RubyGems - simplicity_client - Versions diffs - 0.2.2 → 0.2.3 - Mend

simplicity_client 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af805426700df49eb866015545dac1afa7c833490be0c0f2a6cb825bd9dc2e3e
-  data.tar.gz: 4dbeed2df67de9a27ff27c5521ad8b581f2e5f9b6642975612429eea7efa4f4f
+  metadata.gz: 875f444b4107a2ef0e2955c96bacb84a74b9a02089a8d72917fb4708e2110ce5
+  data.tar.gz: 6a6ba44bc27f552b42e97da6b0ff1c1a18e07ff334839107a3c276b376c23e8c
 SHA512:
-  metadata.gz: 73e5c8d7f37681956ac2dcddb647522b1cae78d78e9d85c8744c7f0a96ee18c5740e62618365ca6cb7defcdd73de4094eb5870325690f170a42af8643cf4c57e
-  data.tar.gz: d6f3d25bf87442259549191a82c2d590f7d2cdcabe8b2deba838142da0f800a8c330bacc9e4bce9e553fc887310cb4bf8597b37b472e348c7d33ddd6bd6aa26d
+  metadata.gz: 8d9ea9df4d09f765b05758fdeac3ca34f8ae18c8217601195383bf6e1aa8e09bf0faaf12d49e838adc500d4b1eb2bf597299b317c1ebe3613b717bbd25e72fac
+  data.tar.gz: e04a5050f749fa4840ab95e34b85c5f320200a1d8df5cf52965d7dc13d2149899a5014eacbe9cd985e5eb57bd495846d1eb9b10e7395ad9fc25a03e8222207bb

data/lib/simplicity_client.rb CHANGED Viewed

@@ -1,303 +1,303 @@
-# frozen_string_literal: true
-begin
-  require "dotenv/load"
-rescue LoadError
-  # Dotenv is not available, so move on without loading it. It's only used for development.
-end
-require "faraday"
-require "faraday-cookie_jar"
-require "faraday/follow_redirects"
-require "aws-sdk-cognitoidentityprovider"
-require "aws-sdk-cognitoidentity"
-require "aws-sigv4"
-require_relative "fido2_client"
-module SimplicityClient
-  Params = Struct.new(:email, :credentialId, :keyAlgorithm, :keyCurve, :keyValue, :userHandle, keyword_init: true)
-  ParamDefinition = Struct.new(:name, :label, :primary_id)
-  class Error < StandardError; end
-  # For the user interface
-  PARAMS_INFO = [
-    ParamDefinition.new(name: "email", label: "Email address", primary_id: true),
-    ParamDefinition.new(name: "credentialId", label: "Passkey credential ID"),
-    ParamDefinition.new(name: "keyAlgorithm", label: "Passkey key algorithm"),
-    ParamDefinition.new(name: "keyCurve", label: "Passkey key curve"),
-    ParamDefinition.new(name: "keyValue", label: "Passkey value"),
-    ParamDefinition.new(name: "userHandle", label: "Passkey user handle")
-  ].freeze
-  class Session
-    def initialize
-      @logger = Logger.new $stderr
-      @logger.level = Logger::DEBUG
-      @user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
-      @client = Faraday.new(
-        headers: { "User-Agent" => @user_agent },
-        # proxy: "http://Thinkbook.local:8080",
-        # :ssl => {:verify => false}
-      ) do |builder|
-        builder.response :follow_redirects
-        builder.response :logger
-        builder.adapter Faraday.default_adapter
-      end
-      @authsignal_base = "https://au.api.authsignal.com/v1"
-      @authsignal_tenant_id = "e768822f-b1a1-404c-a685-0e37905ca5f5"
-    end
-    # Write the session data out to a string so that the session can be restored later
-    def export
-      {
-        auth_data: @auth_data,
-      }.to_json
-    end
-    # Load the session data from a string to restore a session
-    def load(str)
-      json = JSON.parse(str)
-      @auth_data = json["auth_data"]
-    end
-    def login(params)
-      client = Aws::CognitoIdentityProvider::Client.new(region: "ap-southeast-2")
-      user_pool_id = "ap-southeast-2_abAklW6ap"
-      device_id = SecureRandom.uuid
-      passkey = Fido2Client::Passkey.new(params.credentialId, params.keyAlgorithm, params.keyCurve, params.keyValue, params.userHandle)
-      challenge_id = fetch_challenge_id
-      authentication_options = fetch_authentication_options(challenge_id)
-      challenge = authentication_options["options"]["challenge"]
-      assertion = Fido2Client::Client.new.get_assertion(passkey, challenge)
-      passkey_result = present_passkey(challenge_id, assertion, device_id)
-      resp = client.initiate_auth(
-        {
-          auth_flow: "CUSTOM_AUTH",
-          auth_parameters: {
-            USERNAME: params.email,
-          },
-          client_metadata: {
-            anonymousId: device_id,
-          },
-          client_id: "kvoiu7unft0c8hqqsa6hkmeu5",
-        },
-      )
-      resp = client.respond_to_auth_challenge(
-        {
-          challenge_name: "CUSTOM_CHALLENGE",
-          challenge_responses: {
-            USERNAME: params.email,
-            ANSWER: passkey_result["accessToken"],
-          },
-          client_id: "kvoiu7unft0c8hqqsa6hkmeu5",
-          session: resp.session,
-        },
-      )
-      cognito_identity_client = Aws::CognitoIdentity::Client.new(region: "ap-southeast-2")
-      # Assuming you have the Identity Pool ID and the ID token
-      identity_pool_id = "ap-southeast-2:0ed33fc6-4cef-4f2e-b634-31c616e108e2"
-      id_token = resp.authentication_result.id_token
-      # Get ID from the identity pool
-      id_response = cognito_identity_client.get_id(
-        {
-          identity_pool_id: identity_pool_id,
-          logins: {
-            "cognito-idp.ap-southeast-2.amazonaws.com/#{user_pool_id}" => id_token,
-          },
-        },
-      )
-      # Get credentials for the ID
-      credentials_response = cognito_identity_client.get_credentials_for_identity(
-        {
-          identity_id: id_response.identity_id,
-          logins: {
-            "cognito-idp.ap-southeast-2.amazonaws.com/#{user_pool_id}" => id_token,
-          },
-        },
-      )
-      access_key_id = credentials_response.credentials.access_key_id
-      secret_key = credentials_response.credentials.secret_key
-      session_token = credentials_response.credentials.session_token
-      @auth_data = {
-        email: params.email,
-        access_key_id: access_key_id,
-        secret_key: secret_key,
-        region: "ap-southeast-2",
-        session_token: session_token,
-      }.transform_keys(&:to_s)
-    end
-    def logout
-      # Not required
-    end
-    def list_accounts
-      # Ensure @auth_data contains the necessary credentials
-      raise Error, "Authentication data not found. Please login first." unless @auth_data
-      service = "execute-api"
-      region = "ap-southeast-2"
-      http_method = "POST"
-      url = "https://h4ku5ofov2.execute-api.ap-southeast-2.amazonaws.com/prod/secure"
-      email = @auth_data["email"]
-      body = {
-        variables: {},
-        query: <<-GRAPHQL
-        {
-          AccountV2(email: \"george@dewar.co.nz\") {
-            Portfolios {
-              Portfolio
-              PortfolioCode
-              MarketValue
-              IsDefault
-              CanWithdraw
-              InvestorDetails {
-                InvestmentName
-                PrimaryBeneficiarySurname
-                EntityType
-                __typename
-              }
-              __typename
-            }
-            Investment {
-              InvestmentCode
-              InvestmentType
-              Status
-              PriceDate
-              ExternalReference
-              __typename
-            }
-            __typename
-          }
-        }
-        GRAPHQL
-      }.to_json
-      signer = Aws::Sigv4::Signer.new(
-        service: service,
-        region: region,
-        access_key_id: @auth_data["access_key_id"],
-        secret_access_key: @auth_data["secret_key"],
-        session_token: @auth_data["session_token"],
-      )
-      signature = signer.sign_request(
-        http_method: http_method,
-        url: url,
-        body: body,
-      )
-      response = @client.post(url) do |req|
-        req.headers = signature.headers.merge({
-          "Content-Type" => "application/json",
-        })
-        req.body = body
-      end
-      # Handle the response
-      if response.success?
-        obj = JSON.parse(response.body)
-        obj["data"]["AccountV2"].map do |account|
-          investment = account["Investment"]
-          portfolio = account["Portfolios"][0]
-          investor_details = portfolio["InvestorDetails"]
-          {
-            accountNo: investment["InvestmentCode"],
-            accountType: "#{investment["InvestmentType"]} - #{portfolio["Portfolio"]}",
-            customerName: investor_details["InvestmentName"],
-            accountBalance: portfolio["MarketValue"],
-            isLiabilityType: false,
-            supportsTransactions: false,
-            dynamicBalance: true,
-          }
-        end
-      else
-        raise Error, "Failed to list accounts: #{response.status}, #{response.body}"
-      end
-    end
-    private
-    def fetch_challenge_id
-      response = @client.post("#{@authsignal_base}/client/challenge") do |req|
-        req.headers = {
-          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
-          "Content-Type" => "application/json",
-        }
-        req.body = {
-          action: "cognitoAuth",
-        }.to_json
-      end
-      if response.success?
-        obj = JSON.parse(response.body)
-        obj["challengeId"]
-      else
-        raise Error, "Failed to get challenge ID: #{response.status}, #{response.body}"
-      end
-    end
-    def fetch_authentication_options(challenge_id)
-      response = @client.post("#{@authsignal_base}/client/user-authenticators/passkey/authentication-options") do |req|
-        req.headers = {
-          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
-          "Content-Type" => "application/json",
-        }
-        req.body = {
-          challengeId: challenge_id,
-        }.to_json
-      end
-      if response.success?
-        JSON.parse(response.body)
-      else
-        raise Error, "Failed to get authentication options: #{response.status}, #{response.body}"
-      end
-    end
-    def present_passkey(challenge_id, assertion, device_id)
-      response = @client.post("#{@authsignal_base}/client/verify/passkey") do |req|
-        req.headers = {
-          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
-          "Content-Type" => "application/json",
-        }
-        req.body = {
-          challengeId: challenge_id,
-          authenticationCredential: {
-            id: assertion.credential_id,
-            rawId: assertion.credential_id,
-            response: {
-              authenticatorData: assertion.authenticator_data,
-              clientDataJSON: assertion.client_data_json,
-              signature: assertion.signature,
-              userHandle: assertion.user_handle,
-            },
-            type: "public-key",
-            clientExtensionResults: {},
-            authenticatorAttachment: "platform",
-          },
-          deviceId: device_id,
-        }.to_json
-      end
-      if response.success?
-        JSON.parse(response.body)
-      else
-        raise Error, "Failed to get JWT: #{response.status}, #{response.body}"
-      end
-    end
-  end
-end
+# frozen_string_literal: true
+begin
+  require "dotenv/load"
+rescue LoadError
+  # Dotenv is not available, so move on without loading it. It's only used for development.
+end
+require "faraday"
+require "faraday-cookie_jar"
+require "faraday/follow_redirects"
+require "aws-sdk-cognitoidentityprovider"
+require "aws-sdk-cognitoidentity"
+require "aws-sigv4"
+require_relative "fido2_client"
+module SimplicityClient
+  Params = Struct.new(:email, :credentialId, :keyAlgorithm, :keyCurve, :keyValue, :userHandle, keyword_init: true)
+  ParamDefinition = Struct.new(:name, :label, :primary_id)
+  class Error < StandardError; end
+  # For the user interface
+  PARAMS_INFO = [
+    ParamDefinition.new(name: "email", label: "Email address", primary_id: true),
+    ParamDefinition.new(name: "credentialId", label: "Passkey credential ID"),
+    ParamDefinition.new(name: "keyAlgorithm", label: "Passkey key algorithm"),
+    ParamDefinition.new(name: "keyCurve", label: "Passkey key curve"),
+    ParamDefinition.new(name: "keyValue", label: "Passkey value"),
+    ParamDefinition.new(name: "userHandle", label: "Passkey user handle")
+  ].freeze
+  class Session
+    def initialize
+      @logger = Logger.new $stderr
+      @logger.level = Logger::DEBUG
+      @user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+      @client = Faraday.new(
+        headers: { "User-Agent" => @user_agent },
+        # proxy: "http://Thinkbook.local:8080",
+        # :ssl => {:verify => false}
+      ) do |builder|
+        builder.response :follow_redirects
+        builder.response :logger
+        builder.adapter Faraday.default_adapter
+      end
+      @authsignal_base = "https://au.api.authsignal.com/v1"
+      @authsignal_tenant_id = "e768822f-b1a1-404c-a685-0e37905ca5f5"
+    end
+    # Write the session data out to a string so that the session can be restored later
+    def export
+      {
+        auth_data: @auth_data,
+      }.to_json
+    end
+    # Load the session data from a string to restore a session
+    def load(str)
+      json = JSON.parse(str)
+      @auth_data = json["auth_data"]
+    end
+    def login(params)
+      client = Aws::CognitoIdentityProvider::Client.new(region: "ap-southeast-2")
+      user_pool_id = "ap-southeast-2_abAklW6ap"
+      device_id = SecureRandom.uuid
+      passkey = Fido2Client::Passkey.new(params.credentialId, params.keyAlgorithm, params.keyCurve, params.keyValue, params.userHandle)
+      challenge_id = fetch_challenge_id
+      authentication_options = fetch_authentication_options(challenge_id)
+      challenge = authentication_options["options"]["challenge"]
+      assertion = Fido2Client::Client.new.get_assertion(passkey, challenge)
+      passkey_result = present_passkey(challenge_id, assertion, device_id)
+      resp = client.initiate_auth(
+        {
+          auth_flow: "CUSTOM_AUTH",
+          auth_parameters: {
+            USERNAME: params.email,
+          },
+          client_metadata: {
+            anonymousId: device_id,
+          },
+          client_id: "kvoiu7unft0c8hqqsa6hkmeu5",
+        },
+      )
+      resp = client.respond_to_auth_challenge(
+        {
+          challenge_name: "CUSTOM_CHALLENGE",
+          challenge_responses: {
+            USERNAME: params.email,
+            ANSWER: passkey_result["accessToken"],
+          },
+          client_id: "kvoiu7unft0c8hqqsa6hkmeu5",
+          session: resp.session,
+        },
+      )
+      cognito_identity_client = Aws::CognitoIdentity::Client.new(region: "ap-southeast-2")
+      # Assuming you have the Identity Pool ID and the ID token
+      identity_pool_id = "ap-southeast-2:0ed33fc6-4cef-4f2e-b634-31c616e108e2"
+      id_token = resp.authentication_result.id_token
+      # Get ID from the identity pool
+      id_response = cognito_identity_client.get_id(
+        {
+          identity_pool_id: identity_pool_id,
+          logins: {
+            "cognito-idp.ap-southeast-2.amazonaws.com/#{user_pool_id}" => id_token,
+          },
+        },
+      )
+      # Get credentials for the ID
+      credentials_response = cognito_identity_client.get_credentials_for_identity(
+        {
+          identity_id: id_response.identity_id,
+          logins: {
+            "cognito-idp.ap-southeast-2.amazonaws.com/#{user_pool_id}" => id_token,
+          },
+        },
+      )
+      access_key_id = credentials_response.credentials.access_key_id
+      secret_key = credentials_response.credentials.secret_key
+      session_token = credentials_response.credentials.session_token
+      @auth_data = {
+        email: params.email,
+        access_key_id: access_key_id,
+        secret_key: secret_key,
+        region: "ap-southeast-2",
+        session_token: session_token,
+      }.transform_keys(&:to_s)
+    end
+    def logout
+      # Not required
+    end
+    def list_accounts
+      # Ensure @auth_data contains the necessary credentials
+      raise Error, "Authentication data not found. Please login first." unless @auth_data
+      service = "execute-api"
+      region = "ap-southeast-2"
+      http_method = "POST"
+      url = "https://h4ku5ofov2.execute-api.ap-southeast-2.amazonaws.com/prod/secure"
+      email = @auth_data["email"]
+      body = {
+        variables: {},
+        query: <<-GRAPHQL,
+        {
+          AccountV2(email: \"george@dewar.co.nz\") {
+            Portfolios {
+              Portfolio
+              PortfolioCode
+              MarketValue
+              IsDefault
+              CanWithdraw
+              InvestorDetails {
+                InvestmentName
+                PrimaryBeneficiarySurname
+                EntityType
+                __typename
+              }
+              __typename
+            }
+            Investment {
+              InvestmentCode
+              InvestmentType
+              Status
+              PriceDate
+              ExternalReference
+              __typename
+            }
+            __typename
+          }
+        }
+        GRAPHQL
+      }.to_json
+      signer = Aws::Sigv4::Signer.new(
+        service: service,
+        region: region,
+        access_key_id: @auth_data["access_key_id"],
+        secret_access_key: @auth_data["secret_key"],
+        session_token: @auth_data["session_token"],
+      )
+      signature = signer.sign_request(
+        http_method: http_method,
+        url: url,
+        body: body,
+      )
+      response = @client.post(url) do |req|
+        req.headers = signature.headers.merge({
+          "Content-Type" => "application/json",
+        })
+        req.body = body
+      end
+      # Handle the response
+      if response.success?
+        obj = JSON.parse(response.body)
+        obj["data"]["AccountV2"].map do |account|
+          investment = account["Investment"]
+          portfolio = account["Portfolios"][0]
+          investor_details = portfolio["InvestorDetails"]
+          {
+            accountNo: investment["InvestmentCode"],
+            accountType: "#{investment["InvestmentType"]} - #{portfolio["Portfolio"]}",
+            customerName: investor_details["InvestmentName"],
+            accountBalance: portfolio["MarketValue"].to_f,
+            isLiabilityType: false,
+            supportsTransactions: false,
+            dynamicBalance: true,
+          }
+        end
+      else
+        raise Error, "Failed to list accounts: #{response.status}, #{response.body}"
+      end
+    end
+    private
+    def fetch_challenge_id
+      response = @client.post("#{@authsignal_base}/client/challenge") do |req|
+        req.headers = {
+          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
+          "Content-Type" => "application/json",
+        }
+        req.body = {
+          action: "cognitoAuth",
+        }.to_json
+      end
+      if response.success?
+        obj = JSON.parse(response.body)
+        obj["challengeId"]
+      else
+        raise Error, "Failed to get challenge ID: #{response.status}, #{response.body}"
+      end
+    end
+    def fetch_authentication_options(challenge_id)
+      response = @client.post("#{@authsignal_base}/client/user-authenticators/passkey/authentication-options") do |req|
+        req.headers = {
+          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
+          "Content-Type" => "application/json",
+        }
+        req.body = {
+          challengeId: challenge_id,
+        }.to_json
+      end
+      if response.success?
+        JSON.parse(response.body)
+      else
+        raise Error, "Failed to get authentication options: #{response.status}, #{response.body}"
+      end
+    end
+    def present_passkey(challenge_id, assertion, device_id)
+      response = @client.post("#{@authsignal_base}/client/verify/passkey") do |req|
+        req.headers = {
+          "Authorization" => "Basic #{Base64.encode64(@authsignal_tenant_id)}",
+          "Content-Type" => "application/json",
+        }
+        req.body = {
+          challengeId: challenge_id,
+          authenticationCredential: {
+            id: assertion.credential_id,
+            rawId: assertion.credential_id,
+            response: {
+              authenticatorData: assertion.authenticator_data,
+              clientDataJSON: assertion.client_data_json,
+              signature: assertion.signature,
+              userHandle: assertion.user_handle,
+            },
+            type: "public-key",
+            clientExtensionResults: {},
+            authenticatorAttachment: "platform",
+          },
+          deviceId: device_id,
+        }.to_json
+      end
+      if response.success?
+        JSON.parse(response.body)
+      else
+        raise Error, "Failed to get JWT: #{response.status}, #{response.body}"
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simplicity_client
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - George Dewar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-17 00:00:00.000000000 Z
+date: 2025-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-cognitoidentity