttrMapping][:picture] = user_mappings[:picture] if settings[:user_attr_mapping].key?(:picture)
+              body[:userAttrMapping][:givenName] = user_mappings[:given_name] if settings[:user_attr_mapping].key?(:given_name)
+              body[:userAttrMapping][:middleName] = user_mappings[:middle_name] if settings[:user_attr_mapping].key?(:middle_name)
+              body[:userAttrMapping][:familyName] = user_mappings[:family_name] if settings[:user_attr_mapping].key?(:family_name)
+            end
+
+            body[:manageProviderTokens] = settings[:manage_provider_tokens] if settings.key?(:manage_provider_tokens)
+            body[:callbackDomain] = settings[:callback_domain] if settings.key?(:callback_domain)
+            body[:prompt] = settings[:prompt] if settings.key?(:prompt)
+            body[:grantType] = settings[:grant_type] if settings.key?(:grant_type)
+            body[:issuer] = settings[:issuer] if settings.key?(:issuer)
+
+            body
+          end
+
+          def compose_metadata_body(tenant_id, settings, redirect_url, domain)
+            {
+              tenantId: tenant_id,
+              settings: compose_settings_body(settings),
+              redirectUrl: redirect_url,
+              domain:
+            }
+          end
+
+          def role_mapping_to_hash(role_mapping)
+            role_mapping ||= []
+            role_mapping_list = []
+            role_mapping.each do |mapping|
+              role_mapping_list << {
+                groups: mapping['groups'],
+                roleName: mapping['role_name']
+              }
+            end
+            role_mapping_list
+          end
+
+          def attribute_mapping_to_hash(attribute_mapping)
+            if attribute_mapping.nil?
+              raise Descope::ArgumentException.new('SSO Attribute mapping cannot be None', code: 400)
+            end
+
+            {
+              name: attribute_mapping['name'],
+              email: attribute_mapping['email'],
+              phoneNumber: attribute_mapping['phone_number'],
+              groups: attribute_mapping['groups']
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/descope/api/v1/management/tenant.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Descope
+  module Api
+    module V1
+      module Management
+        # Management API calls
+        module Tenant
+          include Descope::Mixins::Validation
+          include Descope::Api::V1::Management::Common
+
+
+          def create_tenant(name: nil, id: nil, self_provisioning_domains: nil, custom_attributes: nil)
+            # Create a new tenant with the given name. Tenant IDs are provisioned automatically, but can be provided
+            # explicitly if needed. Both the name and ID must be unique per project.
+            # @see https://docs.descope.com/api/openapi/tenantmanagement/operation/CreateTenant/
+
+            self_provisioning_domains ||= []
+            custom_attributes ||= {}
+            post(TENANT_CREATE_PATH, compose_tenant_create_update_body(name, id, self_provisioning_domains, custom_attributes))
+          end
+
+          def update_tenant(name: nil, id: nil, self_provisioning_domains: nil, custom_attributes: nil)
+            #  Update an existing tenant with the given name and domains. IMPORTANT: All parameters are used as overrides
+            #  to the existing tenant. Empty fields will override populated fields. Use carefully.
+            # @see https://docs.descope.com/api/openapi/tenantmanagement/operation/UpdateTenant/
+            self_provisioning_domains ||= []
+            custom_attributes ||= {}
+            post(TENANT_UPDATE_PATH, compose_tenant_create_update_body(name, id, self_provisioning_domains, custom_attributes))
+          end
+
+          def delete_tenant(id = nil)
+            # Delete an existing tenant. IMPORTANT: This action is irreversible. Use carefully.
+            post(TENANT_DELETE_PATH, { id: })
+          end
+
+          def load_tenant(id = nil)
+            # Load tenant by id.
+            get(TENANT_LOAD_PATH, { id: })
+          end
+
+          def load_all_tenants
+            # Load all tenants.
+            get(TENANT_LOAD_ALL_PATH)
+          end
+
+          def search_all_tenants(ids: nil, names: nil, self_provisioning_domains: nil, custom_attributes: nil)
+            # Search all tenants.
+            request_params = {
+              ids:,
+              names:,
+              selfProvisioningDomains: self_provisioning_domains,
+              customAttributes: custom_attributes
+            }
+            post(TENANT_SEARCH_ALL_PATH, request_params)
+          end
+
+          private
+
+          def compose_tenant_create_update_body(name, id, self_provisioning_domains, custom_attributes)
+            body = { name:, id: }
+            body[:selfProvisioningDomains] = self_provisioning_domains unless self_provisioning_domains.empty?
+            body[:customAttributes] = custom_attributes unless custom_attributes.empty?
+
+            body
+          end
+        end
+      end
+    end
+  end
+end