stormpath-sdk 1.0.0.beta.7 → 1.0.0.beta.8

data/lib/stormpath-sdk/http/request.rb

@@ -18,9 +18,9 @@ module Stormpath
     class Request
       include Stormpath::Http::Utils
 
-      attr_accessor :http_method, :href, :query_string, :http_headers, :body
+      attr_accessor :http_method, :href, :query_string, :http_headers, :body, :api_key
 
-      def initialize(http_method, href, query_string, http_headers, body)
+      def initialize(http_method, href, query_string, http_headers, body, api_key)
 
         splitted = href.split '?'
 
@@ -41,6 +41,7 @@ module Stormpath
         @http_method = http_method.upcase
         @http_headers = http_headers
         @body = body
+        @api_key = api_key
 
         if body
           @http_headers.store 'Content-Length', @body.bytesize

data/lib/stormpath-sdk/http/response.rb

@@ -17,8 +17,8 @@ module Stormpath
   module Http
     class Response
 
-      attr_reader :http_status, :headers, :body
-      attr_writer :headers
+      attr_reader :http_status, :body
+      attr_accessor :headers
 
       def initialize http_status, content_type, body, content_length
         @http_status = http_status
@@ -42,4 +42,4 @@ module Stormpath
 
     end
   end
-end
+end

data/lib/stormpath-sdk/id_site/id_site_result.rb

@@ -0,0 +1,17 @@
+module Stormpath
+  module IdSite
+    class IdSiteResult
+      attr_accessor :account_href, :state, :status, :is_new_account
+
+      alias_method :new_account?, :is_new_account
+
+      def initialize(jwt_response)
+        @account_href = jwt_response["sub"]
+        @status = jwt_response["status"]
+        @state = jwt_response["state"]
+        @is_new_account = jwt_response["isNewSub"]
+      end
+    end
+  end
+end
+

data/lib/stormpath-sdk/resource/application.rb

@@ -15,6 +15,8 @@
 #
 class Stormpath::Resource::Application < Stormpath::Resource::Instance
   include Stormpath::Resource::Status
+  include Stormpath::Resource::CustomDataStorage
+  include UUIDTools
 
   class LoadError < Stormpath::Error; end
 
@@ -26,9 +28,10 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
   has_many :password_reset_tokens, can: [:get, :create]
   has_many :account_store_mappings, can: [:get, :create]
   has_many :groups, can: [:get, :create]
-  
+
   has_one :default_account_store_mapping, class_name: :accountStoreMapping
   has_one :default_group_store_mapping, class_name: :accountStoreMapping
+  has_one :custom_data
 
   def self.load composite_url
     begin
@@ -47,6 +50,37 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     end
   end
 
+  def create_id_site_url(options = {})
+    base = client.data_store.base_url.sub("v" + Stormpath::DataStore::DEFAULT_API_VERSION.to_s, "sso")
+    base += '/logout' if options[:logout]
+
+    token = JWT.encode({
+        'iat' => Time.now.to_i,
+        'jti' => UUID.method(:random_create).call.to_s,
+        'iss' => client.data_store.api_key.id,
+        'sub' => href,
+        'cb_uri' => options[:callback_uri],
+        'path' => options[:path] || '',
+        'state' => options[:state] || ''
+      }, client.data_store.api_key.secret, 'HS256')
+
+    base + '?jwtRequest=' + token
+  end
+
+  def handle_id_site_callback(response_url)
+    assert_not_nil response_url, "No response provided. Please provide response object."
+
+    uri = URI(response_url)
+    params = CGI::parse(uri.query)
+    token = params["jwtResponse"].first
+
+    jwt_response, _header = JWT.decode(token, client.data_store.api_key.secret)
+
+    raise Stormpath::Error.new if jwt_response["aud"] != client.data_store.api_key.id
+
+    Stormpath::IdSite::IdSiteResult.new(jwt_response)
+  end
+
   def send_password_reset_email email
     password_reset_token = create_password_reset_token email;
     password_reset_token.account

data/lib/stormpath-sdk/resource/collection.rb

@@ -86,7 +86,7 @@ class Stormpath::Resource::Collection
     class CollectionPage < Stormpath::Resource::Base
       ITEMS = 'items'
 
-      prop_accessor :offset, :limit
+      prop_accessor :offset, :limit, :size
 
       attr_accessor :item_type
 

data/lib/stormpath-sdk/resource/directory.rb

@@ -15,6 +15,7 @@
 #
 class Stormpath::Resource::Directory < Stormpath::Resource::Instance
   include Stormpath::Resource::Status
+  include Stormpath::Resource::CustomDataStorage
 
   prop_accessor :name, :description
 
@@ -22,6 +23,7 @@ class Stormpath::Resource::Directory < Stormpath::Resource::Instance
 
   has_many :accounts, can: [:get, :create]
   has_many :groups, can: [:get, :create]
+  has_one :custom_data
 
   def create_account account, registration_workflow_enabled=nil
     href = accounts.href

data/lib/stormpath-sdk/resource/group.rb

@@ -35,5 +35,5 @@ class Stormpath::Resource::Group < Stormpath::Resource::Instance
     account_membership = account_memberships.find {|account_membership| account_membership.account.href == account.href }
     account_membership.delete if account_membership
   end
-  
+
 end

data/lib/stormpath-sdk/resource/tenant.rb

@@ -14,10 +14,12 @@
 # limitations under the License.
 #
 class Stormpath::Resource::Tenant < Stormpath::Resource::Instance
+  include Stormpath::Resource::CustomDataStorage
 
   prop_reader :name, :key
 
   has_many :applications
   has_many :directories
+  has_one :custom_data
 
 end

data/lib/stormpath-sdk/util/assert.rb

@@ -18,19 +18,19 @@ module Stormpath
     module Assert
 
       def assert_not_nil(object, message)
-        raise ArgumentError, message, caller unless !object.nil?
+        raise(ArgumentError, message, caller) if object.nil?
       end
 
       def assert_kind_of(clazz, object, message)
-        raise ArgumentError, message, caller unless object.kind_of? clazz
+        raise(ArgumentError, message, caller) unless object.kind_of? clazz
       end
 
       def assert_true(arg, message)
-        raise ArgumentError, message, caller unless arg
+        raise(ArgumentError, message, caller) unless arg
       end
 
       def assert_false(arg, message)
-        raise ArgumentError, message, caller unless !arg
+        raise(ArgumentError, message, caller) if arg
       end
 
     end

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.0.0.beta.7'
-  VERSION_DATE = '2014-07-21'
+  VERSION = '1.0.0.beta.8'
+  VERSION_DATE = '2015-07-28'
 end

data/spec/auth/basic_authenticator_spec.rb

@@ -4,7 +4,7 @@ describe "BasicAuthenticator" do
   context "given an instance of BasicAuthenticator" do
 
     before do
-      data_store = Stormpath::DataStore.new "", {}, ""
+      data_store = Stormpath::DataStore.new "", "", {}, ""
       allow(test_api_client).to receive(:data_store).and_return(data_store)
       auth_result = Stormpath::Authentication::AuthenticationResult.new({}, test_api_client)
       allow(data_store).to receive(:create).and_return(auth_result)

data/spec/auth/sauthc1_signer_spec.rb

@@ -19,17 +19,17 @@ describe Stormpath::Http::Authc::Sauthc1Signer do
         let(:fake_api_key) { Stormpath::ApiKey.new('foo', 'bar') }
 
         let(:empty_query_hash_request) do
-          Stormpath::Http::Request.new 'get', 'http://example.com/resources/abc123?q=red blue', nil, Hash.new, nil
+          Stormpath::Http::Request.new 'get', 'http://example.com/resources/abc123?q=red blue', nil, Hash.new, nil, test_api_key
         end
 
         let(:filled_query_hash_request) do
-          Stormpath::Http::Request.new 'get', 'http://example.com/resources/abc123', {'q' => 'red blue'}, Hash.new, nil
+          Stormpath::Http::Request.new 'get', 'http://example.com/resources/abc123', {'q' => 'red blue'}, Hash.new, nil, test_api_key
         end
 
         before do
           Timecop.freeze(Time.now)
-          signer.sign_request empty_query_hash_request, fake_api_key
-          signer.sign_request filled_query_hash_request, fake_api_key
+          signer.sign_request empty_query_hash_request
+          signer.sign_request filled_query_hash_request
         end
 
         it 'assigns identical headers to both requests' do

data/spec/client_spec.rb

@@ -262,7 +262,7 @@ properties
       it 'initializes the request executor with the proxy' do
         expect(Stormpath::Http::HttpClientRequestExecutor)
           .to receive(:new)
-          .with(api_key, proxy: http_proxy)
+          .with(proxy: http_proxy)
           .and_return request_executor
 
         Stormpath::Client.new api_key: api_key, proxy: http_proxy

data/spec/data_store_spec.rb

@@ -4,7 +4,7 @@ describe Stormpath::DataStore do
   let(:factory)           { Stormpath::Test::ResourceFactory.new }
   let(:request_executor)  { Stormpath::Test::TestRequestExecutor.new }
   let(:store)             { Stormpath::Cache::RedisStore }
-  let(:data_store)        { Stormpath::DataStore.new request_executor, {store: store}, nil, nil }
+  let(:data_store)        { Stormpath::DataStore.new request_executor, test_api_key, {store: store}, nil, nil }
   let(:application_cache) { data_store.cache_manager.get_cache 'applications' }
   let(:tenant_cache)      { data_store.cache_manager.get_cache 'tenants' }
   let(:group_cache)       { data_store.cache_manager.get_cache 'groups' }

data/spec/provider/account_resolver_spec.rb

@@ -4,7 +4,7 @@ describe "ProviderAccountResolver" do
   context "given an instance of ProviderAccountResolver" do
 
     before do
-      data_store = Stormpath::DataStore.new "", {}, ""
+      data_store = Stormpath::DataStore.new "", "", {}, ""
       allow(test_api_client).to receive(:data_store).and_return(data_store)
       auth_result = Stormpath::Provider::AccountResult.new({}, test_api_client)
       allow(data_store).to receive(:create).and_return(auth_result)

data/spec/resource/application_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+include UUIDTools
 
 describe Stormpath::Resource::Application, :vcr do
   let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
@@ -28,6 +29,7 @@ describe Stormpath::Resource::Application, :vcr do
     expect(application.tenant).to be_a Stormpath::Resource::Tenant
     expect(application.default_account_store_mapping).to be_a Stormpath::Resource::AccountStoreMapping
     expect(application.default_group_store_mapping).to be_a Stormpath::Resource::AccountStoreMapping
+    expect(application.custom_data).to be_a Stormpath::Resource::CustomData
 
     expect(application.groups).to be_a Stormpath::Resource::Collection
     expect(application.accounts).to be_a Stormpath::Resource::Collection
@@ -288,4 +290,178 @@ describe Stormpath::Resource::Application, :vcr do
       end
     end
   end
+
+  describe '#create_application_with_custom_data' do
+    it 'creates an application with custom data' do
+      application.custom_data["category"] = "classified"
+      application.save
+
+      expect(application.custom_data["category"]).to eq("classified")
+    end
+  end
+
+  describe '#create_id_site_url' do
+    let(:jwt_token) { JWT.encode({
+        'iat' => Time.now.to_i,
+        'jti' => UUID.method(:random_create).call.to_s,
+        'aud' => test_api_key_id,
+        'sub' => application.href,
+        'cb_uri' => 'http://localhost:9292/redirect',
+        'path' => '',
+        'state' => ''
+      }, test_api_key_secret, 'HS256')
+    }
+
+    let(:create_id_site_url_result) do
+      options = { callback_uri: 'http://localhost:9292/redirect' }
+      application.create_id_site_url options
+    end
+
+    it 'should create a url with jwtRequest' do
+      expect(create_id_site_url_result).to include('jwtRequest')
+    end
+
+    it 'should create a request to /sso' do
+      expect(create_id_site_url_result).to include('/sso')
+    end
+
+    it 'should create a jwtRequest that is signed wit the client secret' do
+      uri = Addressable::URI.parse(create_id_site_url_result)
+      jwt_token = JWT.decode(uri.query_values["jwtRequest"], test_api_key_secret).first
+
+      expect(jwt_token["iss"]).to eq test_api_key_id
+      expect(jwt_token["sub"]).to eq application.href
+      expect(jwt_token["cb_uri"]).to eq 'http://localhost:9292/redirect'
+    end
+
+    context 'with logout option' do
+      it 'shoud create a request to /sso/logout' do
+      end
+    end
+  end
+
+  describe '#handle_id_site_callback' do
+    let(:callback_uri_base) { 'http://localhost:9292/somwhere?jwtResponse=' }
+
+    context 'without the response_url provided' do
+      it 'should raise argument error' do
+        expect { application.handle_id_site_callback(nil) }.to raise_error(ArgumentError)
+      end
+    end
+
+    context 'with a valid jwt response' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => test_api_key_id,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'isNewSub' => true,
+          'status' => "REGISTERED"
+        }, test_api_key_secret, 'HS256')
+      }
+
+      before do
+        @site_result = application.handle_id_site_callback(callback_uri_base + jwt_token)
+      end
+
+      it 'should return IdSiteResult object' do
+        expect(@site_result).to be_kind_of(Stormpath::IdSite::IdSiteResult)
+      end
+
+      it 'should set the correct account on IdSiteResult object' do
+        expect(@site_result.account_href).to eq(application.href)
+      end
+
+      it 'should set the correct status on IdSiteResult object' do
+        expect(@site_result.status).to eq("REGISTERED")
+      end
+
+      it 'should set the correct state on IdSiteResult object' do
+        expect(@site_result.state).to eq("")
+      end
+
+      it 'should set the correct is_new_account on IdSiteResult object' do
+        expect(@site_result.new_account?).to eq(true)
+      end
+    end
+
+    context 'with an expired token' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => test_api_key_id,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'exp' => Time.now.to_i - 1,
+          'isNewSub' => true,
+          'status' => "REGISTERED"
+        }, test_api_key_secret, 'HS256')
+      }
+
+      it 'should raise expiration error' do
+        expect {
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        }.to raise_error(JWT::DecodeError)
+      end
+    end
+
+    context 'with a different client id (aud)' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => UUID.method(:random_create).call.to_s,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'isNewSub' => true,
+          'status' => "REGISTERED"
+        }, test_api_key_secret, 'HS256')
+      }
+
+      it 'should raise error' do
+        expect {
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        }.to raise_error(Stormpath::Error)
+      end
+    end
+
+    context 'with an invalid exp value' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => test_api_key_id,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'exp' => 'not gona work',
+          'isNewSub' => true,
+          'status' => "REGISTERED"
+        }, test_api_key_secret, 'HS256')
+      }
+
+      it 'should error with the expiration error' do
+        expect {
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        }.to raise_error(JWT::DecodeError)
+      end
+    end
+
+    context 'with an invalid signature' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => test_api_key_id,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'isNewSub' => true,
+          'status' => "REGISTERED"
+        }, 'false key', 'HS256')
+      }
+
+      it 'should reject the signature' do
+        expect {
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        }.to raise_error(JWT::DecodeError)
+      end
+    end
+  end
 end