RubyGems - workos - Versions diffs - 1.6.0 → 2.1.1 - Mend

workos 1.6.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/.semaphore/semaphore.yml +2 -2
data/Gemfile.lock +3 -3
data/lib/workos/connection.rb +1 -1
data/lib/workos/directory.rb +2 -2
data/lib/workos/directory_sync.rb +29 -0
data/lib/workos/profile.rb +1 -1
data/lib/workos/sso.rb +38 -15
data/lib/workos/types/connection_struct.rb +1 -1
data/lib/workos/types/directory_struct.rb +2 -2
data/lib/workos/types/profile_struct.rb +1 -1
data/lib/workos/version.rb +1 -1
data/lib/workos/webhooks.rb +8 -6
data/spec/lib/workos/directory_sync_spec.rb +43 -10
data/spec/lib/workos/sso_spec.rb +140 -2
data/spec/lib/workos/webhooks_spec.rb +1 -1
data/spec/support/fixtures/vcr_cassettes/directory_sync/get_directory_with_invalid_id.yml +83 -0
data/spec/support/fixtures/vcr_cassettes/directory_sync/get_directory_with_valid_id.yml +84 -0
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_after.yml +34 -22
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_before.yml +36 -22
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_domain.yml +30 -19
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_limit.yml +31 -20
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_no_options.yml +39 -21
data/spec/support/fixtures/vcr_cassettes/directory_sync/list_directories/with_search.yml +32 -20
metadata +7 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd493c247c202074fa3d93d6f4db6f1cb4cffb19b63f140eeb37a3236255be1a
-  data.tar.gz: a266a358383a5242299a2df002b04486d6ef1203f0d3448736b6d5904d657643
+  metadata.gz: e98cbe7f34c4d550972ac7b4dc734e17ed9b2390b08898d2b20fdf5e69da71ea
+  data.tar.gz: c998bf772be7cc75e1730debd7efefa764d87676c62b325daf45784846ce3a12
 SHA512:
-  metadata.gz: d05f397238b7e94d6f8e7e513523de96c87da44042c65638dbe8ce947076b5383f38491997a887a30e05a0c47e4193178dd39f0e4c62b5f14ebb1fcfb40b3299
-  data.tar.gz: 28158f92efaff774bbfaaf02e9be76552dd94bfebb996515824e278faf4011b4996846990074e30694f4306ba26c2cb76440294a020e5832b8bf25c3c504ccb3
+  metadata.gz: 01d4bcee2864d6a8b58e8cd3ffef78d77e11028bfbcd9005c4a2cecafaabe0cec97856f94b70aa9391dee50d08502ed8d7afa9456763d16a44f0fcc78a912694
+  data.tar.gz: ae83d9e5e204771f3d261a2f3135e077cc8b19d700ccf7984447e5536297ba65fba3779c3988daf612ce2c9624c9a825b8dd9b0e633e47c8839f3466a6837440

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 3.0.1
1	+ 3.0.2

data/.semaphore/semaphore.yml CHANGED Viewed

@@ -66,10 +66,10 @@ blocks:
             - sem-version ruby 2.7.3
             - bundle install
             - bundle exec rspec
-        - name: Ruby 3.0.1
+        - name: Ruby 3.0.2
           commands:
             - checkout
-            - sem-version ruby 3.0.1
+            - sem-version ruby 3.0.2
             - bundle install
             - bundle exec rspec
 promotions:

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (1.6.0)
+    workos (2.1.1)
       sorbet-runtime (~> 0.5)
 GEM
@@ -60,7 +60,7 @@ GEM
     simplecov_json_formatter (0.1.2)
     sorbet (0.5.6388)
       sorbet-static (= 0.5.6388)
-    sorbet-runtime (0.5.9094)
+    sorbet-runtime (0.5.9528)
     sorbet-static (0.5.6388-universal-darwin-14)
     sorbet-static (0.5.6388-universal-darwin-15)
     sorbet-static (0.5.6388-universal-darwin-16)
@@ -93,4 +93,4 @@ DEPENDENCIES
   yard
 BUNDLED WITH
-   2.2.16
+   2.2.33

data/lib/workos/connection.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module WorkOS
       @name = T.let(raw.name, String)
       @connection_type = T.let(raw.connection_type, String)
       @domains = T.let(raw.domains, Array)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @state = T.let(raw.state, String)
       @status = T.let(raw.status, String)
       @created_at = T.let(raw.created_at, String)

data/lib/workos/directory.rb CHANGED Viewed

@@ -17,10 +17,10 @@ module WorkOS
       @id = T.let(raw.id, String)
       @name = T.let(raw.name, String)
-      @domain = T.let(raw.domain, String)
+      @domain = raw.domain
       @type = T.let(raw.type, String)
       @state = T.let(raw.state, String)
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @created_at = T.let(raw.created_at, String)
       @updated_at = T.let(raw.updated_at, String)
     end

data/lib/workos/directory_sync.rb CHANGED Viewed

@@ -53,6 +53,35 @@ module WorkOS
         )
       end
+      # Retrieve directory.
+      #
+      # @param [String] id Directory unique identifier
+      #
+      # @example
+      #   WorkOS::SSO.get_directory(id: 'directory_01FK17DWRHH7APAFXT5B52PV0W')
+      #   => #<WorkOS::Directory:0x00007fb6e4193d20
+      #         @id="directory_01FK17DWRHH7APAFXT5B52PV0W",
+      #         @name="Foo Corp",
+      #         @domain="foo-corp.com",
+      #         @type="okta scim v2.0",
+      #         @state="linked",
+      #         @organization_id="org_01F6Q6TFP7RD2PF6J03ANNWDKV",
+      #         @created_at="2021-10-27T15:55:47.856Z",
+      #         @updated_at="2021-10-27T16:03:43.990Z"
+      #
+      # @return [WorkOS::Directory]
+      sig { params(id: String).returns(WorkOS::Directory) }
+      def get_directory(id:)
+        request = get_request(
+          auth: true,
+          path: "/directories/#{id}",
+        )
+        response = execute_request(request: request)
+        WorkOS::Directory.new(response.body)
+      end
       # Retrieve directory groups.
       #
       # @param [Hash] options An options hash

data/lib/workos/profile.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module WorkOS
       @email = T.let(raw.email, String)
       @first_name = raw.first_name
       @last_name = raw.last_name
-      @organization_id = T.let(raw.organization_id, String)
+      @organization_id = raw.organization_id
       @connection_id = T.let(raw.connection_id, String)
       @connection_type = T.let(raw.connection_type, String)
       @idp_id = raw.idp_id

data/lib/workos/sso.rb CHANGED Viewed

@@ -21,23 +21,27 @@ module WorkOS
       # Generate an Oauth2 authorization URL where your users will
       # authenticate using the configured SSO Identity Provider.
       #
+      # @param [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOS dashboard.
+      # @param [String] client_id The WorkOS client ID for the environment
+      #  where you've configured your SSO connection.
       # @param [String] domain The domain for the relevant SSO Connection
-      #  configured on your WorkOS dashboard. One of provider or domain is
-      #  required
+      #  configured on your WorkOS dashboard. One of provider, domain,
+      #  connection, or organization is required.
+      #  The domain is deprecated.
       # @param [String] provider A provider name for an Identity Provider
-      #  configured on your WorkOS dashboard. Only 'Google' is supported.
+      #  configured on your WorkOS dashboard. Only 'GoogleOAuth' and
+      #  'MicrosoftOAuth' are supported.
       # @param [String] connection The ID for a Connection configured on
       #  WorkOS.
-      # @param [String] client_id The WorkOS client ID for the environment
-      #  where you've configured your SSO connection.
-      # @param [String] redirect_uri The URI where users are directed
-      #  after completing the authentication step. Must match a
-      #  configured redirect URI on your WorkOS dashboard.
-      # @param [String] state An aribtrary state object
+      # @param [String] organization The ID for an Organization configured
+      #  on WorkOS.
+      # @param [String] state An arbitrary state object
       #  that is preserved and available to the client in the response.
       # @example
       #   WorkOS::SSO.authorization_url(
-      #     domain: 'acme.com',
+      #     connection: 'conn_123',
       #     client_id: 'project_01DG5TGK363GRVXP3ZS40WNGEZ',
       #     redirect_uri: 'https://workos.com/callback',
       #     state: {
@@ -45,19 +49,23 @@ module WorkOS
       #     }.to_s
       #   )
       #
-      #   => "https://api.workos.com/sso/authorize?domain=acme.com" \
+      #   => "https://api.workos.com/sso/authorize?connection=conn_123" \
       #      "&client_id=project_01DG5TGK363GRVXP3ZS40WNGEZ" \
       #      "&redirect_uri=https%3A%2F%2Fworkos.com%2Fcallback&" \
       #      "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
       #
       # @return [String]
+      # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
       sig do
         params(
           redirect_uri: String,
           client_id: T.nilable(String),
           domain: T.nilable(String),
+          domain_hint: T.nilable(String),
+          login_hint: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
           state: T.nilable(String),
         ).returns(String)
       end
@@ -65,14 +73,23 @@ module WorkOS
         redirect_uri:,
         client_id: nil,
         domain: nil,
+        domain_hint: nil,
+        login_hint: nil,
         provider: nil,
         connection: nil,
+        organization: nil,
         state: ''
       )
+        if domain
+          warn '[DEPRECATION] `domain` is deprecated.
+          Please use `organization` instead.'
+        end
         validate_authorization_url_arguments(
           provider: provider,
           domain: domain,
           connection: connection,
+          organization: organization,
         )
         query = URI.encode_www_form({
@@ -81,12 +98,16 @@ module WorkOS
           response_type: 'code',
           state: state,
           domain: domain,
+          domain_hint: domain_hint,
+          login_hint: login_hint,
           provider: provider,
           connection: connection,
+          organization: organization,
         }.compact)
         "https://#{WorkOS::API_HOSTNAME}/sso/authorize?#{query}"
       end
+      # rubocop:enable Metrics/MethodLength, Metrics/ParameterLists
       sig do
         params(
@@ -229,16 +250,18 @@ module WorkOS
           domain: T.nilable(String),
           provider: T.nilable(String),
           connection: T.nilable(String),
+          organization: T.nilable(String),
         ).void
       end
       def validate_authorization_url_arguments(
         domain:,
         provider:,
-        connection:
+        connection:,
+        organization:
       )
-        if [domain, provider, connection].all?(&:nil?)
-          raise ArgumentError, 'Either connection, domain, or ' \
-            'provider is required.'
+        if [domain, provider, connection, organization].all?(&:nil?)
+          raise ArgumentError, 'Either connection, domain, ' \
+            'provider, or organization is required.'
         end
         return unless provider && !PROVIDERS.include?(provider)

data/lib/workos/types/connection_struct.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module WorkOS
       const :name, String
       const :connection_type, String
       const :domains, T::Array[T.untyped]
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :state, String
       const :status, String
       const :created_at, String

data/lib/workos/types/directory_struct.rb CHANGED Viewed

@@ -8,10 +8,10 @@ module WorkOS
     class DirectoryStruct < T::Struct
       const :id, String
       const :name, String
-      const :domain, String
+      const :domain, T.nilable(String)
       const :type, String
       const :state, String
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :created_at, String
       const :updated_at, String
     end

data/lib/workos/types/profile_struct.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module WorkOS
       const :email, String
       const :first_name, T.nilable(String)
       const :last_name, T.nilable(String)
-      const :organization_id, String
+      const :organization_id, T.nilable(String)
       const :connection_id, String
       const :connection_type, String
       const :idp_id, T.nilable(String)

data/lib/workos/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # typed: strong
 module WorkOS
-  VERSION = '1.6.0'
+  VERSION = '2.1.1'
 end

data/lib/workos/webhooks.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module WorkOS
           tolerance: Integer,
         ).returns(T::Boolean)
       end
-      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       def verify_header(
         payload:,
         sig_header:,
@@ -86,7 +86,9 @@ module WorkOS
           )
         end
-        if timestamp < Time.now - tolerance
+        timestamp_to_time = Time.at(timestamp.to_i / 1000)
+        if timestamp_to_time < Time.now - tolerance
           raise WorkOS::SignatureVerificationError.new(
             message: 'Timestamp outside the tolerance zone',
           )
@@ -101,7 +103,7 @@ module WorkOS
         true
       end
-      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
       sig do
         params(
@@ -122,12 +124,12 @@ module WorkOS
         timestamp = timestamp.sub('t=', '')
         signature_hash = signature_hash.sub('v1=', '')
-        [Time.at(timestamp.to_i), signature_hash]
+        [timestamp, signature_hash]
       end
       sig do
         params(
-          timestamp: Time,
+          timestamp: String,
           payload: String,
           secret: String,
         ).returns(String)
@@ -137,7 +139,7 @@ module WorkOS
         payload:,
         secret:
       )
-        unhashed_string = "#{timestamp.to_i}.#{payload}"
+        unhashed_string = "#{timestamp}.#{payload}"
         digest = OpenSSL::Digest.new('sha256')
         OpenSSL::HMAC.hexdigest(digest, secret, unhashed_string)
       end

data/spec/lib/workos/directory_sync_spec.rb CHANGED Viewed

@@ -15,7 +15,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_no_options' do
           directories = described_class.list_directories
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(10)
           expect(directories.list_metadata).to eq(expected_metadata)
         end
       end
@@ -46,7 +46,7 @@ describe WorkOS::DirectorySync do
     context 'with search option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?search=Foo',
+          '/directories?search=Testing',
           'Content-Type' => 'application/json'
         ]
@@ -57,10 +57,11 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_search' do
           directories = described_class.list_directories(
-            search: 'Foo',
+            search: 'Testing',
           )
-          expect(directories.data.size).to eq(1)
+          expect(directories.data.size).to eq(2)
+          expect(directories.data[0].name).to include('Testing')
         end
       end
     end
@@ -68,7 +69,7 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?before=before-id',
+          '/directories?before=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
@@ -79,10 +80,10 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_directories/with_before' do
           directories = described_class.list_directories(
-            before: 'before-id',
+            before: 'directory_01FGCPNV312FHFRCX0BYWHVSE1',
           )
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(6)
         end
       end
     end
@@ -90,7 +91,7 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directories?after=after-id',
+          '/directories?after=directory_01FGCPNV312FHFRCX0BYWHVSE1',
           'Content-Type' => 'application/json'
         ]
@@ -100,9 +101,9 @@ describe WorkOS::DirectorySync do
           and_return(expected_request)
         VCR.use_cassette 'directory_sync/list_directories/with_after' do
-          directories = described_class.list_directories(after: 'after-id')
+          directories = described_class.list_directories(after: 'directory_01FGCPNV312FHFRCX0BYWHVSE1')
-          expect(directories.data.size).to eq(3)
+          expect(directories.data.size).to eq(4)
         end
       end
     end
@@ -142,6 +143,38 @@ describe WorkOS::DirectorySync do
     end
   end
+  describe '.get_directory' do
+    context 'with a valid id' do
+      it 'gets the directory details' do
+        VCR.use_cassette('directory_sync/get_directory_with_valid_id') do
+          directory = WorkOS::DirectorySync.get_directory(
+            id: 'directory_01FK17DWRHH7APAFXT5B52PV0W',
+          )
+          expect(directory.id).to eq('directory_01FK17DWRHH7APAFXT5B52PV0W')
+          expect(directory.name).to eq('Testing Active Attribute')
+          expect(directory.domain).to eq('example.me')
+          expect(directory.type).to eq('azure scim v2.0')
+          expect(directory.state).to eq('linked')
+          expect(directory.organization_id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
+        end
+      end
+    end
+    context 'with an invalid id' do
+      it 'raises an error' do
+        VCR.use_cassette('directory_sync/get_directory_with_invalid_id') do
+          expect do
+            WorkOS::DirectorySync.get_directory(id: 'invalid')
+          end.to raise_error(
+            WorkOS::APIError,
+            "Status 404, Directory not found: 'invalid'. - request ID: ",
+          )
+        end
+      end
+    end
+  end
   describe '.list_groups' do
     context 'with no options' do
       it 'raises an error' do

data/spec/lib/workos/sso_spec.rb CHANGED Viewed

@@ -109,7 +109,145 @@ describe WorkOS::SSO do
       end
     end
-    context 'with neither connection, domain, or provider' do
+    context 'with a domain' do
+      let(:args) do
+        {
+          domain: 'foo.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
+          'edit%22%7D&domain=foo.com',
+        )
+      end
+    end
+    context 'with a domain_hint' do
+      let(:args) do
+        {
+          connection: 'connection_123',
+          domain_hint: 'foo.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
+          'Fedit%22%7D&domain_hint=foo.com&connection=connection_123',
+        )
+      end
+    end
+    context 'with a login_hint' do
+      let(:args) do
+        {
+          connection: 'connection_123',
+          login_hint: 'foo@workos.com',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2' \
+          'Fedit%22%7D&login_hint=foo%40workos.com&connection=connection_123',
+        )
+      end
+    end
+    context 'with an organization' do
+      let(:args) do
+        {
+          organization: 'org_123',
+          client_id: 'workos-proj-123',
+          redirect_uri: 'foo.com/auth/callback',
+          state: {
+            next_page: '/dashboard/edit',
+          }.to_s,
+        }
+      end
+      it 'returns a valid URL' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url)).to be_a URI
+      end
+      it 'returns the expected hostname' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).host).to eq(WorkOS::API_HOSTNAME)
+      end
+      it 'returns the expected query string' do
+        authorization_url = described_class.authorization_url(**args)
+        expect(URI.parse(authorization_url).query).to eq(
+          'client_id=workos-proj-123&redirect_uri=foo.com%2Fauth%2Fcallback' \
+          '&response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdashboard%2F' \
+          'edit%22%7D&organization=org_123',
+        )
+      end
+    end
+    context 'with neither connection, domain, provider, or organization' do
       let(:args) do
         {
           client_id: 'workos-proj-123',
@@ -124,7 +262,7 @@ describe WorkOS::SSO do
           described_class.authorization_url(**args)
         end.to raise_error(
           ArgumentError,
-          'Either connection, domain, or provider is required.',
+          'Either connection, domain, provider, or organization is required.',
         )
       end
     end

data/spec/lib/workos/webhooks_spec.rb CHANGED Viewed

@@ -177,7 +177,7 @@ describe WorkOS::Webhooks do
         expect do
           described_class.construct_event(
             payload: @payload,
-            sig_header: "t=9999, v1=#{@signature_hash}",
+            sig_header: "t=#{@timestamp.to_i - (200 * 1000)}, v1=#{@signature_hash}",
             secret: @secret,
           )
         end.to raise_error(