workos 5.12.0 → 5.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/workos/session.rb +1 -0
  4. data/lib/workos/types/intent.rb +2 -1
  5. data/lib/workos/version.rb +1 -1
  6. data/spec/lib/workos/portal_spec.rb +15 -0
  7. data/spec/lib/workos/session_spec.rb +46 -18
  8. data/spec/support/fixtures/vcr_cassettes/portal/generate_link_domain_verification.yml +72 -0
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6852c01440a63d103cd39a4c0aee2eeb5d1215d79a3e8eb2a3053b5aa3f3376e
4
- data.tar.gz: 71c5c53d1f8fc5219903cfcfc23cbeb657da1db2c64980fa9d8914bd6ae92b1d
3
+ metadata.gz: 6183009c18af059a5674bf77c72ec94126a2bafb5f8e4dda14aeaf892f3f8718
4
+ data.tar.gz: 268cc5ee7e878a4b85100c0e546db98d8a55dbffeb21f993c67265c029c99a4b
5
5
  SHA512:
6
- metadata.gz: eb001da89bc0cf2866dcfd4d4c5207ddc7c960538ab413c45fcd5d5f80e4c97e205cc0e3fb51bdaaf8af984e9e30ad5c317c30e453c8e6579c1914350dfe3f2c
7
- data.tar.gz: 5fe92a1ad40c3bced46b0597430b02ea36b20c82f109614df332695aa7d9f613a025e0f30d3afcaab978c5b3de6882a3a67886e55343de513fb508950664a5d3
6
+ metadata.gz: dfe47d29f7d33d94ef521e773706e50defed072831386333c10f32b81d60687ffe67519e09c208be7e9c3d5f04cc56e74ef100cc340ea5f653241e636cd32e7e
7
+ data.tar.gz: '0036088e5ccee84780ce0e223ca64f8da917024322da5969771eaf5c103f2c5a3a3aab4da805f9111041c803bdd7351280edd39bfeb60ac3f2540b29d8eb4696'
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- workos (5.12.0)
4
+ workos (5.14.0)
5
5
  encryptor (~> 3.0)
6
6
  jwt (~> 2.8)
7
7
 
data/lib/workos/session.rb CHANGED
@@ -50,6 +50,7 @@ module WorkOS
50
50
  organization_id: decoded['org_id'],
51
51
  role: decoded['role'],
52
52
  permissions: decoded['permissions'],
53
+ entitlements: decoded['entitlements'],
53
54
  user: session[:user],
54
55
  impersonator: session[:impersonator],
55
56
  reason: nil,
data/lib/workos/types/intent.rb CHANGED
@@ -7,11 +7,12 @@ module WorkOS
7
7
  module Intent
8
8
  AUDIT_LOGS = 'audit_logs'
9
9
  CERTIFICATE_RENEWAL = 'certificate_renewal'
10
+ DOMAIN_VERIFICATION = 'domain_verification'
10
11
  DSYNC = 'dsync'
11
12
  LOG_STREAMS = 'log_streams'
12
13
  SSO = 'sso'
13
14
 
14
- ALL = [AUDIT_LOGS, CERTIFICATE_RENEWAL, DSYNC, LOG_STREAMS, SSO].freeze
15
+ ALL = [AUDIT_LOGS, CERTIFICATE_RENEWAL, DOMAIN_VERIFICATION, DSYNC, LOG_STREAMS, SSO].freeze
15
16
  end
16
17
  end
17
18
  end
data/lib/workos/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WorkOS
4
- VERSION = '5.12.0'
4
+ VERSION = '5.14.0'
5
5
  end
data/spec/lib/workos/portal_spec.rb CHANGED
@@ -68,6 +68,21 @@ describe WorkOS::Portal do
68
68
  end
69
69
  end
70
70
 
71
+ describe 'with the domain_verification intent' do
72
+ it 'returns an Admin Portal link' do
73
+ VCR.use_cassette 'portal/generate_link_domain_verification', match_requests_on: %i[path body] do
74
+ portal_link = described_class.generate_link(
75
+ intent: 'domain_verification',
76
+ organization: organization,
77
+ )
78
+
79
+ expect(portal_link).to eq(
80
+ 'https://id.workos.com/portal/launch?secret=secret',
81
+ )
82
+ end
83
+ end
84
+ end
85
+
71
86
  describe 'with an invalid organization' do
72
87
  it 'raises an error' do
73
88
  VCR.use_cassette 'portal/generate_link_invalid' do
data/spec/lib/workos/session_spec.rb CHANGED
@@ -103,24 +103,23 @@ describe WorkOS::Session do
103
103
 
104
104
  describe '.authenticate' do
105
105
  let(:user_management) { instance_double('UserManagement') }
106
- let(:valid_access_token) do
107
- payload = {
106
+ let(:payload) do
107
+ {
108
108
  sid: 'session_id',
109
109
  org_id: 'org_id',
110
110
  role: 'role',
111
111
  permissions: ['read'],
112
112
  exp: Time.now.to_i + 3600,
113
113
  }
114
- headers = { kid: jwk[:kid] }
115
- JWT.encode(payload, jwk.signing_key, jwk[:alg], headers)
116
114
  end
115
+ let(:valid_access_token) { JWT.encode(payload, jwk.signing_key, jwk[:alg], { kid: jwk[:kid] }) }
117
116
  let(:session_data) do
118
- WorkOS::Session.seal_data({
119
- access_token: valid_access_token,
120
- user: 'user',
121
- impersonator: 'impersonator',
122
- }, cookie_password,)
123
- end
117
+ WorkOS::Session.seal_data({
118
+ access_token: valid_access_token,
119
+ user: 'user',
120
+ impersonator: 'impersonator',
121
+ }, cookie_password,)
122
+ end
124
123
 
125
124
  before do
126
125
  allow(user_management).to receive(:get_jwks_url).with(client_id).and_return(jwks_url)
@@ -167,14 +166,7 @@ end
167
166
  session_data: session_data,
168
167
  cookie_password: cookie_password,
169
168
  )
170
- allow(session).to receive(:is_valid_jwt).and_return(true)
171
- allow(JWT).to receive(:decode).and_return([{
172
- 'sid' => 'session_id',
173
- 'org_id' => 'org_id',
174
- 'role' => 'role',
175
- 'permissions' => ['read'],
176
- }])
177
-
169
+ allow_any_instance_of(JWT::Decode).to receive(:verify_signature).and_return(true)
178
170
  result = session.authenticate
179
171
  expect(result).to eq({
180
172
  authenticated: true,
@@ -182,11 +174,47 @@ end
182
174
  organization_id: 'org_id',
183
175
  role: 'role',
184
176
  permissions: ['read'],
177
+ entitlements: nil,
185
178
  user: 'user',
186
179
  impersonator: 'impersonator',
187
180
  reason: nil,
188
181
  })
189
182
  end
183
+
184
+ describe 'with entitlements' do
185
+ let(:payload) do
186
+ {
187
+ sid: 'session_id',
188
+ org_id: 'org_id',
189
+ role: 'role',
190
+ permissions: ['read'],
191
+ entitlements: ['billing'],
192
+ exp: Time.now.to_i + 3600,
193
+ }
194
+ end
195
+
196
+ it 'includes entitlements in the result' do
197
+ session = WorkOS::Session.new(
198
+ user_management: user_management,
199
+ client_id: client_id,
200
+ session_data: session_data,
201
+ cookie_password: cookie_password,
202
+ )
203
+ allow_any_instance_of(JWT::Decode).to receive(:verify_signature).and_return(true)
204
+ result = session.authenticate
205
+ expect(result).to eq({
206
+ authenticated: true,
207
+ session_id: 'session_id',
208
+ organization_id: 'org_id',
209
+ role: 'role',
210
+ permissions: ['read'],
211
+ entitlements: ['billing'],
212
+ user: 'user',
213
+ impersonator: 'impersonator',
214
+ reason: nil,
215
+ })
216
+ end
217
+ end
190
218
  end
191
219
 
192
220
  describe '.refresh' do
data/spec/support/fixtures/vcr_cassettes/portal/generate_link_domain_verification.yml ADDED
@@ -0,0 +1,72 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: post
5
+ uri: https://api.workos.com/portal/generate_link
6
+ body:
7
+ encoding: UTF-8
8
+ string: '{"intent":"domain_verification","organization":"org_01EHQMYV6MBK39QC5PZXHY59C3","return_url":null,"success_url":null}'
9
+ headers:
10
+ Content-Type:
11
+ - application/json
12
+ Accept-Encoding:
13
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
14
+ Accept:
15
+ - "*/*"
16
+ User-Agent:
17
+ - WorkOS; ruby/2.7.1; x86_64-darwin19; v0.5.0
18
+ Authorization:
19
+ - Bearer <API_KEY>
20
+ response:
21
+ status:
22
+ code: 201
23
+ message: Created
24
+ headers:
25
+ Server:
26
+ - Cowboy
27
+ Connection:
28
+ - keep-alive
29
+ Vary:
30
+ - Origin, Accept-Encoding
31
+ Access-Control-Allow-Credentials:
32
+ - 'true'
33
+ Content-Security-Policy:
34
+ - 'default-src ''self'';base-uri ''self'';block-all-mixed-content;font-src ''self''
35
+ https: data:;frame-ancestors ''self'';img-src ''self'' data:;object-src ''none'';script-src
36
+ ''self'';script-src-attr ''none'';style-src ''self'' https: ''unsafe-inline'';upgrade-insecure-requests'
37
+ X-Dns-Prefetch-Control:
38
+ - 'off'
39
+ Expect-Ct:
40
+ - max-age=0
41
+ X-Frame-Options:
42
+ - SAMEORIGIN
43
+ Strict-Transport-Security:
44
+ - max-age=15552000; includeSubDomains
45
+ X-Download-Options:
46
+ - noopen
47
+ X-Content-Type-Options:
48
+ - nosniff
49
+ X-Permitted-Cross-Domain-Policies:
50
+ - none
51
+ Referrer-Policy:
52
+ - no-referrer
53
+ X-Xss-Protection:
54
+ - '0'
55
+ X-Request-Id:
56
+ - cb9ad5cf-243a-4084-a4f6-2d7d2b097b8b
57
+ Content-Type:
58
+ - application/json; charset=utf-8
59
+ Content-Length:
60
+ - '79'
61
+ Etag:
62
+ - W/"4f-NN86NUZRu/GQgPAYTexTS6/9DnM"
63
+ Date:
64
+ - Wed, 09 Sep 2020 23:43:07 GMT
65
+ Via:
66
+ - 1.1 vegur
67
+ body:
68
+ encoding: UTF-8
69
+ string: '{"link":"https://id.workos.com/portal/launch?secret=secret"}'
70
+ http_version:
71
+ recorded_at: Wed, 09 Sep 2020 23:43:07 GMT
72
+ recorded_with: VCR 5.0.0
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: workos
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.12.0
4
+ version: 5.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - WorkOS
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-23 00:00:00.000000000 Z
11
+ date: 2025-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: encryptor
@@ -281,6 +281,7 @@ files:
281
281
  - spec/support/fixtures/vcr_cassettes/passwordless/send_session_invalid.yml
282
282
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_audit_logs.yml
283
283
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_certificate_renewal.yml
284
+ - spec/support/fixtures/vcr_cassettes/portal/generate_link_domain_verification.yml
284
285
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_dsync.yml
285
286
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_invalid.yml
286
287
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_sso.yml
@@ -502,6 +503,7 @@ test_files:
502
503
  - spec/support/fixtures/vcr_cassettes/passwordless/send_session_invalid.yml
503
504
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_audit_logs.yml
504
505
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_certificate_renewal.yml
506
+ - spec/support/fixtures/vcr_cassettes/portal/generate_link_domain_verification.yml
505
507
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_dsync.yml
506
508
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_invalid.yml
507
509
  - spec/support/fixtures/vcr_cassettes/portal/generate_link_sso.yml