descope 1.0.5 → 1.0.7

data/spec/integration/lib.descope/api/v1/auth/totp_spec.rb

@@ -12,7 +12,7 @@ describe Descope::Api::V1::Auth::TOTP do
     @client.logger.info('Cleaning up test users...')
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
         @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
         @client.delete_user(user['loginIds'][0])
       end

data/spec/integration/lib.descope/api/v1/management/access_key_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::AccessKey do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
   end
 
@@ -28,6 +30,7 @@ describe Descope::Api::V1::Management::AccessKey do
       @tenant_id = @client.create_tenant(name: 'some-new-tenant')['id']
       @client.logger.info('creating access key')
       @access_key = @client.create_access_key(name: @key_name, key_tenants: [{ tenant_id: @tenant_id }])
+      @client.logger.info("waiting for access key #{@access_key['key']['id']} to be active 60 seconds")
       sleep 60
     end
 

data/spec/integration/lib.descope/api/v1/management/audit_spec.rb

@@ -4,13 +4,51 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Audit do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
+    @client.logger.info('Deleting all tenants for Ruby SDK...')
+    @client.search_all_tenants(names: ['Ruby-SDK-test'])['tenants'].each do |tenant|
+      @client.logger.info("Deleting tenant: #{tenant['name']}")
+      @client.delete_tenant(tenant['id'])
+    end
+    @client.logger.info('Cleanup completed. Starting tests...')
   end
 
+  after(:all) do
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" 
+        puts "Deleting ruby spec test user #{user['loginIds'][0]}"
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
 
   it 'should search the audit trail for user operations' do
     res = @client.audit_search(actions: ['LoginSucceed'])
     expect(res).to be_a(Hash)
     expect(res['audits']).to be_a(Array)
   end
+
+  it 'should create a new audit event' do
+    # Create tenants
+    @client.logger.info('creating Ruby-SDK-test tenant')
+    tenant_id = @client.create_tenant(name: 'Ruby-SDK-test')['id']
+
+    # Create a user (actor)
+    user = build(:user)
+    created_user = @client.create_user(**user)['user']
+
+    expect do
+      @client.audit_create_event(
+        user_id: created_user['loginId'],
+        action: 'pencil.created',
+        type: 'info',
+        tenant_id:,
+        actor_id: created_user['loginIds'][0],
+        data: { 'key' => 'value' }
+      )
+    end.not_to raise_error
+  end
 end

data/spec/integration/lib.descope/api/v1/management/authz_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Authz do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     puts 'authz schema delete'
   end

data/spec/integration/lib.descope/api/v1/management/flow_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Flow do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
   end
 
@@ -38,7 +40,7 @@ describe Descope::Api::V1::Management::Flow do
   it 'should import the current project theme' do
     export_theme = @client.export_theme
     export_theme_current_version = export_theme['theme']['version']
-    imported_theme = @client.import_theme(export_theme)
+    imported_theme = @client.import_theme(export_theme['theme'])
     expect(imported_theme['theme']['version']).to be(export_theme_current_version + 1)
   end
 end

data/spec/integration/lib.descope/api/v1/management/permissions_spec.rb

@@ -4,9 +4,11 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Permission do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @client.load_all_permissions['permissions'].each do |perm|
-      if perm['description'] == 'Ruby SDK'
+      if perm['description'] == "#{SpecUtils.build_prefix} Ruby SDK"
         puts "Deleting permission: #{perm['name']}"
         @client.delete_permission(perm['name'])
       end
@@ -14,7 +16,7 @@ describe Descope::Api::V1::Management::Permission do
   end
 
   it 'should create update and delete a permission' do
-    @client.create_permission(name: 'test_permission', description: 'Ruby SDK')
+    @client.create_permission(name: 'test_permission', description: "#{SpecUtils.build_prefix} Ruby SDK")
     all_permissions = @client.load_all_permissions['permissions']
     expect(all_permissions.any? { |perm| perm['name'] == 'test_permission' }).to eq(true)
     @client.update_permission(name: 'test_permission', new_name: 'test_permission_2')

data/spec/integration/lib.descope/api/v1/management/project_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Project do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @export_output = @client.export_project
   end

data/spec/integration/lib.descope/api/v1/management/roles_spec.rb

@@ -4,6 +4,8 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::Role do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
     @client = DescopeClient.new(Configuration.config)
     @client.logger.info('Staring cleanup before tests...')
     @client.logger.info('Deleting all permissions for Ruby SDK...')
@@ -96,7 +98,7 @@ describe Descope::Api::V1::Management::Role do
     expect(all_roles.map { |role| role['name'] }).to include('Ruby-SDK-test-admin')
 
     @client.logger.info('searching for roles with tenant ids...')
-    all_roles = @client.search_roles(tenant_ids: %w[Ruby-SDK-test])['roles']
+    all_roles = @client.search_roles(role_name_like: 'Ruby-SDK-test', tenant_ids: [tenant_id])['roles']
     expect(all_roles.map { |role| role['name'] }).to include('Ruby-SDK-test-admin')
 
     @client.logger.info('deleting permission')

data/spec/integration/lib.descope/api/v1/management/user_spec.rb

@@ -4,17 +4,21 @@ require 'spec_helper'
 
 describe Descope::Api::V1::Management::User do
   before(:all) do
+    raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil?
+
+    @client = DescopeClient.new(Configuration.config)
+
     @password = SpecUtils.generate_password
     @new_password = SpecUtils.generate_password
     @user = build(:user)
-    @client = DescopeClient.new(Configuration.config)
+
     include Descope::Mixins::Common::DeliveryMethod
   end
 
   after(:all) do
     all_users = @client.search_all_users
     all_users['users'].each do |user|
-      if user['middleName'] == 'Ruby SDK User'
+      if user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User"
         puts "Deleting ruby spec test user #{user['loginIds'][0]}"
         @client.delete_user(user['loginIds'][0])
       end
@@ -58,6 +62,41 @@ describe Descope::Api::V1::Management::User do
     expect(updated_user['first_name']).to eq(created_user[updated_first_name])
   end
 
+  it 'should patch a user' do
+    user = build(:user)
+    role_name = 'some-new-role'
+
+    # ensure no roles exist with that name
+    all_roles = @client.load_all_roles
+    all_roles['roles'].each do |role|
+      @client.delete_role(name: role['name']) if role['name'] == role_name
+    end
+
+    @client.create_role(name: role_name)
+    @client.create_user(**user)['user']
+    updated_first_name = 'new name'
+    updated_given_name = 'new given name'
+    update_phone_number = "+1#{Faker::Number.number(digits: 10)}"
+    updated_role_names = [role_name]
+    updated_middle_name = 'new middle name'
+    updated_user = @client.patch_user(
+      **user,
+      name: updated_first_name,
+      given_name: updated_given_name,
+      phone: update_phone_number,
+      role_names: updated_role_names,
+      middle_name: updated_middle_name
+    )['user']
+
+    puts "updated_user #{updated_user}"
+
+    expect(updated_user['name']).to eq(updated_first_name)
+    expect(updated_user['givenName']).to eq(updated_given_name)
+    expect(updated_user['phone']).to eq(update_phone_number)
+    expect(updated_user['roleNames']).to eq(updated_role_names)
+    expect(updated_user['middleName']).to eq(updated_middle_name)
+  end
+
   it 'should delete a user' do
     user = build(:user)
     created_user = @client.create_user(**user)['user']
@@ -77,18 +116,28 @@ describe Descope::Api::V1::Management::User do
     users = FactoryBot.build_list(:user, 5)
     @client.create_batch_users(users)
     all_users = @client.search_all_users
-    sdk_users = all_users['users'].select { |user| user['middleName'] == 'Ruby SDK User' }
+    sdk_users = all_users['users'].select { |user| user['middleName'] == "#{SpecUtils.build_prefix}Ruby-SDK-User" }
     expect(sdk_users.length).to be >= 5
   end
 
   it 'should create a test user' do
     @client.delete_all_test_users
+    # ensure no roles exist with that name
+    role_name = 'some-new-role'
+    all_roles = @client.load_all_roles
+    all_roles['roles'].each do |role|
+      @client.delete_role(name: role['name']) if role['name'] == role_name
+    end
     sleep 5
+
     user_args = build(:user)
     test_user = @client.create_test_user(**user_args)['user']
-    test_users = @client.search_all_users(test_users_only: true)['users']
+    @client.create_role(name: role_name)
+    @client.user_add_roles(login_id: test_user['loginIds'][0], role_names: [role_name])
+    test_users = @client.search_all_test_users(role_names: [role_name])['users']
     expect(test_users.length).to be >= 1
     expect(test_users[0]['loginIds'][0]).to eq(test_user['loginIds'][0])
+    expect(test_users[0]['roleNames']).to eq([role_name])
   end
 
   it 'should update user status' do
@@ -191,8 +240,8 @@ describe Descope::Api::V1::Management::User do
       new_password = SpecUtils.generate_password
       @client.set_password(login_id: user['loginIds'][0], password: new_password)
       @client.password_sign_in(login_id: user['loginIds'][0], password:)
-    rescue Descope::ServerError => e
-      expect(e.message).to match(/"errorCode":"E062909"/)
+    rescue Descope::Unauthorized => e
+      expect(e.message).to match(/"Invalid signin credentials"/)
     end
   end
 

data/spec/lib.descope/api/v1/auth/enchantedlink_spec.rb

@@ -51,7 +51,7 @@ describe Descope::Api::V1::EnchantedLink do
 
     it 'is expected to validate refresh token and not raise an error with refresh token and valid login options' do
       expect do
-        @instance.send(:validate_refresh_token_provided, { mfa: true, stepup: true },  'some-token')
+        @instance.send(:validate_refresh_token_provided, { mfa: true, stepup: true }, 'some-token')
       end.not_to raise_error
     end
 
@@ -148,7 +148,16 @@ describe Descope::Api::V1::EnchantedLink do
     end
 
     it 'is expected to get session by pending ref with enchanted link' do
-      jwt_response = { 'fake': 'response' }
+      jwt_response = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt',
+        'cookies' => {
+          'refresh_token' => 'fake_refresh_cookie'
+        }
+      }
+      allow(@instance).to receive(:post).with(
+        GET_SESSION_ENCHANTEDLINK_AUTH_PATH, { pendingRef: 'pendingRef' }
+      ).and_return(jwt_response)
       allow(@instance).to receive(:generate_jwt_response).and_return(jwt_response)
 
       expect do

data/spec/lib.descope/api/v1/auth/otp_spec.rb

@@ -11,14 +11,15 @@ describe Descope::Api::V1::OTP do
     @instance = dummy_instance
   end
 
+  # Sign In methods
   context '.sign_in' do
     it 'is expected to respond to sign in using otp' do
       expect(@instance).to respond_to(:otp_sign_in)
     end
 
-    it 'is expected to sign in with otp' do
+    it 'is expected to sign in with otp with email' do
       request_params = {
-        loginId: 'test',
+        loginId: 'dummy@dummy.com',
         loginOptions: {
           stepup: false,
           customClaims: { 'abc': '123' },
@@ -38,7 +39,7 @@ describe Descope::Api::V1::OTP do
       expect do
         @instance.otp_sign_in(
           method: DeliveryMethod::EMAIL,
-          login_id: 'test',
+          login_id: 'dummy@dummy.com',
           login_options: {
             stepup: false,
             custom_claims: { 'abc': '123' },
@@ -50,15 +51,15 @@ describe Descope::Api::V1::OTP do
       end.not_to raise_error
     end
 
-    it 'is expected to sign in with otp phone' do
+    it 'is expected to sign in with otp phone SMS' do
       request_params = {
-        loginId: 'test',
+        loginId: '+12122242225',
         loginOptions: {
           stepup: false,
           customClaims: { 'abc': '123' },
           mfa: false,
           ssoAppId: 'sso-id'
-        },
+        }
       }
       expect(@instance).to receive(:post).with(
         otp_compose_signin_url(DeliveryMethod::SMS),
@@ -76,7 +77,45 @@ describe Descope::Api::V1::OTP do
       expect do
         @instance.otp_sign_in(
           method: DeliveryMethod::SMS,
-          login_id: 'test',
+          login_id: '+12122242225',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          refresh_token: 'refresh_token'
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign in with otp Voice' do
+      request_params = {
+        loginId: '+12122242225',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        }
+      }
+      expect(@instance).to receive(:post).with(
+        otp_compose_signin_url(DeliveryMethod::VOICE),
+        request_params,
+        {},
+        'refresh_token'
+      )
+
+      allow_any_instance_of(Descope::Api::V1::Auth::OTP).to receive(:extract_masked_address).and_return(
+        {
+          'maskedPhone' => '+1******890'
+        }
+      )
+
+      expect do
+        @instance.otp_sign_in(
+          method: DeliveryMethod::VOICE,
+          login_id: '+12122242225',
           login_options: {
             stepup: false,
             custom_claims: { 'abc': '123' },
@@ -89,6 +128,7 @@ describe Descope::Api::V1::OTP do
     end
   end
 
+  # Sign Up methods
   context '.sign_up' do
     it 'is expected to respond to otp email sign up' do
       expect(@instance).to respond_to(:otp_sign_up)
@@ -96,7 +136,7 @@ describe Descope::Api::V1::OTP do
 
     it 'is expected to sign up with otp via email' do
       request_params = {
-        loginId: 'test',
+        loginId: 'user1',
         user: { loginId: 'user1', email: 'dummy@dummy.com' },
         email: 'dummy@dummy.com'
       }
@@ -110,18 +150,18 @@ describe Descope::Api::V1::OTP do
 
       expect do
         @instance.otp_sign_up(
-          login_id: 'test',
+          login_id: 'user1',
           method: DeliveryMethod::EMAIL,
           user: { login_id: 'user1', email: 'dummy@dummy.com' }
         )
       end.not_to raise_error
     end
 
-    it 'is expected to sign up with otp via phone' do
+    it 'is expected to sign up with otp via SMS' do
       request_params = {
-        loginId: 'test',
-        user: { loginId: 'user1', phone: '+1234567890' },
-        phone: '+1234567890'
+        loginId: '+1234567890',
+        user: { loginId: '+1234567890' },
+        phone: ''
       }
 
       expect(@instance).to receive(:post).with(
@@ -133,22 +173,46 @@ describe Descope::Api::V1::OTP do
 
       expect do
         @instance.otp_sign_up(
-          login_id: 'test',
+          login_id: '+1234567890',
           method: DeliveryMethod::SMS,
-          user: { login_id: 'user1', phone: '+1234567890' }
+          user: { login_id: '+1234567890' }
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign up with otp via Voice' do
+      request_params = {
+        loginId: '+1234567890',
+        user: { loginId: '+1234567890', phone: '+1234567890' },
+        phone: '+1234567890'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_signup_url(DeliveryMethod::VOICE),
+        request_params
+      ).and_return({ 'maskedPhone' => '+1******890' })
+
+      allow_any_instance_of(Descope::Api::V1::Auth).to receive(:extract_masked_address).and_return({})
+
+      expect do
+        @instance.otp_sign_up(
+          login_id: '+1234567890',
+          method: DeliveryMethod::VOICE,
+          user: { login_id: '+1234567890', phone: '+1234567890' }
         )
       end.not_to raise_error
     end
   end
 
+  # Sign Up or In methods
   context '.sign_up_or_in' do
     it 'is expected to respond to sign up' do
       expect(@instance).to respond_to(:otp_sign_up_or_in)
     end
 
-    it 'is expected to sign up or in with otp' do
+    it 'is expected to sign up or in with otp via email' do
       request_params = {
-        loginId: 'test',
+        loginId: 'dummy@dummy.com',
         loginOptions: {
           stepup: false,
           customClaims: { 'abc': '123' },
@@ -168,7 +232,79 @@ describe Descope::Api::V1::OTP do
       expect do
         @instance.otp_sign_up_or_in(
           method: DeliveryMethod::EMAIL,
-          login_id: 'test',
+          login_id: 'dummy@dummy.com',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          provider_id: 'provider-id',
+          template_id: 'template-id',
+          sso_app_id: 'sso-id'
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign up or in with otp via SMS' do
+      request_params = {
+        loginId: '+12122242225',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        },
+        providerId: 'provider-id',
+        templateId: 'template-id',
+        ssoAppId: 'sso-id'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_sign_up_or_in_url(DeliveryMethod::SMS),
+        request_params
+      ).and_return({ 'maskedPhone' => '+1******890' })
+
+      expect do
+        @instance.otp_sign_up_or_in(
+          method: DeliveryMethod::SMS,
+          login_id: '+12122242225',
+          login_options: {
+            stepup: false,
+            custom_claims: { 'abc': '123' },
+            mfa: false,
+            sso_app_id: 'sso-id'
+          },
+          provider_id: 'provider-id',
+          template_id: 'template-id',
+          sso_app_id: 'sso-id'
+        )
+      end.not_to raise_error
+    end
+
+    it 'is expected to sign up or in with otp via Voice' do
+      request_params = {
+        loginId: '+12122242225',
+        loginOptions: {
+          stepup: false,
+          customClaims: { 'abc': '123' },
+          mfa: false,
+          ssoAppId: 'sso-id'
+        },
+        providerId: 'provider-id',
+        templateId: 'template-id',
+        ssoAppId: 'sso-id'
+      }
+
+      expect(@instance).to receive(:post).with(
+        otp_compose_sign_up_or_in_url(DeliveryMethod::VOICE),
+        request_params
+      ).and_return({ 'maskedPhone' => '+1******890' })
+
+      expect do
+        @instance.otp_sign_up_or_in(
+          method: DeliveryMethod::VOICE,
+          login_id: '+12122242225',
           login_options: {
             stepup: false,
             custom_claims: { 'abc': '123' },
@@ -215,6 +351,28 @@ describe Descope::Api::V1::OTP do
       expect(@instance).to respond_to(:otp_update_user_email)
     end
 
+    it 'raises a validation error' do
+      expect { OTP.otp_update_user_phone(login_id: nil) }
+        .to raise_error('login_id cannot be empty')
+    end
+
+    it 'raises a validation error' do
+      expect { OTP.otp_update_user_phone(login_id: 'someone', phone: nil) }
+        .to raise_error('Phone number cannot be empty')
+    end
+
+    it 'raises a delivery method error with invalid method' do
+      expect do
+        OTP.otp_update_user_phone(login_id: 'abc', phone: '+12124332222', method: 0)
+      end.to raise_error(Descope::AuthException, /Delivery method should be one of the following/)
+    end
+
+    it 'raises a validation error when phone number doesnt match pattern' do
+      expect do
+        OTP.otp_update_user_phone(login_id: 'abc', phone: '-1212a$', method: DeliveryMethod::SMS)
+      end.to raise_error(Descope::AuthException, /Invalid pattern for phone number/)
+    end
+
     it 'is expected to update email with otp' do
       request_params = {
         loginId: 'test',

data/spec/lib.descope/api/v1/auth/password_spec.rb

@@ -43,9 +43,18 @@ describe Descope::Api::V1::Password do
     end
 
     it 'is expected to sign in with password' do
+      response_body = {
+        'sessionJwt' => 'fake_session_jwt',
+        'refreshJwt' => 'fake_refresh_jwt',
+        'cookies' => {
+          'refresh_token' => 'fake_refresh_cookie'
+        }
+      }
+
       expect(@instance).to receive(:post).with(
         SIGN_IN_PASSWORD_PATH, { loginId: 'test', password: 's3cr3t', ssoAppId: nil }
-      )
+      ).and_return(response_body)
+
       # stub the jwt_get_unverified_header method to return the kid of the public key created above
       allow(@instance).to receive(:generate_jwt_response).and_return({})
       expect { @instance.password_sign_in(login_id: 'test', password: 's3cr3t') }.not_to raise_error