stormpath-sdk 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +21 -0
- data/CHANGES.md +11 -0
- data/README.md +23 -25
- data/lib/stormpath-sdk.rb +11 -2
- data/lib/stormpath-sdk/api_key.rb +0 -1
- data/lib/stormpath-sdk/auth/basic_authenticator.rb +7 -7
- data/lib/stormpath-sdk/auth/basic_login_attempt.rb +7 -11
- data/lib/stormpath-sdk/auth/create_factor.rb +1 -1
- data/lib/stormpath-sdk/auth/register_service_provider.rb +41 -0
- data/lib/stormpath-sdk/auth/username_password_request.rb +3 -5
- data/lib/stormpath-sdk/cache/cache.rb +3 -3
- data/lib/stormpath-sdk/cache/cache_entry.rb +2 -2
- data/lib/stormpath-sdk/cache/cache_manager.rb +3 -4
- data/lib/stormpath-sdk/cache/cache_stats.rb +1 -3
- data/lib/stormpath-sdk/cache/disabled_cache_store.rb +5 -8
- data/lib/stormpath-sdk/cache/memory_store.rb +1 -1
- data/lib/stormpath-sdk/cache/redis_store.rb +4 -4
- data/lib/stormpath-sdk/client.rb +35 -33
- data/lib/stormpath-sdk/data_store.rb +278 -257
- data/lib/stormpath-sdk/error.rb +18 -7
- data/lib/stormpath-sdk/http/authc/sauthc1_signer.rb +76 -82
- data/lib/stormpath-sdk/http/http_client_request_executor.rb +10 -8
- data/lib/stormpath-sdk/http/response.rb +5 -7
- data/lib/stormpath-sdk/id_site/id_site_result.rb +5 -6
- data/lib/stormpath-sdk/oauth/access_token_authentication_result.rb +5 -9
- data/lib/stormpath-sdk/oauth/authenticator.rb +2 -2
- data/lib/stormpath-sdk/oauth/error.rb +4 -4
- data/lib/stormpath-sdk/oauth/id_site_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/password_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/refresh_grant_request.rb +2 -2
- data/lib/stormpath-sdk/oauth/stormpath_grant_request.rb +2 -2
- data/lib/stormpath-sdk/provider/account_access.rb +0 -2
- data/lib/stormpath-sdk/provider/account_result.rb +1 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider_data.rb +7 -3
- data/lib/stormpath-sdk/provider/github/github_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/github/github_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/google/google_provider.rb +7 -3
- data/lib/stormpath-sdk/provider/google/google_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/provider.rb +8 -4
- data/lib/stormpath-sdk/provider/provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/saml/saml_provider.rb +10 -4
- data/lib/stormpath-sdk/provider/saml/saml_provider_data.rb +6 -3
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider_data.rb +6 -2
- data/lib/stormpath-sdk/resource/account.rb +46 -40
- data/lib/stormpath-sdk/resource/account_link.rb +9 -5
- data/lib/stormpath-sdk/resource/account_linking_policy.rb +8 -4
- data/lib/stormpath-sdk/resource/account_membership.rb +1 -1
- data/lib/stormpath-sdk/resource/account_overrides.rb +20 -16
- data/lib/stormpath-sdk/resource/account_store.rb +15 -11
- data/lib/stormpath-sdk/resource/account_store_mapping.rb +14 -13
- data/lib/stormpath-sdk/resource/application.rb +147 -136
- data/lib/stormpath-sdk/resource/application_web_config.rb +11 -7
- data/lib/stormpath-sdk/resource/associations.rb +36 -43
- data/lib/stormpath-sdk/resource/attribute_statement_mapping_rules.rb +8 -0
- data/lib/stormpath-sdk/resource/base.rb +201 -200
- data/lib/stormpath-sdk/resource/challenge.rb +12 -8
- data/lib/stormpath-sdk/resource/collection.rb +77 -76
- data/lib/stormpath-sdk/resource/custom_data.rb +60 -61
- data/lib/stormpath-sdk/resource/custom_data_hash_methods.rb +28 -25
- data/lib/stormpath-sdk/resource/custom_data_storage.rb +18 -16
- data/lib/stormpath-sdk/resource/directory.rb +37 -60
- data/lib/stormpath-sdk/resource/email_verification_token.rb +7 -3
- data/lib/stormpath-sdk/resource/error.rb +8 -4
- data/lib/stormpath-sdk/resource/expansion.rb +22 -20
- data/lib/stormpath-sdk/resource/factor.rb +12 -8
- data/lib/stormpath-sdk/resource/field.rb +8 -4
- data/lib/stormpath-sdk/resource/group.rb +21 -16
- data/lib/stormpath-sdk/resource/group_membership.rb +7 -5
- data/lib/stormpath-sdk/resource/instance.rb +10 -6
- data/lib/stormpath-sdk/resource/linked_account.rb +7 -3
- data/lib/stormpath-sdk/resource/oauth_policy.rb +7 -3
- data/lib/stormpath-sdk/resource/organization.rb +14 -10
- data/lib/stormpath-sdk/resource/organization_account_store_mapping.rb +8 -4
- data/lib/stormpath-sdk/resource/password_reset_token.rb +9 -5
- data/lib/stormpath-sdk/resource/phone.rb +8 -4
- data/lib/stormpath-sdk/resource/registered_saml_service_provider.rb +8 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider.rb +14 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider_metadata.rb +9 -0
- data/lib/stormpath-sdk/resource/saml_policy.rb +10 -0
- data/lib/stormpath-sdk/resource/saml_service_provider.rb +7 -0
- data/lib/stormpath-sdk/{provider/saml/saml_mapping_rules.rb → resource/saml_service_provider_metadata.rb} +6 -5
- data/lib/stormpath-sdk/resource/saml_service_provider_registration.rb +11 -0
- data/lib/stormpath-sdk/resource/schema.rb +8 -4
- data/lib/stormpath-sdk/resource/tenant.rb +11 -8
- data/lib/stormpath-sdk/resource/user_info_mapping_rules.rb +7 -3
- data/lib/stormpath-sdk/resource/utils.rb +7 -10
- data/lib/stormpath-sdk/resource/verification_email.rb +7 -3
- data/lib/stormpath-sdk/resource/x_509_certificate.rb +7 -0
- data/lib/stormpath-sdk/util/assert.rb +1 -3
- data/lib/stormpath-sdk/version.rb +2 -2
- data/spec/auth/basic_authenticator_spec.rb +28 -24
- data/spec/auth/register_service_provider_spec.rb +68 -0
- data/spec/auth/sauthc1_signer_spec.rb +8 -4
- data/spec/cache/cache_entry_spec.rb +28 -29
- data/spec/cache/cache_spec.rb +9 -9
- data/spec/cache/cache_stats_spec.rb +1 -1
- data/spec/client_spec.rb +63 -63
- data/spec/data_store_spec.rb +23 -14
- data/spec/oauth/access_token_authentication_result_spec.rb +8 -2
- data/spec/provider/account_resolver_spec.rb +6 -4
- data/spec/provider/provider_spec.rb +6 -6
- data/spec/resource/account_creation_policy_spec.rb +1 -1
- data/spec/resource/account_link_spec.rb +7 -15
- data/spec/resource/account_spec.rb +17 -17
- data/spec/resource/account_store_mapping_spec.rb +16 -22
- data/spec/resource/account_store_spec.rb +3 -3
- data/spec/resource/application_spec.rb +324 -330
- data/spec/resource/base_spec.rb +7 -31
- data/spec/resource/collection_spec.rb +63 -114
- data/spec/resource/custom_data_spec.rb +1 -1
- data/spec/resource/directory_spec.rb +91 -87
- data/spec/resource/expansion_spec.rb +10 -10
- data/spec/resource/factor_spec.rb +1 -1
- data/spec/resource/group_spec.rb +1 -1
- data/spec/resource/linked_account_spec.rb +7 -7
- data/spec/resource/organization_spec.rb +12 -11
- data/spec/resource/phone_spec.rb +1 -1
- data/spec/resource/registered_saml_service_provider_spec.rb +35 -0
- data/spec/resource/saml_identity_provider_metadata_spec.rb +27 -0
- data/spec/resource/saml_identity_provider_spec.rb +94 -0
- data/spec/resource/saml_policy_spec.rb +27 -0
- data/spec/resource/saml_service_provider_registration_spec.rb +58 -0
- data/spec/resource/saml_service_provider_spec.rb +19 -0
- data/spec/resource/status_spec.rb +4 -3
- data/spec/resource/tenant_spec.rb +4 -6
- data/spec/spec_helper.rb +1 -1
- data/spec/support/custom_data_save_period.rb +4 -0
- data/spec/support/custom_data_storage_behavior.rb +7 -8
- data/spec/support/mocked_provider_accounts.rb +101 -101
- data/spec/support/mocked_saml_responses.rb +130 -0
- data/spec/support/resource_factory.rb +4 -4
- data/spec/support/resource_helpers.rb +10 -4
- data/spec/support/resource_matchers.rb +4 -4
- data/spec/support/test_request_executor.rb +2 -2
- metadata +21 -8
- data/lib/stormpath-sdk/provider/saml/saml_provider_metadata.rb +0 -19
- data/spec/fixtures/response/create_saml_directory.json +0 -26
- data/spec/fixtures/response/create_saml_directory_mapping_rules.json +0 -12
- data/spec/fixtures/response/get_saml_directory_provider.json +0 -16
- data/spec/fixtures/response/get_saml_directory_provider_metadata.json +0 -12
|
@@ -31,7 +31,10 @@ describe Stormpath::Oauth::AccessTokenAuthenticationResult, :vcr do
|
|
|
31
31
|
|
|
32
32
|
expect(account.access_tokens.count).to eq(1)
|
|
33
33
|
|
|
34
|
-
jti = JWT.decode(
|
|
34
|
+
jti = JWT.decode(
|
|
35
|
+
jwt_authentication_result.access_token,
|
|
36
|
+
test_api_client.data_store.api_key.secret
|
|
37
|
+
).first['jti']
|
|
35
38
|
|
|
36
39
|
fetched_access_token = test_api_client.access_tokens.get(jti)
|
|
37
40
|
|
|
@@ -49,7 +52,10 @@ describe Stormpath::Oauth::AccessTokenAuthenticationResult, :vcr do
|
|
|
49
52
|
|
|
50
53
|
expect(account.refresh_tokens.count).to eq(1)
|
|
51
54
|
|
|
52
|
-
jti = JWT.decode(
|
|
55
|
+
jti = JWT.decode(
|
|
56
|
+
jwt_authentication_result.refresh_token,
|
|
57
|
+
test_api_client.data_store.api_key.secret
|
|
58
|
+
).first['jti']
|
|
53
59
|
|
|
54
60
|
fetched_refresh_token = test_api_client.refresh_tokens.get(jti)
|
|
55
61
|
|
|
@@ -30,10 +30,12 @@ describe 'ProviderAccountResolver' do
|
|
|
30
30
|
|
|
31
31
|
context 'with account store as a parameter' do
|
|
32
32
|
let(:account_request) do
|
|
33
|
-
Stormpath::Provider::AccountRequest.new(
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
33
|
+
Stormpath::Provider::AccountRequest.new(
|
|
34
|
+
:facebook,
|
|
35
|
+
:access_token,
|
|
36
|
+
'some-token',
|
|
37
|
+
account_store: { name_key: 'app1' }
|
|
38
|
+
)
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
it 'a ProviderResult is returned' do
|
|
@@ -121,7 +121,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
describe 'create stormpath directory with empty provider credentials' do
|
|
124
|
-
let(:name) {
|
|
124
|
+
let(:name) { "ruby-sdk-stormpath-#{random_number}" }
|
|
125
125
|
let(:description) { 'Directory for testing Stormpath directories.' }
|
|
126
126
|
let(:provider_id) { 'stormpath' }
|
|
127
127
|
|
|
@@ -139,7 +139,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
139
139
|
end
|
|
140
140
|
|
|
141
141
|
describe 'create facebook directory with provider credentials' do
|
|
142
|
-
let(:name) {
|
|
142
|
+
let(:name) { "ruby-sdk-facebook-#{random_number}" }
|
|
143
143
|
let(:description) { 'Directory for testing Facebook directories.' }
|
|
144
144
|
|
|
145
145
|
let(:provider_id) { 'facebook' }
|
|
@@ -154,7 +154,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
154
154
|
end
|
|
155
155
|
|
|
156
156
|
describe 'create google directory with provider credentials' do
|
|
157
|
-
let(:name) {
|
|
157
|
+
let(:name) { "ruby-sdk-google-#{random_number}" }
|
|
158
158
|
let(:description) { 'Directory for testing Google directories.' }
|
|
159
159
|
|
|
160
160
|
let(:provider_id) { 'google' }
|
|
@@ -181,7 +181,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
181
181
|
end
|
|
182
182
|
|
|
183
183
|
describe 'create linkedin directory with provider credentials' do
|
|
184
|
-
let(:name) {
|
|
184
|
+
let(:name) { "ruby-sdk-linkedin-#{random_number}" }
|
|
185
185
|
let(:description) { 'Directory for testing Linkedin directories.' }
|
|
186
186
|
|
|
187
187
|
let(:provider_id) { 'linkedin' }
|
|
@@ -196,7 +196,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
describe 'create github directory with provider credentials' do
|
|
199
|
-
let(:name) {
|
|
199
|
+
let(:name) { "ruby-sdk-github-#{random_number}" }
|
|
200
200
|
let(:description) { 'Directory for testing Github directories.' }
|
|
201
201
|
|
|
202
202
|
let(:provider_id) { 'github' }
|
|
@@ -211,7 +211,7 @@ describe Stormpath::Provider::Provider, :vcr do
|
|
|
211
211
|
end
|
|
212
212
|
|
|
213
213
|
describe 'create twitter directory with provider credentials' do
|
|
214
|
-
let(:name) {
|
|
214
|
+
let(:name) { "ruby-sdk-twitter-#{random_number}" }
|
|
215
215
|
let(:description) { 'Directory for testing Twitter directories.' }
|
|
216
216
|
|
|
217
217
|
let(:provider_id) { 'twitter' }
|
|
@@ -99,7 +99,7 @@ describe Stormpath::Resource::AccountCreationPolicy, :vcr do
|
|
|
99
99
|
|
|
100
100
|
context 'when domain not string' do
|
|
101
101
|
it 'should raise error' do
|
|
102
|
-
blacklisted = ['*spam.com',
|
|
102
|
+
blacklisted = ['*spam.com', 12_345]
|
|
103
103
|
account_creation_policy.email_domain_blacklist = blacklisted
|
|
104
104
|
expect do
|
|
105
105
|
account_creation_policy.save
|
|
@@ -1,27 +1,19 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Stormpath::Resource::AccountLink, :vcr do
|
|
4
|
-
let(:application)
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
let(:
|
|
8
|
-
|
|
9
|
-
end
|
|
10
|
-
let(:directory2) do
|
|
11
|
-
test_api_client.directories.create(name: 'ruby sdk dir 2')
|
|
12
|
-
end
|
|
4
|
+
let(:application) { test_api_client.applications.create(application_attrs) }
|
|
5
|
+
let(:directory1) { test_api_client.directories.create(directory_attrs) }
|
|
6
|
+
let(:directory2) { test_api_client.directories.create(directory_attrs) }
|
|
7
|
+
let(:username1) { "jekyll-#{random_number}" }
|
|
8
|
+
let(:username2) { "hyde-#{random_number}" }
|
|
13
9
|
|
|
14
10
|
before do
|
|
15
11
|
map_account_store(application, directory1, 1, true, false)
|
|
16
12
|
map_account_store(application, directory2, 2, false, false)
|
|
17
13
|
end
|
|
18
14
|
|
|
19
|
-
let!(:account1)
|
|
20
|
-
|
|
21
|
-
end
|
|
22
|
-
let!(:account2) do
|
|
23
|
-
directory2.accounts.create(account_attrs(email: 'hyde', username: 'hyde'))
|
|
24
|
-
end
|
|
15
|
+
let!(:account1) { directory1.accounts.create(account_attrs(email: username1, username: username1)) }
|
|
16
|
+
let!(:account2) { directory2.accounts.create(account_attrs(email: username2, username: username2)) }
|
|
25
17
|
|
|
26
18
|
let!(:account_link) do
|
|
27
19
|
test_api_client.account_links.create(
|
|
@@ -4,10 +4,14 @@ describe Stormpath::Resource::Account, :vcr do
|
|
|
4
4
|
describe 'instances should respond to attribute property methods' do
|
|
5
5
|
let(:directory) { test_api_client.directories.create(directory_attrs) }
|
|
6
6
|
let(:account) do
|
|
7
|
-
directory.accounts.create(
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
directory.accounts.create(
|
|
8
|
+
account_attrs(
|
|
9
|
+
email: 'ruby',
|
|
10
|
+
given_name: 'ruby',
|
|
11
|
+
surname: 'ruby',
|
|
12
|
+
middle_name: 'ruby'
|
|
13
|
+
)
|
|
14
|
+
)
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
after do
|
|
@@ -120,9 +124,7 @@ describe Stormpath::Resource::Account, :vcr do
|
|
|
120
124
|
|
|
121
125
|
it 'adds and removes the group from the account' do
|
|
122
126
|
expect(account.groups).to include(group)
|
|
123
|
-
|
|
124
127
|
account.remove_group group
|
|
125
|
-
|
|
126
128
|
expect(account.groups).not_to include(group)
|
|
127
129
|
end
|
|
128
130
|
end
|
|
@@ -237,11 +239,13 @@ describe Stormpath::Resource::Account, :vcr do
|
|
|
237
239
|
end
|
|
238
240
|
|
|
239
241
|
let(:factor) do
|
|
240
|
-
account.create_factor(
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
242
|
+
account.create_factor(
|
|
243
|
+
:sms,
|
|
244
|
+
phone: { number: '+12025550173',
|
|
245
|
+
name: 'Rspec test phone',
|
|
246
|
+
description: 'This is a testing phone number' },
|
|
247
|
+
challenge: { message: 'Enter code please: ' }
|
|
248
|
+
)
|
|
245
249
|
end
|
|
246
250
|
|
|
247
251
|
it 'factor should be created' do
|
|
@@ -250,9 +254,7 @@ describe Stormpath::Resource::Account, :vcr do
|
|
|
250
254
|
end
|
|
251
255
|
|
|
252
256
|
context 'type google-authenticator' do
|
|
253
|
-
let(:factor)
|
|
254
|
-
account.create_factor(:google_authenticator, options)
|
|
255
|
-
end
|
|
257
|
+
let(:factor) { account.create_factor(:google_authenticator, options) }
|
|
256
258
|
|
|
257
259
|
context 'with account_name' do
|
|
258
260
|
let(:account_name) { "marko.cilimkovic#{default_domain}" }
|
|
@@ -295,9 +297,7 @@ describe Stormpath::Resource::Account, :vcr do
|
|
|
295
297
|
end
|
|
296
298
|
|
|
297
299
|
context 'with bad type set' do
|
|
298
|
-
let(:factor)
|
|
299
|
-
account.create_factor(:invalid_type)
|
|
300
|
-
end
|
|
300
|
+
let(:factor) { account.create_factor(:invalid_type) }
|
|
301
301
|
|
|
302
302
|
it 'should raise error' do
|
|
303
303
|
expect { factor }.to raise_error(Stormpath::Error)
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
4
|
-
let(:directory_name) {
|
|
4
|
+
let(:directory_name) { "rubysdktestdir-#{random_number}" }
|
|
5
5
|
let(:directory) { test_api_client.directories.create(directory_attrs(name: directory_name)) }
|
|
6
6
|
let(:application) { test_api_client.applications.create(application_attrs) }
|
|
7
7
|
|
|
@@ -10,13 +10,13 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
10
10
|
directory.delete if directory
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
describe
|
|
13
|
+
describe 'instances' do
|
|
14
14
|
let!(:account_store_mapping) do
|
|
15
15
|
map_account_store(application, directory, 0, true, false)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it do
|
|
19
|
-
[:list_index, :is_default_account_store, :is_default_group_store, :default_account_store, :default_group_store
|
|
19
|
+
[:list_index, :is_default_account_store, :is_default_group_store, :default_account_store, :default_group_store].each do |prop_accessor|
|
|
20
20
|
expect(account_store_mapping).to respond_to(prop_accessor)
|
|
21
21
|
expect(account_store_mapping).to respond_to("#{prop_accessor}=")
|
|
22
22
|
end
|
|
@@ -25,11 +25,11 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
25
25
|
expect(account_store_mapping).to respond_to(prop_getter)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
expect(account_store_mapping.list_index).to be_a
|
|
28
|
+
expect(account_store_mapping.list_index).to be_a Integer
|
|
29
29
|
|
|
30
30
|
[:default_account_store, :default_group_store].each do |default_store_method|
|
|
31
31
|
[default_store_method, "is_#{default_store_method}", "#{default_store_method}?"].each do |specific_store_method|
|
|
32
|
-
expect(account_store_mapping.send
|
|
32
|
+
expect(account_store_mapping.send(specific_store_method)).to be_boolean
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -38,9 +38,8 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
|
|
42
41
|
describe 'given an application' do
|
|
43
|
-
let(:reloaded_application) { test_api_client.applications.get
|
|
42
|
+
let(:reloaded_application) { test_api_client.applications.get(application.href) }
|
|
44
43
|
|
|
45
44
|
context 'on application creation' do
|
|
46
45
|
it 'there should be no default account/group store' do
|
|
@@ -72,7 +71,7 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
72
71
|
end
|
|
73
72
|
|
|
74
73
|
context 'remove the added default account/group store mapping' do
|
|
75
|
-
let(:re_reloaded_application) { test_api_client.applications.get
|
|
74
|
+
let(:re_reloaded_application) { test_api_client.applications.get(application.href) }
|
|
76
75
|
|
|
77
76
|
it 'there should not be a default account store mapping in the beginning and the end' do
|
|
78
77
|
expect(application.default_account_store_mapping).to eq(nil)
|
|
@@ -104,10 +103,9 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
104
103
|
expect(re_reloaded_application.default_group_store_mapping).to eq(nil)
|
|
105
104
|
end
|
|
106
105
|
end
|
|
107
|
-
|
|
108
106
|
end
|
|
109
107
|
|
|
110
|
-
describe
|
|
108
|
+
describe 'given a directory' do
|
|
111
109
|
before { map_account_store(application, directory, 0, false, false) }
|
|
112
110
|
|
|
113
111
|
it 'add an account store mapping' do
|
|
@@ -115,13 +113,11 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
115
113
|
end
|
|
116
114
|
end
|
|
117
115
|
|
|
118
|
-
describe
|
|
116
|
+
describe 'given a group' do
|
|
119
117
|
let(:group) { directory.groups.create(group_attrs) }
|
|
120
|
-
let(:reloaded_application) { test_api_client.applications.get
|
|
118
|
+
let(:reloaded_application) { test_api_client.applications.get(application.href) }
|
|
121
119
|
|
|
122
|
-
after
|
|
123
|
-
group.delete if group
|
|
124
|
-
end
|
|
120
|
+
after { group.delete if group }
|
|
125
121
|
|
|
126
122
|
context 'add an account store mapping' do
|
|
127
123
|
it 'being a default account store' do
|
|
@@ -136,26 +132,24 @@ describe Stormpath::Resource::AccountStoreMapping, :vcr do
|
|
|
136
132
|
map_account_store(application, group, 0, false, true)
|
|
137
133
|
end.to raise_error Stormpath::Error
|
|
138
134
|
end
|
|
139
|
-
|
|
140
135
|
end
|
|
141
|
-
|
|
142
136
|
end
|
|
143
137
|
|
|
144
|
-
describe
|
|
138
|
+
describe 'update attribute default_group_store' do
|
|
145
139
|
let(:account_store_mapping) { map_account_store(application, directory, 0, true, false) }
|
|
146
|
-
let(:reloaded_mapping){ application.account_store_mappings.get
|
|
140
|
+
let(:reloaded_mapping) { application.account_store_mappings.get(account_store_mapping.href) }
|
|
147
141
|
|
|
148
142
|
it 'should go from true to false' do
|
|
149
143
|
expect(account_store_mapping.is_default_account_store).to eq(true)
|
|
150
|
-
account_store_mapping.default_account_store= false
|
|
144
|
+
account_store_mapping.default_account_store = false
|
|
151
145
|
account_store_mapping.save
|
|
152
146
|
expect(reloaded_mapping.is_default_account_store).to eq(false)
|
|
153
147
|
end
|
|
154
148
|
end
|
|
155
149
|
|
|
156
|
-
describe
|
|
150
|
+
describe 'given a mapping' do
|
|
157
151
|
let!(:account_store_mapping) { map_account_store(application, directory, 0, true, false) }
|
|
158
|
-
let(:reloaded_application) { test_api_client.applications.get
|
|
152
|
+
let(:reloaded_application) { test_api_client.applications.get(application.href) }
|
|
159
153
|
|
|
160
154
|
it 'function delete should destroy it' do
|
|
161
155
|
expect(application.account_store_mappings.count).to eq(1)
|
|
@@ -15,7 +15,7 @@ describe Stormpath::Resource::AccountStore, :vcr do
|
|
|
15
15
|
|
|
16
16
|
describe 'given an account_store_mapping and a directory' do
|
|
17
17
|
let!(:account_store_mapping) { map_account_store(application, directory, 0, true, true) }
|
|
18
|
-
let(:reloaded_mapping) { application.account_store_mappings.get
|
|
18
|
+
let(:reloaded_mapping) { application.account_store_mappings.get(account_store_mapping.href) }
|
|
19
19
|
|
|
20
20
|
it 'should return a directory' do
|
|
21
21
|
expect(reloaded_mapping.account_store.class).to eq(Stormpath::Resource::Directory)
|
|
@@ -25,7 +25,7 @@ describe Stormpath::Resource::AccountStore, :vcr do
|
|
|
25
25
|
|
|
26
26
|
describe 'given an account_store_mapping and a group' do
|
|
27
27
|
let!(:account_store_mapping) { map_account_store(application, group, 0, true, false) }
|
|
28
|
-
let(:reloaded_mapping) { application.account_store_mappings.get
|
|
28
|
+
let(:reloaded_mapping) { application.account_store_mappings.get(account_store_mapping.href) }
|
|
29
29
|
|
|
30
30
|
it 'should return a group' do
|
|
31
31
|
expect(reloaded_mapping.account_store.class).to eq(Stormpath::Resource::Group)
|
|
@@ -35,7 +35,7 @@ describe Stormpath::Resource::AccountStore, :vcr do
|
|
|
35
35
|
|
|
36
36
|
describe 'given an account_store_mapping and an organization' do
|
|
37
37
|
let!(:account_store_mapping) { map_account_store(application, organization, 0, true, false) }
|
|
38
|
-
let(:reloaded_mapping) { application.account_store_mappings.get
|
|
38
|
+
let(:reloaded_mapping) { application.account_store_mappings.get(account_store_mapping.href) }
|
|
39
39
|
|
|
40
40
|
it 'should return an organization' do
|
|
41
41
|
expect(reloaded_mapping.account_store.class).to eq(Stormpath::Resource::Organization)
|
|
@@ -3,12 +3,10 @@ include UUIDTools
|
|
|
3
3
|
|
|
4
4
|
describe Stormpath::Resource::Application, :vcr do
|
|
5
5
|
let(:app) { test_api_client.applications.create(application_attrs) }
|
|
6
|
-
let(:application) { test_api_client.applications.get
|
|
6
|
+
let(:application) { test_api_client.applications.get(app.href) }
|
|
7
7
|
let(:directory) { test_api_client.directories.create(directory_attrs) }
|
|
8
8
|
|
|
9
|
-
before
|
|
10
|
-
map_account_store(app, directory, 1, true, true)
|
|
11
|
-
end
|
|
9
|
+
before { map_account_store(app, directory, 1, true, true) }
|
|
12
10
|
|
|
13
11
|
after do
|
|
14
12
|
application.delete if application
|
|
@@ -16,24 +14,23 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
16
14
|
end
|
|
17
15
|
|
|
18
16
|
it 'instances should respond to attribute property methods' do
|
|
19
|
-
|
|
20
17
|
expect(application).to be_a Stormpath::Resource::Application
|
|
21
18
|
|
|
22
19
|
[:name, :description, :status].each do |property_accessor|
|
|
23
20
|
expect(application).to respond_to(property_accessor)
|
|
24
21
|
expect(application).to respond_to("#{property_accessor}=")
|
|
25
|
-
expect(application.send
|
|
22
|
+
expect(application.send(property_accessor)).to be_a String
|
|
26
23
|
end
|
|
27
24
|
|
|
28
25
|
[:authorized_callback_uris, :authorized_origin_uris].each do |property_accessor|
|
|
29
26
|
expect(application).to respond_to(property_accessor)
|
|
30
27
|
expect(application).to respond_to("#{property_accessor}=")
|
|
31
|
-
expect(application.send
|
|
28
|
+
expect(application.send(property_accessor)).to be_a Array
|
|
32
29
|
end
|
|
33
30
|
|
|
34
31
|
[:created_at, :modified_at].each do |property_getter|
|
|
35
32
|
expect(application).to respond_to(property_getter)
|
|
36
|
-
expect(application.send
|
|
33
|
+
expect(application.send(property_getter)).to be_a String
|
|
37
34
|
end
|
|
38
35
|
|
|
39
36
|
expect(application.tenant).to be_a Stormpath::Resource::Tenant
|
|
@@ -47,6 +44,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
47
44
|
expect(application.verification_emails).to be_a Stormpath::Resource::Collection
|
|
48
45
|
expect(application.account_store_mappings).to be_a Stormpath::Resource::Collection
|
|
49
46
|
expect(application.account_linking_policy).to be_a Stormpath::Resource::AccountLinkingPolicy
|
|
47
|
+
expect(application.saml_policy).to be_a Stormpath::Resource::SamlPolicy
|
|
50
48
|
end
|
|
51
49
|
|
|
52
50
|
describe '.load' do
|
|
@@ -72,13 +70,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
72
70
|
end
|
|
73
71
|
|
|
74
72
|
describe 'application_associations' do
|
|
75
|
-
|
|
76
73
|
context '#accounts' do
|
|
77
74
|
let(:account) { application.accounts.create(account_attrs) }
|
|
78
75
|
|
|
79
|
-
after
|
|
80
|
-
account.delete if account
|
|
81
|
-
end
|
|
76
|
+
after { account.delete if account }
|
|
82
77
|
|
|
83
78
|
it 'should be able to create an account' do
|
|
84
79
|
expect(application.accounts).to include(account)
|
|
@@ -86,7 +81,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
86
81
|
end
|
|
87
82
|
|
|
88
83
|
it 'should be able to create and fetch the account' do
|
|
89
|
-
expect(application.accounts.get
|
|
84
|
+
expect(application.accounts.get(account.href)).to be
|
|
90
85
|
end
|
|
91
86
|
end
|
|
92
87
|
|
|
@@ -101,12 +96,13 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
101
96
|
end
|
|
102
97
|
|
|
103
98
|
it 'should be able to create and fetch a group' do
|
|
104
|
-
expect(application.groups.get
|
|
99
|
+
expect(application.groups.get(group.href)).to be
|
|
105
100
|
end
|
|
106
101
|
end
|
|
107
102
|
|
|
108
103
|
context '#web_config' do
|
|
109
104
|
let(:web_config) { application.web_config }
|
|
105
|
+
let(:dns_label) { "ruby-dns-label-#{random_number}" }
|
|
110
106
|
|
|
111
107
|
it 'should have web_config' do
|
|
112
108
|
expect(application.web_config).to be_a Stormpath::Resource::ApplicationWebConfig
|
|
@@ -123,15 +119,15 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
123
119
|
end
|
|
124
120
|
|
|
125
121
|
it 'changing dns_label should affect domain_name' do
|
|
126
|
-
web_config.dns_label =
|
|
122
|
+
web_config.dns_label = dns_label
|
|
127
123
|
web_config.save
|
|
128
|
-
expect(application.web_config.domain_name).to eq
|
|
124
|
+
expect(application.web_config.domain_name).to eq "#{dns_label}.apps.stormpath.io"
|
|
129
125
|
end
|
|
130
126
|
end
|
|
131
127
|
end
|
|
132
128
|
|
|
133
129
|
describe 'edit authorized_callback_uris' do
|
|
134
|
-
let(:authorized_callback_uris) { [
|
|
130
|
+
let(:authorized_callback_uris) { ['https://myapplication.com/whatever/callback', 'https://myapplication.com/whatever/callback2'] }
|
|
135
131
|
|
|
136
132
|
it 'changes authorized callback uris on application' do
|
|
137
133
|
application.authorized_callback_uris = authorized_callback_uris
|
|
@@ -178,24 +174,17 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
178
174
|
end
|
|
179
175
|
|
|
180
176
|
describe '#authenticate_account' do
|
|
181
|
-
let(:account)
|
|
182
|
-
directory.accounts.create account_attrs(password: 'P@$$w0rd')
|
|
183
|
-
end
|
|
184
|
-
|
|
177
|
+
let(:account) { directory.accounts.create(account_attrs(password: 'P@$$w0rd')) }
|
|
185
178
|
let(:login_request) do
|
|
186
|
-
Stormpath::Authentication::UsernamePasswordRequest.new
|
|
179
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(account.username, password)
|
|
187
180
|
end
|
|
188
181
|
|
|
189
|
-
let(:authentication_result)
|
|
190
|
-
application.authenticate_account login_request
|
|
191
|
-
end
|
|
182
|
+
let(:authentication_result) { application.authenticate_account login_request }
|
|
192
183
|
|
|
193
|
-
after
|
|
194
|
-
account.delete if account
|
|
195
|
-
end
|
|
184
|
+
after { account.delete if account }
|
|
196
185
|
|
|
197
186
|
context 'given a valid username and password' do
|
|
198
|
-
let(:password) {'P@$$w0rd' }
|
|
187
|
+
let(:password) { 'P@$$w0rd' }
|
|
199
188
|
|
|
200
189
|
it 'returns an authentication result' do
|
|
201
190
|
expect(authentication_result).to be
|
|
@@ -215,19 +204,20 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
215
204
|
end
|
|
216
205
|
|
|
217
206
|
describe '#authenticate_account_with_an_account_store_specified' do
|
|
218
|
-
let(:password) {'P@$$w0rd' }
|
|
219
|
-
|
|
207
|
+
let(:password) { 'P@$$w0rd' }
|
|
220
208
|
let(:authentication_result) { application.authenticate_account login_request }
|
|
221
209
|
|
|
222
|
-
after
|
|
223
|
-
account.delete if account
|
|
224
|
-
end
|
|
210
|
+
after { account.delete if account }
|
|
225
211
|
|
|
226
212
|
context 'given a proper directory' do
|
|
227
|
-
let(:account) { directory.accounts.create
|
|
213
|
+
let(:account) { directory.accounts.create(account_attrs(password: 'P@$$w0rd')) }
|
|
228
214
|
|
|
229
215
|
let(:login_request) do
|
|
230
|
-
Stormpath::Authentication::UsernamePasswordRequest.new
|
|
216
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
217
|
+
account.username,
|
|
218
|
+
password,
|
|
219
|
+
account_store: directory
|
|
220
|
+
)
|
|
231
221
|
end
|
|
232
222
|
|
|
233
223
|
it 'should return an authentication result' do
|
|
@@ -240,14 +230,16 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
240
230
|
|
|
241
231
|
context 'given a wrong directory' do
|
|
242
232
|
let(:new_directory) { test_api_client.directories.create(directory_attrs) }
|
|
243
|
-
let(:account) { new_directory.accounts.create
|
|
233
|
+
let(:account) { new_directory.accounts.create(account_attrs(password: 'P@$$w0rd')) }
|
|
244
234
|
let(:login_request) do
|
|
245
|
-
Stormpath::Authentication::UsernamePasswordRequest.new
|
|
235
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
236
|
+
account.username,
|
|
237
|
+
password,
|
|
238
|
+
account_store: directory
|
|
239
|
+
)
|
|
246
240
|
end
|
|
247
241
|
|
|
248
|
-
after
|
|
249
|
-
new_directory.delete if new_directory
|
|
250
|
-
end
|
|
242
|
+
after { new_directory.delete if new_directory }
|
|
251
243
|
|
|
252
244
|
it 'raises an error' do
|
|
253
245
|
expect { authentication_result }.to raise_error Stormpath::Error
|
|
@@ -255,21 +247,19 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
255
247
|
end
|
|
256
248
|
|
|
257
249
|
context 'given a group' do
|
|
258
|
-
let(:group) {directory.groups.create(group_attrs) }
|
|
259
|
-
|
|
260
|
-
let(:account) { directory.accounts.create account_attrs(password: 'P@$$w0rd') }
|
|
261
|
-
|
|
250
|
+
let(:group) { directory.groups.create(group_attrs) }
|
|
251
|
+
let(:account) { directory.accounts.create(account_attrs(password: 'P@$$w0rd')) }
|
|
262
252
|
let(:login_request) do
|
|
263
|
-
Stormpath::Authentication::UsernamePasswordRequest.new
|
|
253
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
254
|
+
account.username,
|
|
255
|
+
password,
|
|
256
|
+
account_store: group
|
|
257
|
+
)
|
|
264
258
|
end
|
|
265
259
|
|
|
266
|
-
before
|
|
267
|
-
map_account_store(application, group, 0, true, false)
|
|
268
|
-
end
|
|
260
|
+
before { map_account_store(application, group, 0, true, false) }
|
|
269
261
|
|
|
270
|
-
after
|
|
271
|
-
group.delete if group
|
|
272
|
-
end
|
|
262
|
+
after { group.delete if group }
|
|
273
263
|
|
|
274
264
|
it 'and assigning the account to it, should return a authentication result' do
|
|
275
265
|
group.add_account account
|
|
@@ -283,16 +273,13 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
283
273
|
expect { authentication_result }.to raise_error Stormpath::Error
|
|
284
274
|
end
|
|
285
275
|
end
|
|
286
|
-
|
|
287
276
|
end
|
|
288
277
|
|
|
289
278
|
describe '#send_password_reset_email' do
|
|
290
279
|
context 'given an email' do
|
|
291
280
|
context 'of an existing account on the application' do
|
|
292
|
-
let(:account) { directory.accounts.create
|
|
293
|
-
|
|
281
|
+
let(:account) { directory.accounts.create(account_attrs) }
|
|
294
282
|
let(:sent_to_account) { application.send_password_reset_email account.email }
|
|
295
|
-
|
|
296
283
|
after { account.delete if account }
|
|
297
284
|
|
|
298
285
|
it 'sends a password reset request of the account' do
|
|
@@ -303,7 +290,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
303
290
|
end
|
|
304
291
|
|
|
305
292
|
context 'of an existing account not mapped to the application' do
|
|
306
|
-
let(:account) { other_directory.accounts.create
|
|
293
|
+
let(:account) { other_directory.accounts.create(account_attrs) }
|
|
307
294
|
let(:other_directory) { test_api_client.directories.create(directory_attrs) }
|
|
308
295
|
|
|
309
296
|
after do
|
|
@@ -321,14 +308,13 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
321
308
|
context 'of a non exisitng account' do
|
|
322
309
|
it 'raises an exception' do
|
|
323
310
|
expect do
|
|
324
|
-
application.send_password_reset_email
|
|
311
|
+
application.send_password_reset_email 'test@example.com'
|
|
325
312
|
end.to raise_error Stormpath::Error
|
|
326
313
|
end
|
|
327
314
|
end
|
|
328
315
|
|
|
329
316
|
context 'of an existing account on the application with an account store href' do
|
|
330
|
-
let(:account) { directory.accounts.create
|
|
331
|
-
|
|
317
|
+
let(:account) { directory.accounts.create(account_attrs) }
|
|
332
318
|
let(:sent_to_account) do
|
|
333
319
|
application.send_password_reset_email(account.email, account_store: { href: directory.href })
|
|
334
320
|
end
|
|
@@ -343,8 +329,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
343
329
|
end
|
|
344
330
|
|
|
345
331
|
context 'of an existing account on the application with an account store resource object' do
|
|
346
|
-
let(:account) { directory.accounts.create
|
|
347
|
-
|
|
332
|
+
let(:account) { directory.accounts.create(account_attrs) }
|
|
348
333
|
let(:sent_to_account) do
|
|
349
334
|
application.send_password_reset_email(account.email, account_store: directory)
|
|
350
335
|
end
|
|
@@ -359,7 +344,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
359
344
|
end
|
|
360
345
|
|
|
361
346
|
context 'of an existing account not mapped to the application with an account store href' do
|
|
362
|
-
let(:account) { directory.accounts.create
|
|
347
|
+
let(:account) { directory.accounts.create(account_attrs) }
|
|
363
348
|
let(:other_directory) { test_api_client.directories.create(directory_attrs) }
|
|
364
349
|
|
|
365
350
|
after do
|
|
@@ -375,36 +360,21 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
375
360
|
end
|
|
376
361
|
|
|
377
362
|
context 'of an existing account on the application with a non existant account store organization namekey' do
|
|
378
|
-
let(:account) { directory.accounts.create
|
|
379
|
-
|
|
380
|
-
after do
|
|
381
|
-
account.delete
|
|
382
|
-
end
|
|
363
|
+
let(:account) { directory.accounts.create(account_attrs) }
|
|
364
|
+
after { account.delete }
|
|
383
365
|
|
|
384
366
|
it 'sends a password reset request of the account' do
|
|
385
367
|
expect do
|
|
386
|
-
application.send_password_reset_email(account.email, account_store: { name_key:
|
|
368
|
+
application.send_password_reset_email(account.email, account_store: { name_key: 'NoKey' })
|
|
387
369
|
end.to raise_error Stormpath::Error
|
|
388
370
|
end
|
|
389
371
|
end
|
|
390
372
|
|
|
391
373
|
context 'of an existing account on the application with a right account store organization namekey' do
|
|
392
|
-
let(:account) { account_directory.accounts.create
|
|
374
|
+
let(:account) { account_directory.accounts.create(account_attrs) }
|
|
393
375
|
let(:account_directory) { test_api_client.directories.create(directory_attrs) }
|
|
394
|
-
|
|
395
|
-
let(:
|
|
396
|
-
test_api_client.directories.get(account_directory.href)
|
|
397
|
-
end
|
|
398
|
-
|
|
399
|
-
let(:organization_name_key) { 'ruby-test-org-name-key' }
|
|
400
|
-
|
|
401
|
-
let(:organization) do
|
|
402
|
-
test_api_client.organizations.create(
|
|
403
|
-
name: "ruby_test_organization_name",
|
|
404
|
-
name_key: organization_name_key
|
|
405
|
-
)
|
|
406
|
-
end
|
|
407
|
-
|
|
376
|
+
let(:reloaded_account_directory) { test_api_client.directories.get(account_directory.href) }
|
|
377
|
+
let(:organization) { test_api_client.organizations.create(organization_attrs) }
|
|
408
378
|
let(:sent_to_account) do
|
|
409
379
|
application.send_password_reset_email(account.email, account_store: { name_key: organization.name_key })
|
|
410
380
|
end
|
|
@@ -428,11 +398,9 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
428
398
|
end
|
|
429
399
|
|
|
430
400
|
context 'of an existing account on the application with a right account store organization resource object' do
|
|
431
|
-
let(:account) { account_directory.accounts.create
|
|
401
|
+
let(:account) { account_directory.accounts.create(account_attrs) }
|
|
432
402
|
let(:account_directory) { test_api_client.directories.create(directory_attrs) }
|
|
433
|
-
let(:reloaded_account_directory)
|
|
434
|
-
test_api_client.directories.get(account_directory.href)
|
|
435
|
-
end
|
|
403
|
+
let(:reloaded_account_directory) { test_api_client.directories.get(account_directory.href) }
|
|
436
404
|
let(:organization) { test_api_client.organizations.create(organization_attrs) }
|
|
437
405
|
let(:sent_to_account) do
|
|
438
406
|
application.send_password_reset_email(account.email, account_store: organization)
|
|
@@ -457,11 +425,9 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
457
425
|
end
|
|
458
426
|
|
|
459
427
|
context 'of an existing account on the application with a wrong account store organization namekey' do
|
|
460
|
-
let(:account) { account_directory.accounts.create
|
|
428
|
+
let(:account) { account_directory.accounts.create(account_attrs) }
|
|
461
429
|
let(:account_directory) { test_api_client.directories.create(directory_attrs) }
|
|
462
|
-
let(:reloaded_account_directory)
|
|
463
|
-
test_api_client.directories.get(account_directory.href)
|
|
464
|
-
end
|
|
430
|
+
let(:reloaded_account_directory) { test_api_client.directories.get(account_directory.href) }
|
|
465
431
|
let(:organization) { test_api_client.organizations.create(organization_attrs) }
|
|
466
432
|
let(:other_organization) { test_api_client.organizations.create(organization_attrs) }
|
|
467
433
|
|
|
@@ -514,12 +480,8 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
514
480
|
|
|
515
481
|
context 'valid credentials' do
|
|
516
482
|
let(:username_password_request) do
|
|
517
|
-
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
518
|
-
account.email,
|
|
519
|
-
"P@$$w0rd"
|
|
520
|
-
)
|
|
483
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(account.email, 'P@$$w0rd')
|
|
521
484
|
end
|
|
522
|
-
|
|
523
485
|
let(:auth_request) { application.authenticate_account(username_password_request) }
|
|
524
486
|
|
|
525
487
|
it 'returns login attempt response' do
|
|
@@ -532,11 +494,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
532
494
|
end
|
|
533
495
|
|
|
534
496
|
context 'with organization as account store option' do
|
|
535
|
-
let(:organization)
|
|
536
|
-
test_api_client.organizations.create(name: 'test_organization',
|
|
537
|
-
name_key: 'testorganization')
|
|
538
|
-
end
|
|
539
|
-
|
|
497
|
+
let(:organization) { test_api_client.organizations.create(organization_attrs) }
|
|
540
498
|
let(:auth_request) { application.authenticate_account(username_password_request) }
|
|
541
499
|
|
|
542
500
|
before do
|
|
@@ -544,15 +502,13 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
544
502
|
map_account_store(application, organization, 0, true, false)
|
|
545
503
|
end
|
|
546
504
|
|
|
547
|
-
after
|
|
548
|
-
organization.delete if organization
|
|
549
|
-
end
|
|
505
|
+
after { organization.delete if organization }
|
|
550
506
|
|
|
551
507
|
describe 'when sending the proper organization' do
|
|
552
508
|
describe 'using an organization name_key' do
|
|
553
509
|
let(:username_password_request) do
|
|
554
510
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
555
|
-
account.email,
|
|
511
|
+
account.email, 'P@$$w0rd',
|
|
556
512
|
account_store: { name_key: organization.name_key }
|
|
557
513
|
)
|
|
558
514
|
end
|
|
@@ -569,7 +525,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
569
525
|
describe 'using an organization href' do
|
|
570
526
|
let(:username_password_request) do
|
|
571
527
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
572
|
-
account.email,
|
|
528
|
+
account.email, 'P@$$w0rd',
|
|
573
529
|
account_store: { href: organization.href }
|
|
574
530
|
)
|
|
575
531
|
end
|
|
@@ -586,7 +542,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
586
542
|
describe 'using an organization object' do
|
|
587
543
|
let(:username_password_request) do
|
|
588
544
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
589
|
-
account.email,
|
|
545
|
+
account.email, 'P@$$w0rd',
|
|
590
546
|
account_store: organization
|
|
591
547
|
)
|
|
592
548
|
end
|
|
@@ -605,7 +561,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
605
561
|
describe 'using an organization name_key' do
|
|
606
562
|
let(:username_password_request) do
|
|
607
563
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
608
|
-
account.email,
|
|
564
|
+
account.email, 'P@$$w0rd',
|
|
609
565
|
account_store: { name_key: 'wrong-name-key' }
|
|
610
566
|
)
|
|
611
567
|
end
|
|
@@ -618,55 +574,47 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
618
574
|
describe 'using an organization href' do
|
|
619
575
|
let(:username_password_request) do
|
|
620
576
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
621
|
-
account.email,
|
|
577
|
+
account.email, 'P@$$w0rd',
|
|
622
578
|
account_store: { href: other_organization.href }
|
|
623
579
|
)
|
|
624
580
|
end
|
|
625
|
-
|
|
626
|
-
let(:other_organization) do
|
|
627
|
-
test_api_client.organizations.create name: 'other_organization',
|
|
628
|
-
name_key: "other-organization"
|
|
629
|
-
end
|
|
581
|
+
let(:other_organization) { test_api_client.organizations.create(organization_attrs) }
|
|
630
582
|
|
|
631
583
|
it 'raises an error' do
|
|
632
584
|
expect { auth_request }.to raise_error(Stormpath::Error)
|
|
633
585
|
end
|
|
586
|
+
|
|
587
|
+
after { other_organization.delete }
|
|
634
588
|
end
|
|
635
589
|
|
|
636
590
|
describe 'using an organization object' do
|
|
637
591
|
let(:username_password_request) do
|
|
638
592
|
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
639
|
-
account.email,
|
|
593
|
+
account.email, 'P@$$w0rd',
|
|
640
594
|
account_store: other_organization
|
|
641
595
|
)
|
|
642
596
|
end
|
|
643
|
-
|
|
644
|
-
let(:other_organization) do
|
|
645
|
-
test_api_client.organizations.create name: 'other_organization',
|
|
646
|
-
name_key: "other-organization"
|
|
647
|
-
end
|
|
597
|
+
let(:other_organization) { test_api_client.organizations.create(organization_attrs) }
|
|
648
598
|
|
|
649
599
|
it 'raises an error' do
|
|
650
600
|
expect { auth_request }.to raise_error(Stormpath::Error)
|
|
651
601
|
end
|
|
602
|
+
|
|
603
|
+
after { other_organization.delete }
|
|
652
604
|
end
|
|
653
605
|
end
|
|
654
606
|
end
|
|
655
607
|
|
|
656
608
|
context 'with invalid credentials' do
|
|
657
609
|
let(:username_password_request) do
|
|
658
|
-
Stormpath::Authentication::UsernamePasswordRequest.new(
|
|
659
|
-
account.email,
|
|
660
|
-
"invalid"
|
|
661
|
-
)
|
|
610
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(account.email, 'invalid')
|
|
662
611
|
end
|
|
663
|
-
|
|
664
612
|
let(:auth_request) { application.authenticate_account(username_password_request) }
|
|
665
613
|
|
|
666
614
|
it 'returns stormpath error' do
|
|
667
|
-
expect
|
|
615
|
+
expect do
|
|
668
616
|
auth_request
|
|
669
|
-
|
|
617
|
+
end.to raise_error(Stormpath::Error)
|
|
670
618
|
end
|
|
671
619
|
end
|
|
672
620
|
end
|
|
@@ -680,9 +628,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
680
628
|
application.verify_password_reset_token password_reset_token
|
|
681
629
|
end
|
|
682
630
|
|
|
683
|
-
after
|
|
684
|
-
account.delete if account
|
|
685
|
-
end
|
|
631
|
+
after { account.delete if account }
|
|
686
632
|
|
|
687
633
|
context 'with decoded password reset token' do
|
|
688
634
|
it 'retrieves the account with the reset password' do
|
|
@@ -703,14 +649,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
703
649
|
|
|
704
650
|
context 'and if the password is changed' do
|
|
705
651
|
let(:new_password) { 'N3wP@$$w0rd' }
|
|
706
|
-
|
|
707
652
|
let(:login_request) do
|
|
708
|
-
Stormpath::Authentication::UsernamePasswordRequest.new
|
|
709
|
-
end
|
|
710
|
-
|
|
711
|
-
let(:authentication_result) do
|
|
712
|
-
application.authenticate_account login_request
|
|
653
|
+
Stormpath::Authentication::UsernamePasswordRequest.new(account.username, new_password)
|
|
713
654
|
end
|
|
655
|
+
let(:authentication_result) { application.authenticate_account login_request }
|
|
714
656
|
|
|
715
657
|
before do
|
|
716
658
|
reset_password_account.password = new_password
|
|
@@ -728,29 +670,31 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
728
670
|
|
|
729
671
|
describe '#create_application_with_custom_data' do
|
|
730
672
|
it 'creates an application with custom data' do
|
|
731
|
-
application.custom_data[
|
|
673
|
+
application.custom_data['category'] = 'classified'
|
|
732
674
|
application.save
|
|
733
675
|
|
|
734
|
-
expect(application.custom_data[
|
|
676
|
+
expect(application.custom_data['category']).to eq('classified')
|
|
735
677
|
end
|
|
736
678
|
end
|
|
737
679
|
|
|
738
680
|
describe '#create_id_site_url' do
|
|
739
|
-
let(:jwt_token)
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
options = { callback_uri: 'http://localhost:9292/redirect' }
|
|
752
|
-
application.create_id_site_url options
|
|
681
|
+
let(:jwt_token) do
|
|
682
|
+
JWT.encode(
|
|
683
|
+
{
|
|
684
|
+
'iat' => Time.now.to_i,
|
|
685
|
+
'jti' => UUID.method(:random_create).call.to_s,
|
|
686
|
+
'aud' => test_api_key_id,
|
|
687
|
+
'sub' => application.href,
|
|
688
|
+
'cb_uri' => 'http://localhost:9292/redirect',
|
|
689
|
+
'path' => '',
|
|
690
|
+
'state' => ''
|
|
691
|
+
}, test_api_key_secret, 'HS256'
|
|
692
|
+
)
|
|
753
693
|
end
|
|
694
|
+
let(:create_id_site_url_result) { application.create_id_site_url(options) }
|
|
695
|
+
let(:options) { { callback_uri: 'http://localhost:9292/redirect' } }
|
|
696
|
+
let(:uri) { Addressable::URI.parse(create_id_site_url_result) }
|
|
697
|
+
let(:jwt_token) { JWT.decode(uri.query_values['jwtRequest'], test_api_key_secret).first }
|
|
754
698
|
|
|
755
699
|
it 'should create a url with jwtRequest' do
|
|
756
700
|
expect(create_id_site_url_result).to include('jwtRequest')
|
|
@@ -761,37 +705,52 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
761
705
|
end
|
|
762
706
|
|
|
763
707
|
it 'should create a jwtRequest that is signed wit the client secret' do
|
|
764
|
-
|
|
765
|
-
jwt_token
|
|
766
|
-
|
|
767
|
-
expect(jwt_token["iss"]).to eq test_api_key_id
|
|
768
|
-
expect(jwt_token["sub"]).to eq application.href
|
|
769
|
-
expect(jwt_token["cb_uri"]).to eq 'http://localhost:9292/redirect'
|
|
708
|
+
expect(jwt_token['iss']).to eq test_api_key_id
|
|
709
|
+
expect(jwt_token['sub']).to eq application.href
|
|
710
|
+
expect(jwt_token['cb_uri']).to eq 'http://localhost:9292/redirect'
|
|
770
711
|
end
|
|
771
712
|
|
|
772
713
|
context 'with logout option' do
|
|
714
|
+
before { options[:logout] = true }
|
|
715
|
+
|
|
773
716
|
it 'shoud create a request to /sso/logout' do
|
|
717
|
+
expect(create_id_site_url_result).to include('/sso/logout')
|
|
774
718
|
end
|
|
775
719
|
end
|
|
776
720
|
|
|
777
|
-
context '
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
721
|
+
context 'with bad cb_uri' do
|
|
722
|
+
context 'blank' do
|
|
723
|
+
before { options[:callback_uri] = '' }
|
|
724
|
+
|
|
725
|
+
it 'should raise Stormpath Error with correct id_site error data' do
|
|
726
|
+
begin
|
|
727
|
+
create_id_site_url_result
|
|
728
|
+
rescue Stormpath::Error => error
|
|
729
|
+
expect(error.status).to eq(400)
|
|
730
|
+
expect(error.code).to eq(400)
|
|
731
|
+
expect(error.message).to eq('The specified callback URI (cb_uri) is not valid')
|
|
732
|
+
expect(error.developer_message).to eq('The specified callback URI (cb_uri) is not valid.'\
|
|
733
|
+
' Make sure the callback URI specified in your ID Site configuration matches the value specified.')
|
|
734
|
+
end
|
|
735
|
+
end
|
|
781
736
|
end
|
|
782
737
|
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
expect
|
|
788
|
-
expect(error.code).to eq(400)
|
|
789
|
-
expect(error.message).to eq("The specified callback URI (cb_uri) is not valid")
|
|
790
|
-
expect(error.developer_message).to eq("The specified callback URI (cb_uri) is not valid. Make sure the "\
|
|
791
|
-
"callback URI specified in your ID Site configuration matches the value specified.")
|
|
738
|
+
context 'nil' do
|
|
739
|
+
before { options.delete(:callback_uri) }
|
|
740
|
+
|
|
741
|
+
it 'should raise Stormpath Error' do
|
|
742
|
+
expect { create_id_site_url_result }.to raise_error(Stormpath::Error)
|
|
792
743
|
end
|
|
793
744
|
end
|
|
794
745
|
end
|
|
746
|
+
|
|
747
|
+
context 'with providing require_mfa' do
|
|
748
|
+
before { options[:require_mfa] = ['sms'] }
|
|
749
|
+
|
|
750
|
+
it 'should create a jwtRequest that contains require_mfa' do
|
|
751
|
+
expect(jwt_token['require_mfa']).to eq ['sms']
|
|
752
|
+
end
|
|
753
|
+
end
|
|
795
754
|
end
|
|
796
755
|
|
|
797
756
|
describe '#handle_id_site_callback' do
|
|
@@ -804,89 +763,95 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
804
763
|
end
|
|
805
764
|
|
|
806
765
|
context 'with a valid jwt response' do
|
|
807
|
-
let(:jwt_token)
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
@site_result = application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
766
|
+
let(:jwt_token) do
|
|
767
|
+
JWT.encode(
|
|
768
|
+
{
|
|
769
|
+
'iat' => Time.now.to_i,
|
|
770
|
+
'aud' => test_api_key_id,
|
|
771
|
+
'sub' => application.href,
|
|
772
|
+
'path' => '',
|
|
773
|
+
'state' => '',
|
|
774
|
+
'isNewSub' => true,
|
|
775
|
+
'status' => 'REGISTERED'
|
|
776
|
+
}, test_api_key_secret, 'HS256'
|
|
777
|
+
)
|
|
820
778
|
end
|
|
779
|
+
let!(:site_result) { application.handle_id_site_callback(callback_uri_base + jwt_token) }
|
|
821
780
|
|
|
822
781
|
it 'should return IdSiteResult object' do
|
|
823
|
-
expect(
|
|
782
|
+
expect(site_result).to be_kind_of(Stormpath::IdSite::IdSiteResult)
|
|
824
783
|
end
|
|
825
784
|
|
|
826
785
|
it 'should set the correct account on IdSiteResult object' do
|
|
827
|
-
expect(
|
|
786
|
+
expect(site_result.account_href).to eq(application.href)
|
|
828
787
|
end
|
|
829
788
|
|
|
830
789
|
it 'should set the correct status on IdSiteResult object' do
|
|
831
|
-
expect(
|
|
790
|
+
expect(site_result.status).to eq('REGISTERED')
|
|
832
791
|
end
|
|
833
792
|
|
|
834
793
|
it 'should set the correct state on IdSiteResult object' do
|
|
835
|
-
expect(
|
|
794
|
+
expect(site_result.state).to eq('')
|
|
836
795
|
end
|
|
837
796
|
|
|
838
797
|
it 'should set the correct is_new_account on IdSiteResult object' do
|
|
839
|
-
expect(
|
|
798
|
+
expect(site_result.new_account?).to eq(true)
|
|
840
799
|
end
|
|
841
800
|
end
|
|
842
801
|
|
|
843
802
|
context 'with an expired token' do
|
|
844
|
-
let(:jwt_token)
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
803
|
+
let(:jwt_token) do
|
|
804
|
+
JWT.encode(
|
|
805
|
+
{
|
|
806
|
+
'iat' => Time.now.to_i,
|
|
807
|
+
'aud' => test_api_key_id,
|
|
808
|
+
'sub' => application.href,
|
|
809
|
+
'path' => '',
|
|
810
|
+
'state' => '',
|
|
811
|
+
'exp' => Time.now.to_i - 1,
|
|
812
|
+
'isNewSub' => true,
|
|
813
|
+
'status' => 'REGISTERED'
|
|
814
|
+
}, test_api_key_secret, 'HS256'
|
|
815
|
+
)
|
|
816
|
+
end
|
|
855
817
|
|
|
856
818
|
it 'should raise Stormpath Error with correct data' do
|
|
857
819
|
begin
|
|
858
820
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
859
821
|
rescue Stormpath::Error => error
|
|
860
822
|
expect(error.status).to eq(400)
|
|
861
|
-
expect(error.code).to eq(
|
|
862
|
-
expect(error.message).to eq(
|
|
863
|
-
expect(error.developer_message).to eq(
|
|
823
|
+
expect(error.code).to eq(10_011)
|
|
824
|
+
expect(error.message).to eq('Token is invalid')
|
|
825
|
+
expect(error.developer_message).to eq('Token is no longer valid because it has expired')
|
|
864
826
|
end
|
|
865
827
|
end
|
|
866
828
|
|
|
867
829
|
it 'should raise expiration error' do
|
|
868
|
-
expect
|
|
830
|
+
expect do
|
|
869
831
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
870
|
-
|
|
832
|
+
end.to raise_error(Stormpath::Error)
|
|
871
833
|
end
|
|
872
834
|
end
|
|
873
835
|
|
|
874
836
|
context 'with a different client id (aud)' do
|
|
875
|
-
let(:jwt_token)
|
|
876
|
-
|
|
877
|
-
|
|
878
|
-
|
|
879
|
-
|
|
880
|
-
|
|
881
|
-
|
|
882
|
-
|
|
883
|
-
|
|
884
|
-
|
|
837
|
+
let(:jwt_token) do
|
|
838
|
+
JWT.encode(
|
|
839
|
+
{
|
|
840
|
+
'iat' => Time.now.to_i,
|
|
841
|
+
'aud' => UUID.method(:random_create).call.to_s,
|
|
842
|
+
'sub' => application.href,
|
|
843
|
+
'path' => '',
|
|
844
|
+
'state' => '',
|
|
845
|
+
'isNewSub' => true,
|
|
846
|
+
'status' => 'REGISTERED'
|
|
847
|
+
}, test_api_key_secret, 'HS256'
|
|
848
|
+
)
|
|
849
|
+
end
|
|
885
850
|
|
|
886
851
|
it 'should raise error' do
|
|
887
|
-
expect
|
|
852
|
+
expect do
|
|
888
853
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
889
|
-
|
|
854
|
+
end.to raise_error(Stormpath::Error)
|
|
890
855
|
end
|
|
891
856
|
|
|
892
857
|
it 'should raise Stormpath Error with correct id_site error data' do
|
|
@@ -894,88 +859,98 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
894
859
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
895
860
|
rescue Stormpath::Error => error
|
|
896
861
|
expect(error.status).to eq(400)
|
|
897
|
-
expect(error.code).to eq(
|
|
898
|
-
expect(error.message).to eq(
|
|
899
|
-
expect(error.developer_message).to eq(
|
|
900
|
-
|
|
862
|
+
expect(error.code).to eq(10_012)
|
|
863
|
+
expect(error.message).to eq('Token is invalid')
|
|
864
|
+
expect(error.developer_message).to eq('Token is invalid because the issued at time (iat) '\
|
|
865
|
+
'is after the current time')
|
|
901
866
|
end
|
|
902
867
|
end
|
|
903
868
|
end
|
|
904
869
|
|
|
905
870
|
context 'with an invalid exp value' do
|
|
906
|
-
let(:jwt_token)
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
915
|
-
|
|
916
|
-
|
|
871
|
+
let(:jwt_token) do
|
|
872
|
+
JWT.encode(
|
|
873
|
+
{
|
|
874
|
+
'iat' => Time.now.to_i,
|
|
875
|
+
'aud' => test_api_key_id,
|
|
876
|
+
'sub' => application.href,
|
|
877
|
+
'path' => '',
|
|
878
|
+
'state' => '',
|
|
879
|
+
'exp' => 'not gona work',
|
|
880
|
+
'isNewSub' => true,
|
|
881
|
+
'status' => 'REGISTERED'
|
|
882
|
+
}, test_api_key_secret, 'HS256'
|
|
883
|
+
)
|
|
884
|
+
end
|
|
917
885
|
|
|
918
886
|
it 'should error with the stormpath error' do
|
|
919
|
-
expect
|
|
887
|
+
expect do
|
|
920
888
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
921
|
-
|
|
889
|
+
end.to raise_error(Stormpath::Error)
|
|
922
890
|
end
|
|
923
891
|
end
|
|
924
892
|
|
|
925
893
|
context 'with an invalid signature' do
|
|
926
|
-
let(:jwt_token)
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
|
|
935
|
-
|
|
894
|
+
let(:jwt_token) do
|
|
895
|
+
JWT.encode(
|
|
896
|
+
{
|
|
897
|
+
'iat' => Time.now.to_i,
|
|
898
|
+
'aud' => test_api_key_id,
|
|
899
|
+
'sub' => application.href,
|
|
900
|
+
'path' => '',
|
|
901
|
+
'state' => '',
|
|
902
|
+
'isNewSub' => true,
|
|
903
|
+
'status' => 'REGISTERED'
|
|
904
|
+
}, 'false key', 'HS256'
|
|
905
|
+
)
|
|
906
|
+
end
|
|
936
907
|
|
|
937
908
|
it 'should reject the signature' do
|
|
938
|
-
expect
|
|
909
|
+
expect do
|
|
939
910
|
application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
940
|
-
|
|
911
|
+
end.to raise_error(JWT::DecodeError)
|
|
941
912
|
end
|
|
942
913
|
end
|
|
943
914
|
|
|
944
915
|
context 'with show_organization_field key specified' do
|
|
945
|
-
let(:jwt_token)
|
|
946
|
-
|
|
947
|
-
|
|
948
|
-
|
|
949
|
-
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
957
|
-
|
|
958
|
-
|
|
959
|
-
|
|
960
|
-
@site_result = application.handle_id_site_callback(callback_uri_base + jwt_token)
|
|
916
|
+
let(:jwt_token) do
|
|
917
|
+
JWT.encode(
|
|
918
|
+
{
|
|
919
|
+
'iat' => Time.now.to_i,
|
|
920
|
+
'aud' => test_api_key_id,
|
|
921
|
+
'sub' => application.href,
|
|
922
|
+
'path' => '',
|
|
923
|
+
'state' => '',
|
|
924
|
+
'isNewSub' => true,
|
|
925
|
+
'status' => 'REGISTERED',
|
|
926
|
+
'organization_name_key' => 'stormtroopers',
|
|
927
|
+
'usd' => true,
|
|
928
|
+
'sof' => true
|
|
929
|
+
}, test_api_key_secret, 'HS256'
|
|
930
|
+
)
|
|
961
931
|
end
|
|
932
|
+
let!(:site_result) { application.handle_id_site_callback(callback_uri_base + jwt_token) }
|
|
962
933
|
|
|
963
934
|
it 'should return IdSiteResult object' do
|
|
964
|
-
expect(
|
|
935
|
+
expect(site_result).to be_kind_of(Stormpath::IdSite::IdSiteResult)
|
|
965
936
|
end
|
|
966
937
|
end
|
|
967
938
|
end
|
|
968
939
|
|
|
969
940
|
describe '#authenticate_oauth' do
|
|
970
941
|
let(:account_data) { account_attrs }
|
|
971
|
-
let(:password_grant_request)
|
|
942
|
+
let(:password_grant_request) do
|
|
943
|
+
Stormpath::Oauth::PasswordGrantRequest.new(account_data[:email], account_data[:password])
|
|
944
|
+
end
|
|
972
945
|
let(:aquire_token) { application.authenticate_oauth(password_grant_request) }
|
|
973
|
-
let(:account) { application.accounts.create
|
|
946
|
+
let(:account) { application.accounts.create(account_data) }
|
|
974
947
|
|
|
975
948
|
before { account }
|
|
976
949
|
|
|
977
950
|
context 'generate access token from password grant request' do
|
|
978
|
-
let(:password_grant_request)
|
|
951
|
+
let(:password_grant_request) do
|
|
952
|
+
Stormpath::Oauth::PasswordGrantRequest.new(account_data[:email], account_data[:password])
|
|
953
|
+
end
|
|
979
954
|
let(:authenticate_oauth) { application.authenticate_oauth(password_grant_request) }
|
|
980
955
|
|
|
981
956
|
context 'without organization_name_key' do
|
|
@@ -993,21 +968,21 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
993
968
|
end
|
|
994
969
|
|
|
995
970
|
context 'with the organization name key' do
|
|
996
|
-
let!(:organization)
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
let(:
|
|
1000
|
-
|
|
1001
|
-
|
|
971
|
+
let!(:organization) { test_api_client.organizations.create(organization_attrs) }
|
|
972
|
+
let(:account_directory) { test_api_client.directories.create(directory_attrs) }
|
|
973
|
+
let(:reloaded_account_directory) { test_api_client.directories.get(account_directory.href) }
|
|
974
|
+
let(:password_grant_request) do
|
|
975
|
+
Stormpath::Oauth::PasswordGrantRequest.new(
|
|
976
|
+
account_data[:email],
|
|
977
|
+
account_data[:password],
|
|
978
|
+
organization_name_key: organization.name_key
|
|
1002
979
|
)
|
|
1003
980
|
end
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
account_data[:password],
|
|
1010
|
-
organization_name_key: 'rspec-test-org')
|
|
981
|
+
|
|
982
|
+
before do
|
|
983
|
+
map_account_store(application, organization, 0, true, true)
|
|
984
|
+
map_organization_store(account_directory, organization)
|
|
985
|
+
account_directory.accounts.create(account_data)
|
|
1011
986
|
end
|
|
1012
987
|
|
|
1013
988
|
after do
|
|
@@ -1015,12 +990,6 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1015
990
|
reloaded_account_directory.delete
|
|
1016
991
|
end
|
|
1017
992
|
|
|
1018
|
-
before do
|
|
1019
|
-
map_account_store(application, organization, 0, true, true)
|
|
1020
|
-
map_organization_store(account_directory, organization)
|
|
1021
|
-
account_directory.accounts.create account_data
|
|
1022
|
-
end
|
|
1023
|
-
|
|
1024
993
|
it 'should return access token response' do
|
|
1025
994
|
expect(authenticate_oauth).to be_kind_of(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
1026
995
|
end
|
|
@@ -1095,14 +1064,12 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1095
1064
|
|
|
1096
1065
|
context 'generate access token from client credentials request' do
|
|
1097
1066
|
let(:account_api_key) { account.api_keys.create({}) }
|
|
1098
|
-
|
|
1099
1067
|
let(:client_credentials_grant_request) do
|
|
1100
1068
|
Stormpath::Oauth::ClientCredentialsGrantRequest.new(
|
|
1101
1069
|
account_api_key.id,
|
|
1102
1070
|
account_api_key.secret
|
|
1103
1071
|
)
|
|
1104
1072
|
end
|
|
1105
|
-
|
|
1106
1073
|
let(:authenticate_oauth) { application.authenticate_oauth(client_credentials_grant_request) }
|
|
1107
1074
|
|
|
1108
1075
|
it 'should return access token response' do
|
|
@@ -1126,9 +1093,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1126
1093
|
Stormpath::Oauth::SocialGrantRequest.new(:google, code: code)
|
|
1127
1094
|
end
|
|
1128
1095
|
before do
|
|
1129
|
-
stub_request(
|
|
1130
|
-
|
|
1131
|
-
|
|
1096
|
+
stub_request(
|
|
1097
|
+
:post,
|
|
1098
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@api.stormpath.com/v1/applications/#{application.href.split('/').last}/oauth/token"
|
|
1099
|
+
).to_return(body: Stormpath::Test.mocked_social_grant_response)
|
|
1132
1100
|
end
|
|
1133
1101
|
|
|
1134
1102
|
it 'should return access token response' do
|
|
@@ -1150,9 +1118,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1150
1118
|
Stormpath::Oauth::SocialGrantRequest.new(:linkedin, code: code)
|
|
1151
1119
|
end
|
|
1152
1120
|
before do
|
|
1153
|
-
stub_request(
|
|
1154
|
-
|
|
1155
|
-
|
|
1121
|
+
stub_request(
|
|
1122
|
+
:post,
|
|
1123
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@api.stormpath.com/v1/applications/#{application.href.split('/').last}/oauth/token"
|
|
1124
|
+
).to_return(body: Stormpath::Test.mocked_social_grant_response)
|
|
1156
1125
|
end
|
|
1157
1126
|
|
|
1158
1127
|
it 'should return access token response' do
|
|
@@ -1174,9 +1143,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1174
1143
|
Stormpath::Oauth::SocialGrantRequest.new(:google, access_token: access_token)
|
|
1175
1144
|
end
|
|
1176
1145
|
before do
|
|
1177
|
-
stub_request(
|
|
1178
|
-
|
|
1179
|
-
|
|
1146
|
+
stub_request(
|
|
1147
|
+
:post,
|
|
1148
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@api.stormpath.com/v1/applications/#{application.href.split('/').last}/oauth/token"
|
|
1149
|
+
).to_return(body: Stormpath::Test.mocked_social_grant_response)
|
|
1180
1150
|
end
|
|
1181
1151
|
|
|
1182
1152
|
it 'should return access token response' do
|
|
@@ -1198,9 +1168,10 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1198
1168
|
Stormpath::Oauth::SocialGrantRequest.new(:github, access_token: access_token)
|
|
1199
1169
|
end
|
|
1200
1170
|
before do
|
|
1201
|
-
stub_request(
|
|
1202
|
-
|
|
1203
|
-
|
|
1171
|
+
stub_request(
|
|
1172
|
+
:post,
|
|
1173
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@api.stormpath.com/v1/applications/#{application.href.split('/').last}/oauth/token"
|
|
1174
|
+
).to_return(body: Stormpath::Test.mocked_social_grant_response)
|
|
1204
1175
|
end
|
|
1205
1176
|
|
|
1206
1177
|
it 'should return access token response' do
|
|
@@ -1219,13 +1190,15 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1219
1190
|
|
|
1220
1191
|
context 'generate access token from challenge factor grant request' do
|
|
1221
1192
|
before do
|
|
1222
|
-
stub_request(
|
|
1223
|
-
|
|
1224
|
-
.
|
|
1193
|
+
stub_request(
|
|
1194
|
+
:post,
|
|
1195
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@#{test_host}/v1/accounts/#{account.href.split('/').last}/factors?challenge=true"
|
|
1196
|
+
).to_return(body: Stormpath::Test.mocked_factor_response)
|
|
1225
1197
|
|
|
1226
|
-
stub_request(
|
|
1227
|
-
|
|
1228
|
-
.
|
|
1198
|
+
stub_request(
|
|
1199
|
+
:post,
|
|
1200
|
+
"https://#{test_api_key_id}:#{test_api_key_secret}@#{test_host}/v1/applications/#{application.href.split('/').last}/oauth/token"
|
|
1201
|
+
).to_return(body: Stormpath::Test.mocked_challenge_factor_grant_response)
|
|
1229
1202
|
end
|
|
1230
1203
|
let(:account_data) { account_attrs }
|
|
1231
1204
|
let(:authenticate_oauth) { application.authenticate_oauth(challenge_factor_grant_request) }
|
|
@@ -1236,11 +1209,13 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1236
1209
|
application.accounts.create(account_data)
|
|
1237
1210
|
end
|
|
1238
1211
|
let(:factor) do
|
|
1239
|
-
account.create_factor(
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
|
|
1212
|
+
account.create_factor(
|
|
1213
|
+
:sms,
|
|
1214
|
+
phone: { number: '+12025550173',
|
|
1215
|
+
name: 'Rspec test phone',
|
|
1216
|
+
description: 'This is a testing phone number' },
|
|
1217
|
+
challenge: { message: 'Enter code please: ' }
|
|
1218
|
+
)
|
|
1244
1219
|
end
|
|
1245
1220
|
let(:challenge) { "https://#{test_host}/v1/challenges/29300284904" }
|
|
1246
1221
|
let(:code) { '123456' }
|
|
@@ -1260,28 +1235,28 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1260
1235
|
|
|
1261
1236
|
context 'exchange id site token for access_token with invalid jwt' do
|
|
1262
1237
|
let(:invalid_jwt_token) { 'invalid_token' }
|
|
1263
|
-
|
|
1264
|
-
let(:id_site_grant_request) { Stormpath::Oauth::IdSiteGrantRequest.new invalid_jwt_token }
|
|
1238
|
+
let(:id_site_grant_request) { Stormpath::Oauth::IdSiteGrantRequest.new(invalid_jwt_token) }
|
|
1265
1239
|
let(:authenticate_oauth) { application.authenticate_oauth(id_site_grant_request) }
|
|
1266
1240
|
|
|
1267
1241
|
it 'should raise invalid token error' do
|
|
1268
|
-
expect {
|
|
1269
|
-
authenticate_oauth
|
|
1270
|
-
}.to raise_error(Stormpath::Error)
|
|
1242
|
+
expect { authenticate_oauth }.to raise_error(Stormpath::Error)
|
|
1271
1243
|
end
|
|
1272
1244
|
end
|
|
1273
1245
|
|
|
1274
1246
|
context 'echange id site token for access_token with valid jwt' do
|
|
1275
|
-
let(:jwt_token)
|
|
1276
|
-
|
|
1277
|
-
|
|
1278
|
-
|
|
1279
|
-
|
|
1280
|
-
|
|
1281
|
-
|
|
1282
|
-
|
|
1283
|
-
|
|
1284
|
-
|
|
1247
|
+
let(:jwt_token) do
|
|
1248
|
+
JWT.encode(
|
|
1249
|
+
{
|
|
1250
|
+
'iat' => Time.now.to_i,
|
|
1251
|
+
'jti' => UUID.method(:random_create).call.to_s,
|
|
1252
|
+
'iss' => test_api_client.data_store.api_key.id,
|
|
1253
|
+
'sub' => application.href,
|
|
1254
|
+
'cb_uri' => 'http://localhost:9292/redirect',
|
|
1255
|
+
'path' => '',
|
|
1256
|
+
'state' => ''
|
|
1257
|
+
}, test_api_client.data_store.api_key.secret, 'HS256'
|
|
1258
|
+
)
|
|
1259
|
+
end
|
|
1285
1260
|
|
|
1286
1261
|
it 'should create a jwtRequest that is signed wit the client secret' do
|
|
1287
1262
|
allow(application.client.data_store).to receive(:create).and_return(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
@@ -1289,7 +1264,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1289
1264
|
.with(Stormpath::Oauth::IdSiteGrant)
|
|
1290
1265
|
.and_return(Stormpath::Oauth::IdSiteGrant.new({}, application.client))
|
|
1291
1266
|
|
|
1292
|
-
grant_request = Stormpath::Oauth::IdSiteGrantRequest.new
|
|
1267
|
+
grant_request = Stormpath::Oauth::IdSiteGrantRequest.new(jwt_token)
|
|
1293
1268
|
response = application.authenticate_oauth(grant_request)
|
|
1294
1269
|
|
|
1295
1270
|
expect(response).to be(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
@@ -1297,7 +1272,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1297
1272
|
end
|
|
1298
1273
|
|
|
1299
1274
|
context 'refresh token' do
|
|
1300
|
-
let(:refresh_grant_request) { Stormpath::Oauth::RefreshGrantRequest.new
|
|
1275
|
+
let(:refresh_grant_request) { Stormpath::Oauth::RefreshGrantRequest.new(aquire_token.refresh_token) }
|
|
1301
1276
|
let(:authenticate_oauth) { application.authenticate_oauth(refresh_grant_request) }
|
|
1302
1277
|
|
|
1303
1278
|
it 'should return access token response with refreshed token' do
|
|
@@ -1363,10 +1338,29 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1363
1338
|
access_token = aquire_token.access_token
|
|
1364
1339
|
aquire_token.delete
|
|
1365
1340
|
|
|
1366
|
-
expect
|
|
1341
|
+
expect do
|
|
1367
1342
|
Stormpath::Oauth::VerifyAccessToken.new(application).verify(access_token)
|
|
1368
|
-
|
|
1343
|
+
end.to raise_error(Stormpath::Error)
|
|
1369
1344
|
end
|
|
1370
1345
|
end
|
|
1371
1346
|
end
|
|
1347
|
+
|
|
1348
|
+
describe '#register_service_provider' do
|
|
1349
|
+
let(:assertion_consumer_service_url) { 'https://some.sp.com/saml/sso/post' }
|
|
1350
|
+
let(:entity_id) { 'urn:sp:A1B2C3' }
|
|
1351
|
+
let(:registered_service_provider) do
|
|
1352
|
+
application.register_service_provider(
|
|
1353
|
+
assertion_consumer_service_url: assertion_consumer_service_url,
|
|
1354
|
+
entity_id: entity_id
|
|
1355
|
+
)
|
|
1356
|
+
end
|
|
1357
|
+
|
|
1358
|
+
after { registered_service_provider.delete }
|
|
1359
|
+
|
|
1360
|
+
it 'should successfully create and register a service provider' do
|
|
1361
|
+
expect(registered_service_provider).to(
|
|
1362
|
+
be_a(Stormpath::Resource::RegisteredSamlServiceProvider)
|
|
1363
|
+
)
|
|
1364
|
+
end
|
|
1365
|
+
end
|
|
1372
1366
|
end
|