descope 1.0.5 → 1.0.6

data/lib/descope/api/v1/auth/otp.rb

@@ -10,10 +10,11 @@ module Descope
           include Descope::Mixins::Common::EndpointsV1
           include Descope::Mixins::Common::EndpointsV2
 
-          def otp_sign_in(method: nil, login_id: nil, login_options: nil, refresh_token: nil,  provider_id: nil,
+          def otp_sign_in(method: nil, login_id: nil, login_options: nil, refresh_token: nil, provider_id: nil,
                           template_id: nil, sso_app_id: nil)
-            # Sign in (log in) an existing user with the unique login_id you provide. (See 'sign_up' function for an explanation of the
-            # login_id field.) Provide the DeliveryMethod required for this user. If the login_id value cannot be used for the
+            # Sign in (log in) an existing user with the unique login_id you provide.
+            # The login_id field is used to identify the user. It can be an email address or a phone number.
+            # Provide the DeliveryMethod required for this user. If the login_id value cannot be used for the
             # DeliverMethod selected (for example, 'login_id = 4567qq445km' and 'DeliveryMethod = email')
             validate_login_id(login_id)
             uri = otp_compose_signin_url(method)
@@ -23,12 +24,15 @@ module Descope
           end
 
           def otp_sign_up(method: nil, login_id: nil, user: {}, provider_id: nil, template_id: nil)
-            #  Sign up (create) a new user using their email or phone number. Choose a delivery method for OTP
-            #  verification, for example email, SMS, or WhatsApp.
+            #  Sign up (create) a new user using their email or phone number.
+            #  The login_id field is used to identify the user. It can be an email address or a phone number.
+            #  Choose a delivery method for OTP verification, for example email, SMS, or Voice.
             #  (optional) Include additional user metadata that you wish to preserve.
-            user ||= {}
+            validate_login_id(login_id)
 
-            raise AuthException unless adjust_and_verify_delivery_method(method, login_id, user)
+            unless adjust_and_verify_delivery_method(method, login_id, user)
+              raise Descope::AuthException.new('Could not verify delivery method', code: 400)
+            end
 
             uri = otp_compose_signup_url(method)
             body = otp_compose_signup_body(method, login_id, user, provider_id, template_id)
@@ -38,9 +42,11 @@ module Descope
 
           def otp_sign_up_or_in(method: nil, login_id: nil, login_options: nil, provider_id: nil, template_id: nil,
                                 sso_app_id: nil)
-            #  Sign_up_or_in lets you handle both sign up and sign in with a single call. Sign-up_or_in will first
-            #  determine if login_id is a new or existing end user. If login_id is new, a new end user user will be
-            #  created and then authenticated using the OTP DeliveryMethod specified.
+            #  Sign_up_or_in lets you handle both sign up and sign in with a single call.
+            #  The login_id field is used to identify the user. It can be an email address or a phone number.
+            #  Sign-up_or_in will first determine if login_id is a new or existing end user.
+            #  If login_id is new, a new end user user will be created and then authenticated using the
+            #  OTP DeliveryMethod specified.
             #  If login_id exists, the end user will be authenticated using the OTP DeliveryMethod specified.
             validate_login_id(login_id)
             uri = otp_compose_sign_up_or_in_url(method)
@@ -81,9 +87,10 @@ module Descope
             method: nil, login_id: nil, phone: nil, refresh_token: nil, add_to_login_ids: false,
             on_merge_use_existing: false, provider_id: nil, template_id: nil
           )
-            # Update the phone number of an existing end user, after verifying the authenticity of the end user using OTP.
+            # Update the phone number of an existing end user, after verifying the authenticity of the end user using OTP
             validate_login_id(login_id)
             validate_phone(method, phone)
+
             uri = otp_compose_update_phone_url(method)
             request_params = {
               loginId: login_id,
@@ -127,7 +134,7 @@ module Descope
           # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
           def otp_compose_signup_body(method, login_id, user, provider_id, template_id)
             body = {
-              loginId: login_id,
+              loginId: login_id
             }
 
             unless user.nil?
@@ -167,7 +174,8 @@ module Descope
           end
 
           private
-          def otp_user_compose_update_body(login_id: nil, name: nil, phone: nil, email: nil, given_name: nil, middle_name: nil, family_name: nil)
+          def otp_user_compose_update_body(login_id: nil, name: nil, phone: nil, email: nil, given_name: nil,
+                                           middle_name: nil, family_name: nil)
             user = {}
             user[:loginId] = login_id if login_id
             user[:name] = name if name
@@ -176,7 +184,6 @@ module Descope
             user[:givenName] = given_name if given_name
             user[:middleName] = middle_name if middle_name
             user[:familyName] = family_name if family_name
-
             user
           end
         end

data/lib/descope/api/v1/auth.rb

@@ -51,7 +51,7 @@ module Descope
           #     Return value (Hash): returns the session token from the server together with the expiry and key id
           #                          (sessionToken:Hash, keyId:str, expiration:int)
           unless (access_key.is_a?(String) || access_key.nil?) && !access_key.to_s.empty?
-            raise Descope::AuthException, 'Access key should be a string!'
+            raise AuthException.new('Access key should be a string!', code: 400)
           end
 
           res = post(EXCHANGE_AUTH_ACCESS_KEY_PATH, { loginOptions: login_options, audience: }, {}, access_key)
@@ -407,6 +407,7 @@ module Descope
           login_id = {
             DeliveryMethod::WHATSAPP => ['whatsapp', user.fetch(:phone, '')],
             DeliveryMethod::SMS => ['phone', user.fetch(:phone, '')],
+            DeliveryMethod::VOICE => ['phone', user.fetch(:phone, '')],
             DeliveryMethod::EMAIL => ['email', user.fetch(:email, '')]
           }[method]
 
@@ -416,34 +417,30 @@ module Descope
         end
 
         def adjust_and_verify_delivery_method(method, login_id, user)
-          return false if login_id.nil?
+          @logger.debug("adjust_and_verify_delivery_method:  method: #{method}, login_id: #{login_id}, user: #{user}")
+          raise AuthException.new("Could not verify delivery method for method: #{method}", code: 400) if method.nil?
+          raise AuthException.new('Could not verify delivery method without login_id', code: 400) if login_id.nil?
 
-          return false unless user.is_a?(Hash)
+          unless user.is_a?(Hash)
+            raise AuthException.new('Could not verify delivery method, user is not a Hash', code: 400)
+          end
 
           case method
           when DeliveryMethod::EMAIL
-            user[:email] ||= login_id
-            begin
-              validate_email(user[:email])
-              return true
-            rescue AuthException
-              return false
-            end
-          when DeliveryMethod::SMS
-            user[:phone] ||= login_id
-            return false unless /^#{PHONE_REGEX}$/.match(user[:phone])
-          when DeliveryMethod::WHATSAPP
-            user[:phone] ||= login_id
-            return false unless /^#{PHONE_REGEX}$/.match(user[:phone])
+            validate_email(login_id)
+            @logger.debug("email: #{login_id} is valid")
+            true
+          when DeliveryMethod::SMS, DeliveryMethod::WHATSAPP, DeliveryMethod::VOICE
+            validate_phone(method, login_id)
+            @logger.debug("phone number (login_id): #{login_id} is valid")
+            true
           else
-            return false
+            false
           end
-
-          true
         end
 
         def extract_masked_address(response, method)
-          if [DeliveryMethod::SMS, DeliveryMethod::WHATSAPP].include?(method)
+          if [DeliveryMethod::SMS, DeliveryMethod::WHATSAPP, DeliveryMethod::VOICE].include?(method)
             response['maskedPhone']
           elsif method == DeliveryMethod::EMAIL
             response['maskedEmail']

data/lib/descope/api/v1/management/audit.rb

@@ -58,6 +58,30 @@ module Descope
             { 'audits' => res['audits'].map { |audit| convert_audit_record(audit) } }
           end
 
+          def audit_create_event(action: nil, type: nil, data: nil, user_id: nil, actor_id: nil, tenant_id: nil)
+            # Create an audit event
+            unless %w[info warn error].include?(type)
+              raise Descope::AuthException, 'type must be either info, warn or error'
+            end
+
+            # validation
+            raise Descope::AuthException, 'data must be provided as a key, value Hash' unless data.is_a?(Hash)
+            raise Descope::AuthException, 'action must be provided' if action.nil?
+            raise Descope::AuthException, 'actor_id must be provided' if actor_id.nil?
+            raise Descope::AuthException, 'tenant_id must be provided' if tenant_id.nil?
+
+            request_params = {
+              action:,
+              tenantId: tenant_id,
+              type:,
+              actorId: actor_id,
+              data:
+            }
+            request_params[:userId] = user_id unless user_id.nil?
+
+            post(AUDIT_CREATE_EVENT, request_params)
+          end
+
           private
 
           def convert_audit_record(audit)

data/lib/descope/api/v1/management/common.rb

@@ -100,6 +100,7 @@ module Descope
 
           # Audit
           AUDIT_SEARCH = '/v1/mgmt/audit/search'
+          AUDIT_CREATE_EVENT = '/v1/mgmt/audit/event'
 
           # Authz ReBAC
           AUTHZ_SCHEMA_SAVE = '/v1/mgmt/authz/schema/save'

data/lib/descope/mixins/common.rb

@@ -9,7 +9,8 @@ module Descope
       DEFAULT_BASE_URL = 'https://api.descope.com' # pragma: no cover
       DEFAULT_TIMEOUT_SECONDS = 60
       DEFAULT_JWT_VALIDATION_LEEWAY = 5
-      PHONE_REGEX = %r{^(?:\(?(?:00|\+)([1-4]\d\d|[1-9]\d?)\)?)?[-./ \\]?(?:(?:\(?\d{1,}\)?[-./ \\]?){0,})(?:[-./ \\]?(?:#|ext\.?|extension|x)[-./ \\]?(\d+))?$}
+      # Using E164 format,\A and \z are start and end of string respectively, to prevent multiline matching
+      PHONE_REGEX = /\A\+[1-9]\d{1,14}\z/
 
       SESSION_COOKIE_NAME = 'DS'
       REFRESH_SESSION_COOKIE_NAME = 'DSR'
@@ -24,13 +25,15 @@ module Descope
         WHATSAPP = 1
         SMS = 2
         EMAIL = 3
+        VOICE = 4
       end
 
       def get_method_string(method)
         name = {
           DeliveryMethod::WHATSAPP => 'whatsapp',
           DeliveryMethod::SMS => 'sms',
-          DeliveryMethod::EMAIL => 'email'
+          DeliveryMethod::EMAIL => 'email',
+          DeliveryMethod::VOICE => 'voice'
         }[method]
 
         raise ArgumentException, "Unknown delivery method: #{method}" if name.nil?

data/lib/descope/mixins/validation.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
 
+require 'descope/mixins/common'
+
 module Descope
   module Mixins
     # Module to provide validation for specific data structures.
     module Validation
+      include Descope::Mixins::Common
       def validate_tenants(key_tenants)
         raise ArgumentError, 'key_tenants should be an Array of hashes' unless key_tenants.is_a? Array
 
@@ -46,11 +49,18 @@ module Descope
       end
 
       def validate_phone(method, phone)
+        phone_number_is_invalid = !phone.match?(PHONE_REGEX) unless phone.nil?
+
         raise AuthException.new('Phone number cannot be empty', code: 400) unless phone.is_a?(String) && !phone.empty?
-        raise AuthException.new('Invalid phone number', code: 400) unless phone.match?(PHONE_REGEX)
-        raise AuthException.new('Invalid delivery method', code: 400) unless [
-          DeliveryMethod::WHATSAPP, DeliveryMethod::SMS
-        ].include?(method)
+        raise AuthException.new("Invalid pattern for phone number: #{phone}", code: 400) if phone_number_is_invalid
+
+        valid_methods = DeliveryMethod.constants.map { |constant| DeliveryMethod.const_get(constant) }
+
+        # rubocop:disable Style/LineLength
+        unless valid_methods.include?(method)
+          valid_methods_names = valid_methods.map { |m| "DeliveryMethod::#{DeliveryMethod.constants[valid_methods.index(m)]}" }.join(', ')
+          raise AuthException.new("Delivery method should be one of the following: #{valid_methods_names}", code: 400)
+        end
       end
 
       def verify_provider(oauth_provider)
@@ -64,7 +74,9 @@ module Descope
       end
 
       def validate_redirect_url(return_url)
-        raise AuthException.new('Return_url cannot be empty', code: 400) unless return_url.is_a?(String) && !return_url.empty?
+        return if return_url.is_a?(String) && !return_url.empty?
+
+        raise AuthException.new('Return_url cannot be empty', code: 400)
       end
 
       def validate_code(code)
@@ -72,7 +84,10 @@ module Descope
       end
 
       def validate_scim_group_id(group_id)
-        raise AuthException.new('SCIM Group ID cannot be empty', code: 400) unless group_id.is_a?(String) && !group_id.empty?
+        return if group_id.is_a?(String) && !group_id.empty?
+
+        raise AuthException.new('SCIM Group ID cannot be empty', code: 400)
+
       end
     end
   end

data/lib/descope/version.rb

@@ -2,6 +2,6 @@
 
 # Current version of gem
 module Descope
-  VERSION = '1.0.5'
+  VERSION = '1.0.6'
   SDK_VERSION = '1.0.0'
 end

data/spec/integration/lib.descope/api/v1/auth/otp_spec.rb

@@ -5,6 +5,14 @@ require 'spec_helper'
 describe Descope::Api::V1::Auth::OTP do
   before(:all) do
     @client = DescopeClient.new(Configuration.config)
+
+    dummy_instance = DummyClass.new
+    dummy_instance.extend(Descope::Api::V1::Session)
+    dummy_instance.extend(Descope::Api::V1::Auth::OTP)
+    @instance = dummy_instance
+    @user = build(:user)
+    @test_user = @client.create_test_user(**@user)['user']
+    @client.create_test_user(**@user)
   end
 
   after(:all) do
@@ -18,21 +26,78 @@ describe Descope::Api::V1::Auth::OTP do
     end
   end
 
-  context 'test otp sign-in with test user' do
-    it 'should sign in with otp' do
-      user = build(:user)
-      test_user = @client.create_test_user(**user)['user']
-      @client.create_test_user(**user)
+  # SIGN INs
+  context 'test otp sign-in methods' do
+    it 'should sign in a new test user with otp via EMAIL' do
       res = @client.generate_otp_for_test_user(
         method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
-        login_id: test_user['loginIds'][0]
+        login_id: @test_user['loginIds'][0]
       )
       @client.logger.info("res: #{res}")
       @client.otp_verify_code(
         method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
-        login_id: user[:login_id],
+        login_id: @user[:login_id],
+        code: res['code']
+      )
+    end
+
+    it 'should sign in a new test user with otp via SMS' do
+      res = @client.generate_otp_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::SMS,
+        login_id: @test_user['loginIds'][0]
+      )
+      @client.logger.info("res: #{res}")
+      @client.otp_verify_code(
+        method: Descope::Mixins::Common::DeliveryMethod::SMS,
+        login_id: @user[:login_id],
         code: res['code']
       )
     end
   end
+
+  # SIGN UPs
+  context 'test otp sign-up methods' do
+    it 'should sign up with otp via email' do
+      email = 'someone@example.com'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url, { loginId: email, email: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::EMAIL, login_id: email)
+      end.not_to raise_error
+    end
+
+    it 'should sign up with otp via SMS' do
+      phone = '+12123354465'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(Descope::Mixins::Common::DeliveryMethod::SMS), { loginId: phone, phone: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::SMS, login_id: phone)
+      end.not_to raise_error
+    end
+
+    it 'should sign up with otp via voice' do
+      phone = '+12123354465'
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(Descope::Mixins::Common::DeliveryMethod::VOICE), { loginId: phone, phone: '' }
+      )
+
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::VOICE, login_id: phone)
+      end.not_to raise_error
+    end
+
+    it 'should fail to signup with invalid phone number via SMS' do
+      phone = '1$234.90'
+      expect do
+        @instance.otp_sign_up(method: Descope::Mixins::Common::DeliveryMethod::SMS, login_id: phone)
+      end.to raise_error(Descope::AuthException, "Invalid pattern for phone number: #{phone}")
+    end
+  end
 end

data/spec/integration/lib.descope/api/v1/management/audit_spec.rb

@@ -5,12 +5,48 @@ require 'spec_helper'
 describe Descope::Api::V1::Management::Audit do
   before(:all) do
     @client = DescopeClient.new(Configuration.config)
+    @client.logger.info('Deleting all tenants for Ruby SDK...')
+    @client.search_all_tenants(names: ['Ruby-SDK-test'])['tenants'].each do |tenant|
+      @client.logger.info("Deleting tenant: #{tenant['name']}")
+      @client.delete_tenant(tenant['id'])
+    end
+    @client.logger.info('Cleanup completed. Starting tests...')
   end
 
+  after(:all) do
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        puts "Deleting ruby spec test user #{user['loginIds'][0]}"
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
 
   it 'should search the audit trail for user operations' do
     res = @client.audit_search(actions: ['LoginSucceed'])
     expect(res).to be_a(Hash)
     expect(res['audits']).to be_a(Array)
   end
+
+  it 'should create a new audit event' do
+    # Create tenants
+    @client.logger.info('creating Ruby-SDK-test tenant')
+    tenant_id = @client.create_tenant(name: 'Ruby-SDK-test')['id']
+
+    # Create a user (actor)
+    user = build(:user)
+    created_user = @client.create_user(**user)['user']
+
+    expect do
+      res = @client.audit_create_event(
+        action: 'pencil.created',
+        type: 'info',
+        tenant_id:,
+        actor_id: created_user['loginIds'][0],
+        data: { 'key' => 'value' }
+      )
+      expect(res).to eq({})
+    end.not_to raise_error
+  end
 end

data/spec/integration/lib.descope/api/v1/management/roles_spec.rb

@@ -96,7 +96,7 @@ describe Descope::Api::V1::Management::Role do
     expect(all_roles.map { |role| role['name'] }).to include('Ruby-SDK-test-admin')
 
     @client.logger.info('searching for roles with tenant ids...')
-    all_roles = @client.search_roles(tenant_ids: %w[Ruby-SDK-test])['roles']
+    all_roles = @client.search_roles(role_name_like: 'Ruby-SDK-test', tenant_ids: [tenant_id])['roles']
     expect(all_roles.map { |role| role['name'] }).to include('Ruby-SDK-test-admin')
 
     @client.logger.info('deleting permission')