stormpath-sdk 1.0.0.beta.9 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ffd1ce3b14483c0ba0f564a704d5e7d6d079a99e
-  data.tar.gz: b59460eaea481ca8e83d4a4bf4accb8728481554
+  metadata.gz: b211d2e9b37f2df77845364b2739620106da3820
+  data.tar.gz: 610cf6e36422987c042c6f60cb591427eee156c7
 SHA512:
-  metadata.gz: 6fa8d912dd6323c2dcfe19d08bbc7a2efce1c8eea0d74ab2f34dfbbb1d891e78126ee4022045bc4d39faae429a98784ec9cfdd479cd920eafca443271cd10d32
-  data.tar.gz: 08e1230337d60e8e55026ca367ac2103cd9c5414a1cc075301384d8550b78a1b2f2f35ea6001bd60296e03e2715582fc3fff77c516fb04924aece923a15a70ce
+  metadata.gz: 21b0d6b070b40ef895ad054eb49d31d254338ccc16e8c6dd62b7365a93d9de004c1497494e2f4168e6956fb8a1fa30ee1237e51a0207884efd5f92a57703fcfc
+  data.tar.gz: 2aedc019f6b3b03fa385962a914dd9d31dd99e9a24dd40e9547f8334b1cc5a0780d88c2d91f3969ea35c05b4c8928d7784e657399a956e96fd87d87960f1e45c

data/.travis.yml

@@ -5,6 +5,8 @@ rvm:
 - 2.1.2
 services:
 - redis-server
+before_install:
+  - gem install bundler
 env:
   global:
   - secure: MeyjZGgySZvpYVRm2i7wkrhvu9KUeU7eQ5aKj7FXqIYlQe3T67k+KKA3Ejp6WC3wUEVPUFseWMZCuNkRc0UeGA5/4e4LLc++XuaZn1jLTm1yNofh/CFAAjt5VdIYz4R7sKxpyLxs0orK2+HcaiCoqSDj7ehw2SlDca9VEi0GoQk=

data/README.md

@@ -292,6 +292,44 @@ end
 
 The application will be an instance of your application. callback_uri is a url with which you want to handle the ID Site information, this url also needs to be set in the Stormpath’s dashboard on [ID Site settings page](https://api.stormpath.com/ui2/index.html#/id-site) as Authorized Redirect URLs.
 
+##### Using ID Site for [multitenancy][id-site-multitenancy]
+
+When a user wants to login to your application, you may want to specify an organization for the user to login to. Stormpath ID Site is configurable to support multitenancy with Organization resources
+
+```ruby
+application.create_id_site_url({
+  callback_uri: 'https://trooperapp.com/callback',
+  organization_name_key: 'stormtrooper',
+  show_organization_field: true
+});
+```
+
+##### Using Subdomains 
+
+In some cases, you may want to show the organization that the user is logging into as a subdomain instead of an form field. To configure this, you need to use a [wildcard certificate][wildcard-certificate] when setting up your [custom domain with ID Site][custom-domain-with-id-site]. Otherwise, the Stormpath infrastructure will cause browser SSL errors.
+
+Once a wildcard certificate is configured on your domain, you can tell ID Site to use a subdomain to represent the organization:
+
+```ruby
+application.create_id_site_url({
+  callback_uri: 'https://trooperapp.com/callback',
+  organization_name_key: 'stormtrooper',
+  use_subdomain: true
+});
+```
+
+##### Specifying the Organization
+
+In the case where you are using a subdomain to designate the organization, you can tell ID Site which organization the user is logging into to.
+
+```ruby
+application.create_id_site_url({
+  callback_uri: 'https://trooperapp.com/callback',
+  organization_name_key: 'stormtrooper',
+  show_organization_field: true
+})
+```
+
 #### Handle ID Site Callback
 
 For any request you make for ID Site, you need to specify a callback uri. To parse the information from the servers response and to decode the data from the JWT token you need to call the handle_id_site_callback method and pass the Request URI.
@@ -311,7 +349,7 @@ end
 
 There are a few other methods that you will need to concern yourself with when using ID Site. Logging out a User, Registering a User, and a User who has forgotten their password. These methods will use the same information from the login method but a few more items will need to be passed into the array. For example if you have a sinatra application.
 
-Logging Out a User
+##### Logging Out a User
 ```ruby
 app.get ‘/logout' do
   user_data = application.handle_id_site_callback(request.url)
@@ -319,7 +357,7 @@ app.get ‘/logout' do
 end
 ```
 
-Registering a User
+##### Registering a User
 ```ruby
 app.get ‘/register' do
   user_data = application.handle_id_site_callback(request.url)
@@ -327,7 +365,7 @@ app.get ‘/register' do
 end
 ```
 
-Forgot Link
+##### Forgot Link
 ```ruby
 app.get ‘/forgot' do
   user_data = application.handle_id_site_callback(request.url)
@@ -340,6 +378,18 @@ Again, with all these methods, You will want your application to link to an inte
 > NOTE:
 > A JWT will expire after 60 seconds of creation.
 
+#### Exchange ID Site token for a Stormpath Access Token
+After the user has been authenticated via ID Site, a developer may want to control their authorization with an OAuth 2.0 Token. 
+This is done by passing the JWT similar to the way we passed the user’s credentials as described in [Generating an OAuth 2.0 Access Token][generate-oauth-access-token]. 
+The difference is that instead of using the password grant type and passing credentials, we will use the id_site_token type and pass the JWT we got from the ID Site
+more info [here][exchange-id-site-token].
+
+To exchange ID Site token for the oauth token use the following snippet
+```ruby
+grant_request = Stormpath::Oauth::IdSiteGrantRequest.new jwt_token
+response = application.authenticate_oauth grant_request
+```
+
 ### Registering Accounts
 
 Accounts are created on a directory instance. They can be created in two
@@ -399,6 +449,21 @@ get '/users/verify' do
 end
 ```
 
+#### Create an Account with an Existing Password Hash
+
+If you are moving from an existing user repository to Stormpath, you may have existing password hashes that you want to reuse to provide a seamless upgrade path for your end users.
+More info about this feature can be found [here][mcf-hash-password-doc]
+
+Example of creating an account with existing SHA-512 password hash. For details on other hashing algorithms chech the [documentation][stormpaht-hash-algorithm]
+
+directory.accounts.create({
+  username: "jlucpicard",
+  email: "captain@enterprise.com",
+  given_name: "Jean-Luc",
+  surname: "Picard",
+  password: "$stormpath2$SHA-512$1$ZFhBRmpFSnEwVEx2ekhKS0JTMDJBNTNmcg==$Q+sGFg9e+pe9QsUdfnbJUMDtrQNf27ezTnnGllBVkQpMRc9bqH6WkyE3y0svD/7cBk8uJW9Wb3dolWwDtDLFjg=="
+}, password_format: 'mcf')
+
 ### Authentication
 
 Authentication is accomplished by passing a username or an email and a
@@ -457,6 +522,19 @@ With the account acquired you can then update the password:
 _NOTE :_ Confirming a new password is left up to the web application
 code calling the Stormpath SDK. The SDK does not require confirmation.
 
+### Social Providers
+
+To access or create an account in an already created social Directory (facebook, google, github, linkedin),
+it is required to gather Authorization Code on behalf of the user. This requires leveraging Oauth 2.0
+protocol and the user's consent for your applications permissions. Once you have the access_token you can
+access the account via get_provider_account method.
+
+```ruby
+provider = ‘facebook’ # can also be google, github, linkedin
+request = Stormpath::Provider::AccountRequest.new(provider, :access_token, access_token)
+application.get_provider_account(request)
+```
+
 ### ACL through Groups
 
 Memberships of accounts in certain groups can be used as an
@@ -641,3 +719,10 @@ For additional information, please see the full [Project Documentation](https://
   [stormpath-admin-login]: http://api.stormpath.com/login
   [create-api-keys]: http://www.stormpath.com/docs/ruby/product-guide#AssignAPIkeys
   [concepts]: http://www.stormpath.com/docs/stormpath-basics#keyConcepts
+  [exchange-id-site-token]: https://docs.stormpath.com/rest/product-guide/latest/008_idsite.html#exchanging-the-id-site-jwt-for-an-oauth-token
+  [generate-oauth-access-token]: https://docs.stormpath.com/rest/product-guide/latest/005_auth_n.html#generate-oauth-token
+  [mcf-hash-password-doc]: http://docs.stormpath.com/rest/product-guide/latest/004_accnt_mgmt.html#importing-accounts-with-mcf-hash-passwords
+  [stormpath-hash-algorithm]: http://docs.stormpath.com/rest/product-guide/latest/004_accnt_mgmt.html#the-stormpath2-hashing-algorithm
+  [wildcard-certificate]: https://en.wikipedia.org/wiki/Wildcard_certificate
+  [custom-domain-with-id-site]: https://docs.stormpath.com/guides/using-id-site/#setting-your-own-custom-domain-name-and-ssl-certificate
+  [id-site-multitenancy]: https://docs.stormpath.com/guides/using-id-site/#using-id-site-for-multitenancy

data/lib/stormpath-sdk.rb

@@ -52,6 +52,7 @@ module Stormpath
     autoload :AccessToken, 'stormpath-sdk/resource/access_token'
     autoload :Organization, 'stormpath-sdk/resource/organization'
     autoload :OrganizationAccountStoreMapping, 'stormpath-sdk/resource/organization_account_store_mapping'
+    autoload :AccountOverrides, 'stormpath-sdk/resource/account_overrides'
   end
 
   module Cache
@@ -82,6 +83,10 @@ module Stormpath
     autoload :FacebookProviderData, 'stormpath-sdk/provider/facebook/facebook_provider_data'
     autoload :GoogleProvider, 'stormpath-sdk/provider/google/google_provider'
     autoload :GoogleProviderData, 'stormpath-sdk/provider/google/google_provider_data'
+    autoload :LinkedinProvider, 'stormpath-sdk/provider/linkedin/linkedin_provider'
+    autoload :LinkedinProviderData, 'stormpath-sdk/provider/linkedin/linkedin_provider_data'
+    autoload :GithubProvider, 'stormpath-sdk/provider/github/github_provider'
+    autoload :GithubProviderData, 'stormpath-sdk/provider/github/github_provider_data'
     autoload :StormpathProvider, 'stormpath-sdk/provider/stormpath/stormpath_provider'
     autoload :StormpathProviderData, 'stormpath-sdk/provider/stormpath/stormpath_provider_data'
   end
@@ -110,5 +115,7 @@ module Stormpath
     autoload :RefreshGrantRequest, "stormpath-sdk/oauth/refresh_grant_request"
     autoload :VerifyAccessToken, "stormpath-sdk/oauth/verify_access_token"
     autoload :VerifyToken, "stormpath-sdk/oauth/verify_token"
+    autoload :IdSiteGrantRequest, "stormpath-sdk/oauth/id_site_grant_request"
+    autoload :IdSiteGrant, "stormpath-sdk/oauth/id_site_grant"
   end
 end

data/lib/stormpath-sdk/data_store.rb

@@ -207,7 +207,7 @@ class Stormpath::DataStore
 
     def apply_default_request_headers(request)
       request.http_headers.store 'Accept', 'application/json'
-      request.http_headers.store 'User-Agent', 'Stormpath-RubySDK/' + Stormpath::VERSION
+      apply_default_user_agent(request)
 
       if request.body and request.body.length > 0
         request.http_headers.store 'Content-Type', 'application/json'
@@ -216,7 +216,13 @@ class Stormpath::DataStore
     
     def apply_form_data_request_headers(request)
       request.http_headers.store 'Content-Type', 'application/x-www-form-urlencoded'
-      request.http_headers.store 'User-Agent', 'Stormpath-RubySDK/' + Stormpath::VERSION
+      apply_default_user_agent(request)
+    end
+
+    def apply_default_user_agent(request)
+      request.http_headers.store 'User-Agent', 'stormpath-sdk-ruby/' + Stormpath::VERSION +
+      " ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}" +
+      " " + Gem::Platform.local.os.to_s + "/" + Gem::Platform.local.version.to_s
     end
 
     def save_resource(href, resource, return_type)

data/lib/stormpath-sdk/oauth/authenticator.rb

@@ -14,6 +14,8 @@ module Stormpath
           attempt = @data_store.instantiate PasswordGrant
         elsif request.grant_type == 'refresh_token'
           attempt = @data_store.instantiate RefreshToken
+        elsif request.grant_type == 'id_site_token'
+          attempt = @data_store.instantiate IdSiteGrant 
         end
 
         attempt.set_options(request)

data/lib/stormpath-sdk/oauth/id_site_grant.rb

@@ -0,0 +1,16 @@
+module Stormpath
+  module Oauth
+    class IdSiteGrant < Stormpath::Resource::Base
+      prop_accessor :grant_type, :token
+
+      def set_options(request)
+        set_property :grant_type, request.grant_type
+        set_property :token, request.token
+      end
+
+      def form_data?
+        true
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/id_site_grant_request.rb

@@ -0,0 +1,12 @@
+module Stormpath
+  module Oauth
+    class IdSiteGrantRequest
+      attr_accessor :grant_type, :token
+
+      def initialize(token)
+        @token = token
+        @grant_type = "id_site_token"
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/provider/github/github_provider.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2014 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::GithubProvider < Stormpath::Provider::Provider
+  prop_reader :client_id, :client_secret
+end

data/lib/stormpath-sdk/provider/github/github_provider_data.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2014 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::GithubProviderData < Stormpath::Provider::ProviderData
+  prop_reader :access_token
+end

data/lib/stormpath-sdk/provider/linkedin/linkedin_provider.rb

@@ -0,0 +1,19 @@
+
+#
+# Copyright 2014 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::LinkedinProvider < Stormpath::Provider::Provider
+  prop_reader :client_id, :client_secret
+end

data/lib/stormpath-sdk/provider/linkedin/linkedin_provider_data.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2014 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::LinkedinProviderData < Stormpath::Provider::ProviderData
+  prop_reader :access_token
+end

data/lib/stormpath-sdk/resource/account_overrides.rb

@@ -0,0 +1,22 @@
+module Stormpath::Resource::AccountOverrides
+  extend ActiveSupport::Concern
+
+  included do
+    def create_account account, registration_workflow_enabled=nil
+      href = accounts.href
+      if registration_workflow_enabled == false
+        href += "?registrationWorkflowEnabled=#{registration_workflow_enabled.to_s}"
+      end
+
+      resource = case account
+      when Stormpath::Resource::Base
+        account
+      else
+        Stormpath::Resource::Account.new account, client
+      end
+
+      resource.apply_custom_data_updates_if_necessary
+      data_store.create href, resource, Stormpath::Resource::Account
+    end
+  end
+end

data/lib/stormpath-sdk/resource/application.rb

@@ -16,6 +16,7 @@
 class Stormpath::Resource::Application < Stormpath::Resource::Instance
   include Stormpath::Resource::Status
   include Stormpath::Resource::CustomDataStorage
+  include Stormpath::Resource::AccountOverrides
   include UUIDTools
 
   class LoadError < Stormpath::Error; end
@@ -62,16 +63,7 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
       raise Stormpath::IdSite::Error.new(:jwt_cb_uri_incorrect)
     end
 
-    token = JWT.encode({
-        'iat' => Time.now.to_i,
-        'jti' => UUID.method(:random_create).call.to_s,
-        'iss' => client.data_store.api_key.id,
-        'sub' => href,
-        'cb_uri' => options[:callback_uri],
-        'path' => options[:path] || '',
-        'state' => options[:state] || ''
-      }, client.data_store.api_key.secret, 'HS256')
-
+    token = JWT.encode(jwt_token_payload(options), client.data_store.api_key.secret, 'HS256')
     base + '?jwtRequest=' + token
   end
 
@@ -122,6 +114,23 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
   
   private
 
+  def jwt_token_payload(options)
+    payload = {
+      'iat' => Time.now.to_i,
+      'jti' => UUID.method(:random_create).call.to_s,
+      'iss' => client.data_store.api_key.id,
+      'sub' => href,
+      'cb_uri' => options[:callback_uri],
+      'path' => options[:path] || '',
+      'state' => options[:state] || '',
+    }
+
+    payload["sof"] = options[:show_organization_field] if options[:show_organization_field]
+    payload["onk"] = options[:organization_name_key] if options[:organization_name_key]
+    payload["usd"] = options[:use_subdomain] if options[:use_subdomain]
+    payload
+  end
+
   def api_key_id
     client.data_store.api_key.id
   end

data/lib/stormpath-sdk/resource/directory.rb

@@ -16,6 +16,7 @@
 class Stormpath::Resource::Directory < Stormpath::Resource::Instance
   include Stormpath::Resource::Status
   include Stormpath::Resource::CustomDataStorage
+  include Stormpath::Resource::AccountOverrides
 
   prop_accessor :name, :description
 
@@ -25,15 +26,6 @@ class Stormpath::Resource::Directory < Stormpath::Resource::Instance
   has_many :groups, can: [:get, :create]
   has_one :custom_data
 
-  def create_account account, registration_workflow_enabled=nil
-    href = accounts.href
-    if registration_workflow_enabled == false
-      href += "?registrationWorkflowEnabled=#{registration_workflow_enabled.to_s}"
-    end
-    account.apply_custom_data_updates_if_necessary
-    data_store.create href, account, Stormpath::Resource::Account
-  end
-
   def provider
     internal_instance = instance_variable_get "@_provider"
     return internal_instance if internal_instance

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.0.0.beta.9'
-  VERSION_DATE = '2015-12-02'
+  VERSION = '1.0.0'
+  VERSION_DATE = '2016-01-03'
 end

data/spec/data_store_spec.rb

@@ -148,4 +148,22 @@ describe Stormpath::DataStore do
     end
 
   end
+
+  context '#apply_default_user_agent' do
+    let(:request) do
+      Stormpath::Http::Request.new 'get', 'http://example.com/resources/abc123', nil, Hash.new, nil, test_api_key
+    end
+
+    before do
+      allow(Gem::Platform.local).to receive(:os) { "darwin" } 
+      allow(Gem::Platform.local).to receive(:version) { "14" } 
+
+      data_store.send(:apply_default_user_agent, request)
+    end
+
+    it 'adds User-Agent to header' do
+      expect(request.http_headers["User-Agent"]).to include("darwin")
+      expect(request.http_headers["User-Agent"]).to include("14")
+    end
+  end
 end

data/spec/provider/provider_spec.rb

@@ -149,4 +149,34 @@ describe Stormpath::Provider::Provider, :vcr do
     it_behaves_like 'a provider directory'
     it_behaves_like 'a syncrhonizeable directory'
   end
+
+  describe 'create linkedin directory with provider credentials' do
+    let(:name) { random_directory_name('Linkedin') }
+    let(:description) { 'Directory for testing Linkedin directories.' }
+
+    let(:provider_id) { "linkedin" }
+    let(:client_id) { 'LINKEDIN_APP_ID' }
+    let(:client_secret) { 'LINKEDIN_APP_SECRET' }
+    let(:provider_info) do
+      { provider_id: provider_id, client_id: client_id, client_secret: client_secret }
+    end
+
+    it_behaves_like 'a provider directory'
+    it_behaves_like 'a syncrhonizeable directory'
+  end
+
+  describe 'create github directory with provider credentials' do
+    let(:name) { random_directory_name('Github') }
+    let(:description) { 'Directory for testing Github directories.' }
+
+    let(:provider_id) { "github" }
+    let(:client_id) { 'GITHUB_APP_ID' }
+    let(:client_secret) { 'GITHUB_APP_SECRET' }
+    let(:provider_info) do
+      { provider_id: provider_id, client_id: client_id, client_secret: client_secret }
+    end
+
+    it_behaves_like 'a provider directory'
+    it_behaves_like 'a syncrhonizeable directory'
+  end
 end

data/spec/resource/application_spec.rb

@@ -99,6 +99,37 @@ describe Stormpath::Resource::Application, :vcr do
 
   end
 
+
+  describe '#create_account' do
+    let(:account) do
+      Stormpath::Resource::Account.new({
+        email: random_email,
+        given_name: 'Ruby SDK',
+        password: 'P@$$w0rd',
+        surname: 'SDK',
+        username: random_user_name
+      })
+    end
+
+    context 'with registration workflow' do
+      it 'creates an account with worflow enabled' do
+        response = application.create_account account, true
+
+        expect(response).to be_kind_of Stormpath::Resource::Account
+        expect(response.email).to eq(account.email)
+      end
+    end
+
+    context 'without registration workflow' do
+      it 'creates an account with workflow disabled' do
+        response = application.create_account account 
+
+        expect(response).to be_kind_of Stormpath::Resource::Account
+        expect(response.email).to eq(account.email)
+      end
+    end
+  end
+
   describe '#authenticate_account' do
     let(:account) do
       directory.accounts.create build_account(password: 'P@$$w0rd')
@@ -626,6 +657,30 @@ describe Stormpath::Resource::Application, :vcr do
         }.to raise_error(JWT::DecodeError)
       end
     end
+
+    context 'with show_organization_field key specified' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'aud' => test_api_key_id,
+          'sub' => application.href,
+          'path' => '',
+          'state' => '',
+          'isNewSub' => true,
+          'status' => "REGISTERED",
+          'organization_name_key' => 'stormtroopers',
+          'usd' => true,
+          'sof' => true
+        }, test_api_key_secret, 'HS256')
+      }
+
+      before do
+        @site_result = application.handle_id_site_callback(callback_uri_base + jwt_token)
+      end
+      
+      it 'should return IdSiteResult object' do
+        expect(@site_result).to be_kind_of(Stormpath::IdSite::IdSiteResult)
+      end
+    end
   end
 
   describe '#authenticate_oauth' do
@@ -654,6 +709,44 @@ describe Stormpath::Resource::Application, :vcr do
       end
     end
 
+    context 'exchange id site token for access_token with invalid jwt' do
+      let(:invalid_jwt_token) { 'invalid_token' }
+
+      let(:id_site_grant_request) { Stormpath::Oauth::IdSiteGrantRequest.new invalid_jwt_token }
+      let(:authenticate_oauth) { application.authenticate_oauth(id_site_grant_request) }
+
+      it 'should raise invalid token error' do
+        expect {
+          authenticate_oauth
+        }.to raise_error(Stormpath::Error)
+      end
+    end
+
+    context 'echange id site token for access_token with valid jwt' do
+      let(:jwt_token) { JWT.encode({
+          'iat' => Time.now.to_i,
+          'jti' => UUID.method(:random_create).call.to_s,
+          'iss' => test_api_client.data_store.api_key.id,
+          'sub' => application.href,
+          'cb_uri' => 'http://localhost:9292/redirect',
+          'path' => '',
+          'state' => ''
+        }, test_api_client.data_store.api_key.secret, 'HS256')
+      }
+
+      it 'should create a jwtRequest that is signed wit the client secret' do
+        allow(application.client.data_store).to receive(:create).and_return(Stormpath::Resource::AccessToken)
+        expect(application.client.data_store).to receive(:instantiate)
+          .with(Stormpath::Oauth::IdSiteGrant)
+          .and_return(Stormpath::Oauth::IdSiteGrant.new({}, application.client))
+
+        grant_request = Stormpath::Oauth::IdSiteGrantRequest.new jwt_token
+        response = application.authenticate_oauth(grant_request) 
+
+        expect(response).to be(Stormpath::Resource::AccessToken)
+      end
+    end
+
     context 'refresh token' do
       let(:refresh_grant_request) { Stormpath::Oauth::RefreshGrantRequest.new aquire_token.refresh_token }
       let(:authenticate_oauth) { application.authenticate_oauth(refresh_grant_request) }

data/spec/resource/directory_spec.rb

@@ -1,6 +1,15 @@
 require 'spec_helper'
 
 describe Stormpath::Resource::Directory, :vcr do
+  def create_account_store_mapping(application, account_store, is_default_group_store=false)
+    test_api_client.account_store_mappings.create({
+      application: application,
+      account_store: account_store,
+      list_index: 0,
+      is_default_account_store: true,
+      is_default_group_store: is_default_group_store
+     })
+  end
 
   describe "instances should respond to attribute property methods" do
     let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
@@ -35,7 +44,11 @@ describe Stormpath::Resource::Directory, :vcr do
   end
 
   describe 'directory_associations' do
-    let(:directory) { test_directory }
+    let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
+
+    after do
+      directory.delete if directory
+    end
 
     context '#accounts' do
       let(:account) { directory.accounts.create build_account}
@@ -72,7 +85,7 @@ describe Stormpath::Resource::Directory, :vcr do
   end
 
   describe '#create_account' do
-    let(:directory) { test_directory }
+    let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
 
     let(:account) do
       Stormpath::Resource::Account.new({
@@ -84,6 +97,10 @@ describe Stormpath::Resource::Directory, :vcr do
       })
     end
 
+    after do
+      directory.delete if directory
+    end
+
     context 'without registration workflow' do
 
       let(:created_account) { directory.create_account account }
@@ -134,6 +151,106 @@ describe Stormpath::Resource::Directory, :vcr do
         expect(created_account_with_reg_workflow.email_verification_token).not_to be
       end
     end
+  end
+
+  describe 'create account with password import MCF feature' do
+    let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
+    let(:application) { test_api_client.applications.get app.href }
+    let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
+    let!(:account_store_mapping) {create_account_store_mapping(application,directory,true)}
+
+    after do
+      application.delete if application
+      directory.delete if directory
+      @account.delete if @account
+    end
+
+    context "MD5 hashing algorithm" do
+      before do
+        account_store_mapping
+        @account = directory.accounts.create({
+          username: "jlucpicard",
+          email: "captain@enterprise.com",
+          given_name: "Jean-Luc",
+          surname: "Picard",
+          password: "$stormpath2$MD5$1$OGYyMmM5YzVlMDEwODEwZTg3MzM4ZTA2YjljZjMxYmE=$EuFAr2NTM83PrizVAYuOvw=="
+        }, password_format: 'mcf')
+      end
+
+      it 'creates an account' do
+        expect(@account).to be_a Stormpath::Resource::Account
+        expect(@account.username).to eq("jlucpicard") 
+        expect(@account.email).to eq("captain@enterprise.com") 
+        expect(@account.given_name).to eq("Jean-Luc") 
+        expect(@account.surname).to eq("Picard") 
+      end
+
+      it 'can authenticate with the account credentials' do
+        auth_request = Stormpath::Authentication::UsernamePasswordRequest.new 'jlucpicard', 'qwerty'
+        auth_result = application.authenticate_account auth_request
+
+        expect(auth_result).to be_a Stormpath::Authentication::AuthenticationResult
+        expect(auth_result.account).to be_a Stormpath::Resource::Account
+        expect(auth_result.account.email).to eq("captain@enterprise.com")
+        expect(auth_result.account.given_name).to eq("Jean-Luc") 
+        expect(auth_result.account.surname).to eq("Picard") 
+      end
+    end
+
+    context "SHA-512 hashing algorithm" do
+      before do
+        account_store_mapping
+        @account = directory.accounts.create({
+          username: "jlucpicard",
+          email: "captain@enterprise.com",
+          given_name: "Jean-Luc",
+          surname: "Picard",
+          password: "$stormpath2$SHA-512$1$ZFhBRmpFSnEwVEx2ekhKS0JTMDJBNTNmcg==$Q+sGFg9e+pe9QsUdfnbJUMDtrQNf27ezTnnGllBVkQpMRc9bqH6WkyE3y0svD/7cBk8uJW9Wb3dolWwDtDLFjg=="
+        }, password_format: 'mcf')
+      end
+
+      it 'creates an account' do
+        expect(@account).to be_a Stormpath::Resource::Account
+        expect(@account.username).to eq("jlucpicard") 
+        expect(@account.email).to eq("captain@enterprise.com") 
+        expect(@account.given_name).to eq("Jean-Luc") 
+        expect(@account.surname).to eq("Picard") 
+      end
+
+      it 'can authenticate with the account credentials' do
+        auth_request = Stormpath::Authentication::UsernamePasswordRequest.new 'jlucpicard', 'testing12'
+        auth_result = application.authenticate_account auth_request
+
+        expect(auth_result).to be_a Stormpath::Authentication::AuthenticationResult
+        expect(auth_result.account).to be_a Stormpath::Resource::Account
+        expect(auth_result.account.email).to eq("captain@enterprise.com")
+        expect(auth_result.account.given_name).to eq("Jean-Luc") 
+        expect(auth_result.account.surname).to eq("Picard") 
+      end
+    end
+
+    context 'with account data as hash' do
+      let(:created_account_with_hash) do
+        directory.create_account({
+          email: random_email,
+          given_name: 'Ruby SDK',
+          password: 'P@$$w0rd',
+          surname: 'SDK',
+          username: random_user_name
+        })
+      end
+
+      after do
+        created_account_with_hash.delete if created_account_with_hash
+      end
+      
+      it 'creates an account with status ENABLED' do
+        expect(created_account_with_hash.email).to eq(random_email)
+        expect(created_account_with_hash.given_name).to eq('Ruby SDK')
+        expect(created_account_with_hash.surname).to eq('SDK')
+        expect(created_account_with_hash.status).to eq("ENABLED")
+      end
+    end
 
   end
 
@@ -155,7 +272,11 @@ describe Stormpath::Resource::Directory, :vcr do
   end
 
   describe '#create_account_with_custom_data' do
-    let(:directory) { test_directory }
+    let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
+
+    after do
+      directory.delete if directory
+    end
 
       it 'creates an account with custom data' do
         account =  Stormpath::Resource::Account.new({
@@ -179,7 +300,11 @@ describe Stormpath::Resource::Directory, :vcr do
   end
 
   describe '#create_group' do
-    let(:directory) { test_directory }
+    let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
+
+    after do
+      directory.delete if directory
+    end
 
     context 'given a valid group' do
       let(:group_name) { "valid_test_group" }
@@ -213,6 +338,7 @@ describe Stormpath::Resource::Directory, :vcr do
 
     after do
       application.delete if application
+      directory.delete if directory
     end
 
     it 'and all of its associations' do
@@ -233,8 +359,5 @@ describe Stormpath::Resource::Directory, :vcr do
       expect(application.accounts).not_to include(account)
       expect(application.groups).not_to include(group)
     end
-
   end
-
-
 end

data/spec/support/mocked_provider_accounts.rb

@@ -5,6 +5,10 @@ module Stormpath
           MultiJson.dump(GOOGLE_ACCOUNT)
         elsif provider.to_sym == :facebook
           MultiJson.dump(FACEBOOK_ACCOUNT)
+        elsif provider.to_sym == :linkedin
+          MultiJson.dump(LINKEDIN_ACCOUNT)
+        elsif provider.to_sym == :github
+          MultiJson.dump(GITHUB_ACCOUNT)
         end
       end
 
@@ -13,6 +17,10 @@ module Stormpath
           MultiJson.dump(GOOGLE_PROVIDER_DATA)
         elsif provider.to_sym == :facebook
           MultiJson.dump(FACEBOOK_PROVIDER_DATA)
+        elsif provider.to_sym == :linkedin
+          MultiJson.dump(LINKEDIN_PROVIDER_DATA)
+        elsif provider.to_sym == :github
+          MultiJson.dump(GITHUB_PROVIDER_DATA)
         end
       end
 
@@ -42,6 +50,58 @@ module Stormpath
         providerId: "facebook"
       }
 
+      LINKEDIN_ACCOUNT = {
+        href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7",
+        username: "nenad.nikolic", 
+        email: "nnikolic87@gmail.com", 
+        givenName: "Nenad", 
+        middleName: nil, 
+        surname: "Nikolic", 
+        fullName: "Nenad Nikolic", 
+        status: "ENABLED", 
+        emailVerificationToken: nil, 
+        customData: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/customData"}, 
+        providerData: { href:"https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/providerData"}, 
+        directory: { href: "https://api.stormpath.com/v1/directories/7ibyn2idP1d9p3qJOomeNP"}, 
+        tenant: { href: "https://api.stormpath.com/v1/tenants/60bD3bKLej6JoFhyKFHiOk"}, 
+        groups: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/groups"}, 
+        groupMemberships: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/groupMemberships"}
+      }
+
+      LINKEDIN_PROVIDER_DATA = {
+        href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/providerData",
+        createdAt: "2014-05-19T13:32:16.884Z",
+        modifiedAt: "2014-05-19T13:32:16.927Z",
+        accessToken: "CAATmZBgxF6rMBAPYbfBhGrVPRw27nn9fAz6bR0DBV1XGfOcSYXSBrhZCkE1y1lWue348fboRxqX7nz88KBYi05qCHw4AQoZCqyIaWedEXrV2vFVzVHo2glq6Vb1ofAWcEHva7baZAaojA8KN5DVz4UTToKgvoIMa1kjyvZCmFZBpYXoG7H3aIKoyWJzUGCDIUrcFjvjnNZBvAZDZD",
+        providerId: "linkedin"
+      }
+
+      GITHUB_ACCOUNT = {
+        href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7",
+        username: "nenad.nikolic", 
+        email: "nnikolic87@gmail.com", 
+        givenName: "Nenad", 
+        middleName: nil, 
+        surname: "Nikolic", 
+        fullName: "Nenad Nikolic", 
+        status: "ENABLED", 
+        emailVerificationToken: nil, 
+        customData: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/customData"}, 
+        providerData: { href:"https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/providerData"}, 
+        directory: { href: "https://api.stormpath.com/v1/directories/7ibyn2idP1d9p3qJOomeNP"}, 
+        tenant: { href: "https://api.stormpath.com/v1/tenants/60bD3bKLej6JoFhyKFHiOk"}, 
+        groups: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/groups"}, 
+        groupMemberships: { href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/groupMemberships"}
+      }
+
+      GITHUB_PROVIDER_DATA = {
+        href: "https://api.stormpath.com/v1/accounts/7jdiPam0PWES317hwRR5a7/providerData",
+        createdAt: "2014-05-19T13:32:16.884Z",
+        modifiedAt: "2014-05-19T13:32:16.927Z",
+        accessToken: "CAATmZBgxF6rMBAPYbfBhGrVPRw27nn9fAz6bR0DBV1XGfOcSYXSBrhZCkE1y1lWue348fboRxqX7nz88KBYi05qCHw4AQoZCqyIaWedEXrV2vFVzVHo2glq6Vb1ofAWcEHva7baZAaojA8KN5DVz4UTToKgvoIMa1kjyvZCmFZBpYXoG7H3aIKoyWJzUGCDIUrcFjvjnNZBvAZDZD",
+        providerId: "github"
+      }
+
       GOOGLE_ACCOUNT = {
         href: "https://api.stormpath.com/v1/accounts/2XdHmcyFG8HJCYBTEL1dJj", 
         username: "damir.svrtan@gmail.com", 
@@ -69,4 +129,4 @@ module Stormpath
         refreshToken: "Ox8AAACn"
       }
   end
-end
+end

data/stormpath-sdk.gemspec

@@ -9,6 +9,7 @@ Gem::Specification.new do |s|
   s.authors = ["Stormpath, Inc", "Elder Crisostomo"]
   s.email = 'support@stormpath.com'
   s.homepage = 'https://github.com/stormpath/stormpath-sdk-ruby'
+  s.license = 'Apache-2.0'
 
   s.platform = Gem::Platform::RUBY
   s.require_paths = %w[lib]
@@ -19,6 +20,7 @@ Gem::Specification.new do |s|
   s.add_dependency('uuidtools', '>= 2.1.3')
   s.add_dependency('activesupport', '>= 3.2.8')
   s.add_dependency('properties-ruby', "~> 0.0.4")
+  s.add_dependency('http-cookie', "~> 1.0.2")
   s.add_dependency('java_properties')
   s.add_dependency('jwt', '>= 1.5.0')
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stormpath-sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta.9
+  version: 1.0.0
 platform: ruby
 authors:
 - Stormpath, Inc
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-02 00:00:00.000000000 Z
+date: 2016-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -81,6 +81,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.0.4
+- !ruby/object:Gem::Dependency
+  name: http-cookie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
 - !ruby/object:Gem::Dependency
   name: java_properties
   requirement: !ruby/object:Gem::Requirement
@@ -286,6 +300,8 @@ files:
 - lib/stormpath-sdk/id_site/error.rb
 - lib/stormpath-sdk/id_site/id_site_result.rb
 - lib/stormpath-sdk/oauth/authenticator.rb
+- lib/stormpath-sdk/oauth/id_site_grant.rb
+- lib/stormpath-sdk/oauth/id_site_grant_request.rb
 - lib/stormpath-sdk/oauth/password_grant.rb
 - lib/stormpath-sdk/oauth/password_grant_request.rb
 - lib/stormpath-sdk/oauth/refresh_grant_request.rb
@@ -298,8 +314,12 @@ files:
 - lib/stormpath-sdk/provider/account_result.rb
 - lib/stormpath-sdk/provider/facebook/facebook_provider.rb
 - lib/stormpath-sdk/provider/facebook/facebook_provider_data.rb
+- lib/stormpath-sdk/provider/github/github_provider.rb
+- lib/stormpath-sdk/provider/github/github_provider_data.rb
 - lib/stormpath-sdk/provider/google/google_provider.rb
 - lib/stormpath-sdk/provider/google/google_provider_data.rb
+- lib/stormpath-sdk/provider/linkedin/linkedin_provider.rb
+- lib/stormpath-sdk/provider/linkedin/linkedin_provider_data.rb
 - lib/stormpath-sdk/provider/provider.rb
 - lib/stormpath-sdk/provider/provider_data.rb
 - lib/stormpath-sdk/provider/stormpath/stormpath_provider.rb
@@ -307,6 +327,7 @@ files:
 - lib/stormpath-sdk/resource/access_token.rb
 - lib/stormpath-sdk/resource/account.rb
 - lib/stormpath-sdk/resource/account_membership.rb
+- lib/stormpath-sdk/resource/account_overrides.rb
 - lib/stormpath-sdk/resource/account_status.rb
 - lib/stormpath-sdk/resource/account_store.rb
 - lib/stormpath-sdk/resource/account_store_mapping.rb
@@ -368,7 +389,8 @@ files:
 - stormpath-sdk.gemspec
 - support/api.rb
 homepage: https://github.com/stormpath/stormpath-sdk-ruby
-licenses: []
+licenses:
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options:
@@ -386,9 +408,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.4.6