workosv2 2.15.0

data/lib/workosv2/mfa.rb

@@ -0,0 +1,178 @@
+# frozen_string_literal: true
+# typed: true
+
+
+require 'net/http'
+require 'uri'
+
+module WorkOSV2
+  # The MFA module provides convenience methods for working with the WorkOSV2
+  # MFA platform. You'll need a valid API key
+  module MFA
+    class << self
+      extend T::Sig
+      include Client
+      sig { params(id: String).returns(T::Boolean) }
+      def delete_factor(id:)
+        response = execute_request(
+          request: delete_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        response.is_a? Net::HTTPSuccess
+      end
+
+      sig do
+        params(id: String).returns(WorkOSV2::Factor)
+      end
+      def get_factor(
+        id:
+      )
+        response = execute_request(
+          request: get_request(
+            path: "/auth/factors/#{id}",
+            auth: true,
+          ),
+        )
+        WorkOSV2::Factor.new(response.body)
+      end
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).void
+      end
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+
+      def validate_args(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        if type != 'sms' && type != 'totp' && type != 'generic_otp'
+          raise ArgumentError, "Type argument must be either 'sms' or 'totp'"
+        end
+        if (type == 'totp' && totp_issuer.nil?) || (type == 'totp' && totp_user.nil?)
+          raise ArgumentError, 'Incomplete arguments. Need to specify both totp_issuer and totp_user when type is totp'
+        end
+        return unless type == 'sms' && phone_number.nil?
+
+        raise ArgumentError, 'Incomplete arguments. Need to specify phone_number when type is sms'
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+
+      sig do
+        params(
+          type: String,
+          totp_issuer: T.nilable(String),
+          totp_user: T.nilable(String),
+          phone_number: T.nilable(String),
+        ).returns(WorkOSV2::Factor)
+      end
+      def enroll_factor(
+        type:,
+        totp_issuer: nil,
+        totp_user: nil,
+        phone_number: nil
+      )
+        validate_args(
+          type: type,
+          totp_issuer: totp_issuer,
+          totp_user: totp_user,
+          phone_number: phone_number,
+        )
+        response = execute_request(request: post_request(
+          auth: true,
+          body: {
+            type: type,
+            totp_issuer: totp_issuer,
+            totp_user: totp_user,
+            phone_number: phone_number,
+          },
+          path: '/auth/factors/enroll',
+        ))
+        WorkOSV2::Factor.new(response.body)
+      end
+
+      sig do
+        params(
+          authentication_factor_id: T.nilable(String),
+          sms_template: T.nilable(String),
+        ).returns(WorkOSV2::Challenge)
+      end
+      def challenge_factor(
+        authentication_factor_id: nil,
+        sms_template: nil
+      )
+        if authentication_factor_id.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_factor_id' is a required argument"
+        end
+
+        request = post_request(
+          auth: true,
+          body: {
+            sms_template: sms_template,
+          },
+          path: "/auth/factors/#{authentication_factor_id}/challenge",
+        )
+
+        response = execute_request(request: request)
+        WorkOSV2::Challenge.new(response.body)
+      end
+
+      sig do
+        params(
+          authentication_challenge_id: T.nilable(String),
+          code: T.nilable(String),
+        ).returns(WorkOSV2::VerifyChallenge)
+      end
+      def verify_factor(
+        authentication_challenge_id: nil,
+        code: nil
+      )
+        warn '[DEPRECATION] `verify_factor` is deprecated. Please use `verify_challenge` instead.'
+
+        verify_challenge(
+          authentication_challenge_id: authentication_challenge_id,
+          code: code,
+        )
+      end
+
+      sig do
+        params(
+          authentication_challenge_id: T.nilable(String),
+          code: T.nilable(String),
+        ).returns(WorkOSV2::VerifyChallenge)
+      end
+      def verify_challenge(
+        authentication_challenge_id: nil,
+        code: nil
+      )
+
+        if authentication_challenge_id.nil? || code.nil?
+          raise ArgumentError, "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments"
+        end
+
+        options = {
+          "code": code,
+        }
+
+        response = execute_request(
+          request: post_request(
+            path: "/auth/challenges/#{authentication_challenge_id}/verify",
+            auth: true,
+            body: options,
+          ),
+        )
+        WorkOSV2::VerifyChallenge.new(response.body)
+      end
+    end
+  end
+end

data/lib/workosv2/organization.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # The Organization class provides a lightweight wrapper around
+  # a WorkOSV2 Organization resource. This class is not meant to be instantiated
+  # in user space, and is instantiated internally but exposed.
+  class Organization
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :id, :domains, :name, :allow_profiles_outside_organization, :created_at, :updated_at
+
+    sig { params(json: String).void }
+    def initialize(json)
+      raw = parse_json(json)
+
+      @id = T.let(raw.id, String)
+      @name = T.let(raw.name, String)
+      @allow_profiles_outside_organization = T.let(raw.allow_profiles_outside_organization, T::Boolean)
+      @domains = T.let(raw.domains, Array)
+      @created_at = T.let(raw.created_at, String)
+      @updated_at = T.let(raw.updated_at, String)
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        name: name,
+        allow_profiles_outside_organization: allow_profiles_outside_organization,
+        domains: domains,
+        created_at: created_at,
+        updated_at: updated_at,
+      }
+    end
+
+    private
+
+    sig do
+      params(
+        json_string: String,
+      ).returns(WorkOSV2::Types::OrganizationStruct)
+    end
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOSV2::Types::OrganizationStruct.new(
+        id: hash[:id],
+        name: hash[:name],
+        allow_profiles_outside_organization: hash[:allow_profiles_outside_organization],
+        domains: hash[:domains],
+        created_at: hash[:created_at],
+        updated_at: hash[:updated_at],
+      )
+    end
+  end
+end

data/lib/workosv2/organizations.rb

@@ -0,0 +1,188 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'net/http'
+
+module WorkOSV2
+  # The Organizations module provides resource methods for working with Organizations
+  module Organizations
+    class << self
+      extend T::Sig
+      include Client
+
+      # Retrieve a list of organizations that have connections configured
+      # within your WorkOSV2 dashboard.
+      #
+      # @param [Array<String>] domains Filter organizations to only return those
+      #  that are associated with the provided domains.
+      # @param [String] before A pagination argument used to request
+      #  organizations before the provided Organization ID.
+      # @param [String] after A pagination argument used to request
+      #  organizations after the provided Organization ID.
+      # @param [Integer] limit A pagination argument used to limit the number
+      # @param [String] order The order in which to paginate records
+      #  of listed Organizations that are returned.
+      sig do
+        params(
+          options: T::Hash[Symbol, String],
+        ).returns(WorkOSV2::Types::ListStruct)
+      end
+      def list_organizations(options = {})
+        response = execute_request(
+          request: get_request(
+            path: '/organizations',
+            auth: true,
+            params: options,
+          ),
+        )
+
+        parsed_response = JSON.parse(response.body)
+
+        organizations = parsed_response['data'].map do |organization|
+          ::WorkOSV2::Organization.new(organization.to_json)
+        end
+
+        WorkOSV2::Types::ListStruct.new(
+          data: organizations,
+          list_metadata: parsed_response['listMetadata'],
+        )
+      end
+
+      # Get an Organization
+      #
+      # @param [String] id Organization unique identifier
+      #
+      # @example
+      #   WorkOSV2::Portal.get_organization(id: 'org_02DRA1XNSJDZ19A31F183ECQW9')
+      #   => #<WorkOSV2::Organization:0x00007fb6e4193d20
+      #         @id="org_02DRA1XNSJDZ19A31F183ECQW9",
+      #         @name="Foo Corp",
+      #         @domains=
+      #          [{:object=>"organization_domain",
+      #            :id=>"org_domain_01E6PK9N3XMD8RHWF7S66380AR",
+      #            :domain=>"foo-corp.com"}]>
+      #
+      # @return [WorkOSV2::Organization]
+      sig { params(id: String).returns(WorkOSV2::Organization) }
+      def get_organization(id:)
+        request = get_request(
+          auth: true,
+          path: "/organizations/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        WorkOSV2::Organization.new(response.body)
+      end
+
+      # Create an organization
+      #
+      # @param [Array<String>] domains List of domains that belong to the
+      #  organization
+      # @param [String] name A unique, descriptive name for the organization
+      # @param [Boolean, nil] allow_profiles_outside_organization Whether Connections
+      #  within the Organization allow profiles that are outside of the Organization's configured User Email Domains.
+      # @param [String] idempotency_key An idempotency key
+      sig do
+        params(
+          domains: T::Array[String],
+          name: String,
+          allow_profiles_outside_organization: T.nilable(T::Boolean),
+          idempotency_key: T.nilable(String),
+        ).returns(WorkOSV2::Organization)
+      end
+      def create_organization(domains:, name:, allow_profiles_outside_organization: nil, idempotency_key: nil)
+        request = post_request(
+          auth: true,
+          body: {
+            domains: domains,
+            name: name,
+            allow_profiles_outside_organization: allow_profiles_outside_organization,
+          },
+          path: '/organizations',
+          idempotency_key: idempotency_key,
+        )
+
+        response = execute_request(request: request)
+        check_and_raise_organization_error(response: response)
+
+        WorkOSV2::Organization.new(response.body)
+      end
+
+      # Update an organization
+      #
+      # @param [String] organization Organization unique identifier
+      # @param [Array<String>] domains List of domains that belong to the
+      #  organization
+      # @param [String] name A unique, descriptive name for the organization
+      # @param [Boolean, nil] allow_profiles_outside_organization Whether Connections
+      #  within the Organization allow profiles that are outside of the Organization's configured User Email Domains.
+      sig do
+        params(
+          organization: String,
+          domains: T::Array[String],
+          name: String,
+          allow_profiles_outside_organization: T.nilable(T::Boolean),
+        ).returns(WorkOSV2::Organization)
+      end
+      def update_organization(organization:, domains:, name:, allow_profiles_outside_organization: nil)
+        request = put_request(
+          auth: true,
+          body: {
+            domains: domains,
+            name: name,
+            allow_profiles_outside_organization: allow_profiles_outside_organization,
+          },
+          path: "/organizations/#{organization}",
+        )
+
+        response = execute_request(request: request)
+        check_and_raise_organization_error(response: response)
+
+        WorkOSV2::Organization.new(response.body)
+      end
+
+      # Delete an Organization
+      #
+      # @param [String] id Organization unique identifier
+      #
+      # @example
+      #   WorkOSV2::SSO.delete_organization(id: 'org_01EHZNVPK3SFK441A1RGBFSHRT')
+      #   => true
+      #
+      # @return [Bool] - returns `true` if successful
+      sig { params(id: String).returns(T::Boolean) }
+      def delete_organization(id:)
+        request = delete_request(
+          auth: true,
+          path: "/organizations/#{id}",
+        )
+
+        response = execute_request(request: request)
+
+        response.is_a? Net::HTTPSuccess
+      end
+
+      private
+
+      sig { params(response: Net::HTTPResponse).void }
+      def check_and_raise_organization_error(response:)
+        begin
+          body = JSON.parse(response.body)
+          return unless body['message']
+
+          message = body['message']
+          request_id = response['x-request-id']
+        rescue StandardError
+          message = 'Something went wrong'
+        end
+
+        raise APIError.new(
+          message: message,
+          http_status: nil,
+          request_id: request_id,
+        )
+      end
+    end
+  end
+end

data/lib/workosv2/passwordless.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'net/http'
+
+module WorkOSV2
+  # The Passwordless module provides convenience methods for working with
+  # passwordless sessions including the WorkOSV2 Magic Link. You'll need a valid
+  # API key.
+  #
+  # @see https://workos.com/docs/sso/configuring-magic-link
+  module Passwordless
+    class << self
+      extend T::Sig
+      include Client
+
+      # Create a Passwordless Session.
+      #
+      # @param [Hash] options A hash with options for the session
+      # @option options [String] email The email of the user to authenticate.
+      # @option options [String] state Optional parameter that the redirect URI
+      #  received from WorkOSV2 will contain. The state parameter can be used to
+      #  encode arbitrary information to help restore application state between
+      #  redirects.
+      # @option options [String] connection Optional parameter for the ID of a
+      #  specific connection. This can be used to create a Passwordless Session
+      #  for a specific connection rather than using the domain from the email
+      #  to determine the Organization and Connection.
+      # @option options [String] type The type of Passwordless Session to
+      #  create. Currently, the only supported value is 'MagicLink'.
+      # @option options [String] redirect_uri The URI where users are directed
+      #  after completing the authentication step. Must match a
+      #  configured redirect URI on your WorkOSV2 dashboard.
+      #
+      # @return Hash
+      sig do
+        params(
+          options: Hash,
+        ).returns(WorkOSV2::Types::PasswordlessSessionStruct)
+      end
+
+      def create_session(options)
+        response = execute_request(
+          request: post_request(
+            path: '/passwordless/sessions',
+            auth: true,
+            body: options,
+          ),
+        )
+
+        hash = JSON.parse(response.body)
+
+        WorkOSV2::Types::PasswordlessSessionStruct.new(
+          id: hash['id'],
+          email: hash['email'],
+          expires_at: Date.parse(hash['expires_at']),
+          link: hash['link'],
+        )
+      end
+
+      # Send a Passwordless Session via email.
+      #
+      # @param [String] session_id The unique identifier of the Passwordless
+      #  Session to send an email for.
+      #
+      # @return Hash
+      sig do
+        params(
+          session_id: String,
+        ).returns(T::Hash[String, T::Boolean])
+      end
+
+      def send_session(session_id)
+        response = execute_request(
+          request: post_request(
+            path: "/passwordless/sessions/#{session_id}/send",
+            auth: true,
+          ),
+        )
+
+        JSON.parse(response.body)
+      end
+    end
+  end
+end

data/lib/workosv2/portal.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+# typed: true
+
+require 'net/http'
+
+module WorkOSV2
+  # The Portal module provides resource methods for working with the Admin
+  # Portal product
+  module Portal
+    class << self
+      extend T::Sig
+      include Client
+
+      GENERATE_LINK_INTENTS = WorkOSV2::Types::Intent.values.map(&:serialize).
+                              freeze
+
+      # Generate a link to grant access to an organization's Admin Portal
+      #
+      # @param [String] intent The access scope for the generated Admin Portal
+      #  link. Valid values are: ["audit_logs", "dsync", "log_streams", "sso",]
+      # @param [String] organization The ID of the organization the Admin
+      #  Portal link will be generated for.
+      # @param [String] The URL that the end user will be redirected to upon
+      #  exiting the generated Admin Portal. If none is provided, the default
+      #  redirect link set in your WorkOSV2 Dashboard will be used.
+      # @param [String] The URL to which WorkOSV2 will redirect users to upon
+      #  successfully setting up Single Sign On or Directory Sync.
+      sig do
+        params(
+          intent: String,
+          organization: String,
+          return_url: T.nilable(String),
+          success_url: T.nilable(String),
+        ).returns(String)
+      end
+      def generate_link(intent:, organization:, return_url: nil, success_url: nil)
+        validate_intent(intent)
+
+        request = post_request(
+          auth: true,
+          body: {
+            intent: intent,
+            organization: organization,
+            return_url: return_url,
+            success_url: success_url,
+          },
+          path: '/portal/generate_link',
+        )
+
+        response = execute_request(request: request)
+
+        JSON.parse(response.body)['link']
+      end
+
+      private
+
+      sig { params(intent: String).void }
+      def validate_intent(intent)
+        return if GENERATE_LINK_INTENTS.include?(intent)
+
+        raise ArgumentError, "#{intent} is not a valid value." \
+        " `intent` must be in #{GENERATE_LINK_INTENTS}"
+      end
+    end
+  end
+end

data/lib/workosv2/profile.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # The Profile class provides a lighweight wrapper around
+  # a normalized response from the various IDPs WorkOSV2
+  # supports as part of the SSO integration. This class
+  # is not meant to be instantiated in user space, and
+  # is instantiated internally but exposed.
+  class Profile
+    include HashProvider
+    extend T::Sig
+
+    sig { returns(String) }
+    attr_accessor :id, :email, :first_name, :last_name, :groups, :organization_id,
+                  :connection_id, :connection_type, :idp_id, :raw_attributes
+
+    # rubocop:disable Metrics/AbcSize
+    sig { params(profile_json: String).void }
+    def initialize(profile_json)
+      raw = parse_json(profile_json)
+
+      @id = T.let(raw.id, String)
+      @email = T.let(raw.email, String)
+      @first_name = raw.first_name
+      @last_name = raw.last_name
+      @groups = raw.groups
+      @organization_id = raw.organization_id
+      @connection_id = T.let(raw.connection_id, String)
+      @connection_type = T.let(raw.connection_type, String)
+      @idp_id = raw.idp_id
+      @raw_attributes = raw.raw_attributes
+    end
+    # rubocop:enable Metrics/AbcSize
+
+    sig { returns(String) }
+    def full_name
+      [first_name, last_name].compact.join(' ')
+    end
+
+    def to_json(*)
+      {
+        id: id,
+        email: email,
+        first_name: first_name,
+        last_name: last_name,
+        groups: groups,
+        organization_id: organization_id,
+        connection_id: connection_id,
+        connection_type: connection_type,
+        idp_id: idp_id,
+        raw_attributes: raw_attributes,
+      }
+    end
+
+    private
+
+    sig { params(json_string: String).returns(WorkOSV2::Types::ProfileStruct) }
+    def parse_json(json_string)
+      hash = JSON.parse(json_string, symbolize_names: true)
+
+      WorkOSV2::Types::ProfileStruct.new(
+        id: hash[:id],
+        email: hash[:email],
+        first_name: hash[:first_name],
+        last_name: hash[:last_name],
+        groups: hash[:groups],
+        organization_id: hash[:organization_id],
+        connection_id: hash[:connection_id],
+        connection_type: hash[:connection_type],
+        idp_id: hash[:idp_id],
+        raw_attributes: hash[:raw_attributes],
+      )
+    end
+  end
+end

data/lib/workosv2/profile_and_token.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+# typed: true
+
+module WorkOSV2
+  # The ProfileAndToken class represents a Profile and a corresponding
+  # Access Token. This class is not meant to be instantiated in user space, and
+  # is instantiated internally but exposed.
+  class ProfileAndToken
+    include HashProvider
+    extend T::Sig
+
+    attr_accessor :access_token, :profile
+
+    sig { params(profile_and_token_json: String).void }
+    def initialize(profile_and_token_json)
+      json = JSON.parse(profile_and_token_json, symbolize_names: true)
+
+      @access_token = T.let(json[:access_token], String)
+      @profile = WorkOSV2::Profile.new(json[:profile].to_json)
+    end
+
+    def to_json(*)
+      {
+        access_token: access_token,
+        profile: profile.to_json,
+      }
+    end
+  end
+end