stormpath-sdk 1.3.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c94bbec690d16f6c04eda0f7e46dd79c9406747
-  data.tar.gz: 10271a383fb9537813d22cacc1646df9c67b709d
+  metadata.gz: f4ee6a6b7b3e99f340ad7056d571cc497cc47163
+  data.tar.gz: b4191c5270f3d690590d288553609fdef02a4174
 SHA512:
-  metadata.gz: 284ad0976afabc1777161def9266669f855f2eb3bcb6eaaa026bb66e195de22537da218f7cea5b33d68554202d28d5f4714e39e9c7e0e01f91de2b94dabf68e0
-  data.tar.gz: dc7e80f1a5501e989c7fab8f5b1f2ee889b3c71ae9f75bb1a91bb023e593bed70c83d8ee6bf1da8288556f73a709405c9f6245a12d2019f6d469326a1ff07c59
+  metadata.gz: f7600ac17e42f60a5b62df5d396a5534fa9907b19cbd1ce77115846c7df88dbfe0409e9cba0781f5e9261743cd36d4e3de8844aa7d91a03a84213c4a93f42f6c
+  data.tar.gz: 8762d8e4df8a3f557a4f2c48505593d89fd27050a5dd9dc6c2a3e6b3d058c1c18bdf69353412b8608dd90cc55f276b4bae6d4e6c11148cac98aec892b507af68

data/.gitignore

@@ -13,4 +13,4 @@ tmp/*
 *.gem
 .bundle/
 dump.rdb
-.ruby-version
+.ruby-version

data/.travis.yml

@@ -6,8 +6,8 @@ services:
 - redis-server
 - memcached
 before_install:
-  - gem install bundler
+- gem install bundler
 env:
   global:
-  - secure: MeyjZGgySZvpYVRm2i7wkrhvu9KUeU7eQ5aKj7FXqIYlQe3T67k+KKA3Ejp6WC3wUEVPUFseWMZCuNkRc0UeGA5/4e4LLc++XuaZn1jLTm1yNofh/CFAAjt5VdIYz4R7sKxpyLxs0orK2+HcaiCoqSDj7ehw2SlDca9VEi0GoQk=
-  - secure: MrtbhfH1IfwDkkvf0pq6trgj68to/fK4c+L1daKvMaNiNvwggbA3s0ea9QjHxXfWmPqL5bf8Q5N7YqXUw8cLpRPrKUA65JkyhyzIju8FgzXz83aCvjJD+5XhJIGzpLM8qHeKh7F0K6/iURTKIUgZXbguK4HpEeCMrrdPYcof3Ew=
+  - secure: JObfQKlPYrwupzv2ASkCQWD7TMqD6D9OfbVdUe/sot91fVgoQIs7vGlQPYNz6aTgoAZfEKptrzXzA0KOsGKRDjN0MSkY/PevPxdb+81YTDdldKD5GCc5srWVDpwhRJvKU8ufHdrTcvf+Weulu4egUHoqOerlBcexTO/Erbe8/M4=
+  - secure: K24I2/DC4Z6SeosQaR4suZij4yacteVzXqLexJ+LSlxZP7j1T72O3JLtc7/SLm8RFOJkiH/csTgbZmLNAWZO8c0Y4fWAvIC/I1xfoCr57udfQPIe83qdtpVetyYs1BGcqlRboGpqxtOewGHHuHtIge4bjD5l1hHA+WaIdVa4GfI=

data/CHANGES.md

@@ -1,6 +1,14 @@
 stormpath-sdk-ruby Changelog
 ============================
 
+Version 1.4.0
+-------------
+
+Released on November 22, 2016
+
+- Implement Multifactor Authentication with SMS and google-authenticator
+
+
 Version 1.3.1
 -------------
 

data/lib/stormpath-sdk.rb

@@ -60,6 +60,11 @@ module Stormpath
     autoload :PasswordPolicy, 'stormpath-sdk/resource/password_policy'
     autoload :EmailTemplate, 'stormpath-sdk/resource/email_template'
     autoload :PasswordStrength, 'stormpath-sdk/resource/password_strength'
+    autoload :Phone, 'stormpath-sdk/resource/phone'
+    autoload :Factor, 'stormpath-sdk/resource/factor'
+    autoload :Challenge, 'stormpath-sdk/resource/challenge'
+    autoload :Schema, 'stormpath-sdk/resource/schema'
+    autoload :Field, 'stormpath-sdk/resource/field'
   end
 
   module Cache
@@ -80,6 +85,7 @@ module Stormpath
     autoload :BasicAuthenticator, 'stormpath-sdk/auth/basic_authenticator'
     autoload :HttpBasicAuthentication, 'stormpath-sdk/auth/http_basic_authentication'
     autoload :HttpBearerAuthentication, 'stormpath-sdk/auth/http_bearer_authentication'
+    autoload :CreateFactor, 'stormpath-sdk/auth/create_factor'
   end
 
   module Provider
@@ -140,5 +146,7 @@ module Stormpath
     autoload :ClientCredentialsGrant, 'stormpath-sdk/oauth/client_credentials_grant'
     autoload :SocialGrantRequest, 'stormpath-sdk/oauth/social_grant_request'
     autoload :SocialGrant, 'stormpath-sdk/oauth/social_grant'
+    autoload :ChallengeFactorGrantRequest, 'stormpath-sdk/oauth/challenge_factor_grant_request'
+    autoload :ChallengeFactorGrant, 'stormpath-sdk/oauth/challenge_factor_grant'
   end
 end

data/lib/stormpath-sdk/auth/create_factor.rb

@@ -0,0 +1,64 @@
+#
+# Copyright 2012 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module Stormpath
+  module Authentication
+    class CreateFactor < Stormpath::Resource::Base
+      attr_reader :client, :account, :type, :phone, :challenge, :custom_options
+
+      def initialize(client, account, type, options = {})
+        @client = client
+        @account = account
+        @type = determine_type(type)
+        @phone = options[:phone] || nil
+        @challenge = options[:challenge] || nil
+        @custom_options = options[:custom_options] || nil
+      end
+
+      def save
+        data_store.execute_raw_request(href, resource, Stormpath::Resource::Factor)
+      end
+
+      private
+
+      def href
+        "#{account.href}/factors#{'?challenge=true' if challenge}"
+      end
+
+      def resource
+        {}.tap do |body|
+          body[:type] = type
+          body[:phone] = phone if phone
+          body[:challenge] = { message: "#{challenge[:message]} ${code}" } if challenge
+          add_custom_options(body)
+        end
+      end
+
+      def determine_type(type)
+        raise Stormpath::Error unless type == :sms || type == :google_authenticator
+        type.to_s.sub('_', '-')
+      end
+
+      def add_custom_options(body)
+        if custom_options
+          body[:accountName] = custom_options[:account_name] if custom_options[:account_name]
+          body[:issuer] = custom_options[:issuer] if custom_options[:issuer]
+          body[:status] = custom_options[:status] if custom_options[:status]
+        end
+        body
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/data_store.rb

@@ -101,6 +101,21 @@ class Stormpath::DataStore
     return nil
   end
 
+  def execute_raw_request(href, body, klass)
+    request = Request.new('POST', href, nil, {}, body.to_json, @api_key)
+    apply_default_request_headers(request)
+    response = @request_executor.execute_request(request)
+    result = response.body.length > 0 ? MultiJson.load(response.body) : ''
+
+    if response.error?
+      error = Stormpath::Resource::Error.new result
+      raise Stormpath::Error.new(error)
+    end
+
+    cache_walk(result)
+    instantiate(klass, result)
+  end
+
   private
 
     def needs_to_be_fully_qualified?(href)
@@ -296,7 +311,8 @@ class Stormpath::DataStore
           property = resource.get_property name, ignore_camelcasing: ignore_camelcasing
 
           # Special use cases are with Custom Data, Provider and ProviderData, their hashes should not be simplified
-          if property.kind_of?(Hash) and !resource_nested_submittable(resource, name) and name != "items"
+          # As of the implementation for MFA, Phone resource is added too
+          if property.kind_of?(Hash) and !resource_nested_submittable(resource, name) and name != "items" and name != 'phone'
             property = to_simple_reference name, property
           end
 

data/lib/stormpath-sdk/oauth/authenticator.rb

@@ -24,7 +24,8 @@ module Stormpath
         id_site_token: IdSiteGrant,
         stormpath_token: StormpathTokenGrant,
         client_credentials: ClientCredentialsGrant,
-        stormpath_social: SocialGrant
+        stormpath_social: SocialGrant,
+        stormpath_factor_challenge: ChallengeFactorGrant
       }.freeze
     end
   end

data/lib/stormpath-sdk/oauth/challenge_factor_grant.rb

@@ -0,0 +1,25 @@
+module Stormpath
+  module Oauth
+    class ChallengeFactorGrant < Stormpath::Resource::Base
+      prop_accessor :grant_type, :challenge, :code
+
+      def form_properties
+        {
+          grant_type: grant_type,
+          challenge: challenge,
+          code: code
+        }
+      end
+
+      def set_options(request)
+        set_property :grant_type, request.grant_type
+        set_property :challenge, request.challenge
+        set_property :code, request.code
+      end
+
+      def form_data?
+        true
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/oauth/challenge_factor_grant_request.rb

@@ -0,0 +1,16 @@
+module Stormpath
+  module Oauth
+    class ChallengeFactorGrantRequest
+      attr_reader :challenge, :code
+
+      def initialize(challenge, code)
+        @challenge = challenge
+        @code = code
+      end
+
+      def grant_type
+        'stormpath_factor_challenge'
+      end
+    end
+  end
+end

data/lib/stormpath-sdk/resource/account.rb

@@ -40,6 +40,9 @@ class Stormpath::Resource::Account < Stormpath::Resource::Instance
 
   has_many :api_keys, can: [:create]
 
+  has_many :phones, can: [:get, :create]
+  has_many :factors, can: [:get, :create]
+
   def add_group group
     client.group_memberships.create group: group, account: self
   end
@@ -64,4 +67,7 @@ class Stormpath::Resource::Account < Stormpath::Resource::Instance
     instance_variable_set "@_provider_data", provider_data
   end
 
+  def create_factor(type, options = {})
+    Stormpath::Authentication::CreateFactor.new(client, self, type, options).save
+  end
 end

data/lib/stormpath-sdk/resource/account_link.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2012 Stormpath, Inc.
+# Copyright 2016 Stormpath, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/stormpath-sdk/resource/challenge.rb

@@ -0,0 +1,26 @@
+#
+# Copyright 2012 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::Challenge < Stormpath::Resource::Instance
+  prop_accessor :message
+  prop_reader :status, :created_at, :modified_at
+
+  belongs_to :factor
+  belongs_to :account
+
+  def validate(code)
+    data_store.execute_raw_request href, { code: code }, Stormpath::Resource::Challenge
+  end
+end

data/lib/stormpath-sdk/resource/collection.rb

@@ -80,7 +80,6 @@ class Stormpath::Resource::Collection
           iterate(collection_href, client, item_class, criteria, &block)
         end
       end
-
     end
 
     class CollectionPage < Stormpath::Resource::Base

data/lib/stormpath-sdk/resource/directory.rb

@@ -28,6 +28,7 @@ class Stormpath::Resource::Directory < Stormpath::Resource::Instance
   has_one :custom_data
   has_one :password_policy
   has_one :account_creation_policy
+  has_one :account_schema, class_name: :schema
 
   def provider
     internal_instance = instance_variable_get "@_provider"

data/lib/stormpath-sdk/resource/factor.rb

@@ -0,0 +1,26 @@
+#
+# Copyright 2012 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::Factor < Stormpath::Resource::Instance
+  prop_accessor :type, :account_name, :issuer, :status
+  prop_reader :verification_status, :secret, :key_uri, :base64_q_r_image
+  alias_method :qr_code, :base64_q_r_image
+
+  has_many :challenges, can: [:get, :create]
+  has_one :most_recent_challenge, class_name: :challenge
+  has_one :phone
+
+  belongs_to :account
+end

data/lib/stormpath-sdk/resource/field.rb

@@ -0,0 +1,20 @@
+#
+# Copyright 2016 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::Field < Stormpath::Resource::Instance
+  prop_reader :name, :required, :created_at, :modified_at
+
+  belongs_to :schema
+end

data/lib/stormpath-sdk/resource/linked_account.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2012 Stormpath, Inc.
+# Copyright 2016 Stormpath, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/stormpath-sdk/resource/phone.rb

@@ -0,0 +1,21 @@
+#
+# Copyright 2012 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::Phone < Stormpath::Resource::Instance
+  prop_accessor :number, :name, :description
+  prop_reader :verification_status, :status, :created_at, :modified_at
+
+  belongs_to :account
+end

data/lib/stormpath-sdk/resource/schema.rb

@@ -0,0 +1,21 @@
+#
+# Copyright 2016 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Stormpath::Resource::Schema < Stormpath::Resource::Instance
+  prop_reader :created_at, :modified_at
+
+  has_many :fields
+  belongs_to :directory
+end

data/lib/stormpath-sdk/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 module Stormpath
-  VERSION = '1.3.1'
-  VERSION_DATE = '2016-11-07'
+  VERSION = '1.4.0'
+  VERSION_DATE = '2016-11-22'
 end

data/spec/auth/create_factor_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+describe 'CreateFactor', vcr: true do
+  let(:client) { test_api_client }
+  let(:directory) { client.directories.create(directory_attrs) }
+  let(:account) { directory.accounts.create(account_attrs) }
+
+  after { directory.delete }
+
+  context 'type sms' do
+    context 'with challenge' do
+      before do
+        stub_request(:post, "#{account.href}/factors?challenge=true")
+          .to_return(body: Stormpath::Test.mocked_factor_response)
+        stub_request(:get, "#{factor.href}/challenges")
+          .to_return(body: Stormpath::Test.mocked_challenges_response)
+        stub_request(:get, "#{factor.href}/challenges?offset=25")
+          .to_return(body: Stormpath::Test.mocked_challenges_response)
+      end
+      let(:factor) do
+        Stormpath::Authentication::CreateFactor.new(
+          client,
+          account,
+          :sms,
+          phone: { number: '+12025550173',
+                   name: 'Rspec test phone',
+                   description: 'This is a testing phone number' },
+          challenge: { message: 'Enter code please: ' }
+        ).save
+      end
+
+      it 'should create factor' do
+        expect(factor.href).to be
+      end
+    end
+
+    context 'without challenge' do
+      before do
+        stub_request(:post, "#{account.href}/factors")
+          .to_return(body: Stormpath::Test.mocked_factor_response)
+        stub_request(:get, "#{factor.href}/challenges")
+          .to_return(body: Stormpath::Test.mocked_empty_challenge_response)
+        stub_request(:get, "#{factor.href}/challenges?offset=25")
+          .to_return(body: Stormpath::Test.mocked_empty_challenge_response)
+      end
+      let(:factor) do
+        Stormpath::Authentication::CreateFactor.new(
+          client,
+          account,
+          :sms,
+          phone: { number: '+12025550173',
+                   name: 'Rspec test phone',
+                   description: 'This is a testing phone number' }
+        ).save
+      end
+
+      it 'should create factor without challenge' do
+        expect(factor.href).to be
+        expect(factor.challenges.count).to eq 0
+      end
+    end
+  end
+
+  context 'type google-authenticator' do
+    let(:factor) do
+      Stormpath::Authentication::CreateFactor.new(
+        client,
+        account,
+        :google_authenticator,
+        custom_options: {
+          account_name: "marko.cilimkovic#{default_domain}",
+          issuer: 'ACME',
+          status: 'ENABLED'
+        }
+      ).save
+    end
+
+    it 'should create factor' do
+      expect(factor.href).to be
+    end
+  end
+
+  context 'bad type' do
+    let(:factor) do
+      Stormpath::Authentication::CreateFactor.new(client, account, :invalid_factor_type).save
+    end
+
+    it 'should raise error' do
+      expect { factor }.to raise_error(Stormpath::Error)
+    end
+  end
+end