stormpath-sdk 1.1.1 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +7 -0
- data/lib/stormpath-sdk.rb +4 -2
- data/lib/stormpath-sdk/client.rb +2 -0
- data/lib/stormpath-sdk/oauth/access_token_authentication_result.rb +33 -0
- data/lib/stormpath-sdk/oauth/authenticator.rb +4 -4
- data/lib/stormpath-sdk/{id_site → oauth}/error.rb +2 -3
- data/lib/stormpath-sdk/resource/access_token.rb +7 -8
- data/lib/stormpath-sdk/resource/account.rb +3 -0
- data/lib/stormpath-sdk/resource/application.rb +3 -3
- data/lib/stormpath-sdk/resource/refresh_token.rb +6 -0
- data/lib/stormpath-sdk/version.rb +2 -2
- data/spec/oauth/access_token_authentication_result_spec.rb +52 -0
- data/spec/resource/application_spec.rb +4 -4
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3bb456ac02d7a55749cc5ba260573ceea9895391
|
|
4
|
+
data.tar.gz: 7c33b5d39a0fc8946706d0bf4411a701468189af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc430c17fcdbb63e14d13cae91ee3891f747c0cab30d48a68897d621db3ea053b5f6a055a9add76faaebb43ec253c7fe1843252f3152ead070724b9a70a631e0
|
|
7
|
+
data.tar.gz: 01cc90dc615a9e0f39e7ffe085acfd4063204d7e22663fcfb49577391053f3cc39e241ce6ab10fa8db294ce3e7ec543e2c39284dc9b9b9999d9e90dad873691a
|
data/CHANGES.md
CHANGED
data/lib/stormpath-sdk.rb
CHANGED
|
@@ -50,6 +50,7 @@ module Stormpath
|
|
|
50
50
|
autoload :VerificationEmail, 'stormpath-sdk/resource/verification_email'
|
|
51
51
|
autoload :OauthPolicy, 'stormpath-sdk/resource/oauth_policy'
|
|
52
52
|
autoload :AccessToken, 'stormpath-sdk/resource/access_token'
|
|
53
|
+
autoload :RefreshToken, 'stormpath-sdk/resource/refresh_token'
|
|
53
54
|
autoload :Organization, 'stormpath-sdk/resource/organization'
|
|
54
55
|
autoload :OrganizationAccountStoreMapping, 'stormpath-sdk/resource/organization_account_store_mapping'
|
|
55
56
|
autoload :AccountOverrides, 'stormpath-sdk/resource/account_overrides'
|
|
@@ -108,9 +109,8 @@ module Stormpath
|
|
|
108
109
|
|
|
109
110
|
module IdSite
|
|
110
111
|
autoload :IdSiteResult, 'stormpath-sdk/id_site/id_site_result'
|
|
111
|
-
autoload :Error, 'stormpath-sdk/id_site/error'
|
|
112
112
|
end
|
|
113
|
-
|
|
113
|
+
|
|
114
114
|
module Oauth
|
|
115
115
|
autoload :Authenticator, "stormpath-sdk/oauth/authenticator"
|
|
116
116
|
autoload :PasswordGrant, "stormpath-sdk/oauth/password_grant"
|
|
@@ -119,6 +119,8 @@ module Stormpath
|
|
|
119
119
|
autoload :RefreshGrantRequest, "stormpath-sdk/oauth/refresh_grant_request"
|
|
120
120
|
autoload :VerifyAccessToken, "stormpath-sdk/oauth/verify_access_token"
|
|
121
121
|
autoload :VerifyToken, "stormpath-sdk/oauth/verify_token"
|
|
122
|
+
autoload :AccessTokenAuthenticationResult, "stormpath-sdk/oauth/access_token_authentication_result"
|
|
123
|
+
autoload :Error, 'stormpath-sdk/oauth/error'
|
|
122
124
|
autoload :IdSiteGrantRequest, "stormpath-sdk/oauth/id_site_grant_request"
|
|
123
125
|
autoload :IdSiteGrant, "stormpath-sdk/oauth/id_site_grant"
|
|
124
126
|
end
|
data/lib/stormpath-sdk/client.rb
CHANGED
|
@@ -58,6 +58,8 @@ module Stormpath
|
|
|
58
58
|
has_many :group_memberships, href: '/groupMemberships', can: [:get, :create]
|
|
59
59
|
has_many :account_store_mappings, href: '/accountStoreMappings', can: [:get, :create]
|
|
60
60
|
has_many :organization_account_store_mappings, href: '/organizationAccountStoreMappings', can: [:get, :create]
|
|
61
|
+
has_many :access_tokens, href: '/accessTokens', can: [:get]
|
|
62
|
+
has_many :refresh_tokens, href: '/refreshTokens', can: [:get]
|
|
61
63
|
|
|
62
64
|
private
|
|
63
65
|
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module Stormpath
|
|
2
|
+
module Oauth
|
|
3
|
+
class AccessTokenAuthenticationResult < Stormpath::Resource::Instance
|
|
4
|
+
prop_reader :access_token, :refresh_token, :token_type, :expires_in, :stormpath_access_token_href
|
|
5
|
+
|
|
6
|
+
alias_method :href, :stormpath_access_token_href
|
|
7
|
+
|
|
8
|
+
def delete
|
|
9
|
+
unless href.respond_to?(:empty) and href.empty?
|
|
10
|
+
data_store.delete self
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def account
|
|
15
|
+
client.accounts.get(account_href)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
private
|
|
19
|
+
|
|
20
|
+
def account_href
|
|
21
|
+
@account_href ||= jwt_response['sub']
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def jwt_response
|
|
25
|
+
begin
|
|
26
|
+
JWT.decode(access_token, data_store.api_key.secret).first
|
|
27
|
+
rescue JWT::ExpiredSignature => error
|
|
28
|
+
raise Stormpath::Oauth::Error.new(:jwt_expired)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -7,7 +7,7 @@ module Stormpath
|
|
|
7
7
|
@data_store = data_store
|
|
8
8
|
end
|
|
9
9
|
|
|
10
|
-
def authenticate parent_href, request
|
|
10
|
+
def authenticate parent_href, request
|
|
11
11
|
assert_not_nil parent_href, "parent_href must be specified"
|
|
12
12
|
|
|
13
13
|
if request.grant_type == 'password'
|
|
@@ -15,13 +15,13 @@ module Stormpath
|
|
|
15
15
|
elsif request.grant_type == 'refresh_token'
|
|
16
16
|
attempt = @data_store.instantiate RefreshToken
|
|
17
17
|
elsif request.grant_type == 'id_site_token'
|
|
18
|
-
attempt = @data_store.instantiate IdSiteGrant
|
|
18
|
+
attempt = @data_store.instantiate IdSiteGrant
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
attempt.set_options(request)
|
|
22
|
-
|
|
22
|
+
|
|
23
23
|
href = parent_href + '/oauth/token'
|
|
24
|
-
@data_store.create href, attempt, Stormpath::
|
|
24
|
+
@data_store.create href, attempt, Stormpath::Oauth::AccessTokenAuthenticationResult
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
27
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
module Stormpath
|
|
2
|
-
module
|
|
2
|
+
module Oauth
|
|
3
3
|
class Error < Stormpath::Error
|
|
4
4
|
attr_accessor :status, :code, :message, :developer_message, :more_info
|
|
5
5
|
|
|
@@ -27,7 +27,7 @@ module Stormpath
|
|
|
27
27
|
code: 10011,
|
|
28
28
|
message: "Token is invalid",
|
|
29
29
|
developer_message: "Token is no longer valid because it has expired"
|
|
30
|
-
},
|
|
30
|
+
},
|
|
31
31
|
jwt_invalid: {
|
|
32
32
|
status: 400,
|
|
33
33
|
code: 10012,
|
|
@@ -39,4 +39,3 @@ module Stormpath
|
|
|
39
39
|
end
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
|
-
|
|
@@ -1,12 +1,11 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
1
|
+
module Stormpath
|
|
2
|
+
module Resource
|
|
3
|
+
class AccessToken < Stormpath::Resource::Instance
|
|
4
|
+
prop_reader :jwt, :expanded_jwt
|
|
4
5
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
unless href.respond_to?(:empty) and href.empty?
|
|
9
|
-
data_store.delete self
|
|
6
|
+
belongs_to :account
|
|
7
|
+
belongs_to :application
|
|
8
|
+
belongs_to :tenant
|
|
10
9
|
end
|
|
11
10
|
end
|
|
12
11
|
end
|
|
@@ -61,7 +61,7 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
|
|
|
61
61
|
base += '/logout' if options[:logout]
|
|
62
62
|
|
|
63
63
|
if options[:callback_uri].empty?
|
|
64
|
-
raise Stormpath::
|
|
64
|
+
raise Stormpath::Oauth::Error.new(:jwt_cb_uri_incorrect)
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
token = JWT.encode(jwt_token_payload(options), client.data_store.api_key.secret, 'HS256')
|
|
@@ -80,13 +80,13 @@ class Stormpath::Resource::Application < Stormpath::Resource::Instance
|
|
|
80
80
|
rescue JWT::ExpiredSignature => error
|
|
81
81
|
# JWT raises error if the signature expired, we need to capture this and
|
|
82
82
|
# rerase IdSite::Error
|
|
83
|
-
raise Stormpath::
|
|
83
|
+
raise Stormpath::Oauth::Error.new(:jwt_expired)
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
id_site_result = Stormpath::IdSite::IdSiteResult.new(jwt_response)
|
|
87
87
|
|
|
88
88
|
if id_site_result.jwt_invalid?(api_key_id)
|
|
89
|
-
raise Stormpath::
|
|
89
|
+
raise Stormpath::Oauth::Error.new(:jwt_invalid)
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
id_site_result
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Stormpath::Oauth::AccessTokenAuthenticationResult, :vcr do
|
|
4
|
+
let(:account_data) { build_account(email: email, password: password) }
|
|
5
|
+
|
|
6
|
+
let(:email) { random_email }
|
|
7
|
+
|
|
8
|
+
let(:password) { 'P@$$w0rd' }
|
|
9
|
+
|
|
10
|
+
let(:account) { test_application.accounts.create(account_data) }
|
|
11
|
+
|
|
12
|
+
let(:password_grant_request) { Stormpath::Oauth::PasswordGrantRequest.new(email, password) }
|
|
13
|
+
|
|
14
|
+
let(:jwt_authentication_result) do
|
|
15
|
+
test_application.authenticate_oauth(password_grant_request)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
before { account }
|
|
19
|
+
after { account.delete }
|
|
20
|
+
|
|
21
|
+
it 'instances should expose a method to get an account' do
|
|
22
|
+
expect(jwt_authentication_result.account).to eq(account)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
it 'should be able to delete the access token' do
|
|
26
|
+
jwt_authentication_result
|
|
27
|
+
|
|
28
|
+
expect(account.access_tokens.count).to eq(1)
|
|
29
|
+
|
|
30
|
+
jti = JWT.decode(jwt_authentication_result.access_token, test_api_client.data_store.api_key.secret).first['jti']
|
|
31
|
+
|
|
32
|
+
fetched_access_token = test_api_client.access_tokens.get(jti)
|
|
33
|
+
|
|
34
|
+
fetched_access_token.delete
|
|
35
|
+
|
|
36
|
+
expect(account.access_tokens.count).to eq(0)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it 'should be able to delete the refresh token' do
|
|
40
|
+
jwt_authentication_result
|
|
41
|
+
|
|
42
|
+
expect(account.refresh_tokens.count).to eq(1)
|
|
43
|
+
|
|
44
|
+
jti = JWT.decode(jwt_authentication_result.refresh_token, test_api_client.data_store.api_key.secret).first['jti']
|
|
45
|
+
|
|
46
|
+
fetched_refresh_token = test_api_client.refresh_tokens.get(jti)
|
|
47
|
+
|
|
48
|
+
fetched_refresh_token.delete
|
|
49
|
+
|
|
50
|
+
expect(account.refresh_tokens.count).to eq(0)
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -1047,7 +1047,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1047
1047
|
let(:authenticate_oauth) { application.authenticate_oauth(password_grant_request) }
|
|
1048
1048
|
|
|
1049
1049
|
it 'should return access token response' do
|
|
1050
|
-
expect(authenticate_oauth).to be_kind_of(Stormpath::
|
|
1050
|
+
expect(authenticate_oauth).to be_kind_of(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
1051
1051
|
end
|
|
1052
1052
|
|
|
1053
1053
|
it 'response should contain token data' do
|
|
@@ -1085,7 +1085,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1085
1085
|
}
|
|
1086
1086
|
|
|
1087
1087
|
it 'should create a jwtRequest that is signed wit the client secret' do
|
|
1088
|
-
allow(application.client.data_store).to receive(:create).and_return(Stormpath::
|
|
1088
|
+
allow(application.client.data_store).to receive(:create).and_return(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
1089
1089
|
expect(application.client.data_store).to receive(:instantiate)
|
|
1090
1090
|
.with(Stormpath::Oauth::IdSiteGrant)
|
|
1091
1091
|
.and_return(Stormpath::Oauth::IdSiteGrant.new({}, application.client))
|
|
@@ -1093,7 +1093,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1093
1093
|
grant_request = Stormpath::Oauth::IdSiteGrantRequest.new jwt_token
|
|
1094
1094
|
response = application.authenticate_oauth(grant_request)
|
|
1095
1095
|
|
|
1096
|
-
expect(response).to be(Stormpath::
|
|
1096
|
+
expect(response).to be(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
1097
1097
|
end
|
|
1098
1098
|
end
|
|
1099
1099
|
|
|
@@ -1102,7 +1102,7 @@ describe Stormpath::Resource::Application, :vcr do
|
|
|
1102
1102
|
let(:authenticate_oauth) { application.authenticate_oauth(refresh_grant_request) }
|
|
1103
1103
|
|
|
1104
1104
|
it 'should return access token response with refreshed token' do
|
|
1105
|
-
expect(authenticate_oauth).to be_kind_of(Stormpath::
|
|
1105
|
+
expect(authenticate_oauth).to be_kind_of(Stormpath::Oauth::AccessTokenAuthenticationResult)
|
|
1106
1106
|
end
|
|
1107
1107
|
|
|
1108
1108
|
it 'refreshed token is not the same as previous one' do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stormpath-sdk
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stormpath, Inc
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-05-
|
|
12
|
+
date: 2016-05-24 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: multi_json
|
|
@@ -311,9 +311,10 @@ files:
|
|
|
311
311
|
- lib/stormpath-sdk/http/request.rb
|
|
312
312
|
- lib/stormpath-sdk/http/response.rb
|
|
313
313
|
- lib/stormpath-sdk/http/utils.rb
|
|
314
|
-
- lib/stormpath-sdk/id_site/error.rb
|
|
315
314
|
- lib/stormpath-sdk/id_site/id_site_result.rb
|
|
315
|
+
- lib/stormpath-sdk/oauth/access_token_authentication_result.rb
|
|
316
316
|
- lib/stormpath-sdk/oauth/authenticator.rb
|
|
317
|
+
- lib/stormpath-sdk/oauth/error.rb
|
|
317
318
|
- lib/stormpath-sdk/oauth/id_site_grant.rb
|
|
318
319
|
- lib/stormpath-sdk/oauth/id_site_grant_request.rb
|
|
319
320
|
- lib/stormpath-sdk/oauth/password_grant.rb
|
|
@@ -367,6 +368,7 @@ files:
|
|
|
367
368
|
- lib/stormpath-sdk/resource/organization.rb
|
|
368
369
|
- lib/stormpath-sdk/resource/organization_account_store_mapping.rb
|
|
369
370
|
- lib/stormpath-sdk/resource/password_reset_token.rb
|
|
371
|
+
- lib/stormpath-sdk/resource/refresh_token.rb
|
|
370
372
|
- lib/stormpath-sdk/resource/status.rb
|
|
371
373
|
- lib/stormpath-sdk/resource/tenant.rb
|
|
372
374
|
- lib/stormpath-sdk/resource/utils.rb
|
|
@@ -385,6 +387,7 @@ files:
|
|
|
385
387
|
- spec/fixtures/response/create_saml_directory_mapping_rules.json
|
|
386
388
|
- spec/fixtures/response/get_saml_directory_provider.json
|
|
387
389
|
- spec/fixtures/response/get_saml_directory_provider_metadata.json
|
|
390
|
+
- spec/oauth/access_token_authentication_result_spec.rb
|
|
388
391
|
- spec/provider/account_resolver_spec.rb
|
|
389
392
|
- spec/provider/provider_spec.rb
|
|
390
393
|
- spec/resource/account_spec.rb
|