minty 1.0.1 → 1.1.0

data/lib/minty/mixins/validation.rb

@@ -1,113 +0,0 @@
-# frozen_string_literal: true
-
-require 'zache'
-
-class Zache
-  def last(key)
-    @hash[key][:value] if @hash.key?(key)
-  end
-end
-
-module Minty
-  module Mixins
-    module Validation
-      class JWTAlgorithm
-        private_class_method :new
-
-        def name
-          raise 'Must be overriden by the subclasses'
-        end
-      end
-
-      module Algorithm
-        class HS256 < JWTAlgorithm
-          class << self
-            private :new
-
-            def secret(secret)
-              new secret
-            end
-          end
-
-          attr_accessor :secret
-
-          def initialize(secret)
-            raise Minty::InvalidParameter, 'Must supply a valid secret' if secret.to_s.empty?
-
-            @secret = secret
-          end
-
-          def name
-            'HS256'
-          end
-        end
-
-        class RS256 < JWTAlgorithm
-          include Minty::Mixins::HTTPProxy
-
-          @@cache = Zache.new.freeze
-
-          class << self
-            private :new
-
-            def jwks_url(url, lifetime: 10 * 60)
-              new url, lifetime
-            end
-
-            def remove_jwks
-              @@cache.remove_by { true }
-            end
-          end
-
-          def initialize(jwks_url, lifetime)
-            raise Minty::InvalidParameter, 'Must supply a valid jwks_url' if jwks_url.to_s.empty?
-
-            unless lifetime.is_a?(Integer) && lifetime >= 0
-              raise Minty::InvalidParameter,
-                    'Must supply a valid lifetime'
-            end
-
-            @lifetime = lifetime
-            @jwks_url = jwks_url
-            @did_fetch_jwks = false
-          end
-
-          def name
-            'RS256'
-          end
-
-          def jwks(force: false)
-            result = fetch_jwks if force
-
-            if result
-              @@cache.put(@jwks_url, result, lifetime: @lifetime)
-              return result
-            end
-
-            previous_value = @@cache.last(@jwks_url)
-
-            @@cache.get(@jwks_url, lifetime: @lifetime, dirty: true) do
-              new_value = fetch_jwks
-
-              raise Minty::InvalidIdToken, 'Could not fetch the JWK set' unless new_value || previous_value
-
-              new_value || previous_value
-            end
-          end
-
-          def fetched_jwks?
-            @did_fetch_jwks
-          end
-
-          private
-
-          def fetch_jwks
-            result = request_with_retry(:get, @jwks_url, {}, {})
-            @did_fetch_jwks = result.is_a?(Hash) && result.key?('keys')
-            result if @did_fetch_jwks
-          end
-        end
-      end
-    end
-  end
-end

data/lib/minty/mixins.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-require 'base64'
-require 'rest-client'
-require 'uri'
-
-require 'minty/mixins/api_token_struct'
-require 'minty/mixins/headers'
-require 'minty/mixins/httpproxy'
-require 'minty/mixins/initializer'
-require 'minty/mixins/validation'
-
-require 'minty/api/authentication_endpoints'
-require 'minty/api/v2'
-
-module Minty
-  # Collecting dependencies here
-  module Mixins
-    include Minty::Mixins::Headers
-    include Minty::Mixins::HTTPProxy
-    include Minty::Mixins::Initializer
-  end
-end

data/lib/minty_client.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-class MintyClient < Minty::Client
-end

data/spec/integration/lib/minty/api/api_authentication_spec.rb

@@ -1,122 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-describe Minty::Api::AuthenticationEndpoints do
-  attr_reader :client, :test_user_email, :test_user_pwd, :test_user
-
-  before(:all) do
-    @client = MintyClient.new(v2_creds)
-
-    @test_user_email = "#{entity_suffix}-username-1@minty.page"
-    @test_user_pwd = '23kejn2jk3en2jke2jk3be2jk3ber'
-
-    VCR.use_cassette('Minty_Api_AuthenticationEndpoints/create_test_user') do
-      @test_user ||= @client.signup(
-        test_user_email,
-        test_user_pwd
-      )
-    end
-  end
-
-  after(:all) do
-    VCR.use_cassette('Minty_Api_AuthenticationEndpoints/delete_test_user') do
-      @client.delete_user("minty|#{test_user['_id']}")
-    end
-  end
-
-  describe '.signup', vcr: true do
-    it 'should signup a new user' do
-      expect(test_user).to(include('_id', 'email'))
-    end
-
-    it 'should return the correct email address' do
-      expect(test_user['email']).to eq test_user_email
-    end
-  end
-
-  describe '.change_password', vcr: true do
-    it 'should trigger a password reset' do
-      expect(
-        @client.change_password(test_user_email, '')
-      ).to(include("We've just sent you an email to reset your password."))
-    end
-  end
-
-  describe '.saml_metadata', vcr: true do
-    it 'should retrieve SAML metadata' do
-      expect(@client.saml_metadata).to(include('<EntityDescriptor'))
-    end
-  end
-
-  describe '.wsfed_metadata', vcr: true do
-    it 'should retrieve WSFED metadata' do
-      expect(@client.wsfed_metadata).to(include('<EntityDescriptor'))
-    end
-  end
-
-  describe '.userinfo', vcr: true do
-    it 'should fail as not authorized' do
-      expect do
-        @client.userinfo('invalid_token')
-      end.to raise_error Minty::Unauthorized
-    end
-
-    it 'should return the userinfo' do
-      tokens = @client.login_with_resource_owner(test_user_email, test_user_pwd)
-      expect(@client.userinfo(tokens['access_token'])).to(
-        include('email' => test_user_email)
-      )
-    end
-  end
-
-  describe '.login_with_resource_owner', vcr: true do
-    it 'should fail with an incorrect email' do
-      expect do
-        @client.login_with_resource_owner(
-          "#{test_user['email']}_invalid",
-          test_user_pwd
-        )
-      end.to raise_error Minty::AccessDenied
-    end
-
-    it 'should fail with an incorrect password' do
-      expect do
-        @client.login_with_resource_owner(
-          test_user['email'],
-          "#{test_user_pwd}_invalid"
-        )
-      end.to raise_error Minty::AccessDenied
-    end
-
-    it 'should login successfully with a default scope' do
-      expect(
-        @client.login_with_resource_owner(
-          test_user['email'],
-          test_user_pwd
-        ).token
-      ).to_not be_empty
-    end
-
-    it 'should fail with an invalid audience' do
-      expect do
-        @client.login_with_resource_owner(
-          test_user['email'],
-          test_user_pwd,
-          scope: 'test:scope',
-          audience: 'https://brucke.club/invalid/api/v1/'
-        )
-      end.to raise_error Minty::BadRequest
-    end
-
-    it 'should login successfully with a custom audience' do
-      expect(
-        @client.login_with_resource_owner(
-          test_user['email'],
-          test_user_pwd,
-          scope: 'test:scope',
-          audience: 'https://brucke.club/custom/api/v1/'
-        ).token
-      ).to_not be_empty
-    end
-  end
-end

data/spec/integration/lib/minty/minty_client_spec.rb

@@ -1,92 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-describe Minty::Client do
-  shared_examples 'invalid credentials' do |credentials, error|
-    it "raise an error with credentials #{credentials}" do
-      if error.nil?
-        expect { MintyClient.new(credentials) }.to raise_error
-      else
-        expect { MintyClient.new(credentials) }.to raise_error(error)
-      end
-    end
-  end
-
-  it_should_behave_like 'invalid credentials', {
-    namespace: 'samples.minty.page'
-  }, Minty::InvalidCredentials
-
-  it_should_behave_like 'invalid credentials', {
-    namespace: 'samples.minty.page', client_id: 'client_id'
-  }, Minty::InvalidCredentials
-
-  it_should_behave_like 'invalid credentials', {
-    namespace: 'samples.minty.page', client_secret: 'secret'
-  }, Minty::InvalidCredentials
-
-  it_should_behave_like 'invalid credentials', {
-    namespace: 'samples.minty.page', api_version: 2
-  }, Minty::InvalidCredentials
-
-  it_should_behave_like 'invalid credentials', {}, Minty::InvalidApiNamespace
-
-  it_should_behave_like 'invalid credentials', {
-    api_version: 2
-  }, Minty::InvalidApiNamespace
-
-  it_should_behave_like 'invalid credentials', {
-    api_version: 1
-  }, Minty::InvalidApiNamespace
-
-  it_should_behave_like 'invalid credentials', {
-    client_id: 'client_id', client_secret: 'secret'
-  }, Minty::InvalidApiNamespace
-
-  it_should_behave_like 'invalid credentials', {
-    api_version: 2, token: 'token'
-  }, Minty::InvalidApiNamespace
-
-  let(:v2_credentials) { { domain: 'test.minty.page' } }
-
-  shared_examples 'valid credentials' do
-    it { expect { MintyClient.new(credentials) }.to_not raise_error }
-  end
-
-  it_should_behave_like 'valid credentials' do
-    let(:credentials) { v2_credentials.merge(token: 'TEST_API_TOKEN') }
-  end
-
-  it_should_behave_like 'valid credentials' do
-    let(:credentials) { v2_credentials.merge(access_token: 'TEST_API_TOKEN') }
-  end
-
-  context 'client headers' do
-    let(:client) { Minty::Client.new(v2_credentials.merge(access_token: 'abc123', domain: 'myhost.minty.page')) }
-    let(:headers) { client.headers }
-    let(:telemetry) { JSON.parse(Base64.urlsafe_decode64(headers['Minty-Client'])) }
-
-    it 'has the correct headers present' do
-      expect(headers.keys.sort).to eql(%w[Minty-Client Authorization Content-Type])
-    end
-
-    it 'uses the correct access token' do
-      expect(headers['Authorization']).to eql 'Bearer abc123'
-    end
-
-    it 'is always json' do
-      expect(headers['Content-Type']).to eql 'application/json'
-    end
-
-    it 'should include the correct name in telemetry data' do
-      expect(telemetry['name']).to eq('ruby')
-    end
-
-    it 'should include the correct version in telemetry data' do
-      expect(telemetry['version']).to eq(Minty::VERSION)
-    end
-
-    it 'should include the correct env in telemetry data' do
-      expect(telemetry['env']['ruby']).to eq(RUBY_VERSION)
-    end
-  end
-end

data/spec/lib/minty/client_spec.rb

@@ -1,223 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Minty::Client do
-  shared_examples_for 'v2 API client' do
-    it { should be_a Minty::Api::V2 }
-    it { should be_a Minty::Api::V2::Blacklists }
-    it { should be_a Minty::Api::V2::Clients }
-    it { should be_a Minty::Api::V2::ClientGrants }
-    it { should be_a Minty::Api::V2::Connections }
-    it { should be_a Minty::Api::V2::DeviceCredentials }
-    it { should be_a Minty::Api::V2::Emails }
-    it { should be_a Minty::Api::V2::Jobs }
-    it { should be_a Minty::Api::V2::Logs }
-    it { should be_a Minty::Api::V2::ResourceServers }
-    it { should be_a Minty::Api::V2::Rules }
-    it { should be_a Minty::Api::V2::Stats }
-    it { should be_a Minty::Api::V2::Tenants }
-    it { should be_a Minty::Api::V2::Tickets }
-    it { should be_a Minty::Api::V2::UserBlocks }
-    it { should be_a Minty::Api::V2::Users }
-    it { should be_a Minty::Api::V2::UsersByEmail }
-  end
-
-  shared_examples_for 'Authentication API client' do
-    it { should be_a Minty::Api::AuthenticationEndpoints }
-  end
-
-  let(:domain) { 'samples.minty.page' }
-  let(:client_id) { '__test_client_id__' }
-  let(:client_secret) { '__test_client_secret__' }
-  let(:access_token) { '__test_access_token__' }
-  let(:organization) { '__test_organization__' }
-
-  describe 'V2 client with token' do
-    before :each do
-      expect_any_instance_of(Minty::Api::AuthenticationEndpoints)
-        .not_to receive(:obtain_access_token)
-    end
-
-    context 'and namespace' do
-      let(:subject) do
-        Minty::Client.new(
-          access_token: access_token,
-          namespace: domain
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'and domain' do
-      let(:subject) do
-        Minty::Client.new(
-          access_token: access_token,
-          domain: domain
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'and version' do
-      let(:subject) do
-        Minty::Client.new(
-          api_version: 2,
-          access_token: access_token,
-          domain: domain
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'with token' do
-      let(:subject) do
-        Minty::Client.new(
-          api_version: 2,
-          token: access_token,
-          domain: domain
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'with token and client_secret' do
-      let(:subject) do
-        Minty::Client.new(
-          token: access_token,
-          domain: domain,
-          client_secret: client_secret
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-  end
-
-  describe 'V2 client without token' do
-    context 'should try to get an API token' do
-      before do
-        stub_api_token
-      end
-
-      let(:subject) do
-        Minty::Client.new(
-          domain: domain,
-          client_id: client_id,
-          client_secret: client_secret
-        )
-      end
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'when try to get an API tokenwith api_identifier' do
-      let(:api_identifier) { 'https://samples.api_identifier/api/v2/' }
-
-      before do
-        stub_api_token_with_api_identifier
-      end
-
-      let(:subject) do
-        Minty::Client.new(
-          domain: domain,
-          client_id: client_id,
-          client_secret: client_secret,
-          api_identifier: api_identifier
-        )
-      end
-
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'when try to get an API token with organization' do
-      before do
-        stub_api_token_with_organization
-      end
-
-      let(:subject) do
-        Minty::Client.new(
-          domain: domain,
-          client_id: client_id,
-          client_secret: client_secret,
-          organization: organization
-        )
-      end
-
-      it_should_behave_like 'v2 API client'
-      it_should_behave_like 'Authentication API client'
-    end
-
-    context 'should fail if' do
-      it 'does not have a client_secret' do
-        expect do
-          Minty::Client.new(
-            domain: domain,
-            client_id: client_id
-          )
-        end.to raise_error('Must supply a valid API token')
-      end
-    end
-  end
-
-  def stub_api_token
-    stub_request(:post, "https://#{domain}/oauth/token")
-      .with(
-        body: hash_including(
-          {
-            grant_type: 'client_credentials',
-            client_id: client_id,
-            client_secret: client_secret,
-            audience: "https://#{domain}/api/v2/"
-          }
-        )
-      )
-      .to_return(
-        headers: { 'Content-Type' => 'application/json' },
-        body: '{"access_token":"__test_access_token__"}',
-        status: 200
-      )
-  end
-
-  def stub_api_token_with_api_identifier
-    stub_request(:post, "https://#{domain}/oauth/token")
-      .with(
-        body: hash_including(
-          {
-            grant_type: 'client_credentials',
-            client_id: client_id,
-            client_secret: client_secret,
-            audience: api_identifier
-          }
-        )
-      )
-      .to_return(
-        headers: { 'Content-Type' => 'application/json' },
-        body: '{"access_token":"__test_access_token__"}',
-        status: 200
-      )
-  end
-
-  def stub_api_token_with_organization
-    stub_request(:post, "https://#{domain}/oauth/token")
-      .with(
-        body: hash_including(
-          {
-            grant_type: 'client_credentials',
-            client_id: client_id,
-            client_secret: client_secret
-          }
-        )
-      )
-      .to_return(
-        headers: { 'Content-Type' => 'application/json' },
-        body: '{"access_token":"__test_access_token__"}',
-        status: 200
-      )
-  end
-end