workos 5.9.0 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47230d64b8cf21f97c3c7d0e9d0c7e90fa7c4f73071744532c6f41d10a27cde3
-  data.tar.gz: afe55ccfecaccf2685f6317b7e5d1131e7f92450f41419ab564f6e69faea1876
+  metadata.gz: 83c350d6c017c0cf423adb02925391b3a5e11d622479d76073c3c6372e526105
+  data.tar.gz: 83a8e5700dc7a3d47d37a84de01f866997a260eeaf96c55fd40318a30195a7d7
 SHA512:
-  metadata.gz: cd786ea513509e1a1a692143c4af0ae2db289a4ef62bcdea139f854b735334e7768324b4ed8f5fbd1317648149a10bdcf69fc99547cf62c3282e183e4108215f
-  data.tar.gz: 295e13fab2ab3d3adcf6828f0259387de68b50256d575e737c5d00343fad62ee2c3096e235cc0cd687582f6f20076b3666e908f2313772e5b4a2160abd788a81
+  metadata.gz: 48bcc853e186de15ce9e71e98415d801e412540a43fe1711ab97264b3419ce7dc7c1ec6095411cc7093bcb788b02ab51efe4689c0a79993f921e037ce0a7954c
+  data.tar.gz: f52aec8320aa98bb11ec114ffccb51a82218c7581cac202f74facfe943e96633b90262a67c37ed0677c73f4f73bb3bdd77760a67471c80a18ca878e0d7dffb55

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    workos (5.9.0)
+    workos (5.10.0)
       encryptor (~> 3.0)
       jwt (~> 2.8)
 

data/lib/workos/client.rb

@@ -109,6 +109,14 @@ module WorkOS
           http_status: http_status,
           request_id: response['x-request-id'],
         )
+      when 403
+        raise ForbiddenRequestError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+          code: json['code'],
+          data: json,
+        )
       when 404
         raise NotFoundError.new(
           message: json['message'],

data/lib/workos/errors.rb

@@ -64,6 +64,10 @@ module WorkOS
   # parameters.
   class InvalidRequestError < WorkOSError; end
 
+  # ForbiddenError is raised when a request is forbidden, likely due to missing a step
+  # (i.e. verifying email ownership before authenticating).
+  class ForbiddenRequestError < WorkOSError; end
+
   # SignatureVerificationError is raised when the signature verification for a
   # webhook fails
   class SignatureVerificationError < WorkOSError; end

data/lib/workos/organizations.rb

@@ -180,6 +180,32 @@ module WorkOS
         response.is_a? Net::HTTPSuccess
       end
 
+      # Retrieve a list of roles for the given organization.
+      #
+      # @param [String] organizationId The ID of the organization to fetch roles for.
+      def list_organization_roles(organization_id:)
+        response = execute_request(
+          request: get_request(
+            path: "/organizations/#{organization_id}/roles",
+            auth: true,
+          ),
+        )
+
+        parsed_response = JSON.parse(response.body)
+
+        roles = parsed_response['data'].map do |role|
+          WorkOS::Role.new(role.to_json)
+        end
+
+        WorkOS::Types::ListStruct.new(
+          data: roles,
+          list_metadata: {
+            after: nil,
+            before: nil,
+          },
+        )
+      end
+
       private
 
       def check_and_raise_organization_error(response:)

data/lib/workos/role.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WorkOS
+  # The Role class provides a lightweight wrapper around
+  # a WorkOS Role resource. This class is not meant to be instantiated
+  # in user space, and is instantiated internally but exposed.
+  class Role
+    include HashProvider
+
+    attr_accessor :id, :name, :slug, :description, :type, :created_at, :updated_at
+
+    def initialize(json)
+      hash = JSON.parse(json, symbolize_names: true)
+
+      @id = hash[:id]
+      @name = hash[:name]
+      @slug = hash[:slug]
+      @description = hash[:description]
+      @type = hash[:type]
+      @created_at = hash[:created_at]
+      @updated_at = hash[:updated_at]
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        name: name,
+        slug: slug,
+        description: description,
+        type: type,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+  end
+end

data/lib/workos/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WorkOS
-  VERSION = '5.9.0'
+  VERSION = '5.10.0'
 end

data/lib/workos.rb

@@ -71,6 +71,7 @@ module WorkOS
   autoload :Profile, 'workos/profile'
   autoload :ProfileAndToken, 'workos/profile_and_token'
   autoload :RefreshAuthenticationResponse, 'workos/refresh_authentication_response'
+  autoload :Role, 'workos/role'
   autoload :Session, 'workos/session'
   autoload :SSO, 'workos/sso'
   autoload :Types, 'workos/types'
@@ -87,6 +88,7 @@ module WorkOS
   autoload :APIError, 'workos/errors'
   autoload :AuthenticationError, 'workos/errors'
   autoload :InvalidRequestError, 'workos/errors'
+  autoload :ForbiddenRequestError, 'workos/errors'
   autoload :SignatureVerificationError, 'workos/errors'
   autoload :TimeoutError, 'workos/errors'
   autoload :NotFoundError, 'workos/errors'

data/spec/lib/workos/organizations_spec.rb

@@ -323,4 +323,22 @@ describe WorkOS::Organizations do
       end
     end
   end
+
+  describe '.list_organization_roles' do
+    context 'with no options' do
+      it 'returns roles for organization' do
+        expected_metadata = {
+          after: nil,
+          before: nil,
+        }
+
+        VCR.use_cassette 'organization/list_organization_roles' do
+          roles = described_class.list_organization_roles(organization_id: 'org_01JEXP6Z3X7HE4CB6WQSH9ZAFE')
+
+          expect(roles.data.size).to eq(7)
+          expect(roles.list_metadata).to eq(expected_metadata)
+        end
+      end
+    end
+  end
 end

data/spec/lib/workos/user_management_spec.rb

@@ -404,6 +404,20 @@ describe WorkOS::UserManagement do
         end
       end
     end
+
+    context 'with an unverified user' do
+      it 'raises a ForbiddenRequestError' do
+        VCR.use_cassette('user_management/authenticate_with_password/unverified') do
+          expect do
+            WorkOS::UserManagement.authenticate_with_password(
+              email: 'unverified@workos.app',
+              password: '7YtYic00VWcXatPb',
+              client_id: 'client_123',
+            )
+          end.to raise_error(WorkOS::ForbiddenRequestError, /Email ownership must be verified before authentication/)
+        end
+      end
+    end
   end
 
   describe '.authenticate_with_code' do

data/spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+  - request:
+      method: get
+      uri: https://api.workos.com/organizations/org_01JEXP6Z3X7HE4CB6WQSH9ZAFE/roles
+      body:
+        encoding: US-ASCII
+        string: ""
+      headers:
+        Content-Type:
+          - application/json
+        Accept-Encoding:
+          - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+        Accept:
+          - "*/*"
+        User-Agent:
+          - WorkOS; ruby/3.3.6; arm64-darwin23; v5.9.0
+        Authorization:
+          - Bearer <API_KEY>
+    response:
+      status:
+        code: 200
+        message: OK
+      headers:
+        Date:
+          - Mon, 23 Dec 2024 20:23:07 GMT
+        Content-Type:
+          - application/json; charset=utf-8
+        Transfer-Encoding:
+          - chunked
+        Connection:
+          - keep-alive
+        Cf-Ray:
+          - 8f6b114e5e60c96a-IAD
+        Cf-Cache-Status:
+          - DYNAMIC
+        Etag:
+          - W/"6b6-bZ2pS5djCBrbcATBSFlbZ90PHB8"
+        Strict-Transport-Security:
+          - max-age=15552000; includeSubDomains
+        Vary:
+          - Origin, Accept-Encoding
+        Access-Control-Allow-Credentials:
+          - "true"
+        Content-Security-Policy:
+          - "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self'
+            https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src
+            'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        Expect-Ct:
+          - max-age=0
+        Referrer-Policy:
+          - no-referrer
+        X-Content-Type-Options:
+          - nosniff
+        X-Dns-Prefetch-Control:
+          - "off"
+        X-Download-Options:
+          - noopen
+        X-Frame-Options:
+          - SAMEORIGIN
+        X-Permitted-Cross-Domain-Policies:
+          - none
+        X-Request-Id:
+          - a8db37d7-9244-4e2a-b183-b5e2a67d8104
+        X-Xss-Protection:
+          - "0"
+        Server:
+          - cloudflare
+      body:
+        encoding: ASCII-8BIT
+        string:
+          '{"object":"list","data":[{"object":"role","id":"role_01HS1C7GRJE08PBR3M6Y0ZYGDZ","description":"Write
+          access to every resource available","name":"Admin","slug":"admin","type":"EnvironmentRole","created_at":"2024-03-15T15:38:29.521Z","updated_at":"2024-11-14T17:08:00.556Z"},{"object":"role","id":"role_01JA8GJZRDSZEB9289DQXJ3N9Z","description":"","name":"Billing
+          Manager","slug":"billing","type":"EnvironmentRole","created_at":"2024-10-15T16:36:11.653Z","updated_at":"2024-12-19T21:27:01.286Z"},{"object":"role","id":"role_01HSBH4R6RX0V86S3R590NNZW2","description":"Developer
+          role","name":"Developer","slug":"developer","type":"EnvironmentRole","created_at":"2024-03-19T14:16:46.038Z","updated_at":"2024-03-19T14:16:46.038Z"},{"object":"role","id":"role_01HS4GDWJ8T6NQPTX2D0R5KBHN","description":"Edit
+          and view access to non-critical resources","name":"Editor","slug":"editor","type":"EnvironmentRole","created_at":"2024-03-16T20:49:35.815Z","updated_at":"2024-03-16T20:52:19.410Z"},{"object":"role","id":"role_01HRFZE22WS2MGX6EWAG2JX6NW","description":"The
+          default user role","name":"Member","slug":"member","type":"EnvironmentRole","created_at":"2024-03-08T21:27:47.034Z","updated_at":"2024-08-14T00:27:46.265Z"},{"object":"role","id":"role_01JEYJ2Z5MYG0TZYTDF02MW11N","description":"Manage
+          billing for organization.","name":"Billing manager","slug":"org-billing-manager","type":"OrganizationRole","created_at":"2024-12-12T23:08:28.712Z","updated_at":"2024-12-12T23:08:28.712Z"},{"object":"role","id":"role_01JF0B7MQ9X414WQRAQMQYE1GS","description":"","name":"Platform
+          Manager","slug":"org-platform-manager","type":"OrganizationRole","created_at":"2024-12-13T15:47:10.692Z","updated_at":"2024-12-13T15:47:10.692Z"}]}'
+      http_version:
+    recorded_at: Mon, 23 Dec 2024 20:23:07 GMT
+recorded_with: VCR 5.0.0

data/spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml

@@ -0,0 +1,82 @@
+---
+http_interactions:
+  - request:
+      method: post
+      uri: https://api.workos.com/user_management/authenticate
+      body:
+        encoding: UTF-8
+        string:
+          '{"client_id":"client_123","client_secret":"<API_KEY>","email":"unverified@workos.app","password":"7YtYic00VWcXatPb","ip_address":"200.240.210.16","user_agent":"Mozilla/5.0
+          (Macintosh; Intel Mac OS X 10_15_7) Chrome/108.0.0.0 Safari/537.36","grant_type":"password"}'
+      headers:
+        Content-Type:
+          - application/json
+        Accept-Encoding:
+          - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+        Accept:
+          - '*/*'
+        User-Agent:
+          - WorkOS; ruby/3.0.2; arm64-darwin21; v2.16.0
+    response:
+      status:
+        code: 403
+        message: Email ownership must be verified before authentication.
+      headers:
+        Date:
+          - Tue, 29 Aug 2023 00:24:25 GMT
+        Content-Type:
+          - application/json; charset=utf-8
+        Transfer-Encoding:
+          - chunked
+        Connection:
+          - keep-alive
+        Cf-Ray:
+          - 7fe0a6a27b0bc39c-SEA
+        Cf-Cache-Status:
+          - DYNAMIC
+        Etag:
+          - W/"16e-hoaHaR0EhmAH7TaNBOF8B2OHJq4"
+        Strict-Transport-Security:
+          - max-age=15552000; includeSubDomains
+        Vary:
+          - Origin, Accept-Encoding
+        Via:
+          - 1.1 spaces-router (devel)
+        Access-Control-Allow-Credentials:
+          - 'true'
+        Content-Security-Policy:
+          - "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self'
+            https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src
+            'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        Expect-Ct:
+          - max-age=0
+        Referrer-Policy:
+          - no-referrer
+        X-Content-Type-Options:
+          - nosniff
+        X-Dns-Prefetch-Control:
+          - 'off'
+        X-Download-Options:
+          - noopen
+        X-Frame-Options:
+          - SAMEORIGIN
+        X-Permitted-Cross-Domain-Policies:
+          - none
+        X-Request-Id:
+          - 62990367-ddaf-46b3-a32f-38fc4f29d581
+        X-Xss-Protection:
+          - '0'
+        Set-Cookie:
+          - __cf_bm=IiwoT1XAlPdVWj334oRTocU7zZyvKgYw61o0UoA7GtE-1693268665-0-AZTn/iGDfGV6R5j3aj7lcPod7FB9P3cbHc9pD1oN/U5ZmnUYvpCecp6AL+8p/+/bMuwwGqXGNMSa/eIpa0TVm+I=;
+            path=/; expires=Tue, 29-Aug-23 00:54:25 GMT; domain=.workos.com; HttpOnly;
+            Secure; SameSite=None
+          - __cfruid=beafd87202de7b7d34fd4a1af55696cb5d19364d-1693268665; path=/; domain=.workos.com;
+            HttpOnly; Secure; SameSite=None
+        Server:
+          - cloudflare
+      body:
+        encoding: ASCII-8BIT
+        string: '{"code":"email_verification_required", "message":"Email ownership must be verified before authentication.", "email":"unverified@workos.app", "pending_authentication_token":"RWx94aFHwanPOebv7tKbBkJm0", "email_verification_id":"email_verification_01JG43A0WYAFAPHMNBV5XF2R4M"}'
+      http_version:
+    recorded_at: Tue, 29 Aug 2023 00:24:25 GMT
+recorded_with: VCR 5.0.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workos
 version: !ruby/object:Gem::Version
-  version: 5.9.0
+  version: 5.10.0
 platform: ruby
 authors:
 - WorkOS
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-15 00:00:00.000000000 Z
+date: 2025-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -165,6 +165,7 @@ files:
 - lib/workos/profile.rb
 - lib/workos/profile_and_token.rb
 - lib/workos/refresh_authentication_response.rb
+- lib/workos/role.rb
 - lib/workos/session.rb
 - lib/workos/sso.rb
 - lib/workos/types.rb
@@ -267,6 +268,7 @@ files:
 - spec/support/fixtures/vcr_cassettes/organization/get.yml
 - spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml
 - spec/support/fixtures/vcr_cassettes/organization/list.yml
+- spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml
 - spec/support/fixtures/vcr_cassettes/organization/update.yml
 - spec/support/fixtures/vcr_cassettes/organization/update_without_name.yml
 - spec/support/fixtures/vcr_cassettes/passwordless/create_session.yml
@@ -300,6 +302,7 @@ files:
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml
@@ -484,6 +487,7 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/organization/get.yml
 - spec/support/fixtures/vcr_cassettes/organization/get_invalid.yml
 - spec/support/fixtures/vcr_cassettes/organization/list.yml
+- spec/support/fixtures/vcr_cassettes/organization/list_organization_roles.yml
 - spec/support/fixtures/vcr_cassettes/organization/update.yml
 - spec/support/fixtures/vcr_cassettes/organization/update_without_name.yml
 - spec/support/fixtures/vcr_cassettes/passwordless/create_session.yml
@@ -517,6 +521,7 @@ test_files:
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_organization_selection/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/invalid.yml
+- spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/unverified.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_password/valid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_code/invalid.yml
 - spec/support/fixtures/vcr_cassettes/user_management/authenticate_with_refresh_token/valid.yml