stormpath-sdk 1.0.0.beta.8 → 1.0.0.beta.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 217ba3dfe6d6347582c6a2c428ca2c0ab357b434
-  data.tar.gz: 9e8e70ef785bc057c5c25240ad2a40691992d06f
+  metadata.gz: ffd1ce3b14483c0ba0f564a704d5e7d6d079a99e
+  data.tar.gz: b59460eaea481ca8e83d4a4bf4accb8728481554
 SHA512:
-  metadata.gz: d4d3e8df8df4fc6812d96dc0eb55e776f149d5400c038d5187067d0e87362277b1441cb933505f8996323a4a0e6ac8b3777ea7d5701c278ee9c24531783ba7f5
-  data.tar.gz: 2c1431cf95b22b5ab3ee0b8bd8881a0edefcc6c446f3674e97b0a624752a6896a7314fa2e4c43c6b7d477178317f3c1951aac55b483599cdfbb927d28f50db6c
+  metadata.gz: 6fa8d912dd6323c2dcfe19d08bbc7a2efce1c8eea0d74ab2f34dfbbb1d891e78126ee4022045bc4d39faae429a98784ec9cfdd479cd920eafca443271cd10d32
+  data.tar.gz: 08e1230337d60e8e55026ca367ac2103cd9c5414a1cc075301384d8550b78a1b2f2f35ea6001bd60296e03e2715582fc3fff77c516fb04924aece923a15a70ce

data/.travis.yml

@@ -7,8 +7,8 @@ services:
 - redis-server
 env:
   global:
-  - secure: cfX/Vagk7SskUp1cnuTTfQHNWz6pjx7bHJOa25ahk/3Jvsqz37qf8MLNs8uRUb/LN63G/YNUtrcRZQiyDS9WHehQy0p7IO68UuOG4zqkJE0iemR0kToCTHMbyLTOB70nhTuwmRfh1KeT5Ja3D9TOtApQErU5IQaKm5jP8CZb4PA=
-  - secure: Vhb4qkFc0BcRkJaPU6ZbM9vPHaEHoz/A1LlQ1IMrEdXS/nUabd4l32q6zjJZvfHJ5bI1PXgk1BFztVGT65UT7Uu17KKawzLZWDLmrgzRESkKDj/Ld9Wg79DY6ooJ/juWBrWuJtoNOFKy6CqLdCKWIzNkd9zG+au3qoFP8LfhRh4=
-  - secure: dKmkzv90Fn1JQpSc2l+cESLFYw3bnN5TsgDKTc2tFFi285EJuqd2z22wfDGcaYAoqX/ck+YTdPqVH6trrC7b3pSMqJSBEaHtWiYMbEkmf/QWrVAHy4LEKFAcs0oACjwVRe7CGBu8RRBWcl8I1STpYm11S8WDe8Y/GHo0HnXipHo=
-  - secure: FejMHUo69w52zjPBMfUThhhgj7md/dj+7gf+1d0sgDuDfZ+gECEyHF8iWvkm64k3j+PX4E/y44HdV1+qIMWTGNA0xSZNFEHBBJrEC1BRKm9BkT8W0KBcupmLRHW0BtLWMrqtKOgOyDEdoufuLx7wDpTNslPeGJ4NUZIGEDTuwLc=
-  - secure: DyEw82o0ozA9rbbgYUk8jiC/KNwB0x0OuVv/TX7Xso3uXgfTL1m3IWYLDX6kvV4QIvHNaNdj1g02ddnRwZwuvA3IH81J8+mkZ6aIXTS1YKZPEZMSqewZNOGQPRVaUOeQ9ymQtE7bfxWkViF2JzJlGzc3IxYUKHeo+NE/Hgehuz4=
+  - secure: MeyjZGgySZvpYVRm2i7wkrhvu9KUeU7eQ5aKj7FXqIYlQe3T67k+KKA3Ejp6WC3wUEVPUFseWMZCuNkRc0UeGA5/4e4LLc++XuaZn1jLTm1yNofh/CFAAjt5VdIYz4R7sKxpyLxs0orK2+HcaiCoqSDj7ehw2SlDca9VEi0GoQk=
+  - secure: MrtbhfH1IfwDkkvf0pq6trgj68to/fK4c+L1daKvMaNiNvwggbA3s0ea9QjHxXfWmPqL5bf8Q5N7YqXUw8cLpRPrKUA65JkyhyzIju8FgzXz83aCvjJD+5XhJIGzpLM8qHeKh7F0K6/iURTKIUgZXbguK4HpEeCMrrdPYcof3Ew=
+  - secure: JChx6k5NOw/PBzH6gpHdqxHPy8hpaTALVs2riTVXorJZ5p06F3riqFBQbMh6REzXdJLjD6VKPORt19WOkmLHCPW8x0g7HxIRHT0DCDLX/4980dZZAev3blSvfJ7t1cWlBVsZb0LgVEkswvKdSYEZvDQTy5XlWsIMuNhHUclsTZk=
+  - secure: c5tUXb7FPMDD/KkpDwYNfnZ2k0N0RltBAQt1IYOFkdcztIAdcGmWPtT4l07He+UJiF2Vy92KrsSK709FFDwdxAleSgFKwpCrtgJRXXqRqT/gDiJUsGU1jC4QgXpu/QWCWsCSs/v1l1GzZyZF61aQzqINVrGwF5n2/MeMGOAJkaA=
+  - secure: SepFOaSOjRr5EJLBlXKT60FgSmKZ604zhhDaes+s9rQgJcaUsVkTxFYhkE6mkDadH7dZ6ACW1TaWWTmFm+JMFuli/bcyvX9wm5akWM6EF3BdJ8djMac34iJuTB3MWED+fOaFco9oZjMQOYZlSu9nS4VOvH0ekcTnQnThzxYxpfs=

data/CHANGES.md

@@ -1,6 +1,17 @@
 stormpath-sdk-ruby Changelog
 ============================
 
+Version 1.0.0.beta.9
+--------------------
+
+Released on December 2, 2015
+
+- Organization CRUD
+- Token Management
+- Ability to specify an organization nameKey as an accountStore for loginAttempt
+- Get applications for an account
+- Resending email verification
+
 Version 1.0.0.beta.8
 --------------------
 

data/README.md

@@ -1,4 +1,5 @@
 [![Build Status](https://api.travis-ci.org/stormpath/stormpath-sdk-ruby.png?branch=master,development)](https://travis-ci.org/stormpath/stormpath-sdk-ruby)
+[![Code Climate](https://codeclimate.com/github/stormpath/stormpath-sdk-ruby/badges/gpa.svg)](https://codeclimate.com/github/stormpath/stormpath-sdk-ruby)
 
 # Stormpath Ruby SDK
 

data/lib/stormpath-sdk/auth/basic_authenticator.rb

@@ -45,9 +45,7 @@ module Stormpath
         href = parent_href + '/loginAttempts'
 
         @data_store.create href, attempt, AuthenticationResult
-
       end
-
     end
   end
 end

data/lib/stormpath-sdk/client.rb

@@ -53,9 +53,11 @@ module Stormpath
         data_store.save token, Stormpath::Resource::Account
       end
     end
+    has_many :organizations, href: '/organizations', can: [:get, :create]
     has_many :groups, href: '/groups', can: :get
     has_many :group_memberships, href: '/groupMemberships', can: [:get, :create]
     has_many :account_store_mappings, href: '/accountStoreMappings', can: [:get, :create]
+    has_many :organization_account_store_mappings, href: '/organizationAccountStoreMappings', can: [:get, :create]
 
     private
 

data/lib/stormpath-sdk/data_store.rb

@@ -115,12 +115,16 @@ class Stormpath::DataStore
         return cached_result if cached_result
       end
 
-      body = if resource
-               MultiJson.dump(to_hash(resource))
-             end
+      body = extract_body_from_resource(resource)
 
       request = Request.new(http_method, href, query, Hash.new, body, @api_key)
-      apply_default_request_headers request
+
+      if resource.try(:form_data?) 
+        apply_form_data_request_headers request
+      else
+        apply_default_request_headers request
+      end
+
       response = @request_executor.execute_request request
 
       result = response.body.length > 0 ? MultiJson.load(response.body) : ''
@@ -209,6 +213,11 @@ class Stormpath::DataStore
         request.http_headers.store 'Content-Type', 'application/json'
       end
     end
+    
+    def apply_form_data_request_headers(request)
+      request.http_headers.store 'Content-Type', 'application/x-www-form-urlencoded'
+      request.http_headers.store 'User-Agent', 'Stormpath-RubySDK/' + Stormpath::VERSION
+    end
 
     def save_resource(href, resource, return_type)
       assert_not_nil resource, "resource argument cannot be null."
@@ -221,7 +230,12 @@ class Stormpath::DataStore
 
       response = execute_request 'post', q_href, resource
 
-      instantiate return_type, response.to_hash
+      instantiate return_type, parse_response(response)
+    end
+
+    def parse_response(response)
+      return {} if response.is_a? String and response.blank?
+      response.to_hash
     end
 
     def clear_cache_on_save(resource)
@@ -252,6 +266,32 @@ class Stormpath::DataStore
       end
     end
 
+    def extract_body_from_resource(resource)
+      return if resource.nil?
+      form_data = resource.try(:form_data?)
+
+      if form_data
+        form_request_parse(resource) 
+      else
+        MultiJson.dump(to_hash(resource))
+      end
+    end
+
+    def form_request_parse(resource)
+      data = ""
+      
+      property_names = resource.get_dirty_property_names
+      property_names.each do |name|
+        if name != "formData"
+          property = resource.get_property name, ignore_camelcasing: true
+          data += name.underscore + '=' + property.to_s
+          data += '&' unless name == property_names.last
+        end
+      end
+
+      data
+    end
+
     def to_hash(resource)
       Hash.new.tap do |properties|
         resource.get_dirty_property_names.each do |name|

data/lib/stormpath-sdk/http/authc/sauthc1_signer.rb

@@ -189,4 +189,4 @@ module Stormpath
       end#Sauthc1Signer
     end#Authc
   end#Http
-end#Stormpath
+end#Stormpath

data/lib/stormpath-sdk/http/http_client_request_executor.rb

@@ -36,6 +36,10 @@ module Stormpath
                  else
                    request.href
                  end
+  
+        if request.http_headers["Content-Type"] == "application/x-www-form-urlencoded" 
+          @http_client.set_auth(request.href, request.api_key.id, request.api_key.secret)
+        end
 
         method = @http_client.method(request.http_method.downcase)
 

data/lib/stormpath-sdk/http/request.rb

@@ -63,7 +63,7 @@ module Stormpath
             enc_value = encode_url value, false, canonical
 
             result << '&' unless result.empty?
-            result << enc_key << '='<< enc_value
+            result << enc_key.camelize(:lower) << '='<< enc_value
           end
         end
 

data/lib/stormpath-sdk/id_site/error.rb

@@ -0,0 +1,42 @@
+module Stormpath
+  module IdSite
+    class Error < Stormpath::Error
+      attr_accessor :status, :code, :message, :developer_message, :more_info
+
+      def initialize(type)
+        @status  = errors[type][:status]
+        @code    = errors[type][:code]
+        @message = errors[type][:message]
+        @developer_message = errors[type][:developer_message]
+        super(self)
+      end
+
+      private
+
+      def errors
+        {
+          jwt_cb_uri_incorrect: {
+            status: 400,
+            code: 400,
+            message: "The specified callback URI (cb_uri) is not valid",
+            developer_message: "The specified callback URI (cb_uri) is not valid. Make "\
+              "sure the callback URI specified in your ID Site configuration matches the value specified."
+          },
+          jwt_expired: {
+            status: 400,
+            code: 10011,
+            message: "Token is invalid",
+            developer_message: "Token is no longer valid because it has expired"
+          }, 
+          jwt_invalid: {
+            status: 400,
+            code: 10012,
+            message: "Token is invalid",
+            developer_message: "Token is invalid because the issued at time (iat) is after the current time"
+          }
+        }
+      end
+    end
+  end
+end
+

data/lib/stormpath-sdk/id_site/id_site_result.rb

@@ -1,16 +1,21 @@
 module Stormpath
   module IdSite
     class IdSiteResult
-      attr_accessor :account_href, :state, :status, :is_new_account
+      attr_accessor :jwt_response, :account_href, :state, :status, :is_new_account
 
       alias_method :new_account?, :is_new_account
 
       def initialize(jwt_response)
+        @jwt_response = jwt_response
         @account_href = jwt_response["sub"]
         @status = jwt_response["status"]
         @state = jwt_response["state"]
         @is_new_account = jwt_response["isNewSub"]
       end
+
+      def jwt_invalid?(api_key_id)
+        @jwt_response['aud'] != api_key_id
+      end
     end
   end
 end

data/lib/stormpath-sdk/oauth/authenticator.rb

@@ -0,0 +1,26 @@
+module Stormpath
+  module Oauth
+    class Authenticator
+      include Stormpath::Util::Assert
+
+      def initialize(data_store)
+        @data_store = data_store
+      end
+
+      def authenticate parent_href, request 
+        assert_not_nil parent_href, "parent_href must be specified"
+
+        if request.grant_type == 'password'
+          attempt = @data_store.instantiate PasswordGrant
+        elsif request.grant_type == 'refresh_token'
+          attempt = @data_store.instantiate RefreshToken
+        end
+
+        attempt.set_options(request)
+        
+        href = parent_href + '/oauth/token'
+        @data_store.create href, attempt, Stormpath::Resource::AccessToken
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/password_grant.rb

@@ -0,0 +1,17 @@
+module Stormpath
+  module Oauth
+    class PasswordGrant < Stormpath::Resource::Base
+      prop_accessor :grant_type, :username, :password
+
+      def set_options(request)
+        set_property :username, request.username
+        set_property :password, request.password
+        set_property :grant_type, request.grant_type
+      end
+
+      def form_data?
+        true
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/password_grant_request.rb

@@ -0,0 +1,13 @@
+module Stormpath
+  module Oauth
+    class PasswordGrantRequest
+      attr_accessor :grant_type, :username, :password
+
+      def initialize(username, password)
+        @username = username
+        @password = password
+        @grant_type = "password"
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/refresh_grant_request.rb

@@ -0,0 +1,12 @@
+module Stormpath
+  module Oauth
+    class RefreshGrantRequest 
+      attr_accessor :grant_type, :refresh_token
+
+      def initialize(refresh_token)
+        @refresh_token = refresh_token
+        @grant_type = "refresh_token" 
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/refresh_token.rb

@@ -0,0 +1,16 @@
+module Stormpath
+  module Oauth
+    class RefreshToken < Stormpath::Resource::Base
+      prop_accessor :grant_type, :refresh_token
+
+      def set_options(request)
+        set_property :refresh_token, request.refresh_token
+        set_property :grant_type, request.grant_type
+      end
+
+      def form_data?
+        true
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/verify_access_token.rb

@@ -0,0 +1,15 @@
+module Stormpath
+  module Oauth
+    class VerifyAccessToken
+      def initialize(application)
+        @href = application.href
+        @data_store = application.client.data_store
+      end
+
+      def verify authorization_token
+        href = @href + '/authTokens/' + authorization_token 
+        @data_store.get_resource href, VerifyToken 
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/verify_token.rb

@@ -0,0 +1,7 @@
+module Stormpath
+  module Oauth 
+    class VerifyToken < Stormpath::Resource::Base
+      prop_reader :href, :account, :application, :jwt, :tenant, :expanded_jwt
+    end
+  end
+end

data/lib/stormpath-sdk/resource/access_token.rb

@@ -0,0 +1,12 @@
+class Stormpath::Resource::AccessToken < Stormpath::Resource::Instance
+  prop_reader :access_token, :refresh_token, :token_type, :expires_in,
+    :stormpath_access_token_href
+
+  alias_method :href, :stormpath_access_token_href
+
+  def delete
+    unless href.respond_to?(:empty) and href.empty?
+      data_store.delete self 
+    end
+  end
+end

data/lib/stormpath-sdk/resource/account.rb

@@ -29,6 +29,7 @@ class Stormpath::Resource::Account < Stormpath::Resource::Instance
 
   has_many :groups
   has_many :group_memberships
+  has_many :applications
 
   has_one :custom_data
 

data/lib/stormpath-sdk/resource/application.rb

@@ -28,10 +28,14 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
   has_many :password_reset_tokens, can: [:get, :create]
   has_many :account_store_mappings, can: [:get, :create]
   has_many :groups, can: [:get, :create]
+  has_many :verification_emails, can: :create
 
   has_one :default_account_store_mapping, class_name: :accountStoreMapping
   has_one :default_group_store_mapping, class_name: :accountStoreMapping
   has_one :custom_data
+  has_one :o_auth_policy, class_name: :oauthPolicy
+
+  alias_method :oauth_policy, :o_auth_policy
 
   def self.load composite_url
     begin
@@ -54,6 +58,10 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     base = client.data_store.base_url.sub("v" + Stormpath::DataStore::DEFAULT_API_VERSION.to_s, "sso")
     base += '/logout' if options[:logout]
 
+    if options[:callback_uri].empty?
+      raise Stormpath::IdSite::Error.new(:jwt_cb_uri_incorrect)
+    end
+
     token = JWT.encode({
         'iat' => Time.now.to_i,
         'jti' => UUID.method(:random_create).call.to_s,
@@ -74,11 +82,21 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     params = CGI::parse(uri.query)
     token = params["jwtResponse"].first
 
-    jwt_response, _header = JWT.decode(token, client.data_store.api_key.secret)
+    begin
+      jwt_response, _header = JWT.decode(token, client.data_store.api_key.secret)
+    rescue JWT::ExpiredSignature => error
+      # JWT raises error if the signature expired, we need to capture this and
+      # rerase IdSite::Error
+      raise Stormpath::IdSite::Error.new(:jwt_expired)
+    end
 
-    raise Stormpath::Error.new if jwt_response["aud"] != client.data_store.api_key.id
+    id_site_result = Stormpath::IdSite::IdSiteResult.new(jwt_response)
 
-    Stormpath::IdSite::IdSiteResult.new(jwt_response)
+    if id_site_result.jwt_invalid?(api_key_id)
+      raise Stormpath::IdSite::Error.new(:jwt_invalid)
+    end
+
+    id_site_result
   end
 
   def send_password_reset_email email
@@ -98,10 +116,17 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
     Stormpath::Provider::AccountResolver.new(data_store).resolve_provider_account(href, request)
   end
 
+  def authenticate_oauth(request)
+    Stormpath::Oauth::Authenticator.new(data_store).authenticate(href, request) 
+  end
+  
   private
 
-    def create_password_reset_token email
-      password_reset_tokens.create email: email
-    end
+  def api_key_id
+    client.data_store.api_key.id
+  end
 
+  def create_password_reset_token email
+    password_reset_tokens.create email: email
+  end
 end

data/lib/stormpath-sdk/resource/oauth_policy.rb

@@ -0,0 +1,5 @@
+class Stormpath::Resource::OauthPolicy < Stormpath::Resource::Instance
+  prop_accessor :access_token_ttl, :refresh_token_ttl
+
+  belongs_to :application
+end

data/lib/stormpath-sdk/resource/organization.rb

@@ -0,0 +1,12 @@
+class Stormpath::Resource::Organization < Stormpath::Resource::Instance
+  include Stormpath::Resource::CustomDataStorage
+
+  prop_accessor :name, :description, :name_key, :status, :account_store_mappings,
+    :default_account_store_mapping, :default_group_store_mapping
+
+  has_many :groups
+  has_many :accounts
+  belongs_to :tenant
+
+  has_one :custom_data
+end

data/lib/stormpath-sdk/resource/organization_account_store_mapping.rb

@@ -0,0 +1,6 @@
+class Stormpath::Resource::OrganizationAccountStoreMapping < Stormpath::Resource::Instance
+  prop_accessor :is_default_account_store, :is_default_group_store, :list_index
+
+  belongs_to :organization
+  belongs_to :account_store
+end

data/lib/stormpath-sdk/resource/verification_email.rb

@@ -0,0 +1,5 @@
+class Stormpath::Resource::VerificationEmail < Stormpath::Resource::Instance
+  prop_accessor :login, :account_store
+
+  belongs_to :application
+end

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.0.0.beta.8'
-  VERSION_DATE = '2015-07-28'
+  VERSION = '1.0.0.beta.9'
+  VERSION_DATE = '2015-12-02'
 end

data/lib/stormpath-sdk.rb

@@ -47,6 +47,11 @@ module Stormpath
     autoload :GroupMembership, 'stormpath-sdk/resource/group_membership'
     autoload :AccountMembership, 'stormpath-sdk/resource/account_membership'
     autoload :PasswordResetToken, 'stormpath-sdk/resource/password_reset_token'
+    autoload :VerificationEmail, 'stormpath-sdk/resource/verification_email'
+    autoload :OauthPolicy, 'stormpath-sdk/resource/oauth_policy'
+    autoload :AccessToken, 'stormpath-sdk/resource/access_token'
+    autoload :Organization, 'stormpath-sdk/resource/organization'
+    autoload :OrganizationAccountStoreMapping, 'stormpath-sdk/resource/organization_account_store_mapping'
   end
 
   module Cache
@@ -94,5 +99,16 @@ module Stormpath
 
   module IdSite
     autoload :IdSiteResult, 'stormpath-sdk/id_site/id_site_result'
+    autoload :Error, 'stormpath-sdk/id_site/error'
   end
-end
+  
+  module Oauth
+    autoload :Authenticator, "stormpath-sdk/oauth/authenticator"
+    autoload :PasswordGrant, "stormpath-sdk/oauth/password_grant"
+    autoload :RefreshToken, "stormpath-sdk/oauth/refresh_token"
+    autoload :PasswordGrantRequest, "stormpath-sdk/oauth/password_grant_request"
+    autoload :RefreshGrantRequest, "stormpath-sdk/oauth/refresh_grant_request"
+    autoload :VerifyAccessToken, "stormpath-sdk/oauth/verify_access_token"
+    autoload :VerifyToken, "stormpath-sdk/oauth/verify_token"
+  end
+end

data/spec/client_spec.rb

@@ -628,6 +628,35 @@ properties
     end
   end
 
+  describe "#organization_account_store_mappings" do
+    let(:organization) do
+      test_api_client.organizations.create name: 'test_organization',
+      name_key: "testorganization"
+    end
+
+    let(:directory) { test_api_client.directories.create name: random_directory_name }
+
+    let(:organization_account_store_mappings) do
+      test_api_client.organization_account_store_mappings.create({
+        account_store: { href: directory.href },
+        organization: { href: organization.href }
+      })
+    end
+
+    after do
+      organization.delete if organization
+      directory.delete if directory
+    end
+
+    it "returns the mapping" do
+      expect(organization_account_store_mappings.is_default_account_store).to eq(false)
+      expect(organization_account_store_mappings.is_default_group_store).to eq(false)
+      expect(organization_account_store_mappings.organization).to eq(organization)
+      expect(organization_account_store_mappings.list_index).to eq(0)
+      expect(organization_account_store_mappings.account_store).to be_kind_of(Stormpath::Resource::Directory)
+    end
+  end
+
   describe '#accounts.verify_account_email' do
     context 'given a verfication token of an account' do
       let(:directory) { test_directory_with_verification }

data/spec/resource/account_spec.rb

@@ -39,12 +39,20 @@ describe Stormpath::Resource::Account, :vcr do
       expect(account.email_verification_token).to be_nil
       expect(account.groups).to be_a Stormpath::Resource::Collection
       expect(account.group_memberships).to be_a Stormpath::Resource::Collection
+      expect(account.applications).to be_a Stormpath::Resource::Collection
     end
   end
 
   describe 'account_associations' do
+    let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
+    let(:application) { test_api_client.applications.get app.href }
     let(:directory) { test_api_client.directories.create name: random_directory_name }
 
+    before do
+      test_api_client.account_store_mappings.create({ application: app, account_store: directory,
+        list_index: 1, is_default_account_store: true, is_default_group_store: true })
+    end
+
     let(:account) do
       directory.accounts.create email: 'test@example.com',
           givenName: 'Ruby SDK',
@@ -57,12 +65,17 @@ describe Stormpath::Resource::Account, :vcr do
       expect(account.directory).to eq(directory)
     end
 
+    it 'should have many applications' do
+      expect(account.applications.count).to eq(1)
+    end
+
     it 'should belong_to tenant' do
       expect(account.tenant).to be
       expect(account.tenant).to eq(account.directory.tenant)
     end
 
     after do
+      application.delete if application
       account.delete if account
       directory.delete if directory
     end

data/spec/resource/application_spec.rb

@@ -5,6 +5,7 @@ describe Stormpath::Resource::Application, :vcr do
   let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
   let(:application) { test_api_client.applications.get app.href }
   let(:directory) { test_api_client.directories.create name: random_directory_name }
+  let(:directory_with_verification) { test_directory_with_verification }
 
   before do
    test_api_client.account_store_mappings.create({ application: app, account_store: directory,
@@ -34,6 +35,7 @@ describe Stormpath::Resource::Application, :vcr do
     expect(application.groups).to be_a Stormpath::Resource::Collection
     expect(application.accounts).to be_a Stormpath::Resource::Collection
     expect(application.password_reset_tokens).to be_a Stormpath::Resource::Collection
+    expect(application.verification_emails).to be_a Stormpath::Resource::Collection
     expect(application.account_store_mappings).to be_a Stormpath::Resource::Collection
   end
 
@@ -236,6 +238,125 @@ describe Stormpath::Resource::Application, :vcr do
     end
   end
 
+  describe '#verification_emails' do
+    let(:directory_with_verification) { test_directory_with_verification }
+
+    before do
+      test_api_client.account_store_mappings.create({ application: app, account_store: directory_with_verification,
+        list_index: 1, is_default_account_store: false, is_default_group_store: false })
+    end
+
+    let(:account) do
+      directory_with_verification.accounts.create({
+        email: random_email,
+        given_name: 'Ruby SDK',
+        password: 'P@$$w0rd',
+        surname: 'SDK',
+        username: random_user_name
+      })
+    end
+
+    let(:verification_emails) do
+      application.verification_emails.create(login: account.email)
+    end
+
+    after do
+      account.delete if account
+    end
+
+    it 'returns verification email' do
+      expect(verification_emails).to be_kind_of Stormpath::Resource::VerificationEmail
+    end
+  end
+
+  describe 'create_login_attempt' do
+    let(:account) do
+      directory.accounts.create({
+        email: random_email,
+        given_name: 'Ruby SDK',
+        password: 'P@$$w0rd',
+        surname: 'SDK',
+        username: random_user_name
+      })
+    end
+
+    context 'valid credentials' do
+      let(:username_password_request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(
+          account.email,
+          "P@$$w0rd"
+        )
+      end
+
+      let(:auth_request) { application.authenticate_account(username_password_request) }
+
+      it 'returns login attempt response' do
+        expect(auth_request).to be_kind_of Stormpath::Authentication::AuthenticationResult
+      end
+
+      it 'containes account data' do
+        expect(auth_request.account.href).to eq(account.href) 
+      end
+    end
+
+    context 'with organization as account store option' do
+      def create_organization_account_store_mapping(organization, account_store)
+        test_api_client.organization_account_store_mappings.create({
+          account_store: { href: account_store.href },
+          organization: { href: organization.href }
+        })
+      end
+
+      let(:organization) do 
+        test_api_client.organizations.create name: 'test_organization',
+           name_key: "testorganization"
+      end
+
+      let(:username_password_request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(
+          account.email,
+          "P@$$w0rd",
+          account_store: organization.name_key
+        )
+      end
+
+      let(:auth_request) { application.authenticate_account(username_password_request) }
+
+      before do
+        create_organization_account_store_mapping(organization, directory)
+      end
+
+      after do
+        organization.delete if organization
+      end
+
+      it 'returns login attempt response' do
+        expect(auth_request).to be_kind_of Stormpath::Authentication::AuthenticationResult
+      end
+
+      it 'containes account data' do
+        expect(auth_request.account.href).to eq(account.href)
+      end
+    end
+
+    context 'with invalid credentials' do
+      let(:username_password_request) do
+        Stormpath::Authentication::UsernamePasswordRequest.new(
+          account.email,
+          "invalid"
+        )
+      end
+
+      let(:auth_request) { application.authenticate_account(username_password_request) }
+
+      it 'returns stormpath error' do
+        expect { 
+          auth_request 
+        }.to raise_error(Stormpath::Error)
+      end 
+    end
+  end
+
   describe '#verify_password_reset_token' do
     let(:account) do
       directory.accounts.create({
@@ -338,6 +459,25 @@ describe Stormpath::Resource::Application, :vcr do
       it 'shoud create a request to /sso/logout' do
       end
     end
+
+    context 'without providing cb_uri' do
+      let(:create_id_site_url_result) do
+        options = { callback_uri: '' }
+        application.create_id_site_url options
+      end
+
+      it 'should raise Stormpath Error with correct id_site error data' do
+        begin
+          create_id_site_url_result
+        rescue Stormpath::Error => error
+          expect(error.status).to eq(400)
+          expect(error.code).to eq(400)
+          expect(error.message).to eq("The specified callback URI (cb_uri) is not valid")
+          expect(error.developer_message).to eq("The specified callback URI (cb_uri) is not valid. Make sure the "\
+            "callback URI specified in your ID Site configuration matches the value specified.")
+        end 
+      end
+    end
   end
 
   describe '#handle_id_site_callback' do
@@ -399,10 +539,21 @@ describe Stormpath::Resource::Application, :vcr do
         }, test_api_key_secret, 'HS256')
       }
 
+      it 'should raise Stormpath Error with correct data' do
+        begin
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        rescue Stormpath::Error => error
+          expect(error.status).to eq(400)
+          expect(error.code).to eq(10011)
+          expect(error.message).to eq("Token is invalid")
+          expect(error.developer_message).to eq("Token is no longer valid because it has expired")
+        end
+      end
+
       it 'should raise expiration error' do
         expect {
           application.handle_id_site_callback(callback_uri_base + jwt_token)
-        }.to raise_error(JWT::DecodeError)
+        }.to raise_error(Stormpath::Error)
       end
     end
 
@@ -423,6 +574,18 @@ describe Stormpath::Resource::Application, :vcr do
           application.handle_id_site_callback(callback_uri_base + jwt_token)
         }.to raise_error(Stormpath::Error)
       end
+
+      it 'should raise Stormpath Error with correct id_site error data' do
+        begin
+          application.handle_id_site_callback(callback_uri_base + jwt_token)
+        rescue Stormpath::Error => error
+          expect(error.status).to eq(400)
+          expect(error.code).to eq(10012)
+          expect(error.message).to eq("Token is invalid")
+          expect(error.developer_message).to eq("Token is invalid because the issued at time (iat) "\
+            "is after the current time")
+        end
+      end
     end
 
     context 'with an invalid exp value' do
@@ -438,10 +601,10 @@ describe Stormpath::Resource::Application, :vcr do
         }, test_api_key_secret, 'HS256')
       }
 
-      it 'should error with the expiration error' do
+      it 'should error with the stormpath error' do  
         expect {
           application.handle_id_site_callback(callback_uri_base + jwt_token)
-        }.to raise_error(JWT::DecodeError)
+        }.to raise_error(Stormpath::Error)
       end
     end
 
@@ -464,4 +627,81 @@ describe Stormpath::Resource::Application, :vcr do
       end
     end
   end
+
+  describe '#authenticate_oauth' do
+    let(:account_data) { build_account }
+    let(:password_grant_request) { Stormpath::Oauth::PasswordGrantRequest.new account_data[:email], account_data[:password] }
+    let(:aquire_token) { application.authenticate_oauth(password_grant_request) }
+
+    before do
+      application.accounts.create account_data
+    end
+  
+    context 'generate access token' do
+      let(:password_grant_request) { Stormpath::Oauth::PasswordGrantRequest.new account_data[:email], account_data[:password] }
+      let(:authenticate_oauth) { application.authenticate_oauth(password_grant_request) }
+
+      it 'should return access token response' do
+        expect(authenticate_oauth).to be_kind_of(Stormpath::Resource::AccessToken)
+      end
+
+      it 'response should contain token data' do
+        expect(authenticate_oauth.access_token).not_to be_empty
+        expect(authenticate_oauth.refresh_token).not_to be_empty
+        expect(authenticate_oauth.token_type).not_to be_empty
+        expect(authenticate_oauth.expires_in).not_to be_nil
+        expect(authenticate_oauth.stormpath_access_token_href).not_to be_empty
+      end
+    end
+
+    context 'refresh token' do
+      let(:refresh_grant_request) { Stormpath::Oauth::RefreshGrantRequest.new aquire_token.refresh_token }
+      let(:authenticate_oauth) { application.authenticate_oauth(refresh_grant_request) }
+
+      it 'should return access token response with refreshed token' do
+        expect(authenticate_oauth).to be_kind_of(Stormpath::Resource::AccessToken)
+      end
+
+      it 'refreshed token is not the same as previous one' do
+        expect(authenticate_oauth.access_token).not_to be_equal(aquire_token.access_token)
+      end
+
+      it 'returens success with data' do
+        expect(authenticate_oauth.access_token).not_to be_empty
+        expect(authenticate_oauth.refresh_token).not_to be_empty
+        expect(authenticate_oauth.token_type).not_to be_empty
+        expect(authenticate_oauth.expires_in).not_to be_nil
+        expect(authenticate_oauth.stormpath_access_token_href).not_to be_empty
+      end
+    end
+
+    context 'validate access token' do
+      let(:access_token) { aquire_token.access_token }
+      let(:authenticate_oauth) { Stormpath::Oauth::VerifyAccessToken.new(application).verify(access_token) }
+
+      it 'should return authentication result response' do
+        expect(authenticate_oauth).to be_kind_of(Stormpath::Oauth::VerifyToken)
+      end
+
+      it 'returens success on valid token' do
+        expect(authenticate_oauth.href).not_to be_empty 
+        expect(authenticate_oauth.account).not_to be_empty 
+        expect(authenticate_oauth.application).not_to be_empty 
+        expect(authenticate_oauth.jwt).not_to be_empty 
+        expect(authenticate_oauth.tenant).not_to be_empty 
+        expect(authenticate_oauth.expanded_jwt).not_to be_empty 
+      end
+    end
+
+    context 'delete token' do
+      it 'after token was deleted user can authenticate with the same token' do
+        access_token = aquire_token.access_token
+        aquire_token.delete
+
+        expect {
+          Stormpath::Oauth::VerifyAccessToken.new(application).verify(access_token)
+        }.to raise_error(Stormpath::Error)
+      end
+    end
+  end
 end

data/spec/resource/directory_spec.rb

@@ -3,10 +3,19 @@ require 'spec_helper'
 describe Stormpath::Resource::Directory, :vcr do
 
   describe "instances should respond to attribute property methods" do
+    let(:app) { test_api_client.applications.create name: random_application_name, description: 'Dummy desc.' }
+    let(:application) { test_api_client.applications.get app.href }
     let(:directory) { test_api_client.directories.create name: random_directory_name, description: 'description_for_some_test_directory' }
+    let(:directory_with_verification) { test_directory_with_verification }
+
+    before do
+      test_api_client.account_store_mappings.create({ application: app, account_store: directory_with_verification,
+        list_index: 1, is_default_account_store: false, is_default_group_store: false })
+    end
 
     after do
       directory.delete if directory
+      application.delete if application
     end
 
     it do

data/spec/resource/organization_spec.rb

@@ -0,0 +1,185 @@
+require 'spec_helper'
+
+describe Stormpath::Resource::Organization, :vcr do
+
+  let(:organization) do 
+    test_api_client.organizations.create name: 'test_organization',
+       name_key: "testorganization"
+  end
+
+  after do
+    organization.delete if organization
+  end
+
+  def create_organization_account_store_mapping(organization, account_store)
+    test_api_client.organization_account_store_mappings.create({
+      account_store: { href: account_store.href },
+      organization: { href: organization.href }
+    })
+  end
+
+  describe 'get resource' do
+    let(:fetched_organization) { test_api_client.organizations.get organization.href }
+
+    it 'returns the organization resource with correct attribute properties' do
+      expect(fetched_organization).to be_kind_of(Stormpath::Resource::Organization)
+      expect(fetched_organization.name).to eq(organization.name)
+      expect(fetched_organization.description).to eq(organization.description)
+      expect(fetched_organization.name_key).to eq(organization.name_key)
+      expect(fetched_organization.status).to eq(organization.status)
+      expect(fetched_organization.account_store_mappings).to eq(organization.account_store_mappings)
+      expect(fetched_organization.default_account_store_mapping).to eq(organization.default_account_store_mapping)
+      expect(fetched_organization.default_group_store_mapping).to eq(organization.default_group_store_mapping)
+    end
+
+    it 'returns custom_data' do
+      expect(organization.custom_data).to be_a Stormpath::Resource::CustomData
+    end
+  end
+
+  describe 'create' do
+    context 'invalid data' do
+      it 'should raise Stormpath::Error' do
+        expect do
+          test_api_client.organizations.create name: 'test_organization',
+            name_key: "test_org"
+        end.to raise_error(Stormpath::Error)
+      end
+    end
+  end
+
+  describe 'associations' do
+    context 'groups' do
+
+      let(:directory) { test_api_client.directories.create name: random_directory_name }    
+    
+      let(:group) { directory.groups.create name: "test_group" }    
+
+      before do 
+        create_organization_account_store_mapping(organization, group)
+      end
+
+      after do
+        organization.delete if organization
+        directory.delete if directory
+      end
+
+      it 'returns a collection of groups' do
+        expect(organization.groups).to be_kind_of(Stormpath::Resource::Collection)
+        expect(organization.groups).to include(group)
+      end
+    end 
+
+    context 'accounts' do
+      let(:directory) { test_api_client.directories.create name: random_directory_name }    
+
+      let(:account) { directory.accounts.create({ email: 'rubysdk@example.com', given_name: 'Ruby SDK', password: 'P@$$w0rd',surname: 'SDK' }) }
+    
+      before do 
+        create_organization_account_store_mapping(organization, directory)
+      end
+
+      after do
+        organization.delete if organization
+        directory.delete if directory
+      end
+
+      it 'returns a collection of groups' do
+        expect(organization.accounts).to be_kind_of(Stormpath::Resource::Collection)
+        expect(organization.accounts).to include(account)
+      end
+    end
+
+    context 'tenant' do
+      let(:directory) { test_api_client.directories.create name: random_directory_name }    
+    
+      before do 
+        create_organization_account_store_mapping(organization, directory)
+      end
+
+      after do
+        organization.delete if organization
+        directory.delete if directory
+      end
+
+      it 'returns tenant' do
+        expect(organization.tenant).to eq(directory.tenant)
+      end
+    end
+  end
+
+  describe 'delete' do
+    let(:href) { organization.href }
+
+    before do
+      organization.delete
+    end
+
+    it 'removes the organization' do
+      expect do
+        test_api_client.organizations.get href
+      end.to raise_error(Stormpath::Error)
+    end
+  end
+
+  describe 'update' do
+    before do
+      organization.name_key = "changed-test-organization"
+      organization.save
+    end
+
+    it 'can change the data of the existing organization' do
+      org = test_api_client.organizations.get organization.href
+      expect(org.name_key).to eq("changed-test-organization")
+    end
+  end
+
+  describe 'organization account store mapping' do
+    context 'given an account_store is a directory' do
+      let(:directory) { test_api_client.directories.create name: random_directory_name }    
+
+      let(:organization_account_store_mapping) do
+        create_organization_account_store_mapping(organization, directory)
+      end
+  
+      let(:reloaded_mapping) do
+        test_api_client.account_store_mappings.get organization_account_store_mapping.href
+      end
+
+      after do
+        organization.delete if organization
+        directory.delete if directory
+      end
+
+      it 'should return a directory' do
+        expect(reloaded_mapping.account_store.class).to eq(Stormpath::Resource::Directory)
+        expect(reloaded_mapping.account_store).to eq(directory)
+      end
+    end
+
+    context 'given an account_store is a group' do
+      let(:directory) { test_api_client.directories.create name: random_directory_name }    
+    
+      let(:group) { directory.groups.create name: "test_group" }    
+
+      let(:organization_account_store_mapping) do
+        create_organization_account_store_mapping(organization, group)
+      end
+
+      let(:reloaded_mapping) do
+        test_api_client.account_store_mappings.get organization_account_store_mapping.href
+      end
+
+      after do
+        organization.delete if organization
+        group.delete if group
+        directory.delete if directory
+      end
+
+      it 'should return group' do
+        expect(reloaded_mapping.account_store.class).to eq(Stormpath::Resource::Group)
+        expect(reloaded_mapping.account_store).to eq(group)
+      end
+    end
+  end
+end

data/spec/support/custom_data_storage_behavior.rb

@@ -74,7 +74,7 @@ shared_examples_for 'custom_data_storage' do
   RESERVED_FIELDS.each do |reserved_field|
     it "set reserved data #{reserved_field} should raise error" do
       custom_data_storage.custom_data[reserved_field] = 12
-      expect{ custom_data_storage.custom_data.save }.to raise_error
+      expect{ custom_data_storage.custom_data.save }.to raise_error Stormpath::Error
     end
   end
 
@@ -388,4 +388,4 @@ shared_examples_for 'custom_data_storage' do
   def deleted_properties
     custom_data_storage.custom_data.instance_variable_get("@deleted_properties")
   end
-end
+end

data/stormpath-sdk.gemspec

@@ -34,4 +34,4 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'redis', '~> 3.0.4'
 
   s.rdoc_options = ['--line-numbers', '--inline-source', '--title', 'stormpath-sdk', '--main']
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stormpath-sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta.8
+  version: 1.0.0.beta.9
 platform: ruby
 authors:
 - Stormpath, Inc
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-28 00:00:00.000000000 Z
+date: 2015-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -283,7 +283,15 @@ files:
 - lib/stormpath-sdk/http/request.rb
 - lib/stormpath-sdk/http/response.rb
 - lib/stormpath-sdk/http/utils.rb
+- lib/stormpath-sdk/id_site/error.rb
 - lib/stormpath-sdk/id_site/id_site_result.rb
+- lib/stormpath-sdk/oauth/authenticator.rb
+- lib/stormpath-sdk/oauth/password_grant.rb
+- lib/stormpath-sdk/oauth/password_grant_request.rb
+- lib/stormpath-sdk/oauth/refresh_grant_request.rb
+- lib/stormpath-sdk/oauth/refresh_token.rb
+- lib/stormpath-sdk/oauth/verify_access_token.rb
+- lib/stormpath-sdk/oauth/verify_token.rb
 - lib/stormpath-sdk/provider/account_access.rb
 - lib/stormpath-sdk/provider/account_request.rb
 - lib/stormpath-sdk/provider/account_resolver.rb
@@ -296,6 +304,7 @@ files:
 - lib/stormpath-sdk/provider/provider_data.rb
 - lib/stormpath-sdk/provider/stormpath/stormpath_provider.rb
 - lib/stormpath-sdk/provider/stormpath/stormpath_provider_data.rb
+- lib/stormpath-sdk/resource/access_token.rb
 - lib/stormpath-sdk/resource/account.rb
 - lib/stormpath-sdk/resource/account_membership.rb
 - lib/stormpath-sdk/resource/account_status.rb
@@ -315,10 +324,14 @@ files:
 - lib/stormpath-sdk/resource/group.rb
 - lib/stormpath-sdk/resource/group_membership.rb
 - lib/stormpath-sdk/resource/instance.rb
+- lib/stormpath-sdk/resource/oauth_policy.rb
+- lib/stormpath-sdk/resource/organization.rb
+- lib/stormpath-sdk/resource/organization_account_store_mapping.rb
 - lib/stormpath-sdk/resource/password_reset_token.rb
 - lib/stormpath-sdk/resource/status.rb
 - lib/stormpath-sdk/resource/tenant.rb
 - lib/stormpath-sdk/resource/utils.rb
+- lib/stormpath-sdk/resource/verification_email.rb
 - lib/stormpath-sdk/util/assert.rb
 - lib/stormpath-sdk/version.rb
 - spec/api_key_spec.rb
@@ -342,6 +355,7 @@ files:
 - spec/resource/expansion_spec.rb
 - spec/resource/group_membership_spec.rb
 - spec/resource/group_spec.rb
+- spec/resource/organization_spec.rb
 - spec/resource/status_spec.rb
 - spec/resource/tenant_spec.rb
 - spec/spec_helper.rb
@@ -382,3 +396,4 @@ signing_key:
 specification_version: 4
 summary: Stormpath SDK
 test_files: []
+has_rdoc: