stormpath-sdk 1.6.0 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +21 -0
- data/CHANGES.md +11 -0
- data/README.md +23 -25
- data/lib/stormpath-sdk.rb +11 -2
- data/lib/stormpath-sdk/api_key.rb +0 -1
- data/lib/stormpath-sdk/auth/basic_authenticator.rb +7 -7
- data/lib/stormpath-sdk/auth/basic_login_attempt.rb +7 -11
- data/lib/stormpath-sdk/auth/create_factor.rb +1 -1
- data/lib/stormpath-sdk/auth/register_service_provider.rb +41 -0
- data/lib/stormpath-sdk/auth/username_password_request.rb +3 -5
- data/lib/stormpath-sdk/cache/cache.rb +3 -3
- data/lib/stormpath-sdk/cache/cache_entry.rb +2 -2
- data/lib/stormpath-sdk/cache/cache_manager.rb +3 -4
- data/lib/stormpath-sdk/cache/cache_stats.rb +1 -3
- data/lib/stormpath-sdk/cache/disabled_cache_store.rb +5 -8
- data/lib/stormpath-sdk/cache/memory_store.rb +1 -1
- data/lib/stormpath-sdk/cache/redis_store.rb +4 -4
- data/lib/stormpath-sdk/client.rb +35 -33
- data/lib/stormpath-sdk/data_store.rb +278 -257
- data/lib/stormpath-sdk/error.rb +18 -7
- data/lib/stormpath-sdk/http/authc/sauthc1_signer.rb +76 -82
- data/lib/stormpath-sdk/http/http_client_request_executor.rb +10 -8
- data/lib/stormpath-sdk/http/response.rb +5 -7
- data/lib/stormpath-sdk/id_site/id_site_result.rb +5 -6
- data/lib/stormpath-sdk/oauth/access_token_authentication_result.rb +5 -9
- data/lib/stormpath-sdk/oauth/authenticator.rb +2 -2
- data/lib/stormpath-sdk/oauth/error.rb +4 -4
- data/lib/stormpath-sdk/oauth/id_site_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/password_grant_request.rb +1 -1
- data/lib/stormpath-sdk/oauth/refresh_grant_request.rb +2 -2
- data/lib/stormpath-sdk/oauth/stormpath_grant_request.rb +2 -2
- data/lib/stormpath-sdk/provider/account_access.rb +0 -2
- data/lib/stormpath-sdk/provider/account_result.rb +1 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/facebook/facebook_provider_data.rb +7 -3
- data/lib/stormpath-sdk/provider/github/github_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/github/github_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/google/google_provider.rb +7 -3
- data/lib/stormpath-sdk/provider/google/google_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/linkedin/linkedin_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/provider.rb +8 -4
- data/lib/stormpath-sdk/provider/provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/saml/saml_provider.rb +10 -4
- data/lib/stormpath-sdk/provider/saml/saml_provider_data.rb +6 -3
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/stormpath/stormpath_provider_data.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider.rb +6 -2
- data/lib/stormpath-sdk/provider/twitter/twitter_provider_data.rb +6 -2
- data/lib/stormpath-sdk/resource/account.rb +46 -40
- data/lib/stormpath-sdk/resource/account_link.rb +9 -5
- data/lib/stormpath-sdk/resource/account_linking_policy.rb +8 -4
- data/lib/stormpath-sdk/resource/account_membership.rb +1 -1
- data/lib/stormpath-sdk/resource/account_overrides.rb +20 -16
- data/lib/stormpath-sdk/resource/account_store.rb +15 -11
- data/lib/stormpath-sdk/resource/account_store_mapping.rb +14 -13
- data/lib/stormpath-sdk/resource/application.rb +147 -136
- data/lib/stormpath-sdk/resource/application_web_config.rb +11 -7
- data/lib/stormpath-sdk/resource/associations.rb +36 -43
- data/lib/stormpath-sdk/resource/attribute_statement_mapping_rules.rb +8 -0
- data/lib/stormpath-sdk/resource/base.rb +201 -200
- data/lib/stormpath-sdk/resource/challenge.rb +12 -8
- data/lib/stormpath-sdk/resource/collection.rb +77 -76
- data/lib/stormpath-sdk/resource/custom_data.rb +60 -61
- data/lib/stormpath-sdk/resource/custom_data_hash_methods.rb +28 -25
- data/lib/stormpath-sdk/resource/custom_data_storage.rb +18 -16
- data/lib/stormpath-sdk/resource/directory.rb +37 -60
- data/lib/stormpath-sdk/resource/email_verification_token.rb +7 -3
- data/lib/stormpath-sdk/resource/error.rb +8 -4
- data/lib/stormpath-sdk/resource/expansion.rb +22 -20
- data/lib/stormpath-sdk/resource/factor.rb +12 -8
- data/lib/stormpath-sdk/resource/field.rb +8 -4
- data/lib/stormpath-sdk/resource/group.rb +21 -16
- data/lib/stormpath-sdk/resource/group_membership.rb +7 -5
- data/lib/stormpath-sdk/resource/instance.rb +10 -6
- data/lib/stormpath-sdk/resource/linked_account.rb +7 -3
- data/lib/stormpath-sdk/resource/oauth_policy.rb +7 -3
- data/lib/stormpath-sdk/resource/organization.rb +14 -10
- data/lib/stormpath-sdk/resource/organization_account_store_mapping.rb +8 -4
- data/lib/stormpath-sdk/resource/password_reset_token.rb +9 -5
- data/lib/stormpath-sdk/resource/phone.rb +8 -4
- data/lib/stormpath-sdk/resource/registered_saml_service_provider.rb +8 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider.rb +14 -0
- data/lib/stormpath-sdk/resource/saml_identity_provider_metadata.rb +9 -0
- data/lib/stormpath-sdk/resource/saml_policy.rb +10 -0
- data/lib/stormpath-sdk/resource/saml_service_provider.rb +7 -0
- data/lib/stormpath-sdk/{provider/saml/saml_mapping_rules.rb → resource/saml_service_provider_metadata.rb} +6 -5
- data/lib/stormpath-sdk/resource/saml_service_provider_registration.rb +11 -0
- data/lib/stormpath-sdk/resource/schema.rb +8 -4
- data/lib/stormpath-sdk/resource/tenant.rb +11 -8
- data/lib/stormpath-sdk/resource/user_info_mapping_rules.rb +7 -3
- data/lib/stormpath-sdk/resource/utils.rb +7 -10
- data/lib/stormpath-sdk/resource/verification_email.rb +7 -3
- data/lib/stormpath-sdk/resource/x_509_certificate.rb +7 -0
- data/lib/stormpath-sdk/util/assert.rb +1 -3
- data/lib/stormpath-sdk/version.rb +2 -2
- data/spec/auth/basic_authenticator_spec.rb +28 -24
- data/spec/auth/register_service_provider_spec.rb +68 -0
- data/spec/auth/sauthc1_signer_spec.rb +8 -4
- data/spec/cache/cache_entry_spec.rb +28 -29
- data/spec/cache/cache_spec.rb +9 -9
- data/spec/cache/cache_stats_spec.rb +1 -1
- data/spec/client_spec.rb +63 -63
- data/spec/data_store_spec.rb +23 -14
- data/spec/oauth/access_token_authentication_result_spec.rb +8 -2
- data/spec/provider/account_resolver_spec.rb +6 -4
- data/spec/provider/provider_spec.rb +6 -6
- data/spec/resource/account_creation_policy_spec.rb +1 -1
- data/spec/resource/account_link_spec.rb +7 -15
- data/spec/resource/account_spec.rb +17 -17
- data/spec/resource/account_store_mapping_spec.rb +16 -22
- data/spec/resource/account_store_spec.rb +3 -3
- data/spec/resource/application_spec.rb +324 -330
- data/spec/resource/base_spec.rb +7 -31
- data/spec/resource/collection_spec.rb +63 -114
- data/spec/resource/custom_data_spec.rb +1 -1
- data/spec/resource/directory_spec.rb +91 -87
- data/spec/resource/expansion_spec.rb +10 -10
- data/spec/resource/factor_spec.rb +1 -1
- data/spec/resource/group_spec.rb +1 -1
- data/spec/resource/linked_account_spec.rb +7 -7
- data/spec/resource/organization_spec.rb +12 -11
- data/spec/resource/phone_spec.rb +1 -1
- data/spec/resource/registered_saml_service_provider_spec.rb +35 -0
- data/spec/resource/saml_identity_provider_metadata_spec.rb +27 -0
- data/spec/resource/saml_identity_provider_spec.rb +94 -0
- data/spec/resource/saml_policy_spec.rb +27 -0
- data/spec/resource/saml_service_provider_registration_spec.rb +58 -0
- data/spec/resource/saml_service_provider_spec.rb +19 -0
- data/spec/resource/status_spec.rb +4 -3
- data/spec/resource/tenant_spec.rb +4 -6
- data/spec/spec_helper.rb +1 -1
- data/spec/support/custom_data_save_period.rb +4 -0
- data/spec/support/custom_data_storage_behavior.rb +7 -8
- data/spec/support/mocked_provider_accounts.rb +101 -101
- data/spec/support/mocked_saml_responses.rb +130 -0
- data/spec/support/resource_factory.rb +4 -4
- data/spec/support/resource_helpers.rb +10 -4
- data/spec/support/resource_matchers.rb +4 -4
- data/spec/support/test_request_executor.rb +2 -2
- metadata +21 -8
- data/lib/stormpath-sdk/provider/saml/saml_provider_metadata.rb +0 -19
- data/spec/fixtures/response/create_saml_directory.json +0 -26
- data/spec/fixtures/response/create_saml_directory_mapping_rules.json +0 -12
- data/spec/fixtures/response/get_saml_directory_provider.json +0 -16
- data/spec/fixtures/response/get_saml_directory_provider_metadata.json +0 -12
@@ -1,22 +1,26 @@
|
|
1
|
-
module Stormpath
|
2
|
-
|
1
|
+
module Stormpath
|
2
|
+
module Resource
|
3
|
+
module AccountOverrides
|
4
|
+
extend ActiveSupport::Concern
|
3
5
|
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
6
|
+
included do
|
7
|
+
def create_account(account, registration_workflow_enabled = nil)
|
8
|
+
href = accounts.href
|
9
|
+
if registration_workflow_enabled == false
|
10
|
+
href += "?registrationWorkflowEnabled=#{registration_workflow_enabled}"
|
11
|
+
end
|
10
12
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
13
|
+
resource = case account
|
14
|
+
when Stormpath::Resource::Base
|
15
|
+
account
|
16
|
+
else
|
17
|
+
Stormpath::Resource::Account.new(account, client)
|
18
|
+
end
|
17
19
|
|
18
|
-
|
19
|
-
|
20
|
+
resource.apply_custom_data_updates_if_necessary
|
21
|
+
data_store.create(href, resource, Stormpath::Resource::Account)
|
22
|
+
end
|
23
|
+
end
|
20
24
|
end
|
21
25
|
end
|
22
26
|
end
|
@@ -13,17 +13,21 @@
|
|
13
13
|
# See the License for the specific language governing permissions and
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
16
|
+
module Stormpath
|
17
|
+
module Resource
|
18
|
+
class AccountStore < Stormpath::Resource::Instance
|
19
|
+
def self.new(*args)
|
20
|
+
href = args.first[HREF_PROP_NAME]
|
21
|
+
if href =~ /directories/
|
22
|
+
Stormpath::Resource::Directory.new(*args)
|
23
|
+
elsif href =~ /group/
|
24
|
+
Stormpath::Resource::Group.new(*args)
|
25
|
+
elsif href =~ /organizations/
|
26
|
+
Stormpath::Resource::Organization.new(*args)
|
27
|
+
else
|
28
|
+
raise 'inappropriate type of an account store'
|
29
|
+
end
|
30
|
+
end
|
27
31
|
end
|
28
32
|
end
|
29
33
|
end
|
@@ -13,23 +13,24 @@
|
|
13
13
|
# See the License for the specific language governing permissions and
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
|
-
|
16
|
+
module Stormpath
|
17
|
+
module Resource
|
18
|
+
class AccountStoreMapping < Stormpath::Resource::Instance
|
19
|
+
prop_accessor :list_index, :is_default_account_store, :is_default_group_store
|
17
20
|
|
18
|
-
|
21
|
+
belongs_to :application
|
19
22
|
|
20
|
-
|
23
|
+
has_one :account_store
|
21
24
|
|
22
|
-
|
25
|
+
alias default_account_store is_default_account_store
|
26
|
+
alias default_account_store? is_default_account_store
|
23
27
|
|
24
|
-
|
25
|
-
alias_method :default_account_store?, :is_default_account_store
|
28
|
+
alias default_account_store= is_default_account_store=
|
26
29
|
|
27
|
-
|
28
|
-
|
29
|
-
alias_method :default_group_store, :is_default_group_store
|
30
|
-
alias_method :default_group_store?, :is_default_group_store
|
31
|
-
|
32
|
-
alias_method :default_group_store=, :is_default_group_store=
|
30
|
+
alias default_group_store is_default_group_store
|
31
|
+
alias default_group_store? is_default_group_store
|
33
32
|
|
33
|
+
alias default_group_store= is_default_group_store=
|
34
|
+
end
|
35
|
+
end
|
34
36
|
end
|
35
|
-
|
@@ -13,143 +13,154 @@
|
|
13
13
|
# See the License for the specific language governing permissions and
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
belongs_to :tenant
|
27
|
-
|
28
|
-
has_many :accounts, can: [:get, :create]
|
29
|
-
has_many :password_reset_tokens, can: [:get, :create]
|
30
|
-
has_many :account_store_mappings, can: [:get, :create]
|
31
|
-
has_many :groups, can: [:get, :create]
|
32
|
-
has_many :verification_emails, can: :create
|
33
|
-
has_many :api_keys
|
34
|
-
|
35
|
-
has_one :default_account_store_mapping, class_name: :accountStoreMapping
|
36
|
-
has_one :default_group_store_mapping, class_name: :accountStoreMapping
|
37
|
-
has_one :custom_data
|
38
|
-
has_one :o_auth_policy, class_name: :oauthPolicy
|
39
|
-
has_one :web_config, class_name: :applicationWebConfig
|
40
|
-
has_one :account_linking_policy
|
41
|
-
|
42
|
-
alias_method :oauth_policy, :o_auth_policy
|
43
|
-
|
44
|
-
def self.load(composite_url)
|
45
|
-
begin
|
46
|
-
builder = Stormpath::Util::UriBuilder.new(composite_url)
|
47
|
-
api_key_id, api_key_secret = builder.userinfo.split(':')
|
48
|
-
|
49
|
-
client = Stormpath::Client.new api_key: {
|
50
|
-
id: api_key_id,
|
51
|
-
secret: api_key_secret
|
52
|
-
}
|
53
|
-
|
54
|
-
application_path = builder.uri.path.slice(/\/applications(.)*$/)
|
55
|
-
client.applications.get(application_path)
|
56
|
-
rescue
|
57
|
-
raise LoadError
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def create_id_site_url(options = {})
|
62
|
-
base = client.data_store.base_url.sub("v#{Stormpath::DataStore::DEFAULT_API_VERSION}", 'sso')
|
63
|
-
base += '/logout' if options[:logout]
|
64
|
-
|
65
|
-
raise Stormpath::Oauth::Error.new(:jwt_cb_uri_incorrect) if options[:callback_uri].empty?
|
66
|
-
|
67
|
-
token = JWT.encode(jwt_token_payload(options), client.data_store.api_key.secret, 'HS256')
|
68
|
-
base + '?jwtRequest=' + token
|
69
|
-
end
|
70
|
-
|
71
|
-
def handle_id_site_callback(response_url)
|
72
|
-
assert_not_nil response_url, 'No response provided. Please provide response object.'
|
73
|
-
|
74
|
-
uri = URI(response_url)
|
75
|
-
params = CGI::parse(uri.query)
|
76
|
-
token = params["jwtResponse"].first
|
77
|
-
|
78
|
-
begin
|
79
|
-
jwt_response, _header = JWT.decode(token, client.data_store.api_key.secret)
|
80
|
-
rescue JWT::ExpiredSignature => error
|
81
|
-
# JWT raises error if the signature expired, we need to capture this and
|
82
|
-
# rerase IdSite::Error
|
83
|
-
raise Stormpath::Oauth::Error.new(:jwt_expired)
|
84
|
-
end
|
85
|
-
|
86
|
-
id_site_result = Stormpath::IdSite::IdSiteResult.new(jwt_response)
|
87
|
-
|
88
|
-
if id_site_result.jwt_invalid?(api_key_id)
|
89
|
-
raise Stormpath::Oauth::Error.new(:jwt_invalid)
|
90
|
-
end
|
91
|
-
|
92
|
-
id_site_result
|
93
|
-
end
|
94
|
-
|
95
|
-
def send_password_reset_email(email, account_store: nil)
|
96
|
-
password_reset_token = create_password_reset_token(email, account_store: account_store)
|
97
|
-
password_reset_token.account
|
98
|
-
end
|
99
|
-
|
100
|
-
def verify_password_reset_token(token)
|
101
|
-
password_reset_tokens.get(token).account
|
102
|
-
end
|
103
|
-
|
104
|
-
def authenticate_account(request)
|
105
|
-
Stormpath::Authentication::BasicAuthenticator.new(data_store).authenticate(href, request)
|
106
|
-
end
|
107
|
-
|
108
|
-
def get_provider_account(request)
|
109
|
-
Stormpath::Provider::AccountResolver.new(data_store, href, request).resolve_provider_account
|
110
|
-
end
|
111
|
-
|
112
|
-
def authenticate_oauth(request)
|
113
|
-
Stormpath::Oauth::Authenticator.new(data_store).authenticate(href, request)
|
114
|
-
end
|
115
|
-
|
116
|
-
private
|
117
|
-
|
118
|
-
def jwt_token_payload(options)
|
119
|
-
{}.tap do |payload|
|
120
|
-
payload['iat'] = Time.now.to_i
|
121
|
-
payload['jti'] = UUID.method(:random_create).call.to_s
|
122
|
-
payload['iss'] = client.data_store.api_key.id
|
123
|
-
payload['sub'] = href
|
124
|
-
payload['cb_uri'] = options[:callback_uri]
|
125
|
-
payload['path'] = options[:path] || ''
|
126
|
-
payload['state'] = options[:state] || ''
|
127
|
-
payload['sof'] = options[:show_organization_field]
|
128
|
-
payload['onk'] = options[:organization_name_key]
|
129
|
-
payload['usd'] = options[:use_subdomain]
|
130
|
-
end.compact
|
131
|
-
end
|
132
|
-
|
133
|
-
def api_key_id
|
134
|
-
client.data_store.api_key.id
|
135
|
-
end
|
136
|
-
|
137
|
-
def create_password_reset_token(email, account_store: nil)
|
138
|
-
params = { email: email }
|
139
|
-
params[:account_store] = account_store_to_hash(account_store) if account_store
|
140
|
-
password_reset_tokens.create(params)
|
141
|
-
end
|
16
|
+
module Stormpath
|
17
|
+
module Resource
|
18
|
+
class Application < Stormpath::Resource::Instance
|
19
|
+
include Stormpath::Resource::CustomDataStorage
|
20
|
+
include Stormpath::Resource::AccountOverrides
|
21
|
+
|
22
|
+
include UUIDTools
|
23
|
+
|
24
|
+
class LoadError < ArgumentError; end
|
142
25
|
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
26
|
+
prop_accessor :name, :description, :authorized_callback_uris, :status, :authorized_origin_uris
|
27
|
+
prop_reader :created_at, :modified_at
|
28
|
+
|
29
|
+
belongs_to :tenant
|
30
|
+
|
31
|
+
has_many :accounts, can: [:get, :create]
|
32
|
+
has_many :password_reset_tokens, can: [:get, :create]
|
33
|
+
has_many :account_store_mappings, can: [:get, :create]
|
34
|
+
has_many :groups, can: [:get, :create]
|
35
|
+
has_many :verification_emails, can: :create
|
36
|
+
has_many :api_keys
|
37
|
+
|
38
|
+
has_one :default_account_store_mapping, class_name: :accountStoreMapping
|
39
|
+
has_one :default_group_store_mapping, class_name: :accountStoreMapping
|
40
|
+
has_one :custom_data
|
41
|
+
has_one :o_auth_policy, class_name: :oauthPolicy
|
42
|
+
has_one :web_config, class_name: :applicationWebConfig
|
43
|
+
has_one :account_linking_policy
|
44
|
+
has_one :saml_policy
|
45
|
+
|
46
|
+
alias oauth_policy o_auth_policy
|
47
|
+
|
48
|
+
def self.load(composite_url)
|
49
|
+
builder = Stormpath::Util::UriBuilder.new(composite_url)
|
50
|
+
api_key_id, api_key_secret = builder.userinfo.split(':')
|
51
|
+
|
52
|
+
client = Stormpath::Client.new(
|
53
|
+
api_key: {
|
54
|
+
id: api_key_id,
|
55
|
+
secret: api_key_secret
|
56
|
+
}
|
57
|
+
)
|
58
|
+
|
59
|
+
application_path = builder.uri.path.slice(/\/applications(.)*$/)
|
60
|
+
client.applications.get(application_path)
|
61
|
+
rescue
|
62
|
+
raise LoadError
|
63
|
+
end
|
64
|
+
|
65
|
+
def create_id_site_url(options = {})
|
66
|
+
raise Stormpath::Oauth::Error, :jwt_cb_uri_incorrect if options[:callback_uri].blank?
|
67
|
+
|
68
|
+
base = client.data_store.base_url.sub("v#{Stormpath::DataStore::DEFAULT_API_VERSION}", 'sso')
|
69
|
+
base += '/logout' if options[:logout]
|
70
|
+
|
71
|
+
token = JWT.encode(jwt_token_payload(options), client.data_store.api_key.secret, 'HS256')
|
72
|
+
"#{base}?jwtRequest=#{token}"
|
73
|
+
end
|
74
|
+
|
75
|
+
def handle_id_site_callback(response_url)
|
76
|
+
assert_not_nil(response_url, 'No response provided. Please provide response object.')
|
77
|
+
|
78
|
+
uri = URI(response_url)
|
79
|
+
params = CGI.parse(uri.query)
|
80
|
+
token = params['jwtResponse'].first
|
81
|
+
|
82
|
+
begin
|
83
|
+
jwt_response, _header = JWT.decode(token, client.data_store.api_key.secret)
|
84
|
+
rescue JWT::ExpiredSignature => error
|
85
|
+
# JWT raises error if the signature expired, we need to capture this and
|
86
|
+
# reraise IdSite::Error
|
87
|
+
raise Stormpath::Oauth::Error, :jwt_expired
|
88
|
+
end
|
89
|
+
|
90
|
+
id_site_result = Stormpath::IdSite::IdSiteResult.new(jwt_response)
|
91
|
+
|
92
|
+
raise Stormpath::Oauth::Error, :jwt_invalid if id_site_result.jwt_invalid?(api_key_id)
|
93
|
+
|
94
|
+
id_site_result
|
95
|
+
end
|
96
|
+
|
97
|
+
def send_password_reset_email(email, account_store: nil)
|
98
|
+
password_reset_token = create_password_reset_token(email, account_store: account_store)
|
99
|
+
password_reset_token.account
|
100
|
+
end
|
101
|
+
|
102
|
+
def verify_password_reset_token(token)
|
103
|
+
password_reset_tokens.get(token).account
|
104
|
+
end
|
105
|
+
|
106
|
+
def authenticate_account(request)
|
107
|
+
Stormpath::Authentication::BasicAuthenticator.new(data_store).authenticate(href, request)
|
108
|
+
end
|
109
|
+
|
110
|
+
def get_provider_account(request)
|
111
|
+
Stormpath::Provider::AccountResolver.new(data_store, href, request).resolve_provider_account
|
112
|
+
end
|
113
|
+
|
114
|
+
def authenticate_oauth(request)
|
115
|
+
Stormpath::Oauth::Authenticator.new(data_store).authenticate(href, request)
|
116
|
+
end
|
117
|
+
|
118
|
+
def register_service_provider(options = {})
|
119
|
+
Stormpath::Authentication::RegisterServiceProvider.new(
|
120
|
+
saml_policy.identity_provider, options
|
121
|
+
).call
|
122
|
+
end
|
123
|
+
|
124
|
+
private
|
125
|
+
|
126
|
+
def jwt_token_payload(options)
|
127
|
+
{}.tap do |payload|
|
128
|
+
payload[:jti] = UUID.method(:random_create).call.to_s
|
129
|
+
payload[:iat] = Time.now.to_i
|
130
|
+
payload[:iss] = client.data_store.api_key.id
|
131
|
+
payload[:sub] = href
|
132
|
+
payload[:state] = options[:state] || ''
|
133
|
+
payload[:path] = options[:path] || ''
|
134
|
+
payload[:cb_uri] = options[:callback_uri]
|
135
|
+
payload[:sof] = options[:show_organization_field]
|
136
|
+
payload[:onk] = options[:organization_name_key]
|
137
|
+
payload[:usd] = options[:use_subdomain]
|
138
|
+
payload[:require_mfa] = options[:require_mfa]
|
139
|
+
end.compact
|
140
|
+
end
|
141
|
+
|
142
|
+
def api_key_id
|
143
|
+
client.data_store.api_key.id
|
144
|
+
end
|
145
|
+
|
146
|
+
def create_password_reset_token(email, account_store: nil)
|
147
|
+
params = { email: email }
|
148
|
+
params[:account_store] = account_store_to_hash(account_store) if account_store
|
149
|
+
password_reset_tokens.create(params)
|
150
|
+
end
|
151
|
+
|
152
|
+
def account_store_to_hash(account_store)
|
153
|
+
case account_store
|
154
|
+
when Stormpath::Resource::Organization
|
155
|
+
{ name_key: account_store.name_key }
|
156
|
+
when Stormpath::Resource::Group, Stormpath::Resource::Directory
|
157
|
+
{ href: account_store.href }
|
158
|
+
when Hash
|
159
|
+
account_store
|
160
|
+
else
|
161
|
+
raise ArgumentError, 'Account store has to be passed either as an resource or a hash'
|
162
|
+
end
|
163
|
+
end
|
153
164
|
end
|
154
165
|
end
|
155
166
|
end
|
@@ -1,9 +1,13 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
1
|
+
module Stormpath
|
2
|
+
module Resource
|
3
|
+
class ApplicationWebConfig < Stormpath::Resource::Instance
|
4
|
+
ENDPOINTS = [:oauth2, :register, :login, :verify_email, :forgot_password, :change_password, :me].freeze
|
5
|
+
prop_accessor :dns_label, :status, *ENDPOINTS
|
6
|
+
prop_reader :domain_name, :created_at, :modified_at
|
5
7
|
|
6
|
-
|
7
|
-
|
8
|
-
|
8
|
+
has_one :signing_api_key, class_name: :api_key
|
9
|
+
belongs_to :application
|
10
|
+
belongs_to :tenant
|
11
|
+
end
|
12
|
+
end
|
9
13
|
end
|
@@ -19,8 +19,7 @@ module Stormpath
|
|
19
19
|
extend ActiveSupport::Concern
|
20
20
|
|
21
21
|
module ClassMethods
|
22
|
-
|
23
|
-
def resource_prop_reader(name, options={})
|
22
|
+
def resource_prop_reader(name, options = {})
|
24
23
|
options[:class_name] ||= name
|
25
24
|
resource_class = "Stormpath::Resource::#{options[:class_name].to_s.camelize}".constantize
|
26
25
|
property_name = name.to_s.camelize :lower
|
@@ -29,10 +28,10 @@ module Stormpath
|
|
29
28
|
end
|
30
29
|
end
|
31
30
|
|
32
|
-
|
33
|
-
|
31
|
+
alias has_one resource_prop_reader
|
32
|
+
alias belongs_to resource_prop_reader
|
34
33
|
|
35
|
-
def has_many(name, options={}, &block)
|
34
|
+
def has_many(name, options = {}, &block)
|
36
35
|
options[:class_name] ||= name.to_s.singularize
|
37
36
|
item_class = "Stormpath::Resource::#{options[:class_name].to_s.camelize}".constantize
|
38
37
|
property_name = name.to_s.camelize :lower
|
@@ -42,53 +41,52 @@ module Stormpath
|
|
42
41
|
href = options[:href] || get_resource_href_property(property_name)
|
43
42
|
collection_href = "#{tenant.send(name).href}" if options[:delegate]
|
44
43
|
|
45
|
-
Stormpath::Resource::Collection.new(
|
46
|
-
collection_href: collection_href
|
44
|
+
Stormpath::Resource::Collection.new(
|
45
|
+
href, item_class, client, collection_href: collection_href
|
46
|
+
).tap do |collection|
|
47
47
|
|
48
48
|
collection.class_eval do
|
49
|
-
if can.include?
|
49
|
+
if can.include?(:create)
|
50
50
|
def create(properties_or_resource, options = {})
|
51
51
|
resource = case properties_or_resource
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
data_store.create
|
52
|
+
when Stormpath::Resource::Base
|
53
|
+
properties_or_resource
|
54
|
+
else
|
55
|
+
item_class.new(properties_or_resource, client)
|
56
|
+
end
|
57
|
+
data_store.create(href, resource, item_class, options)
|
58
58
|
end
|
59
|
-
end#can.include? :create
|
59
|
+
end # can.include? :create
|
60
60
|
|
61
61
|
if can.include? :get
|
62
|
-
def get(id_or_href, expansion=nil)
|
62
|
+
def get(id_or_href, expansion = nil)
|
63
63
|
item_href = if id_or_href.index '/'
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
data_store.get_resource
|
64
|
+
id_or_href
|
65
|
+
else
|
66
|
+
"#{href}/#{id_or_href}"
|
67
|
+
end
|
68
|
+
data_store.get_resource(
|
69
|
+
item_href, item_class, (expansion ? expansion.to_query : nil)
|
70
|
+
)
|
69
71
|
end
|
70
|
-
end#can.include? :get
|
71
|
-
end#collection.class_eval do
|
72
|
+
end # can.include? :get
|
73
|
+
end # collection.class_eval do
|
72
74
|
|
73
75
|
collection.class_eval(&block) if block
|
74
|
-
end#Stormpath::Resource::Collection.new
|
75
|
-
end#define_method(name)
|
76
|
-
end#def has_many
|
77
|
-
|
78
|
-
end#module Class Methods
|
76
|
+
end # Stormpath::Resource::Collection.new
|
77
|
+
end # define_method(name)
|
78
|
+
end # def has_many
|
79
|
+
end # module Class Methods
|
79
80
|
|
80
81
|
included do
|
81
|
-
|
82
82
|
private
|
83
83
|
|
84
84
|
def get_resource_property(key, clazz)
|
85
85
|
value = get_property key
|
86
86
|
|
87
|
-
return nil if value.nil?
|
87
|
+
return nil if value.nil? && (clazz != Stormpath::Resource::CustomData)
|
88
88
|
|
89
|
-
if value.is_a? Hash
|
90
|
-
resource_href = get_href_from_hash value
|
91
|
-
end
|
89
|
+
resource_href = get_href_from_hash value if value.is_a? Hash
|
92
90
|
|
93
91
|
key_name = "@_#{key.underscore}"
|
94
92
|
|
@@ -105,14 +103,9 @@ module Stormpath
|
|
105
103
|
def get_resource_href_property(key)
|
106
104
|
value = get_property key
|
107
105
|
|
108
|
-
if value.is_a? Hash
|
109
|
-
get_href_from_hash value
|
110
|
-
else
|
111
|
-
nil
|
112
|
-
end
|
106
|
+
get_href_from_hash value if value.is_a? Hash
|
113
107
|
end
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
end#Stormpath
|
108
|
+
end # included do
|
109
|
+
end # Associations
|
110
|
+
end # Resource
|
111
|
+
end # Stormpath
|