minty 1.0.0 → 1.1.0

data/EXAMPLES.md

@@ -1,195 +0,0 @@
-# Examples using ruby
-
-## Build a URL to Universal Login Page
-
-```ruby
-require 'minty'
-
-client = MintyClient.new(
-  client_id: ENV['AUTH0_RUBY_CLIENT_ID'],
-  client_secret: ENV['AUTH0_RUBY_CLIENT_SECRET'],
-  domain: ENV['AUTH0_RUBY_DOMAIN'],
-)
-
-client.authorize_url 'http://localhost:3000'
-
-> => #<URI::HTTPS https://YOUR_DOMAIN/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000>
-
-```
-
-## Management API Client
-
-As a simple example of how to get started with the management API, we'll create an admin route to point to a list of all users from Minty:
-
-```ruby
-# config/routes.rb
-Rails.application.routes.draw do
-  # ...
-  get 'admin/users', to: 'all_users#index'
-  # ...
-end
-```
-
-... and a Controller to handle that route:
-
-```ruby
-# app/controllers/all_users_controller.rb
-require 'minty'
-
-class AllUsersController < ApplicationController
-  # Get all users from Minty with "minty" in their email.
-  def index
-    @params = {
-      q: "email:*minty*",
-      fields: 'email,user_id,name',
-      include_fields: true,
-      page: 0,
-      per_page: 50
-    }
-    @users = minty_client.users @params
-  end
-
-  private
-
-  # Setup the Minty API connection.
-  def minty_client
-    @minty_client ||= MintyClient.new(
-      client_id: ENV['AUTH0_RUBY_CLIENT_ID'],
-      client_secret: ENV['AUTH0_RUBY_CLIENT_SECRET'],
-      domain: ENV['AUTH0_RUBY_DOMAIN'],
-      api_version: 2,
-      timeout: 15 # optional, defaults to 10
-    )
-  end
-end
-```
-
-In this example, we're using environment variables to store the values needed to connect to Minty and authorize. The `token` used above is an API token for the Management API with the scopes required to perform a specific action (in this case `read:users`). These tokens can be [generated manually](https://minty.page/docs/api/management/v2/tokens#get-a-token-manually) using a test Application or with the [Application](https://manage.minty.page/#/applications) being used for your project.
-
-Finally, we'll add a view to display the results:
-
-```ruby
-# app/views/all_users/index.html.erb
-<h1>Users</h1>
-<%= debug @params %>
-<%= debug @users %>
-```
-
-This should show the parameters passed to the `users` method and a list of users that matched the query (or an empty array if none).
-
-## Organizations
-
-[Organizations](https://minty.page/docs/organizations) is a set of features that provide better support for developers who build and maintain SaaS and Business-to-Business (B2B) applications.
-
-Note that Organizations is currently only available to customers on our Enterprise and Startup subscription plans.
-
-### Logging in with an Organization
-
-Configure the Authentication API client and pass your Organization ID to the authorize url:
-
-```ruby
-require 'minty'
-
-@minty_client ||= MintyClient.new(
-  client_id: '{YOUR_APPLICATION_CLIENT_ID}',
-  client_secret: '{YOUR_APPLICATION_CLIENT_SECRET}',
-  domain: '{YOUR_TENANT}.minty.page',
-  organization: "{YOUR_ORGANIZATION_ID}"
-)
-
-universal_login_url = @minty_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}")
-
-# redirect_to universal_login_url
-```
-
-### Accepting user invitations
-
-Minty Organizations allow users to be invited using emailed links, which will direct a user back to your application. The URL the user will arrive at is based on your configured `Application Login URI`, which you can change from your Application's settings inside the Minty dashboard. When they arrive at this URL, a `invitation` and `organization` query parameters will be provided
-
-```ruby
-require 'minty'
-
-@minty_client ||= MintyClient.new(
-  client_id: '{YOUR_APPLICATION_CLIENT_ID}',
-  client_secret: '{YOUR_APPLICATION_CLIENT_ID}',
-  domain: '{YOUR_TENANT}.minty.page',
-  organization: "{YOUR_ORGANIZATION_ID}"
-)
-
-universal_login_url = @minty_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}", {
-  organization: "{ORGANIZATION_QUERY_PARAM}", # You can override organization if needed
-  invitation: "{INVITATION_QUERY_PARAM}"
-})
-
-# redirect_to universal_login_url
-```
-
-## ID Token Validation
-
-An ID token may be present in the credentials received after authentication. This token contains information associated with the user that has just logged in, provided the scope used contained `openid`. You can [read more about ID tokens here](https://minty.page/docs/tokens/concepts/id-tokens).
-
-Before accessing its contents, you must first validate the ID token to ensure it has not been tampered with and that it is meant for your application to consume. Use the `validate_id_token` method to do so:
-
-```ruby
-begin
-  @minty_client.validate_id_token 'YOUR_ID_TOKEN'
-rescue Minty::InvalidIdToken => e
-  # In this case the ID Token contents should not be trusted
-end
-```
-
-The method takes the following optional keyword parameters:
-
-| Parameter      | Type           | Description                                                                                                               | Default value                                                                                                          |
-| -------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
-| `algorithm`    | `JWTAlgorithm` | The [signing algorithm](https://minty.page/docs/tokens/concepts/signing-algorithms) used by your Minty application.        | `Minty::Algorithm::RS256` (using the [JWKS URL](https://minty.page/docs/tokens/concepts/jwks) of your **Minty Domain**) |
-| `leeway`       | Integer        | Number of seconds to account for clock skew when validating the `exp`, `iat` and `azp` claims.                            | `60`                                                                                                                   |
-| `nonce`        | String         | The `nonce` value you sent in the call to `/authorize`, if any.                                                           | `nil`                                                                                                                  |
-| `max_age`      | Integer        | The `max_age` value you sent in the call to `/authorize`, if any.                                                         | `nil`                                                                                                                  |
-| `issuer`       | String         | By default the `iss` claim will be checked against the URL of your **Minty Domain**. Use this parameter to override that. | `nil`                                                                                                                  |
-| `audience`     | String         | By default the `aud` claim will be compared to your **Minty Client ID**. Use this parameter to override that.             | `nil`                                                                                                                  |
-| `organization` | String         | By default the `org_id` claim will be compared to your **Organization ID**. Use this parameter to override that.          | `nil`                                                                                                                  |
-
-You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Minty application settings panel. [We recommend](https://minty.page/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`.
-
-```ruby
-# HS256
-
-begin
-  @minty_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Minty::Algorithm::HS256.secret('YOUR_SECRET')
-rescue Minty::InvalidIdToken => e
-  # Handle error
-end
-
-# RS256 with a custom JWKS URL
-
-begin
-  @minty_client.validate_id_token 'YOUR_ID_TOKEN', algorithm: Minty::Algorithm::RS256.jwks_url('YOUR_URL')
-rescue Minty::InvalidIdToken => e
-  # Handle error
-end
-```
-
-### Organization ID Token Validation
-
-If an org_id claim is present in the Access Token, then the claim should be validated by the API to ensure that the value received is expected or known.
-
-In particular:
-
-- The issuer (iss) claim should be checked to ensure the token was issued by Minty
-
-- the org_id claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token.
-
-Normally, validating the issuer would be enough to ensure that the token was issued by Minty. In the case of organizations, additional checks should be made so that the organization within an Minty tenant is expected.
-
-If the claim cannot be validated, then the application should deem the token invalid.
-
-```ruby
-begin
-  @minty_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id}'
-rescue Minty::InvalidIdToken => e
-  # In this case the ID Token contents should not be trusted
-end
-```
-
-For more information, please read [Work with Tokens and Organizations](https://minty.page/docs/organizations/using-tokens) on Minty Docs.

data/Guardfile

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-scope group: :unit_test
-
-group :unit_test do
-  guard 'rspec', cmd:
-    "bundle exec rspec -P \"spec/lib/minty/**/*#{ENV['PATTERN']}*_spec.rb\"--drb --format Fuubar --color" do
-    # run every updated spec file
-    watch(%r{^spec/.+_spec\.rb$})
-    # run the lib specs when a file in lib/ changes
-    watch(%r{^lib/(.+)\.rb$}) { 'spec' }
-    # run all test for helper changes
-    watch('spec/spec_helper.rb') { 'spec' }
-  end
-end
-
-group :integration do
-  guard 'rspec', cmd:
-    "MODE=full bundle exec rspec -P \"spec/integration/**/*#{ENV['PATTERN']}*_spec.rb\" --drb --format Fuubar --color" do
-    # run every updated spec file
-    watch(%r{^spec/.+_spec\.rb$})
-    # run the lib specs when a file in lib/ changes
-    watch(%r{^lib/(.+)\.rb$}) { 'spec' }
-    # run all test for helper changes
-    watch('spec/spec_helper.rb') { 'spec' }
-  end
-end
-
-group :full do
-  guard 'rspec', cmd:
-    'MODE=full bundle exec rspec --drb --format Fuubar --color' do
-    # run every updated spec file
-    watch(%r{^spec/.+_spec\.rb$})
-    # run the lib specs when a file in lib/ changes
-    watch(%r{^lib/(.+)\.rb$}) { 'spec' }
-    # run all test for helper changes
-    watch('spec/spec_helper.rb') { 'spec' }
-  end
-end

data/LICENSE

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Minty, Inc. <support@minty.page> (http://minty.page)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

data/Makefile

@@ -1,5 +0,0 @@
-default: git
-git:
-	git add -A
-	git commit -m "Modified `git status --porcelain | grep 'M' | wc -l` file(s), Added `git status --porcelain | grep 'A' | wc -l` file(s), Removed `git status --porcelain | grep 'D' | wc -l` file(s)" -m "`git status --porcelain`"
-	git push -u origin main

data/RUBYGEM.md

@@ -1,9 +0,0 @@
-# Publish the Gem on RubyGems.org
-
-To publish the gem set `RUBYGEMS_EMAIL` and `RUBYGEMS_PASSWORD` environment variables with your email and password from your RubyGems account respectively.
-Then run the following [Docker](https://docs.docker.com/engine/installation/) commands in the terminal to build and publish the gem.
-
-```bash
-docker build -t minty-publish-rubygem .
-docker run --rm -e RUBYGEMS_EMAIL="$RUBYGEMS_EMAIL" -e RUBYGEMS_PASSWORD="$RUBYGEMS_PASSWORD" -it minty-publish-rubygem /bin/sh publish_rubygem.sh
-```

data/codecov.yml

@@ -1,22 +0,0 @@
-coverage:
-  precision: 2
-  round: down
-  range: "60...100"
-  status:
-    project:
-      default:
-        enabled: true
-        target: auto
-        threshold: 5%
-        if_no_uploads: error
-    patch:
-      default:
-        enabled: true
-        target: 80%
-        threshold: 30%
-        if_no_uploads: error
-    changes:
-      default:
-        enabled: true
-        if_no_uploads: error
-comment: false 

data/lib/minty/algorithm.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Minty
-  module Algorithm
-    include Minty::Mixins::Validation::Algorithm
-  end
-end

data/lib/minty/api/authentication_endpoints.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-require 'jwt'
-
-module Minty
-  module Api
-    module AuthenticationEndpoints
-      def sign_in_url(client_id: @client_id, client_secret: @client_secret, organization: @organization)
-        response = request_with_retry(:get, '/sign_in_url')
-        response['redirect_url']
-      end
-
-      def sign_up_url(client_id: @client_id, client_secret: @client_secret, organization: @organization)
-        response = request_with_retry(:get, '/sign_up_url')
-        response['redirect_url']
-      end
-
-      def forgot_password_url(client_id: @client_id, client_secret: @client_secret, organization: @organization)
-        response = request_with_retry(:get, '/forgot_password_url')
-        response['redirect_url']
-      end
-
-      private
-
-      def to_query(hash)
-        hash.map { |k, v| "#{k}=#{CGI.escape(v)}" unless v.nil? }.reject(&:nil?).join('&')
-      end
-    end
-  end
-end

data/lib/minty/api/v2.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-module Minty
-  module Api
-    module V2
-    end
-  end
-end

data/lib/minty/client.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Minty
-  class Client
-    include Minty::Mixins
-  end
-end

data/lib/minty/exception.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-module Minty
-  class Exception < StandardError
-    attr_reader :error_data
-
-    def initialize(message, error_data = {})
-      super(message)
-      @error_data = error_data
-    end
-  end
-
-  class HTTPError < Minty::Exception
-    def headers
-      error_data[:headers]
-    end
-
-    def http_code
-      error_data[:code]
-    end
-  end
-
-  class Unauthorized < Minty::HTTPError; end
-  class NotFound < Minty::HTTPError; end
-  class Unsupported < Minty::HTTPError; end
-  class ServerError < Minty::HTTPError; end
-  class BadRequest < Minty::HTTPError; end
-  class RequestTimeout < Minty::Exception; end
-  class MissingUserId < Minty::Exception; end
-  class MissingClientId < Minty::Exception; end
-  class MissingOrganizationId < Minty::Exception; end
-  class MissingActionName < Minty::Exception; end
-  class MissingActionId < Minty::Exception; end
-  class MissingExecutionId < Minty::Exception; end
-  class MissingTriggerId < Minty::Exception; end
-  class MissingParameter < Minty::Exception; end
-  class MissingVersionId < Minty::Exception; end
-  class AccessDenied < Minty::HTTPError; end
-  class InvalidParameter < Minty::Exception; end
-  class InvalidCredentials < Minty::Exception; end
-  class InvalidApiNamespace < Minty::Exception; end
-
-  class RateLimitEncountered < Minty::HTTPError
-    def reset
-      Time.at(Integer(headers[:x_ratelimit_reset])).utc
-    end
-  end
-
-  class InvalidIdToken < Minty::Exception; end
-end

data/lib/minty/mixins/api_token_struct.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-Minty::ApiToken = Struct.new :token do
-end

data/lib/minty/mixins/headers.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-
-module Minty
-  module Mixins
-    module Headers
-      def client_headers(client_id, client_secret, application_id)
-        {
-          'Content-Type' => 'application/json',
-          'Authorization' => "Bearer #{client_secret}",
-          'API-MINTY-CLIENT-ID' => client_id,
-          'API-MINTY-APPLICATION-ID' => application_id,
-          'Accept' => 'application/json'
-        }
-      end
-    end
-  end
-end

data/lib/minty/mixins/httpproxy.rb

@@ -1,125 +0,0 @@
-# frozen_string_literal: true
-
-require 'addressable/uri'
-require 'retryable'
-require_relative '../exception'
-
-module Minty
-  module Mixins
-    module HTTPProxy
-      attr_accessor :headers, :base_uri, :timeout, :retry_count
-
-      DEFAULT_RETRIES = 3
-      MAX_ALLOWED_RETRIES = 10
-      MAX_REQUEST_RETRY_JITTER = 250
-      MAX_REQUEST_RETRY_DELAY = 1000
-      MIN_REQUEST_RETRY_DELAY = 250
-      BASE_DELAY = 100
-
-      %i[get post post_file put patch delete delete_with_body].each do |method|
-        define_method(method) do |uri, body = {}, extra_headers = {}|
-          body = body.delete_if { |_, v| v.nil? }
-          token = get_token
-          authorization_header(token) unless token.nil?
-          request_with_retry(method, uri, body, extra_headers)
-        end
-      end
-
-      def retry_options
-        sleep_timer = lambda do |attempt|
-          wait = BASE_DELAY * (2**attempt - 1)
-          wait += rand(wait + 1..wait + MAX_REQUEST_RETRY_JITTER)
-          wait = [MAX_REQUEST_RETRY_DELAY, wait].min
-          wait = [MIN_REQUEST_RETRY_DELAY, wait].max
-          wait / 1000.to_f.round(2)
-        end
-
-        tries = 1 + [Integer(retry_count || DEFAULT_RETRIES), MAX_ALLOWED_RETRIES].min
-
-        {
-          tries: tries,
-          sleep: sleep_timer,
-          on: Minty::RateLimitEncountered
-        }
-      end
-
-      def encode_uri(uri)
-        path = base_uri ? Addressable::URI.new(path: uri).normalized_path : Addressable::URI.escape(uri)
-        url(path)
-      end
-
-      def url(path)
-        "#{base_uri}#{path}"
-      end
-
-      def add_headers(h = {})
-        raise ArgumentError, 'Headers must be an object which responds to #to_hash' unless h.respond_to?(:to_hash)
-
-        @headers ||= {}
-        @headers.merge!(h.to_hash)
-      end
-
-      def safe_parse_json(body)
-        JSON.parse(body.to_s)
-      rescue JSON::ParserError
-        body
-      end
-
-      def request_with_retry(method, uri, body = {}, extra_headers = {})
-        Retryable.retryable(retry_options) do
-          request(method, uri, body, extra_headers)
-        end
-      end
-
-      def request(method, uri, body = {}, extra_headers = {})
-        result = case method
-                 when :get
-                   @headers ||= {}
-                   get_headers = @headers.merge({ params: body }).merge(extra_headers)
-                   call(:get, encode_uri(uri), timeout, get_headers)
-                 when :delete
-                   @headers ||= {}
-                   delete_headers = @headers.merge({ params: body })
-                   call(:delete, encode_uri(uri), timeout, delete_headers)
-                 when :delete_with_body
-                   call(:delete, encode_uri(uri), timeout, headers, body.to_json)
-                 when :post_file
-                   body.merge!(multipart: true)
-                   post_file_headers = headers.slice(*headers.keys - ['Content-Type'])
-                   call(:post, encode_uri(uri), timeout, post_file_headers, body)
-                 else
-                   call(method, encode_uri(uri), timeout, headers, body.to_json)
-                 end
-
-        case result.code
-        when 200...226 then safe_parse_json(result.body)
-        when 400       then raise Minty::BadRequest.new(result.body, code: result.code, headers: result.headers)
-        when 401       then raise Minty::Unauthorized.new(result.body, code: result.code, headers: result.headers)
-        when 403       then raise Minty::AccessDenied.new(result.body, code: result.code, headers: result.headers)
-        when 404       then raise Minty::NotFound.new(result.body, code: result.code, headers: result.headers)
-        when 429       then raise Minty::RateLimitEncountered.new(result.body, code: result.code,
-                                                                               headers: result.headers)
-        when 500       then raise Minty::ServerError.new(result.body, code: result.code, headers: result.headers)
-        else           raise Minty::Unsupported.new(result.body, code: result.code, headers: result.headers)
-        end
-      end
-
-      def call(method, url, timeout, headers, body = nil)
-        RestClient::Request.execute(
-          method: method,
-          url: url,
-          timeout: timeout,
-          headers: headers,
-          payload: body
-        )
-      rescue RestClient::Exception => e
-        case e
-        when RestClient::RequestTimeout
-          raise Minty::RequestTimeout, e.message
-        else
-          e.response
-        end
-      end
-    end
-  end
-end

data/lib/minty/mixins/initializer.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-
-module Minty
-  module Mixins
-    module Initializer
-      def initialize(config)
-        options = Hash[config.map { |(k, v)| [k.to_sym, v] }]
-
-        @base_uri = base_url(options)
-        @timeout = options[:timeout] || 10
-        @retry_count = options[:retry_count]
-
-        extend Minty::Api::AuthenticationEndpoints
-
-        @client_id = options[:client_id]
-        @client_secret = options[:client_secret]
-        @application_id = options[:application_id]
-        @organization = options[:organization]
-        @headers = client_headers(@client_id, @client_secret, @application_id)
-      end
-
-      def self.included(klass)
-        klass.send :prepend, Initializer
-      end
-
-      private
-
-      def base_url(options)
-        @domain = options[:domain] || options[:namespace]
-        raise InvalidApiNamespace, 'API namespace must supply an API domain' if @domain.to_s.empty?
-
-        "https://#{@domain}"
-      end
-    end
-  end
-end