RubyGems - workos - Versions diffs - 4.0.0 → 4.2.0 - Mend

workos 4.0.0 → 4.2.0

Files changed (139) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +37 -0
data/.github/workflows/release.yml +43 -0
data/.rubocop.yml +8 -1
data/Gemfile.lock +22 -69
data/lib/workos/audit_log_export.rb +8 -31
data/lib/workos/audit_logs.rb +0 -26
data/lib/workos/authentication_factor_and_challenge.rb +0 -3
data/lib/workos/authentication_response.rb +12 -5
data/lib/workos/challenge.rb +9 -28
data/lib/workos/client.rb +0 -41
data/lib/workos/configuration.rb +0 -1
data/lib/workos/connection.rb +11 -35
data/lib/workos/directory.rb +10 -37
data/lib/workos/directory_group.rb +9 -36
data/lib/workos/directory_sync.rb +0 -21
data/lib/workos/directory_user.rb +17 -51
data/lib/workos/errors.rb +0 -16
data/lib/workos/event.rb +5 -26
data/lib/workos/events.rb +0 -7
data/lib/workos/factor.rb +9 -28
data/lib/workos/hash_provider.rb +0 -1
data/lib/workos/impersonator.rb +23 -0
data/lib/workos/invitation.rb +12 -37
data/lib/workos/mfa.rb +0 -42
data/lib/workos/organization.rb +8 -31
data/lib/workos/organization_membership.rb +8 -27
data/lib/workos/organizations.rb +0 -26
data/lib/workos/passwordless.rb +0 -14
data/lib/workos/portal.rb +1 -13
data/lib/workos/profile.rb +12 -39
data/lib/workos/profile_and_token.rb +1 -4
data/lib/workos/refresh_authentication_response.rb +24 -0
data/lib/workos/sso.rb +1 -43
data/lib/workos/types/intent.rb +16 -0
data/lib/workos/types/list_struct.rb +8 -5
data/lib/workos/types/passwordless_session_struct.rb +10 -9
data/lib/workos/types/provider.rb +15 -0
data/lib/workos/types.rb +5 -23
data/lib/workos/user.rb +10 -31
data/lib/workos/user_and_token.rb +1 -4
data/lib/workos/user_management.rb +108 -219
data/lib/workos/user_response.rb +0 -3
data/lib/workos/verify_challenge.rb +4 -18
data/lib/workos/version.rb +1 -2
data/lib/workos/webhook.rb +5 -26
data/lib/workos/webhooks.rb +1 -38
data/lib/workos.rb +2 -2
data/spec/lib/workos/audit_logs_spec.rb +2 -3
data/spec/lib/workos/configuration_spec.rb +0 -1
data/spec/lib/workos/directory_sync_spec.rb +0 -1
data/spec/lib/workos/directory_user_spec.rb +0 -1
data/spec/lib/workos/event_spec.rb +0 -1
data/spec/lib/workos/mfa_spec.rb +0 -1
data/spec/lib/workos/organizations_spec.rb +0 -1
data/spec/lib/workos/passwordless_spec.rb +0 -1
data/spec/lib/workos/portal_spec.rb +0 -1
data/spec/lib/workos/sso_spec.rb +0 -1
data/spec/lib/workos/user_management_spec.rb +59 -10
data/spec/lib/workos/webhooks_spec.rb +0 -1
data/spec/spec_helper.rb +6 -9
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml +80 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml +1 -1
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml +81 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml +81 -0
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/valid.yml +1 -1
data/spec/support/shared_examples/client_spec.rb +0 -1
data/workos.gemspec +1 -6
metadata +19 -129
data/.semaphore/rubygems.yml +0 -24
data/.semaphore/semaphore.yml +0 -51
data/bin/tapioca +0 -29
data/codecov.yml +0 -12
data/devbox.json +0 -18
data/devbox.lock +0 -11
data/lib/workos/types/audit_log_export_struct.rb +0 -17
data/lib/workos/types/challenge_struct.rb +0 -18
data/lib/workos/types/connection_struct.rb +0 -20
data/lib/workos/types/directory_group_struct.rb +0 -19
data/lib/workos/types/directory_struct.rb +0 -19
data/lib/workos/types/directory_user_struct.rb +0 -26
data/lib/workos/types/event_struct.rb +0 -15
data/lib/workos/types/factor_struct.rb +0 -18
data/lib/workos/types/intent_enum.rb +0 -17
data/lib/workos/types/invitation_struct.rb +0 -20
data/lib/workos/types/magic_auth_challenge_struct.rb +0 -12
data/lib/workos/types/organization_membership_struct.rb +0 -16
data/lib/workos/types/organization_struct.rb +0 -17
data/lib/workos/types/profile_struct.rb +0 -21
data/lib/workos/types/provider_enum.rb +0 -16
data/lib/workos/types/user_struct.rb +0 -18
data/lib/workos/types/verify_challenge_struct.rb +0 -13
data/lib/workos/types/webhook_struct.rb +0 -15
data/sorbet/config +0 -2
data/sorbet/rbi/gems/addressable@2.8.0.rbi +0 -290
data/sorbet/rbi/gems/ast@2.4.2.rbi +0 -54
data/sorbet/rbi/gems/codecov@0.2.12.rbi +0 -55
data/sorbet/rbi/gems/coderay@1.1.3.rbi +0 -8
data/sorbet/rbi/gems/crack@0.4.5.rbi +0 -57
data/sorbet/rbi/gems/diff-lcs@1.4.4.rbi +0 -185
data/sorbet/rbi/gems/docile@1.3.5.rbi +0 -54
data/sorbet/rbi/gems/hashdiff@1.0.1.rbi +0 -82
data/sorbet/rbi/gems/json@2.5.1.rbi +0 -109
data/sorbet/rbi/gems/method_source@1.0.0.rbi +0 -8
data/sorbet/rbi/gems/parallel@1.20.1.rbi +0 -113
data/sorbet/rbi/gems/parser@3.0.1.0.rbi +0 -1187
data/sorbet/rbi/gems/pry@0.14.2.rbi +0 -8
data/sorbet/rbi/gems/public_suffix@4.0.6.rbi +0 -146
data/sorbet/rbi/gems/rainbow@3.0.0.rbi +0 -153
data/sorbet/rbi/gems/rake@13.0.3.rbi +0 -807
data/sorbet/rbi/gems/rbi@0.0.16.rbi +0 -2118
data/sorbet/rbi/gems/regexp_parser@2.1.1.rbi +0 -1117
data/sorbet/rbi/gems/rexml@3.2.5.rbi +0 -709
data/sorbet/rbi/gems/rspec-core@3.9.3.rbi +0 -2467
data/sorbet/rbi/gems/rspec-expectations@3.9.4.rbi +0 -1569
data/sorbet/rbi/gems/rspec-mocks@3.9.1.rbi +0 -1493
data/sorbet/rbi/gems/rspec-support@3.9.4.rbi +0 -511
data/sorbet/rbi/gems/rspec@3.9.0.rbi +0 -38
data/sorbet/rbi/gems/rubocop-ast@1.4.1.rbi +0 -1881
data/sorbet/rbi/gems/rubocop@0.93.1.rbi +0 -11497
data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +0 -405
data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +0 -89
data/sorbet/rbi/gems/simplecov@0.21.2.rbi +0 -577
data/sorbet/rbi/gems/simplecov_json_formatter@0.1.2.rbi +0 -8
data/sorbet/rbi/gems/spoom@1.1.15.rbi +0 -1549
data/sorbet/rbi/gems/tapioca@0.7.3.rbi +0 -1718
data/sorbet/rbi/gems/thor@1.2.1.rbi +0 -844
data/sorbet/rbi/gems/unicode-display_width@1.7.0.rbi +0 -22
data/sorbet/rbi/gems/unparser@0.6.2.rbi +0 -8
data/sorbet/rbi/gems/vcr@5.0.0.rbi +0 -699
data/sorbet/rbi/gems/webmock@3.12.2.rbi +0 -662
data/sorbet/rbi/gems/yard-sorbet@0.8.0.rbi +0 -268
data/sorbet/rbi/gems/yard@0.9.26.rbi +0 -4048
data/sorbet/tapioca/config.yml +0 -13
data/sorbet/tapioca/require.rb +0 -4

data/lib/workos/verify_challenge.rb CHANGED Viewed

@@ -1,20 +1,18 @@
 # frozen_string_literal: true
-# typed: false
 module WorkOS
   # The VerifyChallenge class provides a lightweight wrapper around
   # a WorkOS Authentication Challenge resource.
   class VerifyChallenge
     include HashProvider
-    extend T::Sig
     attr_accessor :challenge, :valid
-    sig { params(json: String).void }
     def initialize(json)
-      raw = parse_json(json)
-      @challenge = T.let(raw.challenge, Hash)
-      @valid = raw.valid
+      hash = JSON.parse(json, symbolize_names: true)
+      @challenge = hash[:challenge]
+      @valid = hash[:valid]
     end
     def to_json(*)
@@ -23,17 +21,5 @@ module WorkOS
         valid: valid,
       }
     end
-    private
-    sig { params(json_string: String).returns(WorkOS::Types::VerifyChallengeStruct) }
-    def parse_json(json_string)
-      hash = JSON.parse(json_string, symbolize_names: true)
-      WorkOS::Types::VerifyChallengeStruct.new(
-        challenge: hash[:challenge],
-        valid: hash[:valid],
-      )
-    end
   end
 end

data/lib/workos/version.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-# typed: strong
 module WorkOS
-  VERSION = '4.0.0'
+  VERSION = '4.2.0'
 end

data/lib/workos/webhook.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: true
 module WorkOS
   # The Webhook class provides a lightweight wrapper around
@@ -7,18 +6,16 @@ module WorkOS
   # in user space, and is instantiated internally but exposed.
   class Webhook
     include HashProvider
-    extend T::Sig
     attr_accessor :id, :event, :data, :created_at
-    sig { params(json: String).void }
     def initialize(json)
-      raw = parse_json(json)
+      hash = JSON.parse(json, symbolize_names: true)
-      @id = T.let(raw.id, String)
-      @event = T.let(raw.event, String)
-      @data = raw.data
-      @created_at = T.let(raw.created_at, String)
+      @id = hash[:id]
+      @event = hash[:event]
+      @data = hash[:data]
+      @created_at = hash[:created_at]
     end
     def to_json(*)
@@ -29,23 +26,5 @@ module WorkOS
         created_at: created_at,
       }
     end
-    private
-    sig do
-      params(
-        json_string: String,
-      ).returns(WorkOS::Types::WebhookStruct)
-    end
-    def parse_json(json_string)
-      hash = JSON.parse(json_string, symbolize_names: true)
-      WorkOS::Types::WebhookStruct.new(
-        id: hash[:id],
-        event: hash[:event],
-        data: hash[:data],
-        created_at: hash[:created_at],
-      )
-    end
   end
 end

data/lib/workos/webhooks.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: true
 require 'openssl'
@@ -14,8 +13,6 @@ module WorkOS
   #
   module Webhooks
     class << self
-      extend T::Sig
       DEFAULT_TOLERANCE = 180
       # Initializes an Event object from a JSON payload
@@ -37,14 +34,6 @@ module WorkOS
       #
       # @return [WorkOS::Webhook]
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          payload: String,
-          sig_header: String,
-          secret: String,
-          tolerance: Integer,
-        ).returns(WorkOS::Webhook)
-      end
       def construct_event(
         payload:,
         sig_header:,
@@ -74,14 +63,6 @@ module WorkOS
       #
       # @return Boolean
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          payload: String,
-          sig_header: String,
-          secret: String,
-          tolerance: Integer,
-        ).returns(T::Boolean)
-      end
       # rubocop:disable Metrics/AbcSize
       def verify_header(
         payload:,
@@ -134,11 +115,6 @@ module WorkOS
       #   => ['1626125972272', '80f7ab7efadc306eb5797c588cee9410da9be4416782b497bf1e1bf4175fb928']
       #
       # @return Array
-      sig do
-        params(
-          sig_header: String,
-        ).returns([String, String])
-      end
       def get_timestamp_and_signature_hash(
         sig_header:
       )
@@ -174,13 +150,6 @@ module WorkOS
       #
       # @return String
       # rubocop:enable Layout/LineLength
-      sig do
-        params(
-          timestamp: String,
-          payload: String,
-          secret: String,
-        ).returns(String)
-      end
       def compute_signature(
         timestamp:,
         payload:,
@@ -193,19 +162,13 @@ module WorkOS
       # Constant time string comparison to prevent timing attacks
       # Code borrowed from ActiveSupport
-      sig do
-        params(
-          str_a: String,
-          str_b: String,
-        ).returns(T::Boolean)
-      end
       def secure_compare(
         str_a:,
         str_b:
       )
         return false unless str_a.bytesize == str_b.bytesize
-        l = T.unsafe(str_a.unpack("C#{str_a.bytesize}"))
+        l = str_a.unpack("C#{str_a.bytesize}")
         res = 0
         str_b.each_byte { |byte| res |= byte ^ l.shift }

data/lib/workos.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
-# typed: true
 require 'workos/version'
-require 'sorbet-runtime'
 require 'json'
 require 'workos/hash_provider'
 require 'workos/configuration'
@@ -58,6 +56,7 @@ module WorkOS
   autoload :Event, 'workos/event'
   autoload :Events, 'workos/events'
   autoload :Factor, 'workos/factor'
+  autoload :Impersonator, 'workos/impersonator'
   autoload :Invitation, 'workos/invitation'
   autoload :MFA, 'workos/mfa'
   autoload :Organization, 'workos/organization'
@@ -67,6 +66,7 @@ module WorkOS
   autoload :Portal, 'workos/portal'
   autoload :Profile, 'workos/profile'
   autoload :ProfileAndToken, 'workos/profile_and_token'
+  autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
   autoload :SSO, 'workos/sso'
   autoload :Types, 'workos/types'
   autoload :User, 'workos/user'

data/spec/lib/workos/audit_logs_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::AuditLogs do
   it_behaves_like 'client'
@@ -48,7 +47,7 @@ describe WorkOS::AuditLogs do
               idempotency_key: 'idempotency_key',
             )
-            expect(response).to eq T::Private::Types::Void::VOID
+            expect(response.code).to eq '201'
           end
         end
       end
@@ -61,7 +60,7 @@ describe WorkOS::AuditLogs do
               event: valid_event,
             )
-            expect(response).to eq T::Private::Types::Void::VOID
+            expect(response.code).to eq '201'
           end
         end
       end

data/spec/lib/workos/configuration_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS do
   describe '.configure' do

data/spec/lib/workos/directory_sync_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::DirectorySync do
   it_behaves_like 'client'

data/spec/lib/workos/directory_user_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::DirectoryUser do
   # rubocop:disable Layout/LineLength

data/spec/lib/workos/event_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Events do
   it_behaves_like 'client'

data/spec/lib/workos/mfa_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::MFA do
   it_behaves_like 'client'

data/spec/lib/workos/organizations_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Organizations do
   it_behaves_like 'client'

data/spec/lib/workos/passwordless_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Passwordless do
   it_behaves_like 'client'

data/spec/lib/workos/portal_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::Portal do
   it_behaves_like 'client'

data/spec/lib/workos/sso_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 require 'securerandom'

data/spec/lib/workos/user_management_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 describe WorkOS::UserManagement do
   it_behaves_like 'client'
@@ -377,7 +376,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_password' do
     context 'with a valid password' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_password/valid') do
+        VCR.use_cassette('user_management/authenticate_with_password/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_password(
             email: 'test@workos.app',
             password: '7YtYic00VWcXatPb',
@@ -418,6 +417,24 @@ describe WorkOS::UserManagement do
             user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
           )
           expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
+          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
+          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
+        end
+      end
+      context 'when the user is being impersonated' do
+        it 'contains the impersonator metadata' do
+          VCR.use_cassette('user_management/authenticate_with_code/valid_with_impersonator') do
+            authentication_response = WorkOS::UserManagement.authenticate_with_code(
+              code: '01HRX85ATQB2MN40K4FZ9C2HFR',
+              client_id: 'client_01GS91XFB2YPR1C0NR5SH758Q0',
+            )
+            expect(authentication_response.impersonator).to have_attributes(
+              email: 'admin@foocorp.com',
+              reason: 'For testing.',
+            )
+          end
         end
       end
     end
@@ -438,10 +455,42 @@ describe WorkOS::UserManagement do
     end
   end
+  describe '.authenticate_with_refresh_token' do
+    context 'with a valid refresh_token' do
+      it 'returns user' do
+        VCR.use_cassette('user_management/authenticate_with_refresh_token/valid', tag: :token) do
+          authentication_response = WorkOS::UserManagement.authenticate_with_refresh_token(
+            refresh_token: 'some_refresh_token',
+            client_id: 'client_123',
+            ip_address: '200.240.210.16',
+            user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
+          )
+          expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
+          expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
+        end
+      end
+    end
+    context 'with an invalid refresh_token' do
+      it 'raises an error' do
+        VCR.use_cassette('user_management/authenticate_with_refresh_code/invalid', tag: :token) do
+          expect do
+            WorkOS::UserManagement.authenticate_with_refresh_token(
+              refresh_token: 'invalid',
+              client_id: 'client_123',
+              ip_address: '200.240.210.16',
+              user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
+            )
+          end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
+        end
+      end
+    end
+  end
   describe '.authenticate_with_magic_auth' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/valid') do
+        VCR.use_cassette('user_management/authenticate_with_magic_auth/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_magic_auth(
             code: '452079',
             client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
@@ -456,7 +505,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_magic_auth(
               code: 'invalid',
@@ -472,7 +521,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_organization_selection' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/valid') do
+        VCR.use_cassette('user_management/authenticate_with_organization_selection/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_organization_selection(
             client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
             organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
@@ -488,7 +537,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid token' do
       it 'returns an error' do
-        VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_organization_selection(
               organization_id: 'invalid_org_id',
@@ -504,7 +553,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_totp' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_totp/valid') do
+        VCR.use_cassette('user_management/authenticate_with_totp/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_totp(
             code: '01H93ZZHA0JBHFJH9RR11S83YN',
             client_id: 'client_123',
@@ -520,7 +569,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_totp/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_totp/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_totp(
               code: 'invalid',
@@ -539,7 +588,7 @@ describe WorkOS::UserManagement do
   describe '.authenticate_with_email_verification' do
     context 'with a valid code' do
       it 'returns user' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/valid') do
+        VCR.use_cassette('user_management/authenticate_with_email_verification/valid', tag: :token) do
           authentication_response = WorkOS::UserManagement.authenticate_with_email_verification(
             code: '01H93ZZHA0JBHFJH9RR11S83YN',
             client_id: 'client_123',
@@ -554,7 +603,7 @@ describe WorkOS::UserManagement do
     context 'with an invalid code' do
       it 'raises an error' do
-        VCR.use_cassette('user_management/authenticate_with_email_verification/invalid') do
+        VCR.use_cassette('user_management/authenticate_with_email_verification/invalid', tag: :token) do
           expect do
             WorkOS::UserManagement.authenticate_with_email_verification(
               code: 'invalid',

data/spec/lib/workos/webhooks_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# typed: false
 require 'json'
 require 'openssl'

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,13 +1,4 @@
 # frozen_string_literal: true
-# typed: false
-require 'simplecov'
-SimpleCov.start
-if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
-end
 $LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
 $LOAD_PATH << File.join(File.dirname(__FILE__))
@@ -26,6 +17,12 @@ SPEC_ROOT = File.dirname __FILE__
 VCR.configure do |config|
   config.cassette_library_dir = 'spec/support/fixtures/vcr_cassettes'
   config.filter_sensitive_data('<API_KEY>') { WorkOS.config.key }
+  config.filter_sensitive_data('<ACCESS_TOKEN>', :token) do |interaction|
+    JSON.parse(interaction.response.body)['access_token']
+  end
+  config.filter_sensitive_data('<REFRESH_TOKEN>', :token) do |interaction|
+    JSON.parse(interaction.response.body)['refresh_token']
+  end
   config.hook_into :webmock
 end

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
+        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml ADDED Viewed

@@ -0,0 +1,80 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://api.workos.com/user_management/authenticate
+    body:
+      encoding: UTF-8
+      string: '{"code":"01HRX85ATQB2MN40K4FZ9C2HFR","client_id":"client_01GS91XFB2YPR1C0NR5SH758Q0","client_secret":"<API_KEY>","ip_address":null,"user_agent":null,"grant_type":"authorization_code"}'
+    headers:
+      Content-Type:
+      - application/json
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - WorkOS; ruby/3.1.1; arm64-darwin21; v4.0.0
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Date:
+      - Thu, 14 Mar 2024 01:10:34 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Content-Length:
+      - '875'
+      Connection:
+      - keep-alive
+      Cf-Ray:
+      - 8640628169fa0d54-LAX
+      Cf-Cache-Status:
+      - DYNAMIC
+      Etag:
+      - W/"47c-66YSPNMN47PZx4ahCgTQvmryR90"
+      Strict-Transport-Security:
+      - max-age=15552000; includeSubDomains
+      Vary:
+      - Origin, Accept-Encoding
+      Via:
+      - 1.1 spaces-router (devel)
+      Access-Control-Allow-Credentials:
+      - 'true'
+      Content-Security-Policy:
+      - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
+        https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
+        ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
+      Expect-Ct:
+      - max-age=0
+      Referrer-Policy:
+      - no-referrer
+      X-Content-Type-Options:
+      - nosniff
+      X-Dns-Prefetch-Control:
+      - 'off'
+      X-Download-Options:
+      - noopen
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Permitted-Cross-Domain-Policies:
+      - none
+      X-Request-Id:
+      - f22ea52f-bf1a-4d5e-acb1-10b2e99ffbe5
+      X-Xss-Protection:
+      - '0'
+      Set-Cookie:
+      - __cf_bm=pYiV6zsrN3V8vd8vKA_bp0qN2LYd1HUQAIVHcevLYw4-1710378634-1.0.1.1-wNPVRK6jpySHc7bqiAVCtM6T64oKxFAjrcvJNJAPU.RhZFRgPfQRGWYbC4l0ckcsyhZ2_I7GTu17yNowC.smHA;
+        path=/; expires=Thu, 14-Mar-24 01:40:34 GMT; domain=.workos.com; HttpOnly;
+        Secure; SameSite=None
+      - __cfruid=914cc38ede83520e897d1eaef25a8e5daa4975d0-1710378634; path=/; domain=.workos.com;
+        HttpOnly; Secure; SameSite=None
+      Server:
+      - cloudflare
+    body:
+      encoding: ASCII-8BIT
+      string: '{"user":{"object":"user","id":"user_01HP0B4ZV2FWWVY0BF16GFDAER","email":"bob@example.com","email_verified":false,"first_name":"Bob","last_name":"Loblaw","profile_picture_url":null,"created_at":"2024-02-06T23:13:18.137Z","updated_at":"2024-02-06T23:13:36.946Z"},"impersonator":{"email":"admin@foocorp.com","reason":"For testing."},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
+    http_version:
+  recorded_at: Thu, 14 Mar 2024 01:10:34 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml CHANGED Viewed

@@ -75,7 +75,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
+        string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 30 Aug 2023 18:58:00 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: UTF-8
-        string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Wed, 20 Dec 2023 22:00:12 GMT
 recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml CHANGED Viewed

@@ -76,7 +76,7 @@ http_interactions:
           - cloudflare
       body:
         encoding: ASCII-8BIT
-        string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
+        string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
       http_version:
     recorded_at: Tue, 29 Aug 2023 00:24:25 GMT
 recorded_with: VCR 5.0.0