workosv2 2.15.0

data/lib/workosv2/audit_log_export.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # The AuditLogExport class represents the WorkOSV2 entity created when exporting Audit Log Events.
+  class AuditLogExport
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :object, :id, :state, :url, :created_at, :updated_at
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+
+      @object = T.let(raw.object, String)
+      @id = T.let(raw.id, String)
+      @state = T.let(raw.state, String)
+      @url = raw.url
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+    end
+
+    def to_json(*)
+      {
+        object: object,
+        id: id,
+        state: state,
+        url: url,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig do
+      params(
+        json_string: String,
+      ).returns(WorkOSV2::Types::AuditLogExportStruct)
+    end
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOSV2::Types::AuditLogExportStruct.new(
+        object: hash[:object],
+        id: hash[:id],
+        state: hash[:state],
+        url: hash[:url],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+  end
+end

data/lib/workosv2/audit_logs.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'net/http'
+require 'uri'
+
+module WorkOSV2
+  # The Audit Logs module provides convenience methods for working with the
+  # WorkOSV2 Audit Logs platform. You'll need a valid API key.
+  module AuditLogs
+    class << self
+      extend T::Sig
+      include Client
+
+      # Create an Audit Log Event.
+      #
+      # @param [String] organization An Organization ID
+      # @param [Hash] event An Audit Log Event
+      # @param [String] idempotency_key An idempotency key
+      #
+      # @return [nil]
+      sig do
+        params(
+          organization: String,
+          event: Hash,
+          idempotency_key: T.nilable(String),
+        ).void
+      end
+      def create_event(organization:, event:, idempotency_key: nil)
+        request = post_request(
+          path: '/audit_logs/events',
+          auth: true,
+          idempotency_key: idempotency_key,
+          body: {
+            organization_id: organization,
+            event: event,
+          },
+        )
+
+        execute_request(request: request)
+      end
+
+      # Create an Export of Audit Log Events.
+      #
+      # @param [String] organization An Organization ID
+      # @param [String] range_start ISO-8601 datetime
+      # @param [String] range_end ISO-8601 datetime
+      # @param [Array<String>] actions A list of actions to filter by
+      # @param [Array<String>] @deprecated use `actor_names` instead
+      # @param [Array<String>] actor_names A list of actor names to filter by
+      # @param [Array<String>] actor_ids A list of actor ids to filter by
+      # @param [Array<String>] targets A list of target types to filter by
+      #
+      # @return [WorkOSV2::AuditLogExport]
+      sig do
+        params(
+          organization: String,
+          range_start: String,
+          range_end: String,
+          actions: T.nilable(T::Array[String]),
+          actors: T.nilable(T::Array[String]),
+          targets: T.nilable(T::Array[String]),
+          actor_names: T.nilable(T::Array[String]),
+          actor_ids: T.nilable(T::Array[String]),
+        ).returns(WorkOSV2::AuditLogExport)
+      end
+      def create_export(organization:, range_start:, range_end:, actions: nil, # rubocop:disable Metrics/ParameterLists
+                        actors: nil, targets: nil, actor_names: nil, actor_ids: nil)
+        body = {
+          organization_id: organization,
+          range_start: range_start,
+          range_end: range_end,
+        }
+
+        body['actions'] = actions unless actions.nil?
+        body['actors'] = actors unless actors.nil?
+        body['actor_names'] = actor_names unless actor_names.nil?
+        body['actor_ids'] = actor_ids unless actor_ids.nil?
+        body['targets'] = targets unless targets.nil?
+
+        request = post_request(
+          path: '/audit_logs/exports',
+          auth: true,
+          body: body,
+        )
+
+        response = execute_request(request: request)
+
+        WorkOSV2::AuditLogExport.new(response.body)
+      end
+
+      # Retrieves an Export of Audit Log Events
+      #
+      # @param [String] id An Audit Log Export ID
+      #
+      # @return [WorkOSV2::AuditLogExport]
+      sig do
+        params(
+          id: String,
+        ).returns(WorkOSV2::AuditLogExport)
+      end
+      def get_export(id:)
+        request = get_request(
+          auth: true,
+          path: "/audit_logs/exports/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        WorkOSV2::AuditLogExport.new(response.body)
+      end
+    end
+  end
+end

data/lib/workosv2/audit_trail.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'net/http'
+require 'uri'
+
+module WorkOSV2
+  # The Audit Trail module provides convenience methods for working with the
+  # WorkOSV2 Audit Trail platform. You'll need a valid API key.
+  #
+  # @see https://docs.workos.com/audit-trail/overview
+  module AuditTrail
+    class << self
+      extend T::Sig
+      include Client
+
+      # Create an Audit Trail event.
+      #
+      # @param [Hash] event An event hash
+      # @option event [String] group A single organization containing related
+      #  members. This will normally be the customer of a vendor's application.
+      # @option event [String] location Identifier for where the event
+      #  originated. This will be an IP address (IPv4 or IPv6), hostname, or
+      #  device ID.
+      # @option event [String] action Specific activity performed by the actor.
+      # @option event [String] action_type Corresponding CRUD category of the
+      #  event. Can be one of C, R, U, or D.
+      # @option event [String] actor_name Display name of the entity performing
+      #  the action.
+      # @option event [String] actor_id Unique identifier of the entity
+      #  performing the action.
+      # @option event [String] target_name Display name of the object or
+      #  resource that is being acted upon.
+      # @option event [String] target_id Unique identifier of the object or
+      #  resource being acted upon.
+      # @option event [String] occurred_at ISO-8601 datetime at which the event
+      #  happened, with millisecond precision.
+      # @option event [Hash] metadata Arbitrary key-value data containing
+      #  information associated with the event. Note: There is a limit of 50
+      #  keys. Key names can be up to 40 characters long, and values can be up
+      #  to 500 characters long.
+      # @param [String] idempotency_key An idempotency key
+      sig do
+        params(
+          event: Hash,
+          idempotency_key: T.nilable(String),
+        ).returns(::T.untyped)
+      end
+
+      def create_event(event:, idempotency_key: nil)
+        request = post_request(
+          path: '/events',
+          auth: true,
+          idempotency_key: idempotency_key,
+          body: event,
+        )
+
+        execute_request(request: request)
+      end
+
+      # Retrieve Audit Trail events.
+      #
+      # @param [Hash] options An options hash
+      # @option options [String] before Event ID to look before
+      # @option options [String] after Event ID to look after
+      # @option options [Integer] limit Number of Events to return
+      # @option options [String] order The order in which to paginate records
+      # @option options [Array<String>] group List of Groups to filter for
+      # @option options [Array<String>] action List of Actions to filter for
+      # @option options [Array<String>] action_type List of Action Types to
+      #  filter for
+      # @option options [Array<String>] actor_name List of Actor Name to filter
+      #  for
+      # @option options [Array<String>] actor_id List of Actor IDs to filter for
+      # @option options [Array<String>] target_name List of Target Names to
+      #  filter for
+      # @option options [Array<String>] target_id List of Target IDs to filter
+      #  for
+      # @option options [String] occurred_at ISO-8601 datetime of when an event
+      #  occurred
+      # @option options [String] occurred_at_gt ISO-8601 datetime of when an
+      #  event occurred after
+      # @option options [String] occurred_at_gte ISO-8601 datetime of when an
+      #  event occurred at or after
+      # @option options [String] occurred_at_lt ISO-8601 datetime of when an
+      #  event occurred before
+      # @option options [String] occurred_at_lte ISO-8601 datetime of when an
+      #  event occured at or before
+      # @option options [String] search Keyword search
+      #
+      # @return [Array<Hash>]
+      sig do
+        params(
+          options: T::Hash[Symbol, String],
+        ).returns(T::Array[T::Hash[String, T.nilable(String)]])
+      end
+
+      def get_events(options = {})
+        response = execute_request(
+          request: get_request(
+            path: '/events',
+            auth: true,
+            params: options,
+          ),
+        )
+
+        JSON.parse(response.body)['data']
+      end
+    end
+  end
+end

data/lib/workosv2/challenge.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOSV2
+  # The Challnge class provides a lightweight wrapper around
+  # a WorkOSV2 DirectoryUser resource. This class is not meant to be instantiated
+  # in DirectoryUser space, and is instantiated internally but exposed.
+  class Challenge
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :id, :object, :expires_at, :code, :authentication_factor_id, :updated_at, :created_at
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+      @id = T.let(raw.id, String)
+      @object = T.let(raw.object, String)
+      @expires_at = T.let(raw.expires_at, String)
+      @code = raw.code
+      @authentication_factor_id = T.let(raw.authentication_factor_id, String)
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        object: object,
+        expires_at: expires_at,
+        code: code,
+        authentication_factor_id: authentication_factor_id,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOSV2::Types::ChallengeStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOSV2::Types::ChallengeStruct.new(
+        id: hash[:id],
+        object: hash[:object],
+        expires_at: hash[:expires_at],
+        code: hash[:code],
+        authentication_factor_id: hash[:authentication_factor_id],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+  end
+end

data/lib/workosv2/client.rb

@@ -0,0 +1,186 @@
+# frozen_string_literal: true
+# typed: false
+
+module WorkOSV2
+  # A Net::HTTP based API client for interacting with the WorkOSV2 API
+  module Client
+    extend T::Sig
+    include Kernel
+
+    sig { returns(Net::HTTP) }
+    def client
+      Net::HTTP.new(WorkOSV2::API_HOSTNAME, 443).tap do |http_client|
+        http_client.use_ssl = true
+        http_client.open_timeout = WorkOSV2.config.timeout
+        http_client.read_timeout = WorkOSV2.config.timeout
+        http_client.write_timeout = WorkOSV2.config.timeout if RUBY_VERSION >= '2.6.0'
+      end
+    end
+
+    sig do
+      params(
+        request: T.any(Net::HTTP::Get, Net::HTTP::Post, Net::HTTP::Delete, Net::HTTP::Put),
+      ).returns(::T.untyped)
+    end
+    def execute_request(request:)
+      begin
+        response = client.request(request)
+      rescue Net::OpenTimeout, Net::ReadTimeout, Net::WriteTimeout
+        raise TimeoutError.new(
+          message: 'API Timeout Error',
+        )
+      end
+
+      http_status = response.code.to_i
+      handle_error_response(response: response) if http_status >= 400
+
+      response
+    end
+
+    sig do
+      params(
+        path: String,
+        auth: T.nilable(T::Boolean),
+        params: T.nilable(Hash),
+        access_token: T.nilable(String),
+      ).returns(Net::HTTP::Get)
+    end
+    def get_request(path:, auth: false, params: {}, access_token: nil)
+      uri = URI(path)
+      uri.query = URI.encode_www_form(params) if params
+
+      request = Net::HTTP::Get.new(
+        uri.to_s,
+        'Content-Type' => 'application/json',
+      )
+
+      request['Authorization'] = "Bearer #{access_token || WorkOSV2.config.key!}" if auth
+      request['User-Agent'] = user_agent
+      request
+    end
+
+    sig do
+      params(
+        path: String,
+        auth: T.nilable(T::Boolean),
+        idempotency_key: T.nilable(String),
+        body: T.nilable(Hash),
+      ).returns(Net::HTTP::Post)
+    end
+    def post_request(path:, auth: false, idempotency_key: nil, body: nil)
+      request = Net::HTTP::Post.new(path, 'Content-Type' => 'application/json')
+      request.body = body.to_json if body
+      request['Authorization'] = "Bearer #{WorkOSV2.config.key!}" if auth
+      request['Idempotency-Key'] = idempotency_key if idempotency_key
+      request['User-Agent'] = user_agent
+      request
+    end
+
+    sig do
+      params(
+        path: String,
+        auth: T.nilable(T::Boolean),
+        params: T.nilable(Hash),
+      ).returns(Net::HTTP::Delete)
+    end
+    def delete_request(path:, auth: false, params: {})
+      uri = URI(path)
+      uri.query = URI.encode_www_form(params) if params
+
+      request = Net::HTTP::Delete.new(
+        uri.to_s,
+        'Content-Type' => 'application/json',
+      )
+
+      request['Authorization'] = "Bearer #{WorkOSV2.config.key!}" if auth
+      request['User-Agent'] = user_agent
+      request
+    end
+
+    sig do
+      params(
+        path: String,
+        auth: T.nilable(T::Boolean),
+        idempotency_key: T.nilable(String),
+        body: T.nilable(Hash),
+      ).returns(Net::HTTP::Put)
+    end
+    def put_request(path:, auth: false, idempotency_key: nil, body: nil)
+      request = Net::HTTP::Put.new(path, 'Content-Type' => 'application/json')
+      request.body = body.to_json if body
+      request['Authorization'] = "Bearer #{WorkOSV2.config.key!}" if auth
+      request['Idempotency-Key'] = idempotency_key if idempotency_key
+      request['User-Agent'] = user_agent
+      request
+    end
+
+    sig { returns(String) }
+    def user_agent
+      engine = defined?(::RUBY_ENGINE) ? ::RUBY_ENGINE : 'Ruby'
+
+      [
+        'WorkOSV2',
+        "#{engine}/#{RUBY_VERSION}",
+        RUBY_PLATFORM,
+        "v#{WorkOSV2::VERSION}"
+      ].join('; ')
+    end
+
+    # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+    sig { params(response: ::T.untyped).void }
+    def handle_error_response(response:)
+      http_status = response.code.to_i
+      json = JSON.parse(response.body)
+
+      case http_status
+      when 400
+        raise InvalidRequestError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+          code: json['code'],
+          errors: json['errors'],
+        )
+      when 401
+        raise AuthenticationError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+        )
+      when 404
+        raise APIError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+        )
+      when 422
+        message = json['message']
+        code = json['code']
+        errors = extract_error(json['errors']) if json['errors']
+        message += " (#{errors})" if errors
+
+        raise InvalidRequestError.new(
+          message: message,
+          http_status: http_status,
+          request_id: response['x-request-id'],
+          code: code,
+        )
+      else
+        raise APIError.new(
+          message: json['message'],
+          http_status: http_status,
+          request_id: response['x-request-id'],
+        )
+      end
+    end
+    # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
+
+    private
+
+    def extract_error(errors)
+      errors.map do |error|
+        "#{error['field']}: #{error['code']}"
+      end.join('; ')
+    end
+  end
+end

data/lib/workosv2/configuration.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # Configuration class sets config initializer
+  class Configuration
+    attr_accessor :timeout, :key
+
+    def initialize
+      @timeout = 60
+    end
+
+    def key!
+      key or raise '`WorkOSV2.config.key` not set'
+    end
+  end
+end

data/lib/workosv2/connection.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # The Connection class provides a lightweight wrapper around
+  # a WorkOSV2 Connection resource. This class is not meant to be instantiated
+  # in user space, and is instantiated internally but exposed.
+  # Note: status is deprecated - use state instead
+  class Connection
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :id, :name, :connection_type, :domains, :organization_id,
+                  :state, :status, :created_at, :updated_at
+
+    # rubocop:disable Metrics/AbcSize
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+
+      @id = T.let(raw.id, String)
+      @name = T.let(raw.name, String)
+      @connection_type = T.let(raw.connection_type, String)
+      @domains = T.let(raw.domains, Array)
+      @organization_id = raw.organization_id
+      @state = T.let(raw.state, String)
+      @status = T.let(raw.status, String)
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+    end
+    # rubocop:enable Metrics/AbcSize
+
+    def to_json(*)
+      {
+        id: id,
+        name: name,
+        connection_type: connection_type,
+        domains: domains,
+        organization_id: organization_id,
+        state: state,
+        status: status,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOSV2::Types::ConnectionStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOSV2::Types::ConnectionStruct.new(
+        id: hash[:id],
+        name: hash[:name],
+        connection_type: hash[:connection_type],
+        domains: hash[:domains],
+        organization_id: hash[:organization_id],
+        state: hash[:state],
+        status: hash[:status],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+  end
+end

data/lib/workosv2/deprecated_hash_wrapper.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module WorkOSV2
+  # A Temporary wrapper class for a Hash, currently the base class for
+  # WorOS::DirectoryGroup and WorkOSV2::DirectoryUser. Makes all the Hash
+  # methods available to those classes, but will also emit a deprecation
+  # warning whenever any of them are used.
+  #
+  # Once we deprecate Hash compatibility, this model can be deleted.
+  class DeprecatedHashWrapper < Hash
+    (public_instance_methods - Object.methods).each do |method_name|
+      define_method method_name do |*args, &block|
+        print_deprecation_warning(method_name)
+        super(*args, &block)
+      end
+    end
+
+    # call the original implementation of :replace in Hash,
+    # so we don't show the deprecation warning
+    def replace_without_warning(new_hash)
+      method(:replace).super_method&.call(new_hash)
+    end
+
+    def [](attribute_name)
+      usage = "#{object_name}.#{attribute_name}"
+      warning_message = "WARNING: The Hash style access for #{class_name} attributes is deprecated
+and will be removed in a future version. Please use `#{usage}` or equivalent accessor.\n"
+
+      print_deprecation_warning('[]', warning_message)
+
+      super(attribute_name.to_sym)
+    end
+
+    private
+
+    def deprecation_warning(method_name)
+      usage = "#{object_name}.to_h.#{method_name}"
+
+      "WARNING: Hash compatibility for #{class_name} is deprecated and will be removed
+in a future version. Please use `#{usage}` to access methods on the attribute Hash object.\n"
+    end
+
+    def print_deprecation_warning(method_name, warning_message = deprecation_warning(method_name))
+      if RUBY_VERSION > '3'
+        warn warning_message, category: :deprecated
+      else
+        warn warning_message
+      end
+    end
+
+    def class_name
+      self.class.name
+    end
+
+    # We want to do class_name.demodulize.underscore here, but that's not available in Ruby 1.9, so
+    # implementing the demodulize and underscore methods here.
+    def object_name
+      i = class_name.rindex('::')
+      object_name = i ? class_name[(i + 2)..-1] : class_name
+      underscore(object_name)
+    end
+
+    def underscore(camel_cased_word)
+      return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word)
+
+      word = camel_cased_word.to_s.gsub('::', '/')
+      word.gsub!(/(?:(?<=([A-Za-z\d]))|\b)((?=a)b)(?=\b|[^a-z])/) do
+        "#{Regexp.last_match(1) && '_'}#{Regexp.last_match(2).downcase}"
+      end
+      word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { (Regexp.last_match(1) || Regexp.last_match(2)) << '_' }
+      word.tr!('-', '_')
+      word.downcase!
+      word
+    end
+  end
+end