stormpath-sdk 1.1.5 → 1.2.0

data/lib/stormpath-sdk/oauth/remote_access_token_verification.rb

@@ -0,0 +1,28 @@
+module Stormpath
+  module Oauth
+    class RemoteAccessTokenVerification
+      attr_reader :application, :app_href, :data_store, :access_token
+
+      def initialize(application, access_token)
+        @application = application
+        @app_href = application.href
+        @data_store = application.client.data_store
+        @access_token = access_token
+        validate_access_token
+      end
+
+      def verify
+        data_store.get_resource("#{app_href}/authTokens/#{access_token}", VerifyTokenResult)
+      end
+
+      def validate_access_token
+        raise Stormpath::Oauth::Error, :jwt_invalid unless decoded_jwt.second['stt'] == 'access'
+        raise Stormpath::Oauth::Error, :jwt_invalid unless decoded_jwt.first['iss'] == application.href
+      end
+
+      def decoded_jwt
+        @decoded_jwt ||= JWT.decode(access_token, application.client.data_store.api_key.secret)
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/social_grant.rb

@@ -0,0 +1,27 @@
+module Stormpath
+  module Oauth
+    class SocialGrant < Stormpath::Resource::Base
+      prop_accessor :grant_type, :provider_id, :code, :access_token
+
+      def form_properties
+        {
+          grant_type: grant_type,
+          providerId: provider_id,
+          code: code,
+          accessToken: access_token
+        }
+      end
+
+      def set_options(request)
+        set_property :provider_id, request.provider_id
+        set_property :code, request.code if request.code
+        set_property :access_token, request.access_token if request.access_token
+        set_property :grant_type, request.grant_type
+      end
+
+      def form_data?
+        true
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/social_grant_request.rb

@@ -0,0 +1,14 @@
+module Stormpath
+  module Oauth
+    class SocialGrantRequest
+      attr_accessor :grant_type, :provider_id, :code, :access_token
+
+      def initialize(provider_id, options = {})
+        @provider_id = provider_id.to_s
+        @code = options[:code]
+        @access_token = options[:access_token]
+        @grant_type = 'stormpath_social'
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/stormpath_grant_request.rb

@@ -1,10 +1,11 @@
 module Stormpath
   module Oauth
     class StormpathGrantRequest
-      def initialize(account, application, api_key)
+      def initialize(account, application, api_key, status = :authenticated)
         @account = account
         @application = application
         @api_key = api_key
+        @status = status.to_s.upcase
       end
 
       def token
@@ -24,7 +25,7 @@ module Stormpath
           sub: account.href,
           iat: Time.now.to_i,
           iss: application.href,
-          status: 'AUTHENTICATED',
+          status: @status,
           aud: api_key.id
         }
       end

data/lib/stormpath-sdk/oauth/verify_access_token.rb

@@ -1,14 +1,19 @@
 module Stormpath
   module Oauth
     class VerifyAccessToken
-      def initialize(application)
-        @href = application.href
-        @data_store = application.client.data_store
+      attr_reader :application, :verify_locally
+
+      def initialize(application, options = {})
+        @application = application
+        @verify_locally = options[:local] || false
       end
 
-      def verify authorization_token
-        href = @href + '/authTokens/' + authorization_token 
-        @data_store.get_resource href, VerifyToken 
+      def verify(access_token)
+        if verify_locally
+          LocalAccessTokenVerification.new(application, access_token).verify
+        else
+          RemoteAccessTokenVerification.new(application, access_token).verify
+        end
       end
     end
   end

data/lib/stormpath-sdk/oauth/{verify_token.rb → verify_token_result.rb}

@@ -1,6 +1,6 @@
 module Stormpath
   module Oauth
-    class VerifyToken < Stormpath::Resource::Base
+    class VerifyTokenResult < Stormpath::Resource::Base
       prop_reader :href, :jwt, :expanded_jwt
 
       belongs_to :account

data/lib/stormpath-sdk/provider/google/google_provider_data.rb

@@ -16,4 +16,3 @@
 class Stormpath::Provider::GoogleProviderData < Stormpath::Provider::ProviderData
   prop_reader :access_token, :refresh_token
 end
-              

data/lib/stormpath-sdk/resource/account_creation_policy.rb

@@ -4,7 +4,9 @@ module Stormpath
       prop_accessor(
         :verification_email_status,
         :verification_success_email_status,
-        :welcome_email_status
+        :welcome_email_status,
+        :email_domain_whitelist,
+        :email_domain_blacklist
       )
 
       has_many :verification_email_templates, class_name: :emailTemplate

data/lib/stormpath-sdk/resource/account_store.rb

@@ -14,17 +14,16 @@
 # limitations under the License.
 #
 class Stormpath::Resource::AccountStore < Stormpath::Resource::Instance
-
-
   def self.new(*args)
     href = args.first[HREF_PROP_NAME]
-    if /directories/.match href
+    if href =~ /directories/
       Stormpath::Resource::Directory.new(*args)
-    elsif /group/.match href
+    elsif href =~ /group/
       Stormpath::Resource::Group.new(*args)
+    elsif href =~ /organizations/
+      Stormpath::Resource::Organization.new(*args)
     else
-      raise "inappropriate type of an account store"
-    end 
+      raise 'inappropriate type of an account store'
+    end
   end
-
-end
+end

data/lib/stormpath-sdk/resource/application.rb

@@ -18,7 +18,7 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
   include Stormpath::Resource::AccountOverrides
   include UUIDTools
 
-  class LoadError < Stormpath::Error; end
+  class LoadError < ArgumentError; end
 
   prop_accessor :name, :description, :authorized_callback_uris, :status
   prop_reader :created_at, :modified_at
@@ -39,17 +39,17 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
 
   alias_method :oauth_policy, :o_auth_policy
 
-  def self.load composite_url
+  def self.load(composite_url)
     begin
-      uri = URI(composite_url)
-      api_key_id, api_key_secret = uri.userinfo.split(':')
+      builder = Stormpath::Util::UriBuilder.new(composite_url)
+      api_key_id, api_key_secret = builder.userinfo.split(':')
 
       client = Stormpath::Client.new api_key: {
         id: api_key_id,
         secret: api_key_secret
       }
 
-      application_path = uri.path.slice(/\/applications(.)*$/)
+      application_path = builder.uri.path.slice(/\/applications(.)*$/)
       client.applications.get(application_path)
     rescue
       raise LoadError

data/lib/stormpath-sdk/resource/directory.rb

@@ -24,6 +24,7 @@ class Stormpath::Resource::Directory < Stormpath::Resource::Instance
 
   has_many :accounts, can: [:get, :create]
   has_many :groups, can: [:get, :create]
+  has_many :organizations, can: :get
   has_one :custom_data
   has_one :password_policy
   has_one :account_creation_policy

data/lib/stormpath-sdk/resource/error.rb

@@ -14,10 +14,9 @@
 # limitations under the License.
 #
 class Stormpath::Resource::Error < Stormpath::Resource::Base
+  prop_reader :status, :code, :message, :developer_message, :more_info, :request_id
 
-  prop_reader :status, :code, :message, :developer_message, :more_info
-
-  def initialize body
+  def initialize(body)
     super body, nil
   end
 end

data/lib/stormpath-sdk/resource/organization.rb

@@ -7,7 +7,7 @@ class Stormpath::Resource::Organization < Stormpath::Resource::Instance
   prop_reader :created_at, :modified_at
 
   has_many :groups
-  has_many :accounts
+  has_many :accounts, can: [:get, :create]
   belongs_to :tenant
 
   has_one :custom_data

data/lib/stormpath-sdk/util/uri_builder.rb

@@ -0,0 +1,38 @@
+require 'uri'
+module Stormpath
+  module Util
+    class UriBuilder
+      attr_reader :composite_url, :escaped_url, :userinfo, :uri
+
+      def initialize(composite_url)
+        @composite_url = composite_url
+      end
+
+      def escaped_url
+        @escaped_url ||= composite_url.gsub(userinfo_pattern, "://#{escaped_userinfo}@api")
+      end
+
+      def userinfo
+        @userinfo ||= composite_url.scan(userinfo_pattern).flatten.first
+      end
+
+      def uri
+        begin
+          @uri ||= URI(escaped_url)
+        rescue URI::InvalidURIError
+          raise StandardError, 'Something is wrong with the composite url'
+        end
+      end
+
+      private
+
+      def escaped_userinfo
+        URI.escape(userinfo, '/')
+      end
+
+      def userinfo_pattern
+        /:\/\/(.*?)@api/
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.1.5'
-  VERSION_DATE = '2016-05-24'
+  VERSION = '1.2.0'
+  VERSION_DATE = '2016-10-27'
 end

data/lib/stormpath-sdk.rb

@@ -1,21 +1,22 @@
-require "base64"
-require "httpclient"
-require "multi_json"
-require "openssl"
-require "open-uri"
-require "uri"
-require "uuidtools"
-require "jwt"
-require "yaml"
+require 'base64'
+require 'httpclient'
+require 'multi_json'
+require 'openssl'
+require 'open-uri'
+require 'uri'
+require 'uuidtools'
+require 'jwt'
+require 'yaml'
 require 'active_support'
-require "active_support/core_ext"
+require 'active_support/core_ext'
 require 'active_support/core_ext/module/delegation'
 require 'active_support/core_ext/kernel/singleton_class'
 require 'active_support/core_ext/array/wrap'
 
-require "stormpath-sdk/version" unless defined? Stormpath::VERSION
+require 'stormpath-sdk/version' unless defined? Stormpath::VERSION
 
-require "stormpath-sdk/util/assert"
+require 'stormpath-sdk/util/assert'
+require 'stormpath-sdk/util/uri_builder'
 
 module Stormpath
   autoload :Error, 'stormpath-sdk/error'
@@ -66,21 +67,24 @@ module Stormpath
     autoload :CacheStats, 'stormpath-sdk/cache/cache_stats'
     autoload :MemoryStore, 'stormpath-sdk/cache/memory_store'
     autoload :RedisStore, 'stormpath-sdk/cache/redis_store'
+    autoload :MemcachedStore, 'stormpath-sdk/cache/memcached_store'
     autoload :DisabledCacheStore, 'stormpath-sdk/cache/disabled_cache_store'
   end
 
   module Authentication
-    autoload :UsernamePasswordRequest, "stormpath-sdk/auth/username_password_request"
-    autoload :BasicLoginAttempt, "stormpath-sdk/auth/basic_login_attempt"
-    autoload :AuthenticationResult, "stormpath-sdk/auth/authentication_result"
-    autoload :BasicAuthenticator, "stormpath-sdk/auth/basic_authenticator"
+    autoload :UsernamePasswordRequest, 'stormpath-sdk/auth/username_password_request'
+    autoload :BasicLoginAttempt, 'stormpath-sdk/auth/basic_login_attempt'
+    autoload :AuthenticationResult, 'stormpath-sdk/auth/authentication_result'
+    autoload :BasicAuthenticator, 'stormpath-sdk/auth/basic_authenticator'
+    autoload :HttpBasicAuthentication, 'stormpath-sdk/auth/http_basic_authentication'
+    autoload :HttpBearerAuthentication, 'stormpath-sdk/auth/http_bearer_authentication'
   end
 
   module Provider
-    autoload :AccountResolver, "stormpath-sdk/provider/account_resolver"
-    autoload :AccountAccess, "stormpath-sdk/provider/account_access"
-    autoload :AccountResult, "stormpath-sdk/provider/account_result"
-    autoload :AccountRequest, "stormpath-sdk/provider/account_request"
+    autoload :AccountResolver, 'stormpath-sdk/provider/account_resolver'
+    autoload :AccountAccess, 'stormpath-sdk/provider/account_access'
+    autoload :AccountResult, 'stormpath-sdk/provider/account_result'
+    autoload :AccountRequest, 'stormpath-sdk/provider/account_request'
     autoload :Provider, 'stormpath-sdk/provider/provider'
     autoload :ProviderData, 'stormpath-sdk/provider/provider_data'
     autoload :FacebookProvider, 'stormpath-sdk/provider/facebook/facebook_provider'
@@ -100,13 +104,13 @@ module Stormpath
   end
 
   module Http
-    autoload :Utils, "stormpath-sdk/http/utils"
-    autoload :Request, "stormpath-sdk/http/request"
-    autoload :Response, "stormpath-sdk/http/response"
-    autoload :HttpClientRequestExecutor, "stormpath-sdk/http/http_client_request_executor"
+    autoload :Utils, 'stormpath-sdk/http/utils'
+    autoload :Request, 'stormpath-sdk/http/request'
+    autoload :Response, 'stormpath-sdk/http/response'
+    autoload :HttpClientRequestExecutor, 'stormpath-sdk/http/http_client_request_executor'
 
     module Authc
-      autoload :Sauthc1Signer, "stormpath-sdk/http/authc/sauthc1_signer"
+      autoload :Sauthc1Signer, 'stormpath-sdk/http/authc/sauthc1_signer'
     end
   end
 
@@ -115,20 +119,24 @@ module Stormpath
   end
 
   module Oauth
-    autoload :Authenticator, "stormpath-sdk/oauth/authenticator"
-    autoload :PasswordGrant, "stormpath-sdk/oauth/password_grant"
-    autoload :RefreshToken, "stormpath-sdk/oauth/refresh_token"
-    autoload :StormpathTokenGrant, "stormpath-sdk/oauth/stormpath_token_grant"
-    autoload :PasswordGrantRequest, "stormpath-sdk/oauth/password_grant_request"
-    autoload :RefreshGrantRequest, "stormpath-sdk/oauth/refresh_grant_request"
-    autoload :StormpathGrantRequest, "stormpath-sdk/oauth/stormpath_grant_request"
-    autoload :VerifyAccessToken, "stormpath-sdk/oauth/verify_access_token"
-    autoload :VerifyToken, "stormpath-sdk/oauth/verify_token"
-    autoload :AccessTokenAuthenticationResult, "stormpath-sdk/oauth/access_token_authentication_result"
+    autoload :Authenticator, 'stormpath-sdk/oauth/authenticator'
+    autoload :PasswordGrant, 'stormpath-sdk/oauth/password_grant'
+    autoload :RefreshToken, 'stormpath-sdk/oauth/refresh_token'
+    autoload :StormpathTokenGrant, 'stormpath-sdk/oauth/stormpath_token_grant'
+    autoload :PasswordGrantRequest, 'stormpath-sdk/oauth/password_grant_request'
+    autoload :RefreshGrantRequest, 'stormpath-sdk/oauth/refresh_grant_request'
+    autoload :StormpathGrantRequest, 'stormpath-sdk/oauth/stormpath_grant_request'
+    autoload :VerifyAccessToken, 'stormpath-sdk/oauth/verify_access_token'
+    autoload :RemoteAccessTokenVerification, 'stormpath-sdk/oauth/remote_access_token_verification'
+    autoload :LocalAccessTokenVerification, 'stormpath-sdk/oauth/local_access_token_verification'
+    autoload :VerifyTokenResult, 'stormpath-sdk/oauth/verify_token_result'
+    autoload :AccessTokenAuthenticationResult, 'stormpath-sdk/oauth/access_token_authentication_result'
     autoload :Error, 'stormpath-sdk/oauth/error'
-    autoload :IdSiteGrantRequest, "stormpath-sdk/oauth/id_site_grant_request"
-    autoload :IdSiteGrant, "stormpath-sdk/oauth/id_site_grant"
-    autoload :ClientCredentialsGrantRequest, "stormpath-sdk/oauth/client_credentials_grant_request"
-    autoload :ClientCredentialsGrant, "stormpath-sdk/oauth/client_credentials_grant"
+    autoload :IdSiteGrantRequest, 'stormpath-sdk/oauth/id_site_grant_request'
+    autoload :IdSiteGrant, 'stormpath-sdk/oauth/id_site_grant'
+    autoload :ClientCredentialsGrantRequest, 'stormpath-sdk/oauth/client_credentials_grant_request'
+    autoload :ClientCredentialsGrant, 'stormpath-sdk/oauth/client_credentials_grant'
+    autoload :SocialGrantRequest, 'stormpath-sdk/oauth/social_grant_request'
+    autoload :SocialGrant, 'stormpath-sdk/oauth/social_grant'
   end
 end

data/spec/auth/http_basic_authentication_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe 'HttpBasicAuthentication', vcr: true do
+  let(:application) { test_api_client.applications.create(name: 'ruby sdk test app') }
+  let(:directory) { test_api_client.directories.create(name: random_directory_name) }
+  let(:account) do
+    application.accounts.create(
+      email: 'test@example.com',
+      given_name: 'Ruby SDK',
+      password: 'P@$$w0rd',
+      surname: 'SDK'
+    )
+  end
+  let(:api_key) { account.api_keys.create({}) }
+  let(:api_key_id) { api_key.id }
+  let(:api_key_secret) { api_key.secret }
+  let(:encoded_api_key) { Base64.encode64("#{api_key_id}:#{api_key_secret}") }
+  let(:basic_authorization_header) { "Basic #{encoded_api_key}" }
+  let(:authenticate) do
+    Stormpath::Authentication::HttpBasicAuthentication.new(application,
+                                                           basic_authorization_header).authenticate!
+  end
+
+  before do
+    test_api_client.account_store_mappings.create(application: application,
+                                                  account_store: directory,
+                                                  list_index: 1,
+                                                  is_default_account_store: true,
+                                                  is_default_group_store: true)
+  end
+
+  after do
+    account.delete
+    directory.delete
+    application.delete
+  end
+
+  describe 'with valid api key id and secret' do
+    it 'should return the apikey resource' do
+      expect(authenticate).to be_kind_of Stormpath::Resource::ApiKey
+    end
+
+    it 'should return the account' do
+      expect(authenticate.account).to eq(account)
+    end
+  end
+
+  describe 'with invalid api key id and secret' do
+    let(:encoded_api_key) { Base64.encode64('bad_api_key_id:bad_api_key_secret') }
+
+    it 'should raise error' do
+      expect do
+        authenticate
+      end.to raise_error(Stormpath::Error)
+    end
+  end
+
+  describe 'with valid api key id and bad secret' do
+    let(:encoded_api_key) { Base64.encode64("#{api_key_id}:bad_api_key_secret") }
+
+    it 'should raise error' do
+      expect do
+        authenticate
+      end.to raise_error(Stormpath::Error)
+    end
+  end
+
+  describe 'with no basic authorization header provided' do
+    let(:basic_authorization_header) { nil }
+    it 'should raise error' do
+      expect do
+        authenticate
+      end.to raise_error(Stormpath::Error)
+    end
+  end
+
+  context 'with invalid authorization header type' do
+    let(:basic_authorization_header) { "Bearer #{encoded_api_key}" }
+
+    it 'should raise error' do
+      expect do
+        authenticate
+      end.to raise_error(Stormpath::Error)
+    end
+  end
+end