workos 2.1.1 → 2.3.0

data/lib/workos/mfa.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'net/http'
+require 'uri'
+
+module WorkOS
+  # The MFA module provides convenience methods for working with the WorkOS
+  # MFA platform. You'll need a valid API key
+  module MFA
+    class << self
+      extend T::Sig
+      include Base
+      include Client
+      sig { params(id: String).returns(T::Boolean) }
+      def delete_factor(id:)
+        response = execute_request(
+          request: delete_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        response.is_a? Net::HTTPSuccess
+      end
+
+      sig do
+        params(id: String).returns(WorkOS::Factor)
+      end
+      def get_factor(
+        id:
+      )
+        response = execute_request(
+          request: get_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        WorkOS::Factor.new(response.body)
+      end
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).void
+      end
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+
+      def validate_args(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        if type != 'sms' && type != 'totp' && type != 'generic_otp'
+          raise ArgumentError, "Type argument must be either 'sms' or 'totp'"
+        end
+        if (type == 'totp' && totp_issuer.nil?) || (type == 'totp' && totp_user.nil?)
+          raise ArgumentError, 'Incomplete arguments. Need to specify both totp_issuer and totp_user when type is totp'
+        end
+        return unless type == 'sms' && phone_number.nil?
+
+        raise ArgumentError, 'Incomplete arguments. Need to specify phone_number when type is sms'
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).returns(WorkOS::Factor)
+      end
+      # rubocop:disable Metrics/MethodLength
+      def enroll_factor(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        validate_args(
+          type: type,
+          totp_issuer: totp_issuer,
+          totp_user: totp_user,
+          phone_number: phone_number,
+        )
+        response = execute_request(request: post_request(
+          auth: true,
+          body: {
+            type: type,
+            totp_issuer: totp_issuer,
+            totp_user: totp_user,
+            phone_number: phone_number,
+          },
+          path: '/auth/factors/enroll',
+        ))
+        WorkOS::Factor.new(response.body)
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      sig do
+        params(
+          authentication_factor_id: T.nilable(String),
+          sms_template: T.nilable(String),
+        ).returns(WorkOS::Challenge)
+      end
+      def challenge_factor(
+        authentication_factor_id: nil,
+        sms_template: nil
+      )
+        if authentication_factor_id.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_factor_id' is a required argument"
+        end
+
+        request = post_request(
+          auth: true,
+          body: {
+            sms_template: sms_template,
+            authentication_factor_id: authentication_factor_id,
+          },
+          path: '/auth/factors/challenge',
+        )
+
+        response = execute_request(request: request)
+        WorkOS::Challenge.new(response.body)
+      end
+
+      sig do
+        params(
+          authentication_challenge_id: T.nilable(String),
+          code: T.nilable(String),
+        ).returns(WorkOS::VerifyFactor)
+      end
+      def verify_factor(
+        authentication_challenge_id: nil,
+        code: nil
+      )
+
+        if authentication_challenge_id.nil? || code.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments"
+        end
+
+        options = {
+          "authentication_challenge_id": authentication_challenge_id,
+          "code": code,
+        }
+
+        response = execute_request(
+          request: post_request(
+            path: '/auth/factors/verify',
+            auth: true,
+            body: options,
+          ),
+        )
+        WorkOS::VerifyFactor.new(response.body)
+      end
+    end
+  end
+end

data/lib/workos/organization.rb

@@ -6,6 +6,7 @@ module WorkOS
   # a WorkOS Organization resource. This class is not meant to be instantiated
   # in user space, and is instantiated internally but exposed.
   class Organization
+    include HashProvider
     extend T::Sig
 
     attr_accessor :id, :domains, :name, :allow_profiles_outside_organization, :created_at, :updated_at

data/lib/workos/organizations.rb

@@ -21,6 +21,7 @@ module WorkOS
       # @param [String] after A pagination argument used to request
       #  organizations after the provided Organization ID.
       # @param [Integer] limit A pagination argument used to limit the number
+      # @param [String] order The order in which to paginate records
       #  of listed Organizations that are returned.
       sig do
         params(

data/lib/workos/profile.rb

@@ -8,6 +8,7 @@ module WorkOS
   # is not meant to be instantiated in user space, and
   # is instantiated internally but exposed.
   class Profile
+    include HashProvider
     extend T::Sig
 
     sig { returns(String) }

data/lib/workos/profile_and_token.rb

@@ -6,6 +6,7 @@ module WorkOS
   # Access Token. This class is not meant to be instantiated in user space, and
   # is instantiated internally but exposed.
   class ProfileAndToken
+    include HashProvider
     extend T::Sig
 
     attr_accessor :access_token, :profile

data/lib/workos/sso.rb

@@ -163,6 +163,7 @@ module WorkOS
       # @option options [String] organization_id The id of the organization
       #  of the connections to be retrieved.
       # @option options [String] limit Maximum number of records to return.
+      # @option options [String] order The order in which to paginate records
       # @option options [String] before Pagination cursor to receive records
       #  before a provided Connection ID.
       # @option options [String] after Pagination cursor to receive records

data/lib/workos/types/challenge_struct.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This ChallgengeStruct acts as a typed interface
+    # for the Factor class
+    class ChallengeStruct < T::Struct
+      const :id, String
+      const :object, String
+      const :expires_at, String
+      const :code, T.nilable(String)
+      const :authentication_factor_id, String
+      const :created_at, String
+      const :updated_at, String
+    end
+  end
+end

data/lib/workos/types/directory_group_struct.rb

@@ -7,7 +7,12 @@ module WorkOS
     # for the DirectoryGroup class
     class DirectoryGroupStruct < T::Struct
       const :id, String
+      const :directory_id, String
+      const :idp_id, String
       const :name, String
+      const :created_at, String
+      const :updated_at, String
+      const :raw_attributes, T::Hash[Symbol, Object]
     end
   end
 end

data/lib/workos/types/factor_struct.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This FactorStruct acts as a typed interface
+    # for the Factor class
+    class FactorStruct < T::Struct
+      const :id, String
+      const :object, String
+      const :type, String
+      const :totp, T.nilable(T::Hash[Symbol, Object])
+      const :sms, T.nilable(T::Hash[Symbol, Object])
+      const :created_at, String
+      const :updated_at, String
+    end
+  end
+end

data/lib/workos/types/passwordless_session_struct.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 # typed: strict
 
+require 'date'
+
 module WorkOS
   module Types
     # This PasswordlessSessionStruct acts as a typed interface

data/lib/workos/types/verify_factor_struct.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+# typed: strict
+
+module WorkOS
+  module Types
+    # This VerifyFactorStruct acts as a typed interface
+    # for the Factor class
+    class VerifyFactorStruct < T::Struct
+      const :challenge, T.nilable(T::Hash[Symbol, Object])
+      const :valid, T::Boolean
+    end
+  end
+end

data/lib/workos/types.rb

@@ -16,5 +16,8 @@ module WorkOS
     require_relative 'types/provider_enum'
     require_relative 'types/directory_user_struct'
     require_relative 'types/webhook_struct'
+    require_relative 'types/factor_struct'
+    require_relative 'types/challenge_struct'
+    require_relative 'types/verify_factor_struct'
   end
 end

data/lib/workos/verify_factor.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOS
+  # The VerifyFactor class provides a lightweight wrapper around
+  # a WorkOS DirectoryUser resource. This class is not meant to be instantiated
+  # in DirectoryUser space, and is instantiated internally but exposed.
+  class VerifyFactor
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :challenge, :valid
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+      @challenge = T.let(raw.challenge, Hash)
+      @valid = raw.valid
+    end
+
+    def to_json(*)
+      {
+        challenge: challenge,
+        valid: valid,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOS::Types::VerifyFactorStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOS::Types::VerifyFactorStruct.new(
+        challenge: hash[:challenge],
+        valid: hash[:valid],
+      )
+    end
+  end
+end

data/lib/workos/version.rb

@@ -2,5 +2,5 @@
 # typed: strong
 
 module WorkOS
-  VERSION = '2.1.1'
+  VERSION = '2.3.0'
 end

data/lib/workos/webhook.rb

@@ -6,6 +6,7 @@ module WorkOS
   # a WorkOS Webhook resource. This class is not meant to be instantiated
   # in user space, and is instantiated internally but exposed.
   class Webhook
+    include HashProvider
     extend T::Sig
 
     attr_accessor :id, :event, :data

data/lib/workos/webhooks.rb

@@ -108,7 +108,7 @@ module WorkOS
       sig do
         params(
           sig_header: String,
-        ).returns(T::Array[T.untyped])
+        ).returns([String, String])
       end
       def get_timestamp_and_signature_hash(
         sig_header:

data/lib/workos.rb

@@ -4,6 +4,7 @@
 require 'workos/version'
 require 'sorbet-runtime'
 require 'json'
+require 'workos/hash_provider'
 
 # Use the WorkOS module to authenticate your
 # requests to the WorkOS API. The gem will read
@@ -44,6 +45,12 @@ module WorkOS
   autoload :DirectoryUser, 'workos/directory_user'
   autoload :Webhook, 'workos/webhook'
   autoload :Webhooks, 'workos/webhooks'
+  autoload :MFA, 'workos/mfa'
+  autoload :Factor, 'workos/factor'
+  autoload :Challenge, 'workos/challenge'
+  autoload :VerifyFactor, 'workos/verify_factor'
+  autoload :DeprecatedHashWrapper, 'workos/deprecated_hash_wrapper'
+
 
   # Errors
   autoload :APIError, 'workos/errors'

data/spec/lib/workos/directory_sync_spec.rb

@@ -189,7 +189,7 @@ describe WorkOS::DirectorySync do
     context 'with directory option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_groups?directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           'Content-Type' => 'application/json'
         ]
 
@@ -200,10 +200,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_groups/with_directory' do
           groups = described_class.list_groups(
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           )
 
           expect(groups.data.size).to eq(10)
+          expect(groups.data[0].name).to eq(groups.data[0]['name'])
         end
       end
     end
@@ -211,7 +212,7 @@ describe WorkOS::DirectorySync do
     context 'with user option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?user=directory_user_01EK2YFBC3R10MPB4W49G5QDXG',
+          '/directory_groups?user=directory_user_01G2Z8D4FDB28ZNSRRBVCF2E0P',
           'Content-Type' => 'application/json'
         ]
 
@@ -222,7 +223,7 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_groups/with_user' do
           groups = described_class.list_groups(
-            user: 'directory_user_01EK2YFBC3R10MPB4W49G5QDXG',
+            user: 'directory_user_01G2Z8D4FDB28ZNSRRBVCF2E0P',
           )
 
           expect(groups.data.size).to eq(3)
@@ -233,8 +234,8 @@ describe WorkOS::DirectorySync do
     context 'with the before option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?before=before-id&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_groups?before=directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG&' \
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           'Content-Type' => 'application/json'
         ]
 
@@ -245,11 +246,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_groups/with_before' do
           groups = described_class.list_groups(
-            before: 'before-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            before: 'directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG',
+            directory: 'directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           )
 
-          expect(groups.data.size).to eq(2)
+          expect(groups.data.size).to eq(10)
         end
       end
     end
@@ -257,8 +258,8 @@ describe WorkOS::DirectorySync do
     context 'with the after option' do
       it 'forms the proper request to the API' do
         request_args = [
-          '/directory_groups?after=after-id&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          '/directory_groups?after=directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG&' \
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           'Content-Type' => 'application/json'
         ]
 
@@ -269,11 +270,11 @@ describe WorkOS::DirectorySync do
 
         VCR.use_cassette 'directory_sync/list_groups/with_after' do
           groups = described_class.list_groups(
-            after: 'after-id',
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            after: 'directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG',
+            directory: 'directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           )
 
-          expect(groups.data.size).to eq(10)
+          expect(groups.data.size).to eq(9)
         end
       end
     end
@@ -282,7 +283,7 @@ describe WorkOS::DirectorySync do
       it 'forms the proper request to the API' do
         request_args = [
           '/directory_groups?limit=2&' \
-          'directory=directory_01EK2YEMVTWGX27STRDR0N3MP9',
+          'directory=directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           'Content-Type' => 'application/json'
         ]
 
@@ -294,7 +295,7 @@ describe WorkOS::DirectorySync do
         VCR.use_cassette 'directory_sync/list_groups/with_limit' do
           groups = described_class.list_groups(
             limit: 2,
-            directory: 'directory_01EK2YEMVTWGX27STRDR0N3MP9',
+            directory: 'directory_01G2Z8ADK5NPMVTWF48MVVE4HT',
           )
 
           expect(groups.data.size).to eq(2)
@@ -332,6 +333,7 @@ describe WorkOS::DirectorySync do
           )
 
           expect(users.data.size).to eq(4)
+          expect(users.data[0].first_name).to eq(users.data[0]['first_name'])
         end
       end
     end
@@ -436,10 +438,15 @@ describe WorkOS::DirectorySync do
       it 'returns a group' do
         VCR.use_cassette('directory_sync/get_group') do
           group = WorkOS::DirectorySync.get_group(
-            'directory_grp_01E64QTDNS0EGJ0FMCVY9BWGZT',
+            'directory_group_01G2Z8D4ZR8RJ03Y1W7P9K8NMG',
           )
 
-          expect(group['name']).to eq('Walrus')
+          expect(group['directory_id']).to eq('directory_01G2Z8ADK5NPMVTWF48MVVE4HT')
+          expect(group['idp_id']).to eq('01jlao4614two3d')
+          expect(group['name']).to eq('Sales')
+          expect(group.name).to eq('Sales')
+          expect(group['created_at']).to eq('2022-05-13T17:45:31.732Z')
+          expect(group['updated_at']).to eq('2022-06-07T17:45:35.739Z')
         end
       end
     end
@@ -464,6 +471,7 @@ describe WorkOS::DirectorySync do
           )
 
           expect(user['first_name']).to eq('Logan')
+          expect(user.first_name).to eq('Logan')
         end
       end
     end

data/spec/lib/workos/directory_user_spec.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+# typed: false
+
+describe WorkOS::DirectoryUser do
+  # rubocop:disable Layout/LineLength
+  describe '.get_primary_email' do
+    context 'with one primary email' do
+      it 'returns the primary email' do
+        user = WorkOS::DirectoryUser.new('{"object":"directory_user","id":"directory_user_01FAZYNPC8M0HRYTKFP2GNX852","directory_id":"directory_01FAZYMST676QMTFN1DDJZZX87","idp_id":"6092c280a3f1e19ef6d8cef8","username":"logan@workos.com","emails":[{"primary":true,"value":"logan@workos.com"}, {"primary":false,"value":"logan@gmail.com"}],"first_name":"Logan","last_name":"Gingerich","state":"active","raw_attributes":{},"custom_attributes":{},"groups":[]}')
+        expect(user.primary_email).to eq('logan@workos.com')
+      end
+    end
+
+    context 'with multiple primary emails' do
+      it 'returns the first email marked as primary' do
+        user = WorkOS::DirectoryUser.new('{"object":"directory_user","id":"directory_user_01FAZYNPC8M0HRYTKFP2GNX852","directory_id":"directory_01FAZYMST676QMTFN1DDJZZX87","idp_id":"6092c280a3f1e19ef6d8cef8","username":"logan@workos.com","emails":[{"primary":true,"value":"logan@workos.com"}, {"primary":true,"value":"logan@gmail.com"}],"first_name":"Logan","last_name":"Gingerich","state":"active","raw_attributes":{},"custom_attributes":{},"groups":[]}')
+        expect(user.primary_email).to eq('logan@workos.com')
+      end
+    end
+
+    context 'with no primary emails' do
+      it 'returns nil' do
+        user = WorkOS::DirectoryUser.new('{"object":"directory_user","id":"directory_user_01FAZYNPC8M0HRYTKFP2GNX852","directory_id":"directory_01FAZYMST676QMTFN1DDJZZX87","idp_id":"6092c280a3f1e19ef6d8cef8","username":"logan@workos.com","emails":[{"primary":false,"value":"logan@gmail.com"}],"first_name":"Logan","last_name":"Gingerich","state":"active","raw_attributes":{},"custom_attributes":{},"groups":[]}')
+        expect(user.primary_email).to eq(nil)
+      end
+    end
+
+    context 'with an empty email array' do
+      it 'returns nil' do
+        user = WorkOS::DirectoryUser.new('{"object":"directory_user","id":"directory_user_01FAZYNPC8M0HRYTKFP2GNX852","directory_id":"directory_01FAZYMST676QMTFN1DDJZZX87","idp_id":"6092c280a3f1e19ef6d8cef8","username":"logan@workos.com","emails":[],"first_name":"Logan","last_name":"Gingerich","state":"active","raw_attributes":{},"custom_attributes":{},"groups":[]}')
+        expect(user.primary_email).to eq(nil)
+      end
+    end
+  end
+  # rubocop:enable Layout/LineLength
+end