workos 1.4.0 → 1.6.1

data/spec/lib/workos/directory_sync_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::DirectorySync do
+  it_behaves_like 'client'
+
   describe '.list_directories' do
     context 'with no options' do
       it 'returns directories and metadata' do
@@ -13,7 +15,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_no_options' do
           directories = described_class.list_directories
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(10)
           expect(directories.list_metadata).to eq(expected_metadata)
         end
       end
@@ -44,7 +46,7 @@ describe WorkOS::DirectorySync do
     context 'with search option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?search=Foo',
+          '/directories?search=Testing',
           'Content-Type' => 'application/json'
         ]
 
@@ -55,10 +57,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_search' do
           directories = described_class.list_directories(
-            search: 'Foo',
+            search: 'Testing',
           )
 
-          expect(directories.data.size).to eq(1)
+          expect(directories.data.size).to eq(2)
+          expect(directories.data[0].name).to include('Testing')
         end
       end
     end
@@ -66,7 +69,7 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?before=before-id',
+          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -77,10 +80,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_directories/with_before' do
           directories = described_class.list_directories(
-            before: 'before-id',
+            before: 'directory_01FGCPNV312FHFRCX0BYWHVSE1',
           )
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(6)
         end
       end
     end
@@ -88,7 +91,7 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?after=after-id',
+          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
 
@@ -98,9 +101,9 @@ describe WorkOS::DirectorySync do
           and_return(expected_request)
 
         VCR.use_cassette 'directory_sync/list_directories/with_after' do
-          directories = described_class.list_directories(after: 'after-id')
+          directories = described_class.list_directories(after: 'directory_01FGCPNV312FHFRCX0BYWHVSE1')
 
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(4)
         end
       end
     end
@@ -282,7 +285,7 @@ describe WorkOS::DirectorySync do
     context 'with directory option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -293,10 +296,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_directory' do
           users = described_class.list_users(
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
-          expect(users.data.size).to eq(10)
+          expect(users.data.size).to eq(4)
         end
       end
     end
@@ -304,7 +307,7 @@ describe WorkOS::DirectorySync do
     context 'with group option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?group=directory_group_01EQ7V7C6Y4RPMCH3KNB9853FF',
+          '/directory_users?group=directory_group_01FBXGP79EJAYKW0WS9JCK1V6E',
           'Content-Type' => 'application/json'
         ]
 
@@ -315,10 +318,10 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_group' do
           users = described_class.list_users(
-            group: 'directory_group_01EQ7V7C6Y4RPMCH3KNB9853FF',
+            group: 'directory_group_01FBXGP79EJAYKW0WS9JCK1V6E',
           )
 
-          expect(users.data.size).to eq(2)
+          expect(users.data.size).to eq(1)
         end
       end
     end
@@ -326,8 +329,8 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?before=before-id&'\
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?before=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&'\
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -338,8 +341,8 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_before' do
           users = described_class.list_users(
-            before: 'before-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            before: 'directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
           expect(users.data.size).to eq(2)
@@ -350,8 +353,8 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_users?after=after-id&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_users?after=directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF&' \
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -362,11 +365,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_users/with_after' do
           users = described_class.list_users(
-            after: 'after-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            after: 'directory_user_01FAZYNPC8TJBP7Y2ERT51MGDF',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
-          expect(users.data.size).to eq(10)
+          expect(users.data.size).to eq(1)
         end
       end
     end
@@ -375,7 +378,7 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_users?limit=2&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          'directory=directory_01FAZYMST676QMTFN1DDJZZX87',
           'Content-Type' => 'application/json'
         ]
 
@@ -387,7 +390,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_users/with_limit' do
           users = described_class.list_users(
             limit: 2,
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01FAZYMST676QMTFN1DDJZZX87',
           )
 
           expect(users.data.size).to eq(2)
@@ -425,10 +428,10 @@ describe WorkOS::DirectorySync do
       it 'returns a user' do
         VCR.use_cassette('directory_sync/get_user') do
           user = WorkOS::DirectorySync.get_user(
-            'directory_usr_01E64QS50EAY48S0XJ1AA4WX4D',
+            'directory_user_01FAZYNPC8M0HRYTKFP2GNX852',
           )
 
-          expect(user['first_name']).to eq('Mark')
+          expect(user['first_name']).to eq('Logan')
         end
       end
     end

data/spec/lib/workos/organizations_spec.rb

@@ -2,18 +2,20 @@
 # typed: false
 
 describe WorkOS::Organizations do
+  it_behaves_like 'client'
+
   describe '.create_organization' do
     context 'with valid payload' do
       it 'creates an organization' do
         VCR.use_cassette 'organization/create' do
           organization = described_class.create_organization(
-            domains: ['example.com'],
+            domains: ['example.io'],
             name: 'Test Organization',
           )
 
-          expect(organization.id).to eq('org_01EHT88Z8J8795GZNQ4ZP1J81T')
+          expect(organization.id).to eq('org_01FCPEJXEZR4DSBA625YMGQT9N')
           expect(organization.name).to eq('Test Organization')
-          expect(organization.domains.first[:domain]).to eq('example.com')
+          expect(organization.domains.first[:domain]).to eq('example.io')
         end
       end
     end
@@ -46,7 +48,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list' do
           organizations = described_class.list_organizations
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
           expect(organizations.list_metadata).to eq(expected_metadata)
         end
       end
@@ -69,7 +71,7 @@ describe WorkOS::Organizations do
             before: 'before-id',
           )
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -89,7 +91,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list', match_requests_on: [:path] do
           organizations = described_class.list_organizations(after: 'after-id')
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -109,7 +111,7 @@ describe WorkOS::Organizations do
         VCR.use_cassette 'organization/list', match_requests_on: [:path] do
           organizations = described_class.list_organizations(limit: 10)
 
-          expect(organizations.data.size).to eq(7)
+          expect(organizations.data.size).to eq(6)
         end
       end
     end
@@ -120,10 +122,10 @@ describe WorkOS::Organizations do
       it 'gets the organization details' do
         VCR.use_cassette('organization/get') do
           organization = described_class.get_organization(
-            id: 'org_01EZDF20TZEJXKPSX2BJRN6TV6',
+            id: 'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
 
-          expect(organization.id).to eq('org_01EZDF20TZEJXKPSX2BJRN6TV6')
+          expect(organization.id).to eq('org_01F9293WD2PDEEV4Y625XPZVG7')
           expect(organization.name).to eq('Foo Corp')
           expect(organization.domains.first[:domain]).to eq('foo-corp.com')
         end
@@ -149,12 +151,12 @@ describe WorkOS::Organizations do
       it 'creates an organization' do
         VCR.use_cassette 'organization/update' do
           organization = described_class.update_organization(
-            organization: 'org_01F29YJ068E52HGEB8ZQGC9MJG',
+            organization: 'org_01F6Q6TFP7RD2PF6J03ANNWDKV',
             domains: ['example.me'],
             name: 'Test Organization',
           )
 
-          expect(organization.id).to eq('org_01F29YJ068E52HGEB8ZQGC9MJG')
+          expect(organization.id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
           expect(organization.name).to eq('Test Organization')
           expect(organization.domains.first[:domain]).to eq('example.me')
         end

data/spec/lib/workos/passwordless_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::Passwordless do
+  it_behaves_like 'client'
+
   describe '.create_session' do
     context 'with valid options payload' do
       let(:valid_options) do

data/spec/lib/workos/portal_spec.rb

@@ -2,6 +2,8 @@
 # typed: false
 
 describe WorkOS::Portal do
+  it_behaves_like 'client'
+
   describe '.generate_link' do
     let(:organization) { 'org_01EHQMYV6MBK39QC5PZXHY59C3' }
 

data/spec/lib/workos/sso_spec.rb

@@ -4,6 +4,8 @@
 require 'securerandom'
 
 describe WorkOS::SSO do
+  it_behaves_like 'client'
+
   describe '.authorization_url' do
     context 'with a domain' do
       let(:args) do
@@ -162,6 +164,7 @@ describe WorkOS::SSO do
           id: 'prof_01EEJTY9SZ1R350RB7B73SNBKF',
           idp_id: '116485463307139932699',
           last_name: 'Loblaw',
+          organization_id: 'org_01FG53X8636WSNW2WEKB2C31ZB',
           raw_attributes: {
             email: 'bob.loblaw@workos.com',
             family_name: 'Loblaw',
@@ -231,6 +234,7 @@ describe WorkOS::SSO do
           id: 'prof_01DRA1XNSJDZ19A31F183ECQW5',
           idp_id: '00u1klkowm8EGah2H357',
           last_name: 'Demo',
+          organization_id: 'org_01FG53X8636WSNW2WEKB2C31ZB',
           raw_attributes: {
             email: 'demo@workos-okta.com',
             first_name: 'WorkOS',
@@ -303,7 +307,7 @@ describe WorkOS::SSO do
         VCR.use_cassette 'sso/list_connections/with_no_options' do
           connections = described_class.list_connections
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(6)
           expect(connections.list_metadata).to eq(expected_metadata)
         end
       end
@@ -326,7 +330,7 @@ describe WorkOS::SSO do
             connection_type: 'OktaSAML',
           )
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(10)
           expect(connections.data.first.connection_type).to eq('OktaSAML')
         end
       end
@@ -357,7 +361,7 @@ describe WorkOS::SSO do
     context 'with organization_id option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?organization_id=org_01EGS4P7QR31EZ4YWD1Z1XA176',
+          '/connections?organization_id=org_01F9293WD2PDEEV4Y625XPZVG7',
           'Content-Type' => 'application/json'
         ]
 
@@ -368,12 +372,12 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_organization_id' do
           connections = described_class.list_connections(
-            organization_id: 'org_01EGS4P7QR31EZ4YWD1Z1XA176',
+            organization_id: 'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
 
           expect(connections.data.size).to eq(1)
           expect(connections.data.first.organization_id).to eq(
-            'org_01EGS4P7QR31EZ4YWD1Z1XA176',
+            'org_01F9293WD2PDEEV4Y625XPZVG7',
           )
         end
       end
@@ -404,7 +408,7 @@ describe WorkOS::SSO do
     context 'with before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?before=conn_01EQKPMQAPV02H270HKVNS4CTA',
+          '/connections?before=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           'Content-Type' => 'application/json'
         ]
 
@@ -415,7 +419,7 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_before' do
           connections = described_class.list_connections(
-            before: 'conn_01EQKPMQAPV02H270HKVNS4CTA',
+            before: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
           expect(connections.data.size).to eq(3)
@@ -426,7 +430,7 @@ describe WorkOS::SSO do
     context 'with after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/connections?after=conn_01EQKPMQAPV02H270HKVNS4CTA',
+          '/connections?after=conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           'Content-Type' => 'application/json'
         ]
 
@@ -437,10 +441,10 @@ describe WorkOS::SSO do
 
         VCR.use_cassette 'sso/list_connections/with_after' do
           connections = described_class.list_connections(
-            after: 'conn_01EQKPMQAPV02H270HKVNS4CTA',
+            after: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
-          expect(connections.data.size).to eq(3)
+          expect(connections.data.size).to eq(2)
         end
       end
     end
@@ -451,10 +455,10 @@ describe WorkOS::SSO do
       it 'gets the connection details' do
         VCR.use_cassette('sso/get_connection_with_valid_id') do
           connection = WorkOS::SSO.get_connection(
-            id: 'conn_01EX00NB050H354WKGC7990AR2',
+            id: 'conn_01FA3WGCWPCCY1V2FGES2FDNP7',
           )
 
-          expect(connection.id).to eq('conn_01EX00NB050H354WKGC7990AR2')
+          expect(connection.id).to eq('conn_01FA3WGCWPCCY1V2FGES2FDNP7')
           expect(connection.connection_type).to eq('OktaSAML')
           expect(connection.name).to eq('Foo Corp')
           expect(connection.domains.first[:domain]).to eq('foo-corp.com')

data/spec/lib/workos/webhooks_spec.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+# typed: false
+
+require 'json'
+require 'openssl'
+
+describe WorkOS::Webhooks do
+  describe '.construct_event' do
+    before(:each) do
+      @payload = File.read("#{SPEC_ROOT}/support/webhook_payload.txt")
+      @secret = 'secret'
+      @timestamp = Time.at(Time.now.to_i * 1000)
+      unhashed_string = "#{@timestamp.to_i}.#{@payload}"
+      digest = OpenSSL::Digest.new('sha256')
+      @signature_hash = OpenSSL::HMAC.hexdigest(digest, @secret, unhashed_string)
+      @expectation = {
+        id: 'directory_user_01FAEAJCR3ZBZ30D8BD1924TVG',
+        state: 'active',
+        emails: [{
+          type: 'work',
+          value: 'blair@foo-corp.com',
+          primary: true,
+        }],
+        idp_id: '00u1e8mutl6wlH3lL4x7',
+        object: 'directory_user',
+        username: 'blair@foo-corp.com',
+        last_name: 'Lunceford',
+        first_name: 'Blair',
+        directory_id: 'directory_01F9M7F68PZP8QXP8G7X5QRHS7',
+        raw_attributes: {
+          name: {
+            givenName: 'Blair',
+            familyName: 'Lunceford',
+            middleName: 'Elizabeth',
+            honorificPrefix: 'Ms.',
+          },
+          title: 'Developer Success Engineer',
+          active: true,
+          emails: [{
+            type: 'work',
+            value: 'blair@foo-corp.com',
+            primary: true,
+          }],
+          groups: [],
+          locale: 'en-US',
+          schemas: [
+            'urn:ietf:params:scim:schemas:core:2.0:User',
+            'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
+          ],
+          userName: 'blair@foo-corp.com',
+          addresses: [{
+            region: 'CO',
+            primary: true,
+            locality: 'Steamboat Springs',
+            postalCode: '80487',
+          }],
+          externalId: '00u1e8mutl6wlH3lL4x7',
+          displayName: 'Blair Lunceford',
+          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
+            manager: {
+              value: '2',
+              displayName: 'Kathleen Chung',
+            },
+            division: 'Engineering',
+            department: 'Customer Success',
+          },
+        },
+      }
+    end
+
+    context 'with the correct payload, sig_header, and secret' do
+      it 'returns a webhook event' do
+        webhook = described_class.construct_event(
+          payload: @payload,
+          sig_header: "t=#{@timestamp.to_i}, v1=#{@signature_hash}",
+          secret: @secret,
+        )
+
+        expect(webhook.data).to eq(@expectation)
+        expect(webhook.event).to eq('dsync.user.created')
+        expect(webhook.id).to eq('wh_123')
+      end
+    end
+
+    context 'with the correct payload, sig_header, secret, and tolerance' do
+      it 'returns a webhook event' do
+        webhook = described_class.construct_event(
+          payload: @payload,
+          sig_header: "t=#{@timestamp.to_i}, v1=#{@signature_hash}",
+          secret: @secret,
+          tolerance: 300,
+        )
+
+        expect(webhook.data).to eq(@expectation)
+        expect(webhook.event).to eq('dsync.user.created')
+        expect(webhook.id).to eq('wh_123')
+      end
+    end
+
+    context 'with an empty header' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: @payload,
+            sig_header: '',
+            secret: @secret,
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'Unable to extract timestamp and signature hash from header',
+        )
+      end
+    end
+
+    context 'with an empty signature hash' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: @payload,
+            sig_header: "t=#{@timestamp.to_i}, v1=",
+            secret: @secret,
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'No signature hash found with expected scheme v1',
+        )
+      end
+    end
+
+    context 'with an incorrect signature hash' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: @payload,
+            sig_header: "t=#{@timestamp.to_i}, v1=99999",
+            secret: @secret,
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'Signature hash does not match the expected signature hash for payload',
+        )
+      end
+    end
+
+    context 'with an incorrect payload' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: 'invalid',
+            sig_header: "t=#{@timestamp.to_i}, v1=#{@signature_hash}",
+            secret: @secret,
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'Signature hash does not match the expected signature hash for payload',
+        )
+      end
+    end
+
+    context 'with an incorrect webhook secret' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: @payload,
+            sig_header: "t=#{@timestamp.to_i}, v1=#{@signature_hash}",
+            secret: 'invalid',
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'Signature hash does not match the expected signature hash for payload',
+        )
+      end
+    end
+
+    context 'with a timestamp outside tolerance' do
+      it 'raises an error' do
+        expect do
+          described_class.construct_event(
+            payload: @payload,
+            sig_header: "t=9999, v1=#{@signature_hash}",
+            secret: @secret,
+          )
+        end.to raise_error(
+          WorkOS::SignatureVerificationError,
+          'Timestamp outside the tolerance zone',
+        )
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -18,6 +18,9 @@ require 'webmock/rspec'
 require 'workos'
 require 'vcr'
 
+# Support
+Dir['./spec/support/**/*.rb'].sort.each { |f| require f }
+
 SPEC_ROOT = File.dirname __FILE__
 
 VCR.configure do |config|