descope 1.0.4

data/spec/lib.descope/api/v1/auth/otp_spec.rb

@@ -0,0 +1,285 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::OTP do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::OTP)
+    dummy_instance.extend(Descope::Api::V1::Management::User)
+    @instance = dummy_instance
+  end
+
+  context '.sign_in' do
+    it 'is expected to respond to sign in using otp' do
+      expect(@instance).to respond_to(:otp_sign_in)
+    end
+
+    it 'is expected to sign in with otp' do
+      request_params = {
+        loginId: 'test',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        }
+      }
+      expect(@instance).to receive(:post).with(
+        otp_compose_signin_url,
+        request_params,
+        {},
+        'refresh_token'
+      )
+
+      allow_any_instance_of(Descope::Api::V1::Auth::OTP).to receive(:extract_masked_address).and_return({})
+
+      expect do
+        @instance.otp_sign_in(
+          method: DeliveryMethod::EMAIL,
+          login_id: 'test',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          refresh_token: 'refresh_token'
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign in with otp phone' do
+      request_params = {
+        loginId: 'test',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        },
+      }
+      expect(@instance).to receive(:post).with(
+        otp_compose_signin_url(DeliveryMethod::SMS),
+        request_params,
+        {},
+        'refresh_token'
+      )
+
+      allow_any_instance_of(Descope::Api::V1::Auth::OTP).to receive(:extract_masked_address).and_return(
+        {
+          'maskedPhone' => '+1******890'
+        }
+      )
+
+      expect do
+        @instance.otp_sign_in(
+          method: DeliveryMethod::SMS,
+          login_id: 'test',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          refresh_token: 'refresh_token'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.sign_up' do
+    it 'is expected to respond to otp email sign up' do
+      expect(@instance).to respond_to(:otp_sign_up)
+    end
+
+    it 'is expected to sign up with otp via email' do
+      request_params = {
+        loginId: 'test',
+        user: { loginId: 'user1', email: 'dummy@dummy.com' },
+        email: 'dummy@dummy.com'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url,
+        request_params
+      ).and_return({ 'maskedEmail' => 'd****@d****.com' })
+
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+
+      expect do
+        @instance.otp_sign_up(
+          login_id: 'test',
+          method: DeliveryMethod::EMAIL,
+          user: { login_id: 'user1', email: 'dummy@dummy.com' }
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign up with otp via phone' do
+      request_params = {
+        loginId: 'test',
+        user: { loginId: 'user1', phone: '+1234567890' },
+        phone: '+1234567890'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(DeliveryMethod::SMS),
+        request_params
+      ).and_return({ 'maskedPhone' => '+1******890' })
+
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+
+      expect do
+        @instance.otp_sign_up(
+          login_id: 'test',
+          method: DeliveryMethod::SMS,
+          user: { login_id: 'user1', phone: '+1234567890' }
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.sign_up_or_in' do
+    it 'is expected to respond to sign up' do
+      expect(@instance).to respond_to(:otp_sign_up_or_in)
+    end
+
+    it 'is expected to sign up or in with otp' do
+      request_params = {
+        loginId: 'test',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        },
+        providerId: 'provider-id',
+        templateId: 'template-id',
+        ssoAppId: 'sso-id'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_sign_up_or_in_url,
+        request_params
+      ).and_return({ 'maskedEmail' => 'd****@d****.com' })
+
+      expect do
+        @instance.otp_sign_up_or_in(
+          method: DeliveryMethod::EMAIL,
+          login_id: 'test',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          provider_id: 'provider-id',
+          template_id: 'template-id',
+          sso_app_id: 'sso-id'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.otp_verify_code' do
+    it 'is expected to respond to otp_verify_code' do
+      expect(@instance).to respond_to(:otp_verify_code)
+    end
+
+    it 'is expected to verify OTP code' do
+      jwt_response = { 'fake': 'response' }
+      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_verify_code_url,
+        {
+          loginId: 'test',
+          code: '123456'
+        }
+      ).and_return({ 'sessionJWT': 'fake-session-jwt' })
+
+      expect do
+        @instance.otp_verify_code(
+          method: DeliveryMethod::EMAIL,
+          login_id: 'test',
+          code: '123456'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.otp_update_email' do
+    it 'is expected to respond to otp_email_update_user_email' do
+      expect(@instance).to respond_to(:otp_update_user_email)
+    end
+
+    it 'is expected to update email with otp' do
+      request_params = {
+        loginId: 'test',
+        email: 'dummy@dummy.com',
+        addToLoginIDs: true,
+        onMergeUseExisting: true,
+        providerId: 'provider-id',
+        templateId: 'template-id'
+      }
+
+      expect(@instance).to receive(:post).with(
+        UPDATE_USER_EMAIL_OTP_PATH,
+        request_params,
+        {},
+        'token'
+      ).and_return({ 'maskedEmail' => 'd****@d****.com' })
+
+      expect do
+        @instance.otp_update_user_email(
+          login_id: 'test',
+          email: 'dummy@dummy.com',
+          add_to_login_ids: true,
+          on_merge_use_existing: true,
+          refresh_token: 'token',
+          provider_id: 'provider-id',
+          template_id: 'template-id'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.otp_update_phone' do
+    it 'is expected to respond to otp_email_update_user_phone' do
+      expect(@instance).to respond_to(:otp_update_user_phone)
+    end
+
+    it 'is expected to update phone with otp' do
+      request_params = {
+        loginId: 'test',
+        phone: '+1234567890',
+        addToLoginIDs: true,
+        onMergeUseExisting: true,
+        providerId: 'provider-id',
+        templateId: 'template-id'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_update_phone_url(DeliveryMethod::SMS),
+        request_params,
+        {},
+        'token'
+      ).and_return({ 'maskedPhone' => '+1******890' })
+
+      expect do
+        @instance.otp_update_user_phone(
+          login_id: 'test',
+          phone: '+1234567890',
+          add_to_login_ids: true,
+          on_merge_use_existing: true,
+          refresh_token: 'token',
+          method: DeliveryMethod::SMS,
+          provider_id: 'provider-id',
+          template_id: 'template-id'
+        )
+      end.not_to raise_error
+    end
+  end
+end

data/spec/lib.descope/api/v1/auth/password_spec.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Password do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::Password)
+    @instance = dummy_instance
+  end
+
+  context '.sign_up' do
+    it 'is expected to respond to sign up' do
+      expect(@instance).to respond_to(:password_sign_up)
+    end
+
+    it 'is expected to sign up with password' do
+      jwt_response = { 'fake': 'response' }
+      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+
+      expect(@instance).to receive(:post).with(
+        SIGN_UP_PASSWORD_PATH, {
+          loginId: 'test',
+          password: 's3cr3t',
+          user: { loginId: 'admin', email: 'test@domain.com' }
+        }
+      ).and_return(jwt_response)
+
+      expect do
+        @instance.password_sign_up(
+          login_id: 'test',
+          password: 's3cr3t',
+          user: { login_id: 'admin', email: 'test@domain.com' }
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.sign_in' do
+    it 'is expected to respond to sign in' do
+      expect(@instance).to respond_to(:password_sign_in)
+    end
+
+    it 'is expected to sign in with password' do
+      expect(@instance).to receive(:post).with(
+        SIGN_IN_PASSWORD_PATH, { loginId: 'test', password: 's3cr3t', ssoAppId: nil }
+      )
+      # stub the jwt_get_unverified_header method to return the kid of the public key created above
+      allow(@instance).to receive(:generate_jwt_response).and_return({})
+      expect { @instance.password_sign_in(login_id: 'test', password: 's3cr3t') }.not_to raise_error
+    end
+  end
+
+  context '.password_replace' do
+    it 'is expected to respond to password replace' do
+      expect(@instance).to respond_to(:password_replace)
+    end
+
+    it 'is expected to replace password' do
+      expect(@instance).to receive(:post).with(
+        REPLACE_PASSWORD_PATH, { loginId: 'test', oldPassword: 's3cr3t', newPassword: 's3cr3t1' }
+      )
+
+      expect do
+        @instance.password_replace(
+          login_id: 'test', old_password: 's3cr3t', new_password: 's3cr3t1'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.password_update' do
+    it 'is expected to respond to password update' do
+      expect(@instance).to respond_to(:password_update)
+    end
+
+    it 'is expected to update password' do
+      expect(@instance).to receive(:post).with(
+        UPDATE_PASSWORD_PATH, { loginId: 'test', newPassword: 's3cr3t1' }, {}, 'refresh_token'
+      )
+
+      expect do
+        @instance.password_update(
+          login_id: 'test', new_password: 's3cr3t1', refresh_token: 'refresh_token'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.get_password_policy' do
+    it 'is expected to respond to get password policy' do
+      expect(@instance).to respond_to(:get_password_policy)
+    end
+
+    it 'is expected to get password policy' do
+      expect(@instance).to receive(:get).with(
+        PASSWORD_POLICY_PATH, {}, {}, nil
+      )
+
+      expect do
+        @instance.get_password_policy
+      end.not_to raise_error
+    end
+  end
+
+  context '.password_reset' do
+    it 'is expected to respond to password reset' do
+      expect(@instance).to respond_to(:password_reset)
+    end
+
+    it 'is expected to reset password' do
+      expect(@instance).to receive(:post).with(
+        SEND_RESET_PASSWORD_PATH, { loginId: 'test', redirectUrl: 'https://www.google.com', providerId: 'test', templateId: 'test' }
+      )
+
+      expect do
+        @instance.password_reset(
+          login_id: 'test', redirect_url: 'https://www.google.com', provider_id: 'test', template_id: 'test'
+        )
+      end.not_to raise_error
+    end
+  end
+end

data/spec/lib.descope/api/v1/auth/saml_spec.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::SAML do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::OAuth)
+    @instance = dummy_instance
+  end
+
+  context '.saml_start' do
+    it 'is expected to respond to saml start' do
+      expect(@instance).to respond_to(:saml_sign_in)
+    end
+
+    it 'is expected to sign in single sign-on saml' do
+      request_params = {
+        stepup: false,
+        customClaims: { 'abc': '123' },
+        mfa: false,
+        ssoAppId: 'sso-id'
+      }
+      formatted_uri = '/v1/auth/saml/authorize?tenant=some-tenant&redirectUrl=https%3A%2F%2Fsome-uri%2Femail&prompt=custom+prompt+%26+needs+to+be+decoded%3A+too'
+      expect(@instance).to receive(:post).with(formatted_uri, request_params)
+
+      expect do
+        @instance.saml_sign_in(
+          tenant: 'some-tenant',
+          prompt: 'custom prompt & needs to be decoded: too',
+          redirect_url: 'https://some-uri/email',
+          stepup: false,
+          custom_claims: { 'abc': '123' },
+          mfa: false,
+          sso_app_id: 'sso-id'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.saml_exchange_token' do
+    it 'is expected to respond to saml exchange token' do
+      expect(@instance).to respond_to(:saml_exchange_token)
+    end
+
+    it 'is expected to exchange token' do
+      jwt_response = { 'fake': 'response' }
+      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+
+      expect(@instance).to receive(:post).with(SAML_EXCHANGE_TOKEN_PATH, { code: '123456' }).and_return(jwt_response)
+      expect { @instance.saml_exchange_token('123456') }.not_to raise_error
+    end
+  end
+end

data/spec/lib.descope/api/v1/auth/totp_spec.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::OTP do
+  before(:all) do
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::OTP)
+    @instance = dummy_instance
+  end
+
+  context '.sign_in' do
+    it 'is expected to respond to sign in using otp' do
+      expect(@instance).to respond_to(:totp_sign_in_code)
+    end
+
+    it 'is expected to sign in with totp code' do
+      request_params = {
+        loginId: 'test',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        },
+        code: '123456'
+      }
+      jwt_response = { 'fake': 'response' }
+      allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
+      expect(@instance).to receive(:post).with(VERIFY_TOTP_PATH, request_params, {}, nil).and_return(
+        jwt_response
+      )
+
+      expect do
+        @instance.totp_sign_in_code(
+          login_id: 'test',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          code: '123456'
+        )
+      end.not_to raise_error
+    end
+  end
+
+  context '.totp_add_update_key' do
+    it 'is expected to respond to totp_add_update_key' do
+      expect(@instance).to respond_to(:totp_add_update_key)
+    end
+
+    it 'is expected to add or update totp key' do
+      request_params = {
+        loginId: 'test'
+      }
+
+      allow(@instance).to receive(:post).with(UPDATE_TOTP_PATH, request_params, {}, 'refresh_token')
+
+      expect do
+        @instance.totp_add_update_key(
+          login_id: 'test',
+          refresh_token: 'refresh_token'
+        )
+      end.not_to raise_error
+    end
+  end
+end