twilio-ruby 5.0.0.rc10 → 5.0.0.rc11

data/spec/jwt/access_token_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+describe Twilio::JWT::AccessToken do
+
+  it 'should generate a token for no grants' do
+    scat = Twilio::JWT::AccessToken.new 'AC123', 'SK123','secret'
+    token = scat.to_s
+    expect(token).not_to be_nil
+    payload, header = JWT.decode token, 'secret'
+
+    expect(payload['iss']).to eq('SK123')
+    expect(payload['sub']).to eq('AC123')
+    expect(payload['exp']).not_to be_nil
+    expect(payload['exp']).to be >= Time.now.to_i
+    expect(payload['jti']).not_to be_nil
+    expect(payload['jti']).to start_with payload['iss']
+    expect(payload['nbf']).to be_nil
+    expect(payload['grants']).not_to be_nil
+    expect(payload['grants'].count).to eq(0)
+  end
+
+  it 'should generate a nbf' do
+    now = Time.now.to_i - 1
+    scat = Twilio::JWT::AccessToken.new 'AC123', 'SK123','secret'
+    scat.identity = 'abc'
+    scat.nbf = now
+
+    token = scat.to_s
+    expect(token).not_to be_nil
+    payload, header = JWT.decode token, 'secret'
+
+    expect(payload['iss']).to eq('SK123')
+    expect(payload['sub']).to eq('AC123')
+    expect(payload['nbf']).not_to be_nil
+    expect(payload['nbf']).to eq(now)
+    expect(payload['exp']).not_to be_nil
+    expect(payload['exp']).to be >= Time.now.to_i
+    expect(payload['jti']).not_to be_nil
+    expect(payload['jti']).to start_with payload['iss']
+    expect(payload['grants']).not_to be_nil
+    expect(payload['grants'].count).to eq(1)
+    expect(payload['grants']['identity']).to eq('abc')
+  end
+
+  it 'should be able to add conversation grant' do
+    scat = Twilio::JWT::AccessToken.new 'AC123', 'SK123','secret'
+    scat.add_grant(Twilio::JWT::AccessToken::ConversationsGrant.new)
+
+    token = scat.to_s
+    expect(token).not_to be_nil
+    payload, header = JWT.decode token, 'secret'
+
+    expect(payload['iss']).to eq('SK123')
+    expect(payload['sub']).to eq('AC123')
+    expect(payload['exp']).not_to be_nil
+    expect(payload['exp']).to be >= Time.now.to_i
+    expect(payload['jti']).not_to be_nil
+    expect(payload['jti']).to start_with payload['iss']
+    expect(payload['grants']).not_to be_nil
+    expect(payload['grants'].count).to eq(1)
+    expect(payload['grants']['rtc']).not_to be_nil
+  end
+
+  it 'should be able to add endpoint grants' do
+    scat = Twilio::JWT::AccessToken.new 'AC123', 'SK123','secret'
+
+    grant = Twilio::JWT::AccessToken::IpMessagingGrant.new
+    grant.push_credential_sid = 'CR123'
+    grant.deployment_role_sid = 'DR123'
+    grant.service_sid = 'IS123'
+    grant.endpoint_id = 'EP123'
+    scat.add_grant(grant)
+
+    token = scat.to_s
+    expect(token).not_to be_nil
+    payload, header = JWT.decode token, 'secret'
+
+    expect(payload['iss']).to eq('SK123')
+    expect(payload['sub']).to eq('AC123')
+    expect(payload['exp']).not_to be_nil
+    expect(payload['exp']).to be >= Time.now.to_i
+    expect(payload['jti']).not_to be_nil
+    expect(payload['jti']).to start_with payload['iss']
+    expect(payload['grants']).not_to be_nil
+    expect(payload['grants'].count).to eq(1)
+    expect(payload['grants']['ip_messaging']).not_to be_nil
+    expect(payload['grants']['ip_messaging']['service_sid']).to eq('IS123')
+    expect(payload['grants']['ip_messaging']['endpoint_id']).to eq('EP123')
+    expect(payload['grants']['ip_messaging']['push_credential_sid']).to eq('CR123')
+    expect(payload['grants']['ip_messaging']['deployment_role_sid']).to eq('DR123')
+  end
+
+  it 'should add rest grants' do
+    scat = Twilio::JWT::AccessToken.new 'AC123', 'SK123','secret'
+    scat.add_grant(Twilio::JWT::AccessToken::ConversationsGrant.new)
+    scat.add_grant(Twilio::JWT::AccessToken::IpMessagingGrant.new)
+
+    token = scat.to_s
+    expect(token).not_to be_nil
+    payload, header = JWT.decode token, 'secret'
+
+    expect(payload['iss']).to eq('SK123')
+    expect(payload['sub']).to eq('AC123')
+    expect(payload['exp']).not_to be_nil
+    expect(payload['exp']).to be >= Time.now.to_i
+    expect(payload['jti']).not_to be_nil
+    expect(payload['jti']).to start_with payload['iss']
+    expect(payload['grants']).not_to be_nil
+    expect(payload['grants'].count).to eq(2)
+    expect(payload['grants']['rtc']).not_to be_nil
+    expect(payload['grants']['ip_messaging']).not_to be_nil
+  end
+
+end

data/spec/{util → jwt}/capability_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe Twilio::Util::Capability do
+describe Twilio::JWT::Capability do
   describe 'config' do
     after(:each) do
       Twilio.instance_variable_set('@configuration', nil)
@@ -12,7 +12,7 @@ describe Twilio::Util::Capability do
         config.auth_token = 'someToken'
       end
 
-      capability = Twilio::Util::Capability.new
+      capability = Twilio::JWT::Capability.new
       expect(capability.instance_variable_get('@account_sid')).to eq('someSid')
       expect(capability.instance_variable_get('@auth_token')).to eq('someToken')
     end
@@ -23,7 +23,7 @@ describe Twilio::Util::Capability do
         config.auth_token = 'someToken'
       end
 
-      capability = Twilio::Util::Capability.new'otherSid', 'otherToken'
+      capability = Twilio::JWT::Capability.new'otherSid', 'otherToken'
       expect(capability.instance_variable_get('@account_sid')).to eq('otherSid')
       expect(capability.instance_variable_get('@auth_token')).to eq('otherToken')
     end
@@ -34,23 +34,23 @@ describe Twilio::Util::Capability do
         config.auth_token = 'someToken'
       end
 
-      capability = Twilio::Util::Capability.new 'otherSid'
+      capability = Twilio::JWT::Capability.new 'otherSid'
       expect(capability.instance_variable_get('@account_sid')).to eq('otherSid')
       expect(capability.instance_variable_get('@auth_token')).to eq('someToken')
     end
 
     it 'should throw an argument error if the sid and token isn\'t set' do
-      expect { Twilio::Util::Capability.new }.to raise_error(ArgumentError)
+      expect { Twilio::JWT::Capability.new }.to raise_error(ArgumentError)
     end
 
     it 'should throw an argument error if only the account_sid is set' do
-      expect { Twilio::Util::Capability.new 'someSid' }.to raise_error(ArgumentError)
+      expect { Twilio::JWT::Capability.new 'someSid' }.to raise_error(ArgumentError)
     end
   end
 
   describe 'with a capability' do
     before :each do
-      @capability = Twilio::Util::Capability.new 'myAccountSid', 'myAuthToken'
+      @capability = Twilio::JWT::Capability.new 'myAccountSid', 'myAuthToken'
     end
 
     def queries(q)
@@ -99,9 +99,9 @@ describe Twilio::Util::Capability do
       token = @capability.generate
       decoded, header = JWT.decode token, 'myAuthToken'
       expect(queries(decoded['scope'])).to eq([
-        ['incoming', {'clientName' => 'andrew'}],
-        ['incoming', {'clientName' => 'bridget'}]
-      ])
+                                                  ['incoming', {'clientName' => 'andrew'}],
+                                                  ['incoming', {'clientName' => 'bridget'}]
+                                              ])
     end
 
     it 'should generate a proper outgoing client scope string' do
@@ -123,19 +123,19 @@ describe Twilio::Util::Capability do
     end
 
     it 'should generate a proper outgoing client scope string based on the ' +
-         'client name when calling #allow_client_incoming first' do
+           'client name when calling #allow_client_incoming first' do
       @capability.allow_client_incoming 'andrew'
       @capability.allow_client_outgoing 'myAppSid'
       token = @capability.generate
       decoded, header = JWT.decode token, 'myAuthToken'
       expect(queries(decoded['scope'])).to eq([
-        ['incoming', {'clientName' => 'andrew'}],
-        ['outgoing', {'clientName' => 'andrew', 'appSid' => 'myAppSid'}]
-      ])
+                                                  ['incoming', {'clientName' => 'andrew'}],
+                                                  ['outgoing', {'clientName' => 'andrew', 'appSid' => 'myAppSid'}]
+                                              ])
     end
 
     it 'should generate a proper outgoing client scope string based on the ' +
-         'client name when calling #allow_client_incoming second' do
+           'client name when calling #allow_client_incoming second' do
       @capability.allow_client_outgoing 'myAppSid'
       @capability.allow_client_incoming 'andrew'
       token = @capability.generate
@@ -144,7 +144,7 @@ describe Twilio::Util::Capability do
     end
 
     it 'should generate a proper outgoing client scope string with parameters ' +
-         'and a client name when calling #allow_client_incoming first' do
+           'and a client name when calling #allow_client_incoming first' do
       @capability.allow_client_incoming 'andrew'
       app_params_hash = {'key' => 'a value', :foo => 'bar/baz'}
       @capability.allow_client_outgoing 'myAppSid', app_params_hash
@@ -164,7 +164,7 @@ describe Twilio::Util::Capability do
     end
 
     it 'should generate a proper outgoing client scope string with parameters ' +
-         'and a client name when calling #allow_client_incoming second' do
+           'and a client name when calling #allow_client_incoming second' do
       app_params_hash = {'key' => 'a value', :foo => 'bar/baz'}
       @capability.allow_client_outgoing 'myAppSid', app_params_hash
       @capability.allow_client_incoming 'andrew'
@@ -183,4 +183,4 @@ describe Twilio::Util::Capability do
       expect(scopes).to be_empty
     end
   end
-end
+end

data/spec/jwt/task_router_spec.rb

@@ -0,0 +1,110 @@
+require 'spec_helper'
+
+describe Twilio::JWT::TaskRouterCapability do
+  describe 'with a capability' do
+    before :each do
+      @capability = Twilio::JWT::TaskRouterCapability.new 'AC123', 'foobar', 'WS456', 'WS456'
+    end
+
+    it 'should return a valid jwt when #generate_token is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['policies']).not_to be_nil
+      expect(decoded['iss']).not_to be_nil
+      expect(decoded['exp']).not_to be_nil
+      expect(decoded['account_sid']).to eq('AC123')
+      expect(decoded['workspace_sid']).to eq('WS456')
+      expect(decoded['channel']).to eq('WS456')
+    end
+
+    it 'should properly set the iss key in the payload' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['iss']).to eq('AC123')
+    end
+
+    it 'should properly set exp based on the default 1-hour ttl' do
+      seconds = Time.now.to_i
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['exp']).to eq(seconds + 3600)
+    end
+
+    it 'should properly set exp based on the ttl arg to #generate_token' do
+      seconds = Time.now.to_i
+      ttl = rand 10000
+      token = @capability.generate_token ttl
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['exp']).to eq(seconds + ttl)
+    end
+
+    it 'should allow websocket operations and fetching the workspace by default' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['policies'].size).to eq(3)
+      get_policy = {
+          "url" => 'https://event-bridge.twilio.com/v1/wschannels/AC123/WS456',
+          "method" => 'GET',
+          "query_filter" => {},
+          "post_filter" => {},
+          "allow" => true
+      }
+      expect(decoded['policies'][0]).to eq(get_policy)
+      post_policy = {
+          "url" => 'https://event-bridge.twilio.com/v1/wschannels/AC123/WS456',
+          "method" => 'POST',
+          "query_filter" => {},
+          "post_filter" => {},
+          "allow" => true
+      }
+      expect(decoded['policies'][1]).to eq(post_policy)
+
+      workspace_fetch_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456',
+          'method' => 'GET',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][2]).to eq(workspace_fetch_policy)
+    end
+
+    it 'should add a policy when #allow_fetch_subresources is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      policies_size = decoded['policies'].size
+
+      @capability.allow_fetch_subresources
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      workspace_fetch_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456/**',
+          'method' => 'GET',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][-1]).to eq(workspace_fetch_policy)
+      expect(decoded['policies'].size).to eq(policies_size+1)
+    end
+
+    it 'should add a policy when #allow_update_subresources is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      policies_size = decoded['policies'].size
+
+      @capability.allow_updates_subresources
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      workspace_update_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456/**',
+          'method' => 'POST',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][-1]).to eq(workspace_update_policy)
+      expect(decoded['policies'].size).to eq(policies_size+1)
+    end
+  end
+end

data/spec/jwt/task_router_taskqueue_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+describe Twilio::JWT::TaskQueueCapability do
+  describe 'with a capability' do
+    before :each do
+      @capability = Twilio::JWT::TaskQueueCapability.new 'AC123', 'foobar', 'WS456', 'WQ789'
+    end
+
+    it 'should return a valid jwt when #generate_token is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['policies']).not_to be_nil
+      expect(decoded['iss']).not_to be_nil
+      expect(decoded['exp']).not_to be_nil
+      expect(decoded['account_sid']).to eq('AC123')
+      expect(decoded['workspace_sid']).to eq('WS456')
+      expect(decoded['taskqueue_sid']).to eq('WQ789')
+      expect(decoded['channel']).to eq('WQ789')
+    end
+
+    it 'should properly set the iss key in the payload' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['iss']).to eq('AC123')
+    end
+
+    it 'should properly set exp based on the default 1-hour ttl' do
+      seconds = Time.now.to_i
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['exp']).to eq(seconds + 3600)
+    end
+
+    it 'should properly set exp based on the ttl arg to #generate_token' do
+      seconds = Time.now.to_i
+      ttl = rand 10000
+      token = @capability.generate_token ttl
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['exp']).to eq(seconds + ttl)
+    end
+
+    it 'should allow websocket operations and fetching the workspace by default' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      expect(decoded['policies'].size).to eq(3)
+      get_policy = {
+          "url" => 'https://event-bridge.twilio.com/v1/wschannels/AC123/WQ789',
+          "method" => 'GET',
+          "query_filter" => {},
+          "post_filter" => {},
+          "allow" => true
+      }
+      expect(decoded['policies'][0]).to eq(get_policy)
+      post_policy = {
+          "url" => 'https://event-bridge.twilio.com/v1/wschannels/AC123/WQ789',
+          "method" => 'POST',
+          "query_filter" => {},
+          "post_filter" => {},
+          "allow" => true
+      }
+      expect(decoded['policies'][1]).to eq(post_policy)
+
+      taskqueue_fetch_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456/TaskQueues/WQ789',
+          'method' => 'GET',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][2]).to eq(taskqueue_fetch_policy)
+    end
+
+    it 'should add a policy when #allow_fetch_subresources is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      policies_size = decoded['policies'].size
+
+      @capability.allow_fetch_subresources
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      taskqueue_fetch_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456/TaskQueues/WQ789/**',
+          'method' => 'GET',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][-1]).to eq(taskqueue_fetch_policy)
+      expect(decoded['policies'].size).to eq(policies_size+1)
+    end
+
+    it 'should add a policy when #allow_update_subresources is called' do
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      policies_size = decoded['policies'].size
+
+      @capability.allow_updates_subresources
+      token = @capability.generate_token
+      decoded, header = JWT.decode token, 'foobar'
+      taskqueue_update_policy = {
+          'url' => 'https://taskrouter.twilio.com/v1/Workspaces/WS456/TaskQueues/WQ789/**',
+          'method' => 'POST',
+          'query_filter' => {},
+          'post_filter' => {},
+          'allow' => true
+      }
+      expect(decoded['policies'][-1]).to eq(taskqueue_update_policy)
+      expect(decoded['policies'].size).to eq(policies_size+1)
+    end
+  end
+end