passageidentity 0.0.1 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c1466ff91a157560360908cbf7f037c11f14e7d4b5c7385ef8e8a41f8e33894
-  data.tar.gz: 2edd43607d2994a65554d5e878a946ead5f1f26b0ad5b20b93351bd3dc4453a1
+  metadata.gz: d5dd45f9023ac4cd3eb005f4604f40229981aeca5c6da2ebd1eca685fcf54245
+  data.tar.gz: de14152791bbe75fb11de58d65cf72bab61f570bec22f93240f7a88c128d8eaa
 SHA512:
-  metadata.gz: 7ffcdb146558eb0df9664feaa13fe1f04388a7bad176330d863b588f881086567a0fbcf50c59c0f4831750284946d7cfd480d7bfe69f9e6ea3954bb640e2cd75
-  data.tar.gz: 891d8a07de1f8522cce169a64bbaf211604600b67c61166ea358e3615b33a95baa447de68c271ae53bbd4c78ee0f9916f85635b8e7f69e2899cfd81b50673ad6
+  metadata.gz: d7184b5a3325f54c022a0ba63c622ad38670793eeb9c3cabadb0c28c4ee9b9675f63d302a93449f1d5eac43cecbbdf0bb82c0bbb1d06132caf3d3a99f552d3d1
+  data.tar.gz: 65e9721e3ca3049a758eb0287f5f379b7e27ee43397cb75592c2875194155a9d83d95c47244716d9de09d88fb6bb9ae33115d4f45649d6095adfb15c5b562942

data/.gitignore

@@ -0,0 +1,58 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+/tests/environment.rb
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*

data/CONTRIBUTING.md

@@ -0,0 +1,71 @@
+# Ruby SDK for Passage
+
+## Testing the gem locally
+
+Install the gem
+
+```
+gem build passageidentity.gemspec
+gem install ./passageidentity-0.0.1.gem
+```
+
+Test it out:
+
+```
+irb -Ilib -rpassageidentity
+>> passage = Passage::Client.new(app_id: 'YOUR_APP_ID')
+>> passage.auth.authenticate("JWT_HERE")
+<passage_user_id>
+```
+
+Run Tests:
+
+```
+# all tests
+ruby tests/all.rb
+# individual test files
+ruby tests/*_test.rb
+```
+
+To test in the example app, change the Gemfile to include this path:
+
+```
+gem "passageidentity", path: "../../passage-ruby"
+```
+
+## Publishing
+
+Create an account in rubygems.org then run the following command with your username.
+
+```
+$ curl -u <username> https://rubygems.org/api/v1/api_key.yaml >
+~/.gem/credentials; chmod 0600 ~/.gem/credentials
+
+Enter host password for user '<username>':
+```
+
+```
+<<<<<<< HEAD
+gem push passage-0.0.0.gem
+```
+
+You can check for the gem here:
+
+```
+gem list -r passage
+```
+
+=======
+gem push passageidentity-0.0.0.gem
+
+```
+
+You can check for the gem here:
+
+```
+
+gem list -r passageidentity
+
+```
+>>>>>>> 2d0e3f6dc3b40c621c8d16506fa6ab43b0fba673
+```

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Passage
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,209 @@
+<img src="https://storage.googleapis.com/passage-docs/passage-logo-gradient.svg" alt="Passage logo" style="width:250px;"/>
+
+[![Gem Version](https://badge.fury.io/rb/passageidentity.svg)](https://badge.fury.io/rb/passageidentity)
+
+# passage-ruby
+
+This Ruby SDK allows for verification of server-side authentication and user management for Ruby applications build with [Passage](https://passage.id).
+
+Install this package using [RubyGems](https://rubygems.org/gems/passageidentity).
+
+```
+gem install passageidentity
+```
+
+## Instantiating the Passage Class
+
+Initialize the Passage Client as follows:
+
+```ruby
+PassageClient =
+  Passage::Client.new(
+    app_id: 'YOUR APP ID',
+    api_key: 'YOUR APIKEY',
+    auth_strategy: Passage::HEADER_AUTH,
+  )
+```
+
+Passage has three arguments that can be used for initialization: `app_id`, `api_key`, and `auth_strategy`.
+
+- `app_id` is the Passage App ID that specifies which app should be authorized. It has no default value and must to be set upon initialization.
+- `api_key` is an API key for the Passage app, which can be generated in the 'App Settings' section of the [Passage Console](https://console.passage.id). It is an optional parameter and not required for authenticating requests. It is required to get or update user information.
+- `auth_strategy` defines where the Passage SDK should look for the authentication token. It is set by default to `Passage::COOKIE_AUTH`, but can be changed to `Passage::HEADER_AUTH`.
+
+## Authenticating a Request
+
+To authenticate an HTTP request in a Rails application, you can use the Passage library in a middleware function. You need to provide Passage with your App ID in order to verify the JWTs.
+
+```ruby
+require 'passageidentity'
+
+class ApplicationController < ActionController::Base
+  PassageClient = Passage::Client.new(app_id: PASSAGE_APP_ID)
+  def authorize!
+    begin
+      user_id = PassageClient.auth.authenticate_request(request)
+      # user is authorized
+    rescue Exception => e
+      # handle exception (user is not authorized)
+    end
+  end
+end
+```
+
+## Retrieve User Info
+
+To retrieve information about a user, you should use the `get` method. You will need to use a Passage API key, which can be created in the Passage Console under your Application Settings. This API key grants your web server access to the Passage management APIs to get and update information about users. This API key must be protected and stored in an appropriate secure storage location. It should never be hard-coded in the repository.
+
+```ruby
+require 'passageidentity'
+
+class ApplicationController < ActionController::Base
+  PassageClient =
+    Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+  def authorize!
+    begin
+      user_id = PassageClient.auth.authenticate_request(request)
+      user = PassageClient.user.get(user_id: @user_id)
+      # user is authorized
+    rescue Exception => e
+      # handle exception (user is not authorized)
+    end
+  end
+end
+```
+
+The information available in the Passage User struct returned by PassageClient.user.get(user_id:):
+
+```ruby
+    Struct.new :id,
+               :status,
+               :email,
+               :phone,
+               :email_verified,
+               :created_at,
+               :updated_at,
+               :last_login_at,
+               :login_count,
+               :recent_events,
+               :webauthn,
+               :webauthn_devices,
+               :user_metadata,
+```
+
+## Activate/Deactivate User
+
+You can activate or deactivate a user using the Passage SDK. These actions require an API Key and deactivating a user will prevent them from logging into your application
+with Passage.
+
+```ruby
+require 'passageidentity'
+
+PassageClient =
+  Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+user = PassageClient.user.deactivate(user_id: user_id)
+user = PassageClient.user.activate(user_id: user_id)
+```
+
+## Create User
+
+You can create users using their email address or phone number. Note that their phone number must be in E164 format (example shown below).
+
+```ruby
+require 'passageidentity'
+
+PassageClient =
+  Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+user = PassageClient.user.create(email: 'exampleEmail@domain.com')
+user = PassageClient.user.create(phone: '+15005550007')
+```
+
+## Delete User
+
+You can delete a user using the Passage SDK.
+
+```ruby
+require 'passageidentity'
+
+PassageClient =
+  Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+success = PassageClient.user.delete(user_id: user_id)
+puts 'passage user was successfully deleted' if success
+```
+
+## List User Devices
+
+You can list the devices associated with a particular Passage User.
+
+```ruby
+require 'passageidentity'
+
+PassageClient =
+  Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+devices = PassageClient.user.list_devices(user_id: user_id)
+```
+
+The information available in the array of Passage Device struct returned by PassageClient.user.list_devices(user_id:):
+
+```ruby
+    Struct.new :id,
+               :cred_id,
+               :friendly_name,
+               :usage_count,
+               :last_used,
+
+```
+
+## List User Devices
+
+You can list the devices associated with a particular Passage User.
+
+```ruby
+require 'passageidentity'
+
+PassageClient = Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+success = PassageClient.user.delete_device(user_id: user_id, device_id)
+if success
+    puts "passage user device was successfully deleted"
+end
+```
+
+## Create an Embeddable Magic Link
+
+To create a magic link, you should use the `create_magic_link` method. You can check out our guide on embeddable magic links in our [docs](https://docs.passage.id/popular-guides/smart-links).
+
+```ruby
+require 'passageidentity'
+
+PassageClient =
+  Passage::Client.new(app_id: PASSAGE_APP_ID, api_key: PASSAGE_API_KEY)
+
+magic_link = PassageClient.create_magic_link(user_id: user_id)
+magic_link =
+  PassageClient.create_magic_link(
+    email: 'example@domain.com',
+    send: true,
+    channel: Passage::EMAIL_CHANNEL,
+    ttl: 120,
+  )
+```
+
+The information available in the Passage Magic Link struct returned this method is below:
+
+```ruby
+Struct.new :id,
+           :secret,
+           :activated,
+           :user_id,
+           :app_id,
+           :identifier,
+           :type,
+           :redirect_url,
+           :ttl,
+           :url
+```

data/lib/passageidentity/auth.rb

@@ -0,0 +1,115 @@
+require 'openssl'
+require 'base64'
+require 'jwt'
+require_relative 'client'
+
+module Passage
+  class Auth
+    @@app_cache = {}
+    def initialize(app_id, auth_strategy, connection)
+      @app_id = app_id
+      @auth_strategy = auth_strategy
+      @connection = connection
+
+      fetch_jwks
+    end
+
+    def fetch_app()
+      begin
+        response = @connection.get("/v1/apps/#{@app_id}")
+        return response.body['app']
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to get Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+
+    def fetch_jwks()
+      if @@app_cache[@app_id]
+        @jwks, @auth_origin = @@app_cache[@app_id]
+      else
+        app = fetch_app
+        auth_gw_connection =
+          Faraday.new(url: 'https://auth.passage.id') do |f|
+            f.request :json
+            f.request :retry
+            f.response :raise_error
+            f.response :json
+            f.adapter :net_http
+          end
+
+        # fetch the public key if not in cache
+        app = fetch_app
+        @auth_origin = app['auth_origin']
+        response =
+          auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
+        @jwks = response.body
+        @@app_cache[@app_id] ||= [@jwks, @auth_origin]
+      end
+    end
+
+    def authenticate_request(request)
+      # Get the token based on the strategy
+      if @auth_strategy === Passage::COOKIE_STRATEGY
+        unless request.cookies['psg_auth_token'].present?
+          raise PassageError,
+                `missing authentication token: expected "psg_auth_token" cookie`
+        end
+        @token = request.cookies['psg_auth_token']
+      else
+        headers = request.headers
+        unless headers['Authorization'].present?
+          raise PassageError, 'no authentication token in header'
+        end
+        @token = headers['Authorization'].split(' ').last
+      end
+
+      # authenticate the token
+      if @token
+        return authenticate_token(@token)
+      else
+        raise PassageError, 'no authentication token'
+      end
+      nil
+    end
+
+    def authenticate_token(token)
+      kid = JWT.decode(token, nil, false)[1]['kid']
+      exists = false
+      for jwk in @jwks['keys']
+        if jwk['kid'] == kid
+          exists = true
+          break
+        end
+      end
+      fetch_jwks unless exists
+      begin
+        claims =
+          JWT.decode(
+            token,
+            nil,
+            true,
+            {
+              iss: @app_id,
+              verify_iss: true,
+              aud: @auth_origin,
+              verify_aud: true,
+              algorithms: ['RS256'],
+              jwks: @jwks
+            }
+          )
+        return claims[0]['sub']
+      rescue JWT::InvalidIssuerError => e
+        raise Passage::PassageError, e.message
+      rescue JWT::InvalidAudError => e
+        raise Passage::PassageError, e.message
+      rescue JWT::ExpiredSignature => e
+        raise Passage::PassageError, e.message
+      rescue JWT::IncorrectAlgorithm => e
+        raise Passage::PassageError, e.message
+      rescue JWT::DecodeError => e
+        raise Passage::PassageError, e.message
+      end
+    end
+  end
+end

data/lib/passageidentity/client.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+require_relative 'auth'
+require_relative 'user_api'
+require_relative 'error'
+
+module Passage
+  User =
+    Struct.new :id,
+               :status,
+               :email,
+               :phone,
+               :email_verified,
+               :created_at,
+               :updated_at,
+               :last_login_at,
+               :login_count,
+               :recent_events,
+               :webauthn,
+               :webauthn_devices,
+               :user_metadata,
+               keyword_init: true
+  MagicLink =
+    Struct.new :id,
+               :secret,
+               :activated,
+               :user_id,
+               :app_id,
+               :identifier,
+               :type,
+               :redirect_url,
+               :ttl,
+               :url,
+               keyword_init: true
+  Device =
+    Struct.new :id,
+               :cred_id,
+               :friendly_name,
+               :usage_count,
+               :last_used,
+               keyword_init: true
+
+  COOKIE_STRATEGY = 0
+  HEADER_STRATEGY = 1
+
+  EMAIL_CHANNEL = 'email'
+  PHONE_CHANNEL = 'phone'
+
+  class Client
+    attr_reader :auth
+    attr_reader :user
+
+    def initialize(app_id:, api_key: '', auth_strategy: COOKIE_STRATEGY)
+      @api_url = 'https://api.passage.id'
+      @app_id = app_id
+      @api_key = api_key
+
+      # check for valid auth strategy
+      unless [COOKIE_STRATEGY, HEADER_STRATEGY].include? auth_strategy
+        raise PassageError, 'invalid auth strategy.'
+      end
+      @auth_strategy = auth_strategy
+
+      # setup
+      get_connection
+
+      # initialize auth class
+      @auth = Passage::Auth.new(@app_id, @auth_strategy, @connection)
+
+      # initialize user class
+      @user = Passage::UserAPI.new(@connection, @app_id, @api_key)
+    end
+
+    def get_connection
+      if @api_key == ''
+        @connection =
+          Faraday.new(url: @api_url) do |f|
+            f.request :json
+            f.request :retry
+            f.response :raise_error
+            f.response :json
+            f.adapter :net_http
+          end
+      else
+        @connection =
+          Faraday.new(
+            url: @api_url,
+            headers: {
+              'Authorization' => "Bearer #{@api_key}"
+            }
+          ) do |f|
+            f.request :json
+            f.request :retry
+            f.response :raise_error
+            f.response :json
+            f.adapter :net_http
+          end
+      end
+    end
+
+    def create_magic_link(
+      user_id: '',
+      email: '',
+      phone: '',
+      channel: '',
+      send: false,
+      magic_link_path: '',
+      redirect_url: '',
+      ttl: 60
+    )
+      magic_link_req = {}
+      magic_link_req['user_id'] = user_id unless user_id.empty?
+      magic_link_req['email'] = email unless email.empty?
+      magic_link_req['phone'] = phone unless phone.empty?
+
+      # check to see if the channel specified is valid before sending it off to the server
+      unless [PHONE_CHANNEL, EMAIL_CHANNEL].include? channel
+        raise PassageError,
+              'channel: must be either Passage::EMAIL_CHANNEL or Passage::PHONE_CHANNEL'
+      end
+      magic_link_req['channel'] = channel unless channel.empty?
+      magic_link_req['send'] = send
+      magic_link_req['magic_link_path'] = magic_link_path unless magic_link_path
+        .empty?
+      magic_link_req['redirect_url'] = redirect_url unless redirect_url.empty?
+      magic_link_req['ttl'] = ttl unless ttl == 0
+
+      begin
+        response =
+          @connection.post("/v1/apps/#{@app_id}/magic-links", magic_link_req)
+        magic_link = response.body['magic_link']
+        return(
+          Passage::MagicLink.new(
+            id: magic_link['id'],
+            secret: magic_link['secret'],
+            activated: magic_link['activated'],
+            user_id: magic_link['user_id'],
+            app_id: magic_link['app_id'],
+            identifier: magic_link['identifier'],
+            type: magic_link['type'],
+            redirect_url: magic_link['redirect_url'],
+            ttl: magic_link['ttl'],
+            url: magic_link['url']
+          )
+        )
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to create Passage Magic Link. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+  end
+end

data/lib/passageidentity/error.rb

@@ -0,0 +1,4 @@
+module Passage
+  class PassageError < StandardError
+  end
+end

data/lib/passageidentity/user_api.rb

@@ -0,0 +1,241 @@
+require_relative 'client'
+
+module Passage
+  class UserAPI
+    # This class will require an API key
+    def initialize(connection, app_id, api_key)
+      @connection = connection
+      @app_id = app_id
+      @api_key = api_key
+    end
+
+    def get(user_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      begin
+        response = @connection.get("/v1/apps/#{@app_id}/users/#{user_id}")
+        user = response.body['user']
+        user.transform_keys(&:to_sym)
+        return(
+          Passage::User.new(
+            id: user['id'],
+            status: user['status'],
+            email: user['email'],
+            phone: user['phone'],
+            email_verified: user['email_verified'],
+            created_at: user['created_at'],
+            updated_at: user['updated_at'],
+            last_login_at: user['last_login_at'],
+            login_count: user['login_count'],
+            webauthn: user['webauthn'],
+            webauthn_devices: user['webauthn_devices'],
+            recent_events: user['recent_events'],
+            user_metadata: user['user_metadata']
+          )
+        )
+      rescue Faraday::Error => e
+        if e.is_a? Faraday::ResourceNotFound
+          raise PassageError,
+                "passage User with ID \"#{user_id}\" does not exist"
+        else
+          raise PassageError,
+                "failed to get Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+        end
+      end
+    end
+
+    def activate(user_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      begin
+        response =
+          @connection.patch("/v1/apps/#{@app_id}/users/#{user_id}/activate")
+        user = response.body['user']
+        return(
+          Passage::User.new(
+            id: user['id'],
+            status: user['status'],
+            email: user['email'],
+            phone: user['phone'],
+            email_verified: user['email_verified'],
+            created_at: user['created_at'],
+            updated_at: user['updated_at'],
+            last_login_at: user['last_login_at'],
+            login_count: user['login_count'],
+            webauthn: user['webauthn'],
+            webauthn_devices: user['webauthn_devices'],
+            recent_events: user['recent_events'],
+            user_metadata: user['user_metadata']
+          )
+        )
+      rescue Faraday::Error => e
+        if e.is_a? Faraday::ResourceNotFound
+          raise PassageError,
+                "passage User with ID \"#{user_id}\" does not exist"
+        else
+          raise PassageError,
+                "failed to activate Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+        end
+      end
+    end
+
+    def deactivate(user_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      begin
+        response =
+          @connection.patch("/v1/apps/#{@app_id}/users/#{user_id}/deactivate")
+        user = response.body['user']
+        return(
+          Passage::User.new(
+            id: user['id'],
+            status: user['status'],
+            email: user['email'],
+            phone: user['phone'],
+            email_verified: user['email_verified'],
+            created_at: user['created_at'],
+            updated_at: user['updated_at'],
+            last_login_at: user['last_login_at'],
+            login_count: user['login_count'],
+            webauthn: user['webauthn'],
+            webauthn_devices: user['webauthn_devices'],
+            recent_events: user['recent_events'],
+            user_metadata: user['user_metadata']
+          )
+        )
+      rescue Faraday::Error => e
+        if e.is_a? Faraday::ResourceNotFound
+          raise PassageError,
+                "passage User with ID \"#{user_id}\" does not exist"
+        else
+          raise PassageError,
+                "failed to deactivate Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+        end
+      end
+    end
+
+    def update(user_id:, email: '', phone: '', user_metadata: {})
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      updates = {}
+      updates['email'] = email unless email.empty?
+      updates['phone'] = phone unless phone.empty?
+      updates['user_metadata'] = user_metadata unless user_metadata.empty?
+      begin
+        response =
+          @connection.patch("/v1/apps/#{@app_id}/users/#{user_id}", updates)
+        user = response.body['user']
+        return(
+          Passage::User.new(
+            id: user['id'],
+            status: user['status'],
+            email: user['email'],
+            phone: user['phone'],
+            email_verified: user['email_verified'],
+            created_at: user['created_at'],
+            updated_at: user['updated_at'],
+            last_login_at: user['last_login_at'],
+            login_count: user['login_count'],
+            webauthn: user['webauthn'],
+            webauthn_devices: user['webauthn_devices'],
+            recent_events: user['recent_events'],
+            user_metadata: user['user_metadata']
+          )
+        )
+      rescue Faraday::Error => e
+        if e.is_a? Faraday::ResourceNotFound
+          raise PassageError,
+                "passage User with ID \"#{user_id}\" does not exist"
+        else
+          raise PassageError,
+                "failed to update Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+        end
+      end
+    end
+
+    def create(email: '', phone: '', user_metadata: {})
+      create = {}
+      create['email'] = email unless email.empty?
+      create['phone'] = phone unless phone.empty?
+      create['user_metadata'] = user_metadata unless user_metadata.empty?
+      begin
+        response = @connection.post("/v1/apps/#{@app_id}/users", create)
+        user = response.body['user']
+        return(
+          Passage::User.new(
+            id: user['id'],
+            status: user['status'],
+            email: user['email'],
+            phone: user['phone'],
+            email_verified: user['email_verified'],
+            created_at: user['created_at'],
+            updated_at: user['updated_at'],
+            last_login_at: user['last_login_at'],
+            login_count: user['login_count'],
+            webauthn: user['webauthn'],
+            webauthn_devices: user['webauthn_devices'],
+            recent_events: user['recent_events'],
+            user_metadata: user['user_metadata']
+          )
+        )
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to create Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+
+    def delete(user_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      begin
+        response = @connection.delete("/v1/apps/#{@app_id}/users/#{user_id}")
+        return true
+      rescue Faraday::Error => e
+        if e.is_a? Faraday::ResourceNotFound
+          raise PassageError,
+                "passage User with ID \"#{user_id}\" does not exist"
+        else
+          raise PassageError,
+                "failed to delete Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+        end
+      end
+    end
+
+    def delete_device(user_id:, device_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      if device_id.to_s.empty?
+        raise PassageError, 'must supply a valid device_id'
+      end
+      begin
+        response =
+          @connection.delete(
+            "/v1/apps/#{@app_id}/users/#{user_id}/devices/#{device_id}"
+          )
+        return true
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to delete Passage User Device. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+
+    def list_devices(user_id:)
+      raise PassageError, 'must supply a valid user_id' if user_id.to_s.empty?
+      begin
+        response =
+          @connection.get("/v1/apps/#{@app_id}/users/#{user_id}/devices")
+        devicesResp = response.body['devices']
+        devices = Array.new
+        devicesResp.each do |device|
+          devices.append(
+            Passage::Device.new(
+              id: device['id'],
+              cred_id: device['cred_id'],
+              friendly_name: device['friendly_name'],
+              usage_count: device['usage_count'],
+              last_used: device['last_used']
+            )
+          )
+        end
+        return devices
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to delete Passage User Device. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+  end
+end

data/lib/passageidentity.rb

@@ -4,6 +4,5 @@ require 'faraday'
 
 require_relative 'passageidentity/client'
 
-module Passage end
-
-
+module Passage
+end

data/passage-ruby

@@ -0,0 +1 @@
+passage-ruby

data/passageidentity.gemspec

@@ -0,0 +1,30 @@
+Gem::Specification.new do |s|
+  s.name = 'passageidentity'
+  s.version = '0.0.4'
+  s.summary = 'Passage SDK for biometric authentication'
+  s.description =
+    'Enables verification of server-side authentication and user management for applications using Passage'
+  s.authors = ['Passage Identity']
+  s.email = 'support@passage.id'
+  s.files = ['lib/passageidentity.rb']
+  s.homepage = 'https://rubygems.org/gems/passageidentity'
+  s.license = 'MIT'
+
+  s.metadata['source_code_uri'] =
+    'https://github.com/passage-identity/passage-ruby'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  s.require_paths = ['lib']
+
+  s.files =
+    Dir.chdir(File.expand_path(__dir__)) do
+      `git ls-files -z`.split("\x0").reject do |f|
+        f.match(%r{^(test|spec|features)/})
+      end
+    end
+
+  s.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
+  s.add_dependency 'jwt', '>= 2.3.0'
+  s.add_dependency 'openssl', '>= 3.0.0'
+end

data/tests/all.rb

@@ -0,0 +1,2 @@
+Dir[File.dirname(File.absolute_path(__FILE__)) + '/**/*_test.rb']
+  .each { |file| require file }

data/tests/auth_test.rb

@@ -0,0 +1,14 @@
+require_relative '../lib/passageidentity/client'
+require_relative './environment'
+require 'faraday'
+require 'test/unit'
+
+class TestUserAPI < Test::Unit::TestCase
+  PassageClient =
+    Passage::Client.new(app_id: ENV['APP_ID'], api_key: ENV['API_KEY'])
+
+  def test_authenticate_token
+    user_id = PassageClient.auth.authenticate_token(ENV['PSG_JWT'])
+    assert_equal ENV['TEST_USER_ID'], user_id
+  end
+end

data/tests/magic_link_test.rb

@@ -0,0 +1,20 @@
+require_relative '../lib/passageidentity/client'
+require_relative './environment'
+require 'faraday'
+require 'test/unit'
+
+class TestUserAPI < Test::Unit::TestCase
+  PassageClient =
+    Passage::Client.new(app_id: ENV['APP_ID'], api_key: ENV['API_KEY'])
+
+  def test_create_magi_link()
+    magic_link =
+      PassageClient.create_magic_link(
+        email: 'chris@passage.id',
+        channel: Passage::EMAIL_CHANNEL,
+        ttl: 12
+      )
+    assert_equal 12, magic_link.ttl
+    assert_equal 'chris@passage.id', magic_link.identifier
+  end
+end

data/tests/user_api_test.rb

@@ -0,0 +1,74 @@
+require_relative '../lib/passageidentity/client'
+require_relative './environment'
+require 'faraday'
+require 'test/unit'
+
+class TestUserAPI < Test::Unit::TestCase
+  PassageClient =
+    Passage::Client.new(app_id: ENV['APP_ID'], api_key: ENV['API_KEY'])
+
+  def setup()
+    $global_test_user =
+      PassageClient.user.create(
+        email: 'chris+test-ruby@passage.id',
+        user_metadata: {
+          'example1': 'cool'
+        }
+      )
+  end
+
+  def test_create_delete_user()
+    user =
+      PassageClient.user.create(
+        email: 'chris+test-create-delete@passage.id',
+        user_metadata: {
+          'example1': 'cool'
+        }
+      )
+    assert_equal 'chris+test-create-delete@passage.id', user.email
+    assert_equal 'cool', user.user_metadata['example1']
+    deleted = PassageClient.user.delete(user_id: user.id)
+    assert_equal true, deleted
+  end
+
+  def test_get_user()
+    user = PassageClient.user.get(user_id: $global_test_user.id)
+    assert_equal $global_test_user.id, user.id
+  end
+
+  def test_deactivate_user()
+    user = PassageClient.user.deactivate(user_id: $global_test_user.id)
+    assert_equal $global_test_user.id, user.id
+    assert_equal 'inactive', user.status
+  end
+
+  def test_activate_user()
+    user = PassageClient.user.activate(user_id: $global_test_user.id)
+    assert_equal $global_test_user.id, user.id
+    assert_equal 'active', user.status
+  end
+
+  def test_update_user()
+    new_email = 'chris+update_test-ruby@passage.id'
+    user =
+      PassageClient.user.update(
+        user_id: $global_test_user.id,
+        email: new_email,
+        user_metadata: {
+          'example1': 'lame'
+        }
+      )
+    assert_equal $global_test_user.id, user.id
+    assert_equal new_email, user.email
+    assert_equal 'lame', user.user_metadata['example1']
+  end
+
+  def test_list_devices()
+    devices = PassageClient.user.list_devices(user_id: $global_test_user.id)
+    assert_equal [], devices
+  end
+
+  def teardown()
+    deleted = PassageClient.user.delete(user_id: $global_test_user.id)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passageidentity
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.4
 platform: ruby
 authors:
 - Passage Identity
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-18 00:00:00.000000000 Z
+date: 2022-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -65,7 +65,21 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".gitignore"
+- CONTRIBUTING.md
+- LICENSE
+- README.md
 - lib/passageidentity.rb
+- lib/passageidentity/auth.rb
+- lib/passageidentity/client.rb
+- lib/passageidentity/error.rb
+- lib/passageidentity/user_api.rb
+- passage-ruby
+- passageidentity.gemspec
+- tests/all.rb
+- tests/auth_test.rb
+- tests/magic_link_test.rb
+- tests/user_api_test.rb
 homepage: https://rubygems.org/gems/passageidentity
 licenses:
 - MIT