stormpath-sdk 1.4.0 → 1.5.0

data/lib/stormpath-sdk/provider/account_request.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2014 Stormpath, Inc.
+# Copyright 2016 Stormpath, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,15 +16,14 @@
 module Stormpath
   module Provider
     class AccountRequest
+      attr_accessor :provider, :token_type, :token_value, :account_store
 
-      attr_accessor :provider, :token_type, :token_value
-
-      def initialize(provider, token_type, token_value) 
+      def initialize(provider, token_type, token_value, account_store: {})
         @provider = provider
         @token_type = token_type
         @token_value = token_value
+        @account_store = account_store
       end
-
     end
   end
-end
+end

data/lib/stormpath-sdk/provider/account_resolver.rb

@@ -17,27 +17,42 @@ module Stormpath
   module Provider
     class AccountResolver
       include Stormpath::Util::Assert
+      attr_reader :data_store, :parent_href, :request
 
-      def initialize data_store
+      def initialize(data_store, parent_href, request)
         @data_store = data_store
+        @parent_href = parent_href
+        @request = request
+        assert_not_nil(parent_href, 'parent_href argument must be specified')
+        assert_kind_of(AccountRequest, request, "Only #{AccountRequest} instances are supported.")
       end
 
-      def resolve_provider_account parent_href, request
-        assert_not_nil parent_href, "parent_href argument must be specified"
-        assert_kind_of AccountRequest, request, "Only #{AccountRequest} instances are supported."
+      def resolve_provider_account
+        attempt.provider_data = provider_data
+        data_store.create(href, attempt, Stormpath::Provider::AccountResult)
+      end
 
-        attempt = @data_store.instantiate AccountAccess
+      def provider_data
+        @provider_data ||= {}.tap do |body|
+          body[request.token_type.to_s.camelize(:lower)] = request.token_value
+          body['providerId'] = request.provider
+          body['accountStore'] = request_account_store_hash if request.account_store.present?
+        end
+      end
 
-        attempt.provider_data = {
-                                  request.token_type.to_s.camelize(:lower) => request.token_value,
-                                  "providerId" => request.provider
-                                }
+      private
 
-        href = parent_href + '/accounts'
+      def attempt
+        @attempt ||= data_store.instantiate(AccountAccess)
+      end
 
-        @data_store.create href, attempt, Stormpath::Provider::AccountResult
+      def href
+        "#{parent_href}/accounts"
       end
 
+      def request_account_store_hash
+        request.account_store.transform_keys { |key| key.to_s.camelize(:lower) }
+      end
     end
   end
-end
+end

data/lib/stormpath-sdk/provider/twitter/twitter_provider.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2016 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::TwitterProvider < Stormpath::Provider::Provider
+  prop_reader :client_id, :client_secret
+end

data/lib/stormpath-sdk/provider/twitter/twitter_provider_data.rb

@@ -0,0 +1,18 @@
+#
+# Copyright 2016 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Provider::TwitterProviderData < Stormpath::Provider::ProviderData
+  prop_reader :access_token
+end

data/lib/stormpath-sdk/resource/account_linking_policy.rb

@@ -0,0 +1,21 @@
+#
+# Copyright 2016 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::AccountLinkingPolicy < Stormpath::Resource::Instance
+  prop_accessor :status, :automatic_provisioning, :matching_property
+  prop_reader :created_at, :modified_at
+
+  belongs_to :tenant
+end

data/lib/stormpath-sdk/resource/application.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2012 Stormpath, Inc.
+# Copyright 2016 Stormpath, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,7 +20,7 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
 
   class LoadError < ArgumentError; end
 
-  prop_accessor :name, :description, :authorized_callback_uris, :status
+  prop_accessor :name, :description, :authorized_callback_uris, :status, :authorized_origin_uris
   prop_reader :created_at, :modified_at
 
   belongs_to :tenant
@@ -36,6 +36,8 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
   has_one :default_group_store_mapping, class_name: :accountStoreMapping
   has_one :custom_data
   has_one :o_auth_policy, class_name: :oauthPolicy
+  has_one :web_config, class_name: :applicationWebConfig
+  has_one :account_linking_policy
 
   alias_method :oauth_policy, :o_auth_policy
 
@@ -105,8 +107,8 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     Stormpath::Authentication::BasicAuthenticator.new(data_store).authenticate(href, request)
   end
 
-  def get_provider_account request
-    Stormpath::Provider::AccountResolver.new(data_store).resolve_provider_account(href, request)
+  def get_provider_account(request)
+    Stormpath::Provider::AccountResolver.new(data_store, href, request).resolve_provider_account
   end
 
   def authenticate_oauth(request)
@@ -151,7 +153,7 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     when Hash
       account_store
     else
-      fail ArgumentError, 'Account store has to be passed either as an resource or a hash'
+      raise ArgumentError, 'Account store has to be passed either as an resource or a hash'
     end
   end
 end

data/lib/stormpath-sdk/resource/application_web_config.rb

@@ -0,0 +1,9 @@
+class Stormpath::Resource::ApplicationWebConfig < Stormpath::Resource::Instance
+  ENDPOINTS = [:oauth2, :register, :login, :verify_email, :forgot_password, :change_password, :me].freeze
+  prop_accessor :dns_label, :status, *ENDPOINTS
+  prop_reader :domain_name, :created_at, :modified_at
+
+  has_one :signing_api_key, class_name: :api_key
+  belongs_to :application
+  belongs_to :tenant
+end

data/lib/stormpath-sdk/resource/field.rb

@@ -14,7 +14,8 @@
 # limitations under the License.
 #
 class Stormpath::Resource::Field < Stormpath::Resource::Instance
-  prop_reader :name, :required, :created_at, :modified_at
+  prop_accessor :required
+  prop_reader :name, :created_at, :modified_at
 
   belongs_to :schema
 end

data/lib/stormpath-sdk/resource/organization.rb

@@ -2,7 +2,7 @@ class Stormpath::Resource::Organization < Stormpath::Resource::Instance
   include Stormpath::Resource::CustomDataStorage
 
   prop_accessor :name, :description, :name_key, :status, :account_store_mappings,
-    :default_account_store_mapping, :default_group_store_mapping
+                :default_account_store_mapping, :default_group_store_mapping
 
   prop_reader :created_at, :modified_at
 
@@ -11,4 +11,5 @@ class Stormpath::Resource::Organization < Stormpath::Resource::Instance
   belongs_to :tenant
 
   has_one :custom_data
+  has_one :account_linking_policy
 end

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.4.0'
-  VERSION_DATE = '2016-11-22'
+  VERSION = '1.5.0'
+  VERSION_DATE = '2017-01-24'
 end

data/spec/auth/basic_authenticator_spec.rb

@@ -1,25 +1,112 @@
 require 'spec_helper'
 
-describe "BasicAuthenticator" do
-  context "given an instance of BasicAuthenticator" do
+describe 'BasicAuthenticator', vcr: true do
+  let(:application) { test_api_client.applications.create(application_attrs) }
+  let(:directory) { test_api_client.directories.create(directory_attrs) }
+  let(:directory2) { test_api_client.directories.create(directory_attrs) }
+  let(:organization) { test_api_client.organizations.create(organization_attrs) }
+  let(:authenticator) do
+    Stormpath::Authentication::BasicAuthenticator.new(test_api_client.data_store)
+  end
+  let(:password) { 'F00barfoo' }
+  let(:invalid_password) { 'Wr00ngPassw0rd' }
+  let(:dir_account) do
+    directory.accounts.create(account_attrs(username: 'ruby_cilim_dir', password: password))
+  end
+  let(:org_account) do
+    organization.accounts.create(account_attrs(username: 'ruby_cilim_org', password: password))
+  end
+  let(:request) do
+    Stormpath::Authentication::UsernamePasswordRequest.new(account.username,
+                                                           password,
+                                                           account_store: account_store)
+  end
+  let(:authenticate) { authenticator.authenticate(application.href, request) }
+
+  before do
+    map_account_store(application, directory, 0, true, true)
+    map_account_store(application, organization, 1, false, false)
+    map_organization_store(directory, organization, true)
+  end
+
+  after do
+    application.delete
+    directory.delete
+    organization.delete
+  end
+
+  shared_examples 'an AuthenticationResult' do
+    it 'is an AuthenticationResult' do
+      expect(authenticate).to be_kind_of Stormpath::Authentication::AuthenticationResult
+    end
+
+    it 'has an account' do
+      expect(authenticate.account.email).to eq account.email
+    end
+  end
+
+  shared_examples 'an invalid username or password error' do
+    it 'raises a Stormpath::Error' do
+      expect { authenticate }.to raise_error(Stormpath::Error, 'Invalid username or password.')
+    end
+  end
 
-    before do
-      data_store = Stormpath::DataStore.new "", "", {}, ""
-      allow(test_api_client).to receive(:data_store).and_return(data_store)
-      auth_result = Stormpath::Authentication::AuthenticationResult.new({}, test_api_client)
-      allow(data_store).to receive(:create).and_return(auth_result)
+  context 'authenticate without account store' do
+    let(:account) { dir_account }
+    let(:account_store) { nil }
 
-      @basic_authenticator = Stormpath::Authentication::BasicAuthenticator.new data_store
+    context 'successful authentication' do
+      it_should_behave_like 'an AuthenticationResult'
     end
 
-    context "when authenticating" do
-      before do
-        @response = @basic_authenticator.authenticate "foo/bar", Stormpath::Authentication::UsernamePasswordRequest.new("fake-username", "fake-password")
+    context 'wrong password' do
+      let(:request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(org_account.username,
+                                                               invalid_password)
       end
 
-      it "an AuthenticationResult is returned" do
-        expect(@response).to be_a Stormpath::Authentication::AuthenticationResult
+      it_behaves_like 'an invalid username or password error'
+    end
+  end
+
+  context 'authenticate with account store' do
+    let(:account) { org_account }
+    let(:account_store) { organization }
+
+    context 'successful authentication' do
+      let(:request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(org_account.username,
+                                                               password,
+                                                               account_store: organization)
+      end
+
+      it_should_behave_like 'an AuthenticationResult'
+    end
+
+    context 'wrong password' do
+      let(:request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(org_account.username,
+                                                               invalid_password,
+                                                               account_store: organization)
       end
+
+      it_behaves_like 'an invalid username or password error'
+    end
+
+    context 'account not in account store' do
+      before { map_account_store(application, directory2, 1, false, false) }
+      after { directory2.delete }
+
+      let(:another_account) do
+        directory2.accounts.create(account_attrs(username: 'ruby-dir-acc', password: password))
+      end
+      let(:request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(another_account.username,
+                                                               password,
+                                                               account_store: organization)
+      end
+
+      it_behaves_like 'an invalid username or password error'
     end
   end
 end

data/spec/provider/account_resolver_spec.rb

@@ -1,24 +1,48 @@
 require 'spec_helper'
 
-describe "ProviderAccountResolver" do
-  context "given an instance of ProviderAccountResolver" do
+describe 'ProviderAccountResolver' do
+  context 'given an instance of ProviderAccountResolver' do
+    let(:data_store) { Stormpath::DataStore.new('', '', {}, '') }
+    let(:provider_account_resolver) do
+      Stormpath::Provider::AccountResolver.new(data_store, 'foo/bar', account_request)
+    end
+    let(:response) do
+      provider_account_resolver.resolve_provider_account
+    end
 
     before do
-      data_store = Stormpath::DataStore.new "", "", {}, ""
       allow(test_api_client).to receive(:data_store).and_return(data_store)
       auth_result = Stormpath::Provider::AccountResult.new({}, test_api_client)
       allow(data_store).to receive(:create).and_return(auth_result)
-
-      @provider_account_resolver = Stormpath::Provider::AccountResolver.new data_store
+      provider_account_resolver
     end
 
-    context "when integrating" do
-      before do
-        @response = @provider_account_resolver.resolve_provider_account "foo/bar", Stormpath::Provider::AccountRequest.new(:facebook, :access_token, "some-token")
+    context 'when integrating' do
+      context 'without an account store' do
+        let(:account_request) do
+          Stormpath::Provider::AccountRequest.new(:facebook, :access_token, 'some-token')
+        end
+
+        it 'a ProviderResult is returned' do
+          expect(response).to be_a Stormpath::Provider::AccountResult
+        end
       end
 
-      it "an ProviderResult is returned" do
-        expect(@response).to be_a Stormpath::Provider::AccountResult
+      context 'with account store as a parameter' do
+        let(:account_request) do
+          Stormpath::Provider::AccountRequest.new(:facebook,
+                                                  :access_token,
+                                                  'some-token',
+                                                  account_store: { name_key: 'app1' })
+        end
+
+        it 'a ProviderResult is returned' do
+          expect(response).to be_a Stormpath::Provider::AccountResult
+        end
+
+        it 'should have account_store parameter' do
+          expect(provider_account_resolver.provider_data.keys).to include 'accountStore'
+        end
       end
     end
   end

data/spec/provider/provider_spec.rb

@@ -41,7 +41,7 @@ describe Stormpath::Provider::Provider, :vcr do
       provider_clazz = "Stormpath::Provider::#{provider_id.capitalize}Provider".constantize
       expect(provider).to be_instance_of(provider_clazz)
 
-      if provider_id == 'google' || provider_id == 'facebook'
+      if %w(google facebook twitter).include?(provider_id)
         expect(provider.client_id).to eq(client_id)
         expect(provider.client_secret).to eq(client_secret)
       end
@@ -52,7 +52,7 @@ describe Stormpath::Provider::Provider, :vcr do
     end
   end
 
-  shared_examples 'a syncrhonizeable directory' do
+  shared_examples 'a synchronizable directory' do
     it 'should be able to store provider accounts' do
       account_store_mapping
 
@@ -118,7 +118,7 @@ describe Stormpath::Provider::Provider, :vcr do
     end
 
     it_behaves_like 'a provider directory'
-    it_behaves_like 'a syncrhonizeable directory'
+    it_behaves_like 'a synchronizable directory'
   end
 
   describe 'create google directory with provider credentials' do
@@ -139,7 +139,7 @@ describe Stormpath::Provider::Provider, :vcr do
     end
 
     it_behaves_like 'a provider directory'
-    it_behaves_like 'a syncrhonizeable directory'
+    it_behaves_like 'a synchronizable directory'
   end
 
   describe 'create linkedin directory with provider credentials' do
@@ -154,7 +154,7 @@ describe Stormpath::Provider::Provider, :vcr do
     end
 
     it_behaves_like 'a provider directory'
-    it_behaves_like 'a syncrhonizeable directory'
+    it_behaves_like 'a synchronizable directory'
   end
 
   describe 'create github directory with provider credentials' do
@@ -169,6 +169,21 @@ describe Stormpath::Provider::Provider, :vcr do
     end
 
     it_behaves_like 'a provider directory'
-    it_behaves_like 'a syncrhonizeable directory'
+    it_behaves_like 'a synchronizable directory'
+  end
+
+  describe 'create twitter directory with provider credentials' do
+    let(:name) { 'Twitter' }
+    let(:description) { 'Directory for testing Twitter directories.' }
+
+    let(:provider_id) { 'twitter' }
+    let(:client_id) { 'TWITTER_APP_ID' }
+    let(:client_secret) { 'TWITTER_APP_SECRET' }
+    let(:provider_info) do
+      { provider_id: provider_id, client_id: client_id, client_secret: client_secret }
+    end
+
+    it_behaves_like 'a provider directory'
+    it_behaves_like 'a synchronizable directory'
   end
 end