magic-admin 0.1.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d48630f04f73c9319c8848eedb1aa966daea86ef81c0480dbc38f499b74b66b2
-  data.tar.gz: 0b10a4f8720361eb141d22a8526b3e9e34b4c06b9ca2e5f59b1f8126e8c7d554
+  metadata.gz: ede94b2b390f884340868e4617be9079e5c826cc87a7b9987b306c065dcd631e
+  data.tar.gz: 9357a383e855816df3b594f30ae6638ec3d1c2a469d9f6697fed8fe8cae64020
 SHA512:
-  metadata.gz: adead0a0d3339935f58961751dfd9a03f9c30d6601ec969f345e0b8b8f68c8dfbb5d15bb8e1fb04d2c50ca041cda42c9c3771867f0ab8f16a2b3b666c538b711
-  data.tar.gz: e4cc97b49807a942971578ac50e0599e3be39353621266774042140cfd11a7a3d3ea8ae3f5fcab3621738ce4d9ecd6d8e93c0259973e90b8c4c4f79b1804d931
+  metadata.gz: 2230ff87ba679e82c4f040a313ee73c272e758fa339c0614565510872a44461d0903fae6c76b61417b7eb366bb531d78268d7fdcab8ef6f3b8ed097bee95beff
+  data.tar.gz: a5cea3c3dba4ac26e75d987e185c9fde47d7c21f4ae4ea01de930139e87ec5b20260576ad360b47715382667f2759ec473178115011accbf7299a76e4d210515

data/CHANGELOG.md

@@ -16,6 +16,20 @@
 
 - <PR-#ISSUE> ...
 
+## `1.0.0` - 7/5/2023
+
+#### Added
+
+- <PR-#20> Add Magic Connect Admin SDK support for Token Resource
+  - [Security Enhancement]: Validate `aud` using Magic client ID. 
+  - Pull client ID from Magic servers if not provided in constructor.
+
+## `0.2.0` - 11/23/2022
+
+#### Added
+
+- <PR-#18> Support mult-chain wallets in get_metadata calls
+
 ## `0.1.4` - 04/05/2022
 
 #### Changed

data/lib/magic-admin/resource/token.rb

@@ -9,6 +9,24 @@ module MagicAdmin
     # It provides methods to interact with the DID Token.
     class Token
 
+      # attribute reader for magic client object
+      attr_reader :magic
+
+      # The constructor allows you to create a token object
+      # when your application interacting with the Magic API
+      #
+      # Arguments:
+      #   magic: A Magic object.
+      #
+      # Returns:
+      #   A token object that provides access to all the supported resources.
+      #
+      # Examples:
+      #   Token.new(<magic>)
+      def initialize(magic)
+        @magic = magic
+      end
+
       # Description:
       #   Method validate did_token
       #
@@ -26,6 +44,7 @@ module MagicAdmin
         validate_claim_fields!(claim)
         validate_claim_ext!(time, claim["ext"])
         validate_claim_nbf!(time, claim["nbf"])
+        validate_claim_aud!(magic.client_id, claim["aud"])
       end
 
       # Description:
@@ -141,6 +160,15 @@ module MagicAdmin
         raise DIDTokenError, message
       end
 
+      def validate_claim_aud!(client_id, claim_aud)
+        
+        return true unless client_id != claim_aud
+
+        message = "Audience does not match client ID. Please ensure your secret key matches the application which generated the DID token."
+        raise DIDTokenError, message
+      end
+
     end
   end
 end
+

data/lib/magic-admin/resource/user.rb

@@ -34,43 +34,58 @@ module MagicAdmin
       # Arguments:
       #   issuer: Extracted iss component of DID Token generated by a Magic user
       #     on the client-side.
+      #   wallet_type: The type of wallet to retrieve.  To query specific wallet(s),
+      #     the value passed must be consistent with the enumerated values in
+      #     MagicAdmin::Resource::WalletType. ALL wallets will be returned if wallet_type=ANY
+      #     is passed. If the wallet_type is None or does not match any WalletType
+      #     enums, then no wallets are returned.
       #
       # Returns:
       #   Metadata information about the user
-      def get_metadata_by_issuer(issuer)
+      def get_metadata_by_issuer(issuer, wallet_type=MagicAdmin::Resource::WalletType::NONE)
         headers = MagicAdmin::Util.headers(magic.secret_key)
-        options = { params: { issuer: issuer }, headers: headers }
+        options = { params: { issuer: issuer , wallet_type: wallet_type }, headers: headers }
         magic.http_client
              .call(:get, "/v1/admin/auth/user/get", options)
       end
 
       # Description:
       #   Method Retrieves information about the user by
-      #   the supplied public_address
+      #   the supplied public_address and wallet type
       #
       # Arguments:
       #   public_address: Extracted The user's Ethereum public address component
       #     of DID Token generated by a Magic user on the client-side.
+      #   wallet_type: The type of wallet to retrieve.  To query specific wallet(s), 
+      #     the value passed must be consistent with the enumerated values in 
+      #     MagicAdmin::Resource::WalletType. ALL wallets will be returned if wallet_type=ANY
+      #     is passed. If the wallet_type is None or does not match any WalletType 
+      #     enums, then no wallets are returned.
       #
       # Returns:
       #   Metadata information about the user
-      def get_metadata_by_public_address(public_address)
+      def get_metadata_by_public_address(public_address, wallet_type=MagicAdmin::Resource::WalletType::NONE)
         issuer = token.construct_issuer_with_public_address(public_address)
-        get_metadata_by_issuer(issuer)
+        get_metadata_by_issuer(issuer, wallet_type)
       end
 
       # Description:
       #   Method Retrieves information about the user by
-      #   the supplied DID Token
+      #   the supplied DID Token and wallet type
       #
       # Arguments:
       #   did_token: A DID Token generated by a Magic user on the client-side.
+      #   wallet_type: The type of wallet to retrieve.  To query specific wallet(s), 
+      #     the value passed must be consistent with the enumerated values in 
+      #     MagicAdmin::Resource::WalletType. ALL wallets will be returned if wallet_type=ANY
+      #     is passed. If the wallet_type is None or does not match any WalletType 
+      #     enums, then no wallets are returned.
       #
       # Returns:
       #   Metadata information about the user
-      def get_metadata_by_token(did_token)
+      def get_metadata_by_token(did_token, wallet_type=MagicAdmin::Resource::WalletType::NONE)
         issuer = token.get_issuer(did_token)
-        get_metadata_by_issuer(issuer)
+        get_metadata_by_issuer(issuer, wallet_type)
       end
 
       # Description:

data/lib/magic-admin/resource/wallet.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module MagicAdmin
+    module Resource
+        class WalletType
+            ETH = "ETH"
+            HARMONY = "HARMONY"
+            ICON = "ICON"
+            FLOW = "FLOW"
+            TEZOS = "TEZOS"
+            ZILLIQA = "ZILLIQA"
+            POLKADOT = "POLKADOT"
+            SOLANA = "SOLANA"
+            AVAX = "AVAX"
+            ALGOD = "ALGOD"
+            COSMOS = "COSMOS"
+            CELO = "CELO"
+            BITCOIN = "BITCOIN"
+            NEAR = "NEAR"
+            HELIUM = "HELIUM"
+            CONFLUX = "CONFLUX"
+            TERRA = "TERRA"
+            TAQUITO = "TAQUITO"
+            ED = "ED"
+            HEDERA = "HEDERA"
+            NONE = "NONE"
+            ANY = "ANY"
+        end
+    end
+end

data/lib/magic-admin/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MagicAdmin
-  VERSION = "0.1.4"
+  VERSION = "1.0.0"
 end

data/lib/magic-admin.rb

@@ -24,6 +24,7 @@ require "magic-admin/http/response"
 # Magic Resource Classes
 require "magic-admin/resource/token"
 require "magic-admin/resource/user"
+require "magic-admin/resource/wallet"
 
 # Magic Class to access resources
 class Magic
@@ -37,6 +38,9 @@ class Magic
   # attribute reader for magic http client
   attr_reader :http_client
 
+  # attribute reader for magic client id
+  attr_reader :client_id
+
   # The constructor allows you to specify your own API secret key
   # and HTTP request strategy when your application interacting
   # with the Magic API.
@@ -71,9 +75,11 @@ class Magic
   def initialize(api_secret_key: nil,
                  retries: nil,
                  timeout: nil,
-                 backoff: nil)
+                 backoff: nil,
+                 client_id: nil)
     secret_key!(api_secret_key)
     http_client!(retries, timeout, backoff)
+    client_id!(client_id, api_secret_key)
   end
 
   # Description:
@@ -97,7 +103,7 @@ class Magic
   #   all the supported resources.
 
   def token
-    MagicAdmin::Resource::Token.new
+    MagicAdmin::Resource::Token.new(self)
   end
 
   private
@@ -132,4 +138,20 @@ class Magic
                         configure_timeout(timeout),
                         configure_backoff(backoff))
   end
+
+  def client_id!(client_id, secret_key)
+    @client_id = client_id || ENV["MAGIC_CLIENT_ID"]
+    if !@client_id
+      headers = MagicAdmin::Util.headers(secret_key)
+      options = { headers: headers }
+      response = self.http_client
+          .call(:get, "/v1/admin/client/get", options)
+
+      message = "Magic api secret key is not valid."
+      raise MagicAdmin::MagicError, message unless response.data[:data][:client_id]
+      
+      @client_id = response.data[:data][:client_id]
+    end
+  end
+
 end

data/test/magic_test.rb

@@ -4,7 +4,17 @@ require "spec_helper"
 
 describe Magic do
   let(:env_secret_key) { "<ENV_MAGIC_API_SECRET_KEY>" }
-  let(:agr_secret_key) { "<ARG_MAGIC_API_SECRET_KEY>" }
+  let(:arg_secret_key) { "<ARG_MAGIC_API_SECRET_KEY>" }
+
+  let(:env_client_id) { "<ENV_MAGIC_CLIENT_ID>" }
+  let(:arg_client_id) { "<ARG_MAGIC_CLIENT_ID>" }
+  let(:returned_client_id) { "<RETURNED_CLIENT_ID>" }
+
+  before(:each) do
+    allow_any_instance_of(MagicAdmin::Http::Client).to receive(:call).and_return(
+      double(data: { data: { client_id: returned_client_id } })
+    )
+  end
 
   describe "magic object without arguments and environment variables" do
     it "should raise an error" do
@@ -20,14 +30,14 @@ describe Magic do
     end
 
     it "should be set with arguments" do
-      magic = Magic.new(api_secret_key: agr_secret_key)
-      expect(magic.secret_key).to eq(agr_secret_key)
+      magic = Magic.new(api_secret_key: arg_secret_key)
+      expect(magic.secret_key).to eq(arg_secret_key)
     end
 
     it "should be set with arguments ignore environment variable" do
       ENV["MAGIC_API_SECRET_KEY"] = env_secret_key
-      magic = Magic.new(api_secret_key: agr_secret_key)
-      expect(magic.secret_key).to eq(agr_secret_key)
+      magic = Magic.new(api_secret_key: arg_secret_key)
+      expect(magic.secret_key).to eq(arg_secret_key)
       expect(magic.secret_key).not_to eq(env_secret_key)
     end
   end
@@ -121,4 +131,45 @@ describe Magic do
       end
     end
   end
+
+  describe "magic object set client_id" do
+
+    let(:api_secret_key) { "<API_SECRET_KEY>" }
+    
+    before(:each) do
+      ENV["MAGIC_API_SECRET_KEY"] = api_secret_key
+    end
+
+    it "should be set with environment variable" do
+      ENV["MAGIC_CLIENT_ID"] = env_client_id
+      magic = Magic.new
+      expect(magic.client_id).to eq(env_client_id)
+    end
+
+    it "should be set with argument" do
+      ENV["MAGIC_CLIENT_ID"] = nil
+      magic = Magic.new(client_id: arg_client_id)
+      expect(magic.client_id).to eq(arg_client_id)
+    end
+
+    it "should be set with argument ignore environment variable" do
+      ENV["MAGIC_CLIENT_ID"] = env_client_id
+      magic = Magic.new(client_id: arg_client_id)
+      expect(magic.client_id).to eq(arg_client_id)
+      expect(magic.client_id).not_to eq(env_client_id)
+    end
+
+    it "should retrieve from API if not set" do
+      ENV["MAGIC_CLIENT_ID"] = nil
+      magic = Magic.new
+      expect(magic.client_id).to eq(returned_client_id)
+    end
+
+    it "should raise an error if API key is invalid" do
+      allow_any_instance_of(MagicAdmin::Http::Client).to receive(:call).and_return(
+        double(data: { data: { } })
+      )
+      expect { Magic.new }.to raise_exception MagicAdmin::MagicError
+    end
+  end
 end

data/test/resource/token_test.rb

@@ -3,10 +3,15 @@
 require "spec_helper"
 
 describe MagicAdmin::Resource::Token do
+  let(:client_id) {'did:magic:testtest-test-test-test-testtesttest'}
+  let(:magic) { instance_double("MagicAdmin::Magic", client_id: client_id) }
+
+  subject(:token) { described_class.new(magic) }
+
   describe "instance methods" do
     describe "public methods" do
       it "#validate" do
-        claim = { "ext" => 1000, "nbf" => "nbf" }
+        claim = { "ext" => 1000, "nbf" => "nbf", "aud" => client_id }
         rec_address = double("rec_address").to_s
         proof = double("proof")
         time_now = 1_202_020
@@ -27,6 +32,9 @@ describe MagicAdmin::Resource::Token do
 
         expect(subject).to receive(:validate_claim_nbf!)
           .with(time_now, claim["nbf"])
+        
+        expect(subject).to receive(:validate_claim_aud!)
+          .with(client_id, claim["aud"])
 
         subject.validate(spec_did_token)
       end
@@ -182,6 +190,25 @@ describe MagicAdmin::Resource::Token do
           end .to raise_error(MagicAdmin::DIDTokenError, msg)
         end
       end
+      
+      context "#validate_claim_aud!" do
+        it "return true when aud matches" do
+          claim_aud = 'aud'
+          client_id = 'aud'
+          expect(subject.send(:validate_claim_ext!,
+                              client_id,
+                              claim_aud)).to be_truthy
+        end
+
+        it "raise error when aud does not match" do
+          claim_aud = 'audDiff'
+          client_id = 'aud'
+          msg = "Audience does not match client ID. Please ensure your secret key matches the application which generated the DID token."
+          expect do
+            subject.send(:validate_claim_aud!, client_id, claim_aud)
+          end .to raise_error(MagicAdmin::DIDTokenError, msg)
+        end
+      end
     end
   end
 end

data/test/resource/user_test.rb

@@ -3,17 +3,17 @@
 require "spec_helper"
 
 describe MagicAdmin::Resource::User do
-  let(:magic) { Magic.new(api_secret_key: spec_api_secret_key) }
+  let(:magic) { Magic.new(api_secret_key: spec_api_secret_key, client_id: spec_client_id) }
   let(:public_address) do
-    MagicAdmin::Resource::Token.new.get_public_address(spec_did_token)
+    MagicAdmin::Resource::Token.new(magic).get_public_address(spec_did_token)
   end
 
   let(:issuer) do
-    MagicAdmin::Resource::Token.new.get_issuer(spec_did_token)
+    MagicAdmin::Resource::Token.new(magic).get_issuer(spec_did_token)
   end
 
   let(:construct_issuer_with_public_address) do
-    MagicAdmin::Resource::Token.new.construct_issuer_with_public_address(public_address)
+    MagicAdmin::Resource::Token.new(magic).construct_issuer_with_public_address(public_address)
   end
 
   let(:stub_response_body) do
@@ -26,19 +26,47 @@ describe MagicAdmin::Resource::User do
     expect(subject).to respond_to(:magic)
   end
 
-  context "#get_metadata_by_issuer" do
-    it "send request with options" do
+  describe "#get_metadata_by_issuer with or without wallet" do
+    before(:each) do
       allow(MagicAdmin::Util).to receive(:headers)
-        .with(magic.secret_key)
-        .and_return({})
-      expect(magic.http_client).to receive(:call)
-        .with(:get,
-              "/v1/admin/auth/user/get",
-              {
-                params: { issuer: issuer }, headers: {}
-              })
-
-      subject.get_metadata_by_issuer(issuer)
+      .with(magic.secret_key)
+      .and_return({})
+    end
+
+    context "#get_metadata_by_issuer no wallet" do
+      it "send request with options" do
+        expect(magic.http_client).to receive(:call)
+          .with(:get,
+                "/v1/admin/auth/user/get",
+                {
+                  params: { issuer: issuer, wallet_type: MagicAdmin::Resource::WalletType::NONE }, headers: {}
+                })
+        subject.get_metadata_by_issuer(issuer)
+      end
+    end
+
+    context "#get_metadata_by_issuer with wallet that does not exist" do
+      it "send request with options" do
+        expect(magic.http_client).to receive(:call)
+          .with(:get,
+                "/v1/admin/auth/user/get",
+                {
+                  params: { issuer: issuer, wallet_type: "dne" }, headers: {}
+                })
+        subject.get_metadata_by_issuer(issuer, "dne")
+      end
+    end
+
+    context "#get_metadata_by_issuer with wallet" do
+      it "send request with options" do
+        expect(magic.http_client).to receive(:call)
+          .with(:get,
+                "/v1/admin/auth/user/get",
+                {
+                  params: { issuer: issuer, wallet_type: MagicAdmin::Resource::WalletType::ALGOD }, headers: {}
+                })
+        subject.get_metadata_by_issuer(issuer, MagicAdmin::Resource::WalletType::ALGOD)
+      end
     end
   end
 
@@ -46,6 +74,7 @@ describe MagicAdmin::Resource::User do
     it "return response" do
       url = "https://api.magic.link/v1/admin/auth/user/get?issuer="
       url += construct_issuer_with_public_address
+      url += "&wallet_type=" + MagicAdmin::Resource::WalletType::NONE
       stub_request(:get, url)
         .to_return(status: 200, body: stub_response_body.to_json, headers: {})
       reps = subject.get_metadata_by_public_address(public_address)
@@ -53,46 +82,69 @@ describe MagicAdmin::Resource::User do
     end
   end
 
-  context "#get_metadata_by_token" do
+  context "#get_metadata_by_public_address" do
     it "return response" do
       url = "https://api.magic.link/v1/admin/auth/user/get?issuer="
-      url += issuer
+      url += construct_issuer_with_public_address
+      url += "&wallet_type=" + MagicAdmin::Resource::WalletType::SOLANA
       stub_request(:get, url)
         .to_return(status: 200, body: stub_response_body.to_json, headers: {})
-      reps = subject.get_metadata_by_token(spec_did_token)
-
+      reps = subject.get_metadata_by_public_address(public_address, MagicAdmin::Resource::WalletType::SOLANA)
       expect(reps.status_code).to eq(200)
     end
   end
 
-  context "#logout_by_issuer" do
+  context "#get_metadata_by_token" do
     it "return response" do
-      url = "https://api.magic.link/v2/admin/auth/user/logout"
-      stub_request(:post, url)
+      url = "https://api.magic.link/v1/admin/auth/user/get?issuer="
+      url += issuer
+      url += "&wallet_type=" + MagicAdmin::Resource::WalletType::NONE
+      stub_request(:get, url)
         .to_return(status: 200, body: stub_response_body.to_json, headers: {})
-      reps = subject.logout_by_issuer(issuer)
+      reps = subject.get_metadata_by_token(spec_did_token)
 
       expect(reps.status_code).to eq(200)
     end
   end
 
-  context "#logout_by_public_address" do
+  context "#get_metadata_by_token" do
     it "return response" do
-      url = "https://api.magic.link/v2/admin/auth/user/logout"
-      stub_request(:post, url)
+      url = "https://api.magic.link/v1/admin/auth/user/get?issuer="
+      url += issuer
+      url += "&wallet_type=" + MagicAdmin::Resource::WalletType::ANY
+      stub_request(:get, url)
         .to_return(status: 200, body: stub_response_body.to_json, headers: {})
-      reps = subject.logout_by_public_address(public_address)
+      reps = subject.get_metadata_by_token(spec_did_token, MagicAdmin::Resource::WalletType::ANY)
+
       expect(reps.status_code).to eq(200)
     end
   end
 
-  context "#logout_by_token" do
-    it "return response" do
+  describe "#get_metadata_by_issuer object network strategy" do
+    before(:each) do
       url = "https://api.magic.link/v2/admin/auth/user/logout"
-      stub_request(:post, url)
-        .to_return(status: 200, body: stub_response_body.to_json, headers: {})
-      reps = subject.logout_by_token(spec_did_token)
-      expect(reps.status_code).to eq(200)
+      stub_request(:post, url).to_return(status: 200, body: stub_response_body.to_json, headers: {})
+    end
+
+    context "#logout_by_issuer" do
+      it "return response" do
+        reps = subject.logout_by_issuer(issuer)
+        expect(reps.status_code).to eq(200)
+      end
+    end
+   
+    context "#logout_by_public_address" do
+      it "return response" do
+        reps = subject.logout_by_public_address(public_address)
+        expect(reps.status_code).to eq(200)
+      end
+    end
+
+    context "#logout_by_token" do
+      it "return response" do
+        reps = subject.logout_by_token(spec_did_token)
+        expect(reps.status_code).to eq(200)
+      end
     end
   end
 end

data/test/spec_helper.rb

@@ -46,3 +46,6 @@ def spec_api_secret_key
   "sk_test_TESTTESTTESTTEST"
 end
 
+def spec_client_id
+  "clientId12345="
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: magic-admin
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 1.0.0
 platform: ruby
 authors:
 - Magic Labs Inc.
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-05 00:00:00.000000000 Z
+date: 2023-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eth
@@ -123,6 +123,7 @@ files:
 - lib/magic-admin/http/response.rb
 - lib/magic-admin/resource/token.rb
 - lib/magic-admin/resource/user.rb
+- lib/magic-admin/resource/wallet.rb
 - lib/magic-admin/util.rb
 - lib/magic-admin/version.rb
 - magic-admin.gemspec
@@ -138,7 +139,7 @@ homepage: https://docs.magic.link/admin-sdk/ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -153,8 +154,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
-signing_key:
+rubygems_version: 3.4.10
+signing_key: 
 specification_version: 4
 summary: Ruby bindings for the Magic Admin API
 test_files: