workos 4.0.0 → 4.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +37 -0
- data/.github/workflows/release.yml +43 -0
- data/.rubocop.yml +8 -1
- data/Gemfile.lock +22 -69
- data/lib/workos/audit_log_export.rb +8 -31
- data/lib/workos/audit_logs.rb +0 -26
- data/lib/workos/authentication_factor_and_challenge.rb +0 -3
- data/lib/workos/authentication_response.rb +12 -5
- data/lib/workos/challenge.rb +9 -28
- data/lib/workos/client.rb +0 -41
- data/lib/workos/configuration.rb +0 -1
- data/lib/workos/connection.rb +11 -35
- data/lib/workos/directory.rb +10 -37
- data/lib/workos/directory_group.rb +9 -36
- data/lib/workos/directory_sync.rb +0 -21
- data/lib/workos/directory_user.rb +17 -51
- data/lib/workos/errors.rb +0 -16
- data/lib/workos/event.rb +5 -26
- data/lib/workos/events.rb +0 -7
- data/lib/workos/factor.rb +9 -28
- data/lib/workos/hash_provider.rb +0 -1
- data/lib/workos/impersonator.rb +23 -0
- data/lib/workos/invitation.rb +12 -37
- data/lib/workos/mfa.rb +0 -42
- data/lib/workos/organization.rb +8 -31
- data/lib/workos/organization_membership.rb +8 -27
- data/lib/workos/organizations.rb +0 -26
- data/lib/workos/passwordless.rb +0 -14
- data/lib/workos/portal.rb +1 -13
- data/lib/workos/profile.rb +12 -39
- data/lib/workos/profile_and_token.rb +1 -4
- data/lib/workos/refresh_authentication_response.rb +24 -0
- data/lib/workos/sso.rb +1 -43
- data/lib/workos/types/intent.rb +16 -0
- data/lib/workos/types/list_struct.rb +8 -5
- data/lib/workos/types/passwordless_session_struct.rb +10 -9
- data/lib/workos/types/provider.rb +15 -0
- data/lib/workos/types.rb +5 -23
- data/lib/workos/user.rb +10 -31
- data/lib/workos/user_and_token.rb +1 -4
- data/lib/workos/user_management.rb +108 -219
- data/lib/workos/user_response.rb +0 -3
- data/lib/workos/verify_challenge.rb +4 -18
- data/lib/workos/version.rb +1 -2
- data/lib/workos/webhook.rb +5 -26
- data/lib/workos/webhooks.rb +1 -38
- data/lib/workos.rb +2 -2
- data/spec/lib/workos/audit_logs_spec.rb +2 -3
- data/spec/lib/workos/configuration_spec.rb +0 -1
- data/spec/lib/workos/directory_sync_spec.rb +0 -1
- data/spec/lib/workos/directory_user_spec.rb +0 -1
- data/spec/lib/workos/event_spec.rb +0 -1
- data/spec/lib/workos/mfa_spec.rb +0 -1
- data/spec/lib/workos/organizations_spec.rb +0 -1
- data/spec/lib/workos/passwordless_spec.rb +0 -1
- data/spec/lib/workos/portal_spec.rb +0 -1
- data/spec/lib/workos/sso_spec.rb +0 -1
- data/spec/lib/workos/user_management_spec.rb +59 -10
- data/spec/lib/workos/webhooks_spec.rb +0 -1
- data/spec/spec_helper.rb +6 -9
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_code/valid_with_impersonator.yml +80 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_email_verification/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml +1 -1
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml +81 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml +81 -0
- data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_totp/valid.yml +1 -1
- data/spec/support/shared_examples/client_spec.rb +0 -1
- data/workos.gemspec +1 -6
- metadata +19 -129
- data/.semaphore/rubygems.yml +0 -24
- data/.semaphore/semaphore.yml +0 -51
- data/bin/tapioca +0 -29
- data/codecov.yml +0 -12
- data/devbox.json +0 -18
- data/devbox.lock +0 -11
- data/lib/workos/types/audit_log_export_struct.rb +0 -17
- data/lib/workos/types/challenge_struct.rb +0 -18
- data/lib/workos/types/connection_struct.rb +0 -20
- data/lib/workos/types/directory_group_struct.rb +0 -19
- data/lib/workos/types/directory_struct.rb +0 -19
- data/lib/workos/types/directory_user_struct.rb +0 -26
- data/lib/workos/types/event_struct.rb +0 -15
- data/lib/workos/types/factor_struct.rb +0 -18
- data/lib/workos/types/intent_enum.rb +0 -17
- data/lib/workos/types/invitation_struct.rb +0 -20
- data/lib/workos/types/magic_auth_challenge_struct.rb +0 -12
- data/lib/workos/types/organization_membership_struct.rb +0 -16
- data/lib/workos/types/organization_struct.rb +0 -17
- data/lib/workos/types/profile_struct.rb +0 -21
- data/lib/workos/types/provider_enum.rb +0 -16
- data/lib/workos/types/user_struct.rb +0 -18
- data/lib/workos/types/verify_challenge_struct.rb +0 -13
- data/lib/workos/types/webhook_struct.rb +0 -15
- data/sorbet/config +0 -2
- data/sorbet/rbi/gems/addressable@2.8.0.rbi +0 -290
- data/sorbet/rbi/gems/ast@2.4.2.rbi +0 -54
- data/sorbet/rbi/gems/codecov@0.2.12.rbi +0 -55
- data/sorbet/rbi/gems/coderay@1.1.3.rbi +0 -8
- data/sorbet/rbi/gems/crack@0.4.5.rbi +0 -57
- data/sorbet/rbi/gems/diff-lcs@1.4.4.rbi +0 -185
- data/sorbet/rbi/gems/docile@1.3.5.rbi +0 -54
- data/sorbet/rbi/gems/hashdiff@1.0.1.rbi +0 -82
- data/sorbet/rbi/gems/json@2.5.1.rbi +0 -109
- data/sorbet/rbi/gems/method_source@1.0.0.rbi +0 -8
- data/sorbet/rbi/gems/parallel@1.20.1.rbi +0 -113
- data/sorbet/rbi/gems/parser@3.0.1.0.rbi +0 -1187
- data/sorbet/rbi/gems/pry@0.14.2.rbi +0 -8
- data/sorbet/rbi/gems/public_suffix@4.0.6.rbi +0 -146
- data/sorbet/rbi/gems/rainbow@3.0.0.rbi +0 -153
- data/sorbet/rbi/gems/rake@13.0.3.rbi +0 -807
- data/sorbet/rbi/gems/rbi@0.0.16.rbi +0 -2118
- data/sorbet/rbi/gems/regexp_parser@2.1.1.rbi +0 -1117
- data/sorbet/rbi/gems/rexml@3.2.5.rbi +0 -709
- data/sorbet/rbi/gems/rspec-core@3.9.3.rbi +0 -2467
- data/sorbet/rbi/gems/rspec-expectations@3.9.4.rbi +0 -1569
- data/sorbet/rbi/gems/rspec-mocks@3.9.1.rbi +0 -1493
- data/sorbet/rbi/gems/rspec-support@3.9.4.rbi +0 -511
- data/sorbet/rbi/gems/rspec@3.9.0.rbi +0 -38
- data/sorbet/rbi/gems/rubocop-ast@1.4.1.rbi +0 -1881
- data/sorbet/rbi/gems/rubocop@0.93.1.rbi +0 -11497
- data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +0 -405
- data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +0 -89
- data/sorbet/rbi/gems/simplecov@0.21.2.rbi +0 -577
- data/sorbet/rbi/gems/simplecov_json_formatter@0.1.2.rbi +0 -8
- data/sorbet/rbi/gems/spoom@1.1.15.rbi +0 -1549
- data/sorbet/rbi/gems/tapioca@0.7.3.rbi +0 -1718
- data/sorbet/rbi/gems/thor@1.2.1.rbi +0 -844
- data/sorbet/rbi/gems/unicode-display_width@1.7.0.rbi +0 -22
- data/sorbet/rbi/gems/unparser@0.6.2.rbi +0 -8
- data/sorbet/rbi/gems/vcr@5.0.0.rbi +0 -699
- data/sorbet/rbi/gems/webmock@3.12.2.rbi +0 -662
- data/sorbet/rbi/gems/yard-sorbet@0.8.0.rbi +0 -268
- data/sorbet/rbi/gems/yard@0.9.26.rbi +0 -4048
- data/sorbet/tapioca/config.yml +0 -13
- data/sorbet/tapioca/require.rb +0 -4
@@ -1,20 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: false
|
3
2
|
|
4
3
|
module WorkOS
|
5
4
|
# The VerifyChallenge class provides a lightweight wrapper around
|
6
5
|
# a WorkOS Authentication Challenge resource.
|
7
6
|
class VerifyChallenge
|
8
7
|
include HashProvider
|
9
|
-
extend T::Sig
|
10
8
|
|
11
9
|
attr_accessor :challenge, :valid
|
12
10
|
|
13
|
-
sig { params(json: String).void }
|
14
11
|
def initialize(json)
|
15
|
-
|
16
|
-
|
17
|
-
@
|
12
|
+
hash = JSON.parse(json, symbolize_names: true)
|
13
|
+
|
14
|
+
@challenge = hash[:challenge]
|
15
|
+
@valid = hash[:valid]
|
18
16
|
end
|
19
17
|
|
20
18
|
def to_json(*)
|
@@ -23,17 +21,5 @@ module WorkOS
|
|
23
21
|
valid: valid,
|
24
22
|
}
|
25
23
|
end
|
26
|
-
|
27
|
-
private
|
28
|
-
|
29
|
-
sig { params(json_string: String).returns(WorkOS::Types::VerifyChallengeStruct) }
|
30
|
-
def parse_json(json_string)
|
31
|
-
hash = JSON.parse(json_string, symbolize_names: true)
|
32
|
-
|
33
|
-
WorkOS::Types::VerifyChallengeStruct.new(
|
34
|
-
challenge: hash[:challenge],
|
35
|
-
valid: hash[:valid],
|
36
|
-
)
|
37
|
-
end
|
38
24
|
end
|
39
25
|
end
|
data/lib/workos/version.rb
CHANGED
data/lib/workos/webhook.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
module WorkOS
|
5
4
|
# The Webhook class provides a lightweight wrapper around
|
@@ -7,18 +6,16 @@ module WorkOS
|
|
7
6
|
# in user space, and is instantiated internally but exposed.
|
8
7
|
class Webhook
|
9
8
|
include HashProvider
|
10
|
-
extend T::Sig
|
11
9
|
|
12
10
|
attr_accessor :id, :event, :data, :created_at
|
13
11
|
|
14
|
-
sig { params(json: String).void }
|
15
12
|
def initialize(json)
|
16
|
-
|
13
|
+
hash = JSON.parse(json, symbolize_names: true)
|
17
14
|
|
18
|
-
@id =
|
19
|
-
@event =
|
20
|
-
@data =
|
21
|
-
@created_at =
|
15
|
+
@id = hash[:id]
|
16
|
+
@event = hash[:event]
|
17
|
+
@data = hash[:data]
|
18
|
+
@created_at = hash[:created_at]
|
22
19
|
end
|
23
20
|
|
24
21
|
def to_json(*)
|
@@ -29,23 +26,5 @@ module WorkOS
|
|
29
26
|
created_at: created_at,
|
30
27
|
}
|
31
28
|
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
sig do
|
36
|
-
params(
|
37
|
-
json_string: String,
|
38
|
-
).returns(WorkOS::Types::WebhookStruct)
|
39
|
-
end
|
40
|
-
def parse_json(json_string)
|
41
|
-
hash = JSON.parse(json_string, symbolize_names: true)
|
42
|
-
|
43
|
-
WorkOS::Types::WebhookStruct.new(
|
44
|
-
id: hash[:id],
|
45
|
-
event: hash[:event],
|
46
|
-
data: hash[:data],
|
47
|
-
created_at: hash[:created_at],
|
48
|
-
)
|
49
|
-
end
|
50
29
|
end
|
51
30
|
end
|
data/lib/workos/webhooks.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
require 'openssl'
|
5
4
|
|
@@ -14,8 +13,6 @@ module WorkOS
|
|
14
13
|
#
|
15
14
|
module Webhooks
|
16
15
|
class << self
|
17
|
-
extend T::Sig
|
18
|
-
|
19
16
|
DEFAULT_TOLERANCE = 180
|
20
17
|
|
21
18
|
# Initializes an Event object from a JSON payload
|
@@ -37,14 +34,6 @@ module WorkOS
|
|
37
34
|
#
|
38
35
|
# @return [WorkOS::Webhook]
|
39
36
|
# rubocop:enable Layout/LineLength
|
40
|
-
sig do
|
41
|
-
params(
|
42
|
-
payload: String,
|
43
|
-
sig_header: String,
|
44
|
-
secret: String,
|
45
|
-
tolerance: Integer,
|
46
|
-
).returns(WorkOS::Webhook)
|
47
|
-
end
|
48
37
|
def construct_event(
|
49
38
|
payload:,
|
50
39
|
sig_header:,
|
@@ -74,14 +63,6 @@ module WorkOS
|
|
74
63
|
#
|
75
64
|
# @return Boolean
|
76
65
|
# rubocop:enable Layout/LineLength
|
77
|
-
sig do
|
78
|
-
params(
|
79
|
-
payload: String,
|
80
|
-
sig_header: String,
|
81
|
-
secret: String,
|
82
|
-
tolerance: Integer,
|
83
|
-
).returns(T::Boolean)
|
84
|
-
end
|
85
66
|
# rubocop:disable Metrics/AbcSize
|
86
67
|
def verify_header(
|
87
68
|
payload:,
|
@@ -134,11 +115,6 @@ module WorkOS
|
|
134
115
|
# => ['1626125972272', '80f7ab7efadc306eb5797c588cee9410da9be4416782b497bf1e1bf4175fb928']
|
135
116
|
#
|
136
117
|
# @return Array
|
137
|
-
sig do
|
138
|
-
params(
|
139
|
-
sig_header: String,
|
140
|
-
).returns([String, String])
|
141
|
-
end
|
142
118
|
def get_timestamp_and_signature_hash(
|
143
119
|
sig_header:
|
144
120
|
)
|
@@ -174,13 +150,6 @@ module WorkOS
|
|
174
150
|
#
|
175
151
|
# @return String
|
176
152
|
# rubocop:enable Layout/LineLength
|
177
|
-
sig do
|
178
|
-
params(
|
179
|
-
timestamp: String,
|
180
|
-
payload: String,
|
181
|
-
secret: String,
|
182
|
-
).returns(String)
|
183
|
-
end
|
184
153
|
def compute_signature(
|
185
154
|
timestamp:,
|
186
155
|
payload:,
|
@@ -193,19 +162,13 @@ module WorkOS
|
|
193
162
|
|
194
163
|
# Constant time string comparison to prevent timing attacks
|
195
164
|
# Code borrowed from ActiveSupport
|
196
|
-
sig do
|
197
|
-
params(
|
198
|
-
str_a: String,
|
199
|
-
str_b: String,
|
200
|
-
).returns(T::Boolean)
|
201
|
-
end
|
202
165
|
def secure_compare(
|
203
166
|
str_a:,
|
204
167
|
str_b:
|
205
168
|
)
|
206
169
|
return false unless str_a.bytesize == str_b.bytesize
|
207
170
|
|
208
|
-
l =
|
171
|
+
l = str_a.unpack("C#{str_a.bytesize}")
|
209
172
|
|
210
173
|
res = 0
|
211
174
|
str_b.each_byte { |byte| res |= byte ^ l.shift }
|
data/lib/workos.rb
CHANGED
@@ -1,8 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: true
|
3
2
|
|
4
3
|
require 'workos/version'
|
5
|
-
require 'sorbet-runtime'
|
6
4
|
require 'json'
|
7
5
|
require 'workos/hash_provider'
|
8
6
|
require 'workos/configuration'
|
@@ -58,6 +56,7 @@ module WorkOS
|
|
58
56
|
autoload :Event, 'workos/event'
|
59
57
|
autoload :Events, 'workos/events'
|
60
58
|
autoload :Factor, 'workos/factor'
|
59
|
+
autoload :Impersonator, 'workos/impersonator'
|
61
60
|
autoload :Invitation, 'workos/invitation'
|
62
61
|
autoload :MFA, 'workos/mfa'
|
63
62
|
autoload :Organization, 'workos/organization'
|
@@ -67,6 +66,7 @@ module WorkOS
|
|
67
66
|
autoload :Portal, 'workos/portal'
|
68
67
|
autoload :Profile, 'workos/profile'
|
69
68
|
autoload :ProfileAndToken, 'workos/profile_and_token'
|
69
|
+
autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
|
70
70
|
autoload :SSO, 'workos/sso'
|
71
71
|
autoload :Types, 'workos/types'
|
72
72
|
autoload :User, 'workos/user'
|
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: false
|
3
2
|
|
4
3
|
describe WorkOS::AuditLogs do
|
5
4
|
it_behaves_like 'client'
|
@@ -48,7 +47,7 @@ describe WorkOS::AuditLogs do
|
|
48
47
|
idempotency_key: 'idempotency_key',
|
49
48
|
)
|
50
49
|
|
51
|
-
expect(response).to eq
|
50
|
+
expect(response.code).to eq '201'
|
52
51
|
end
|
53
52
|
end
|
54
53
|
end
|
@@ -61,7 +60,7 @@ describe WorkOS::AuditLogs do
|
|
61
60
|
event: valid_event,
|
62
61
|
)
|
63
62
|
|
64
|
-
expect(response).to eq
|
63
|
+
expect(response.code).to eq '201'
|
65
64
|
end
|
66
65
|
end
|
67
66
|
end
|
data/spec/lib/workos/mfa_spec.rb
CHANGED
data/spec/lib/workos/sso_spec.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: false
|
3
2
|
|
4
3
|
describe WorkOS::UserManagement do
|
5
4
|
it_behaves_like 'client'
|
@@ -377,7 +376,7 @@ describe WorkOS::UserManagement do
|
|
377
376
|
describe '.authenticate_with_password' do
|
378
377
|
context 'with a valid password' do
|
379
378
|
it 'returns user' do
|
380
|
-
VCR.use_cassette('user_management/authenticate_with_password/valid') do
|
379
|
+
VCR.use_cassette('user_management/authenticate_with_password/valid', tag: :token) do
|
381
380
|
authentication_response = WorkOS::UserManagement.authenticate_with_password(
|
382
381
|
email: 'test@workos.app',
|
383
382
|
password: '7YtYic00VWcXatPb',
|
@@ -418,6 +417,24 @@ describe WorkOS::UserManagement do
|
|
418
417
|
user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
|
419
418
|
)
|
420
419
|
expect(authentication_response.user.id).to eq('user_01H93ZY4F80YZRRS6N59Z2HFVS')
|
420
|
+
expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
|
421
|
+
expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
|
422
|
+
end
|
423
|
+
end
|
424
|
+
|
425
|
+
context 'when the user is being impersonated' do
|
426
|
+
it 'contains the impersonator metadata' do
|
427
|
+
VCR.use_cassette('user_management/authenticate_with_code/valid_with_impersonator') do
|
428
|
+
authentication_response = WorkOS::UserManagement.authenticate_with_code(
|
429
|
+
code: '01HRX85ATQB2MN40K4FZ9C2HFR',
|
430
|
+
client_id: 'client_01GS91XFB2YPR1C0NR5SH758Q0',
|
431
|
+
)
|
432
|
+
|
433
|
+
expect(authentication_response.impersonator).to have_attributes(
|
434
|
+
email: 'admin@foocorp.com',
|
435
|
+
reason: 'For testing.',
|
436
|
+
)
|
437
|
+
end
|
421
438
|
end
|
422
439
|
end
|
423
440
|
end
|
@@ -438,10 +455,42 @@ describe WorkOS::UserManagement do
|
|
438
455
|
end
|
439
456
|
end
|
440
457
|
|
458
|
+
describe '.authenticate_with_refresh_token' do
|
459
|
+
context 'with a valid refresh_token' do
|
460
|
+
it 'returns user' do
|
461
|
+
VCR.use_cassette('user_management/authenticate_with_refresh_token/valid', tag: :token) do
|
462
|
+
authentication_response = WorkOS::UserManagement.authenticate_with_refresh_token(
|
463
|
+
refresh_token: 'some_refresh_token',
|
464
|
+
client_id: 'client_123',
|
465
|
+
ip_address: '200.240.210.16',
|
466
|
+
user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
|
467
|
+
)
|
468
|
+
expect(authentication_response.access_token).to eq('<ACCESS_TOKEN>')
|
469
|
+
expect(authentication_response.refresh_token).to eq('<REFRESH_TOKEN>')
|
470
|
+
end
|
471
|
+
end
|
472
|
+
end
|
473
|
+
|
474
|
+
context 'with an invalid refresh_token' do
|
475
|
+
it 'raises an error' do
|
476
|
+
VCR.use_cassette('user_management/authenticate_with_refresh_code/invalid', tag: :token) do
|
477
|
+
expect do
|
478
|
+
WorkOS::UserManagement.authenticate_with_refresh_token(
|
479
|
+
refresh_token: 'invalid',
|
480
|
+
client_id: 'client_123',
|
481
|
+
ip_address: '200.240.210.16',
|
482
|
+
user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36',
|
483
|
+
)
|
484
|
+
end.to raise_error(WorkOS::InvalidRequestError, /Status 400/)
|
485
|
+
end
|
486
|
+
end
|
487
|
+
end
|
488
|
+
end
|
489
|
+
|
441
490
|
describe '.authenticate_with_magic_auth' do
|
442
491
|
context 'with a valid code' do
|
443
492
|
it 'returns user' do
|
444
|
-
VCR.use_cassette('user_management/authenticate_with_magic_auth/valid') do
|
493
|
+
VCR.use_cassette('user_management/authenticate_with_magic_auth/valid', tag: :token) do
|
445
494
|
authentication_response = WorkOS::UserManagement.authenticate_with_magic_auth(
|
446
495
|
code: '452079',
|
447
496
|
client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
|
@@ -456,7 +505,7 @@ describe WorkOS::UserManagement do
|
|
456
505
|
|
457
506
|
context 'with an invalid code' do
|
458
507
|
it 'returns an error' do
|
459
|
-
VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid') do
|
508
|
+
VCR.use_cassette('user_management/authenticate_with_magic_auth/invalid', tag: :token) do
|
460
509
|
expect do
|
461
510
|
WorkOS::UserManagement.authenticate_with_magic_auth(
|
462
511
|
code: 'invalid',
|
@@ -472,7 +521,7 @@ describe WorkOS::UserManagement do
|
|
472
521
|
describe '.authenticate_with_organization_selection' do
|
473
522
|
context 'with a valid code' do
|
474
523
|
it 'returns user' do
|
475
|
-
VCR.use_cassette('user_management/authenticate_with_organization_selection/valid') do
|
524
|
+
VCR.use_cassette('user_management/authenticate_with_organization_selection/valid', tag: :token) do
|
476
525
|
authentication_response = WorkOS::UserManagement.authenticate_with_organization_selection(
|
477
526
|
client_id: 'project_01EGKAEB7G5N88E83MF99J785F',
|
478
527
|
organization_id: 'org_01H5JQDV7R7ATEYZDEG0W5PRYS',
|
@@ -488,7 +537,7 @@ describe WorkOS::UserManagement do
|
|
488
537
|
|
489
538
|
context 'with an invalid token' do
|
490
539
|
it 'returns an error' do
|
491
|
-
VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid') do
|
540
|
+
VCR.use_cassette('user_management/authenticate_with_organization_selection/invalid', tag: :token) do
|
492
541
|
expect do
|
493
542
|
WorkOS::UserManagement.authenticate_with_organization_selection(
|
494
543
|
organization_id: 'invalid_org_id',
|
@@ -504,7 +553,7 @@ describe WorkOS::UserManagement do
|
|
504
553
|
describe '.authenticate_with_totp' do
|
505
554
|
context 'with a valid code' do
|
506
555
|
it 'returns user' do
|
507
|
-
VCR.use_cassette('user_management/authenticate_with_totp/valid') do
|
556
|
+
VCR.use_cassette('user_management/authenticate_with_totp/valid', tag: :token) do
|
508
557
|
authentication_response = WorkOS::UserManagement.authenticate_with_totp(
|
509
558
|
code: '01H93ZZHA0JBHFJH9RR11S83YN',
|
510
559
|
client_id: 'client_123',
|
@@ -520,7 +569,7 @@ describe WorkOS::UserManagement do
|
|
520
569
|
|
521
570
|
context 'with an invalid code' do
|
522
571
|
it 'raises an error' do
|
523
|
-
VCR.use_cassette('user_management/authenticate_with_totp/invalid') do
|
572
|
+
VCR.use_cassette('user_management/authenticate_with_totp/invalid', tag: :token) do
|
524
573
|
expect do
|
525
574
|
WorkOS::UserManagement.authenticate_with_totp(
|
526
575
|
code: 'invalid',
|
@@ -539,7 +588,7 @@ describe WorkOS::UserManagement do
|
|
539
588
|
describe '.authenticate_with_email_verification' do
|
540
589
|
context 'with a valid code' do
|
541
590
|
it 'returns user' do
|
542
|
-
VCR.use_cassette('user_management/authenticate_with_email_verification/valid') do
|
591
|
+
VCR.use_cassette('user_management/authenticate_with_email_verification/valid', tag: :token) do
|
543
592
|
authentication_response = WorkOS::UserManagement.authenticate_with_email_verification(
|
544
593
|
code: '01H93ZZHA0JBHFJH9RR11S83YN',
|
545
594
|
client_id: 'client_123',
|
@@ -554,7 +603,7 @@ describe WorkOS::UserManagement do
|
|
554
603
|
|
555
604
|
context 'with an invalid code' do
|
556
605
|
it 'raises an error' do
|
557
|
-
VCR.use_cassette('user_management/authenticate_with_email_verification/invalid') do
|
606
|
+
VCR.use_cassette('user_management/authenticate_with_email_verification/invalid', tag: :token) do
|
558
607
|
expect do
|
559
608
|
WorkOS::UserManagement.authenticate_with_email_verification(
|
560
609
|
code: 'invalid',
|
data/spec/spec_helper.rb
CHANGED
@@ -1,13 +1,4 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
# typed: false
|
3
|
-
|
4
|
-
require 'simplecov'
|
5
|
-
SimpleCov.start
|
6
|
-
|
7
|
-
if ENV['CI'] == 'true'
|
8
|
-
require 'codecov'
|
9
|
-
SimpleCov.formatter = SimpleCov::Formatter::Codecov
|
10
|
-
end
|
11
2
|
|
12
3
|
$LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
|
13
4
|
$LOAD_PATH << File.join(File.dirname(__FILE__))
|
@@ -26,6 +17,12 @@ SPEC_ROOT = File.dirname __FILE__
|
|
26
17
|
VCR.configure do |config|
|
27
18
|
config.cassette_library_dir = 'spec/support/fixtures/vcr_cassettes'
|
28
19
|
config.filter_sensitive_data('<API_KEY>') { WorkOS.config.key }
|
20
|
+
config.filter_sensitive_data('<ACCESS_TOKEN>', :token) do |interaction|
|
21
|
+
JSON.parse(interaction.response.body)['access_token']
|
22
|
+
end
|
23
|
+
config.filter_sensitive_data('<REFRESH_TOKEN>', :token) do |interaction|
|
24
|
+
JSON.parse(interaction.response.body)['refresh_token']
|
25
|
+
end
|
29
26
|
config.hook_into :webmock
|
30
27
|
end
|
31
28
|
|
@@ -76,7 +76,7 @@ http_interactions:
|
|
76
76
|
- cloudflare
|
77
77
|
body:
|
78
78
|
encoding: ASCII-8BIT
|
79
|
-
string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
|
79
|
+
string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
80
80
|
http_version:
|
81
81
|
recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
|
82
82
|
recorded_with: VCR 5.0.0
|
@@ -0,0 +1,80 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: post
|
5
|
+
uri: https://api.workos.com/user_management/authenticate
|
6
|
+
body:
|
7
|
+
encoding: UTF-8
|
8
|
+
string: '{"code":"01HRX85ATQB2MN40K4FZ9C2HFR","client_id":"client_01GS91XFB2YPR1C0NR5SH758Q0","client_secret":"<API_KEY>","ip_address":null,"user_agent":null,"grant_type":"authorization_code"}'
|
9
|
+
headers:
|
10
|
+
Content-Type:
|
11
|
+
- application/json
|
12
|
+
Accept-Encoding:
|
13
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
14
|
+
Accept:
|
15
|
+
- "*/*"
|
16
|
+
User-Agent:
|
17
|
+
- WorkOS; ruby/3.1.1; arm64-darwin21; v4.0.0
|
18
|
+
response:
|
19
|
+
status:
|
20
|
+
code: 200
|
21
|
+
message: OK
|
22
|
+
headers:
|
23
|
+
Date:
|
24
|
+
- Thu, 14 Mar 2024 01:10:34 GMT
|
25
|
+
Content-Type:
|
26
|
+
- application/json; charset=utf-8
|
27
|
+
Content-Length:
|
28
|
+
- '875'
|
29
|
+
Connection:
|
30
|
+
- keep-alive
|
31
|
+
Cf-Ray:
|
32
|
+
- 8640628169fa0d54-LAX
|
33
|
+
Cf-Cache-Status:
|
34
|
+
- DYNAMIC
|
35
|
+
Etag:
|
36
|
+
- W/"47c-66YSPNMN47PZx4ahCgTQvmryR90"
|
37
|
+
Strict-Transport-Security:
|
38
|
+
- max-age=15552000; includeSubDomains
|
39
|
+
Vary:
|
40
|
+
- Origin, Accept-Encoding
|
41
|
+
Via:
|
42
|
+
- 1.1 spaces-router (devel)
|
43
|
+
Access-Control-Allow-Credentials:
|
44
|
+
- 'true'
|
45
|
+
Content-Security-Policy:
|
46
|
+
- 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
|
47
|
+
https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
|
48
|
+
''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
|
49
|
+
Expect-Ct:
|
50
|
+
- max-age=0
|
51
|
+
Referrer-Policy:
|
52
|
+
- no-referrer
|
53
|
+
X-Content-Type-Options:
|
54
|
+
- nosniff
|
55
|
+
X-Dns-Prefetch-Control:
|
56
|
+
- 'off'
|
57
|
+
X-Download-Options:
|
58
|
+
- noopen
|
59
|
+
X-Frame-Options:
|
60
|
+
- SAMEORIGIN
|
61
|
+
X-Permitted-Cross-Domain-Policies:
|
62
|
+
- none
|
63
|
+
X-Request-Id:
|
64
|
+
- f22ea52f-bf1a-4d5e-acb1-10b2e99ffbe5
|
65
|
+
X-Xss-Protection:
|
66
|
+
- '0'
|
67
|
+
Set-Cookie:
|
68
|
+
- __cf_bm=pYiV6zsrN3V8vd8vKA_bp0qN2LYd1HUQAIVHcevLYw4-1710378634-1.0.1.1-wNPVRK6jpySHc7bqiAVCtM6T64oKxFAjrcvJNJAPU.RhZFRgPfQRGWYbC4l0ckcsyhZ2_I7GTu17yNowC.smHA;
|
69
|
+
path=/; expires=Thu, 14-Mar-24 01:40:34 GMT; domain=.workos.com; HttpOnly;
|
70
|
+
Secure; SameSite=None
|
71
|
+
- __cfruid=914cc38ede83520e897d1eaef25a8e5daa4975d0-1710378634; path=/; domain=.workos.com;
|
72
|
+
HttpOnly; Secure; SameSite=None
|
73
|
+
Server:
|
74
|
+
- cloudflare
|
75
|
+
body:
|
76
|
+
encoding: ASCII-8BIT
|
77
|
+
string: '{"user":{"object":"user","id":"user_01HP0B4ZV2FWWVY0BF16GFDAER","email":"bob@example.com","email_verified":false,"first_name":"Bob","last_name":"Loblaw","profile_picture_url":null,"created_at":"2024-02-06T23:13:18.137Z","updated_at":"2024-02-06T23:13:36.946Z"},"impersonator":{"email":"admin@foocorp.com","reason":"For testing."},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
78
|
+
http_version:
|
79
|
+
recorded_at: Thu, 14 Mar 2024 01:10:34 GMT
|
80
|
+
recorded_with: VCR 5.0.0
|
@@ -75,7 +75,7 @@ http_interactions:
|
|
75
75
|
- cloudflare
|
76
76
|
body:
|
77
77
|
encoding: ASCII-8BIT
|
78
|
-
string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"}}'
|
78
|
+
string: '{"user":{"object":"user","id":"user_01H93ZY4F80YZRRS6N59Z2HFVS","email":"test@workos.app","email_verified":false,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T19:50:13.214Z","updated_at":"2023-08-30T19:50:13.214Z","user_type":"managed","sso_profile_id":"prof_01H93ZTVWYPAT4RKDSPFPPXH0J"},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
79
79
|
http_version:
|
80
80
|
recorded_at: Wed, 30 Aug 2023 19:51:51 GMT
|
81
81
|
recorded_with: VCR 5.0.0
|
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_magic_auth/valid.yml
CHANGED
@@ -76,7 +76,7 @@ http_interactions:
|
|
76
76
|
- cloudflare
|
77
77
|
body:
|
78
78
|
encoding: ASCII-8BIT
|
79
|
-
string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
|
79
|
+
string: '{"user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
80
80
|
http_version:
|
81
81
|
recorded_at: Wed, 30 Aug 2023 18:58:00 GMT
|
82
82
|
recorded_with: VCR 5.0.0
|
@@ -76,7 +76,7 @@ http_interactions:
|
|
76
76
|
- cloudflare
|
77
77
|
body:
|
78
78
|
encoding: UTF-8
|
79
|
-
string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
|
79
|
+
string: '{"organization_id":"org_01H5JQDV7R7ATEYZDEG0W5PRYS","user":{"object":"user","id":"user_01H93WD0R0KWF8Q7BK02C0RPYJ","email":"test@workos.app","email_verified":true,"first_name":"Lucille","last_name":"Bluth","created_at":"2023-08-30T18:48:26.517Z","updated_at":"2023-08-30T18:58:00.821Z","user_type":"unmanaged","email_verified_at":"2023-08-30T18:58:00.915Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
80
80
|
http_version:
|
81
81
|
recorded_at: Wed, 20 Dec 2023 22:00:12 GMT
|
82
82
|
recorded_with: VCR 5.0.0
|
data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml
CHANGED
@@ -76,7 +76,7 @@ http_interactions:
|
|
76
76
|
- cloudflare
|
77
77
|
body:
|
78
78
|
encoding: ASCII-8BIT
|
79
|
-
string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null}}'
|
79
|
+
string: '{"user":{"object":"user","id":"user_01H7TVSKS45SDHN5V9XPSM6H44","email":"test@workos.app","email_verified":true,"first_name":null,"last_name":null,"created_at":"2023-08-14T20:28:58.929Z","updated_at":"2023-08-28T15:56:19.798Z","user_type":"unmanaged","email_verified_at":"2023-08-22T11:18:01.850Z","google_oauth_profile_id":null,"microsoft_oauth_profile_id":null},"access_token":"<ACCESS_TOKEN>","refresh_token":"<REFRESH_TOKEN>"}'
|
80
80
|
http_version:
|
81
81
|
recorded_at: Tue, 29 Aug 2023 00:24:25 GMT
|
82
82
|
recorded_with: VCR 5.0.0
|