workosv2 2.15.0

data/spec/lib/workos/mfa_spec.rb

@@ -0,0 +1,281 @@
+# frozen_string_literal: true
+# typed: false
+
+describe WorkOSV2::MFA do
+  it_behaves_like 'client'
+
+  describe '.enroll_factor' do
+    context 'with valid generic argument' do
+      it 'returns a valid factor object' do
+        VCR.use_cassette 'mfa/enroll_factor_generic_valid' do
+          factor = described_class.enroll_factor(
+            type: 'generic_otp',
+          )
+          expect(factor.type == 'generic_otp')
+        end
+      end
+    end
+
+    context 'with valid totp arguments' do
+      it 'returns a valid factor object' do
+        VCR.use_cassette 'mfa/enroll_factor_totp_valid' do
+          factor = described_class.enroll_factor(
+            type: 'totp',
+            totp_issuer: 'WorkOSV2',
+            totp_user: 'some_user',
+          )
+          expect(factor.totp.instance_of?(Hash))
+        end
+      end
+    end
+
+    context 'with valid sms arguments' do
+      it 'returns a valid factor object' do
+        VCR.use_cassette 'mfa/enroll_factor_sms_valid' do
+          factor = described_class.enroll_factor(
+            type: 'sms',
+            phone_number: '55555555555',
+          )
+          expect(factor.sms.instance_of?(Hash))
+        end
+      end
+    end
+
+    context 'when type is not sms or totp' do
+      it 'returns an error' do
+        expect do
+          described_class.enroll_factor(
+            type: 'invalid',
+            phone_number: '+15005550006',
+          )
+        end.to raise_error(
+          ArgumentError,
+          "Type argument must be either 'sms' or 'totp'",
+        )
+      end
+    end
+
+    context 'when type is totp but missing arguments' do
+      it 'returns an error' do
+        expect do
+          described_class.enroll_factor(
+            type: 'totp',
+            totp_issuer: 'WorkOSV2',
+          )
+        end.to raise_error(
+          ArgumentError,
+          'Incomplete arguments. Need to specify both totp_issuer and totp_user when type is totp',
+        )
+      end
+    end
+    context 'when type is sms and phone number is nil' do
+      it 'returns an error' do
+        expect do
+          described_class.enroll_factor(
+            type: 'sms',
+          )
+        end.to raise_error(
+          ArgumentError,
+          'Incomplete arguments. Need to specify phone_number when type is sms',
+        )
+      end
+    end
+  end
+
+  describe '.challenge_factor' do
+    context 'challenge with totp' do
+      it 'returns challenge factor object for totp' do
+        VCR.use_cassette 'mfa/challenge_factor_totp_valid' do
+          challenge_factor = described_class.challenge_factor(
+            authentication_factor_id: 'auth_factor_01FZ4TS0MWPZR7GATS7KCXANQZ',
+          )
+          expect(challenge_factor.authentication_factor_id.class.instance_of?(String))
+        end
+      end
+    end
+
+    context 'challenge with sms' do
+      it 'returns a challenge factor object for sms' do
+        VCR.use_cassette 'mfa/challenge_factor_sms_valid' do
+          challenge_factor = described_class.challenge_factor(
+            authentication_factor_id: 'auth_factor_01FZ4TS14D1PHFNZ9GF6YD8M1F',
+            sms_template: 'Your code is {{code}}',
+          )
+          expect(challenge_factor.authentication_factor_id.instance_of?(String))
+        end
+      end
+    end
+
+    context 'challenge with generic' do
+      it 'returns a valid challenge factor object for generic otp' do
+        VCR.use_cassette 'mfa/challenge_factor_generic_valid' do
+          challenge_factor = described_class.challenge_factor(
+            authentication_factor_id: 'auth_factor_01FZ4WMXXA09XF6NK1XMKNWB3M',
+          )
+          expect(challenge_factor.code.instance_of?(String))
+        end
+      end
+    end
+
+    context 'challenge with totp mssing authentication_factor_id' do
+      it 'returns argument error' do
+        expect do
+          described_class.challenge_factor
+        end.to raise_error(
+          ArgumentError,
+          "Incomplete arguments: 'authentication_factor_id' is a required argument",
+        )
+      end
+    end
+  end
+
+  describe '.verify_factor' do
+    it 'throws a warning' do
+      expect do
+        VCR.use_cassette 'mfa/verify_challenge_generic_valid' do
+          described_class.verify_factor(
+            authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+            code: '897792',
+          )
+        end
+      end.to output("[DEPRECATION] `verify_factor` is deprecated. Please use `verify_challenge` instead.\n").to_stderr
+    end
+
+    it 'calls verify_challenge' do
+      VCR.use_cassette 'mfa/verify_challenge_generic_valid' do
+        verify_factor = described_class.verify_factor(
+          authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+          code: '897792',
+        )
+        expect(verify_factor.valid == 'true')
+      end
+    end
+  end
+
+  describe '.verify_challenge' do
+    context 'with generic otp' do
+      context 'and the challenge has not been verified' do
+        it 'returns true if the code is correct' do
+          VCR.use_cassette 'mfa/verify_challenge_generic_valid' do
+            verify_challenge = described_class.verify_challenge(
+              authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+              code: '897792',
+            )
+            expect(verify_challenge.valid == 'true')
+          end
+        end
+
+        it 'returns false if the code is incorrect' do
+          VCR.use_cassette 'mfa/verify_challenge_generic_valid_is_false' do
+            verify_challenge = described_class.verify_challenge(
+              authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+              code: '897792',
+            )
+            expect(verify_challenge.valid == 'false')
+          end
+        end
+      end
+
+      context 'and the challenge has already been verified' do
+        it 'returns an error' do
+          VCR.use_cassette 'mfa/verify_challenge_generic_invalid' do
+            expect do
+              described_class.verify_challenge(
+                authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+                code: '897792',
+              )
+            end.to raise_error(WorkOSV2::InvalidRequestError)
+          end
+        end
+      end
+
+      context 'and the challenge has expired' do
+        it 'returns an error' do
+          VCR.use_cassette 'mfa/verify_challenge_generic_expired' do
+            expect do
+              described_class.verify_challenge(
+                authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+                code: '897792',
+              )
+            end.to raise_error(WorkOSV2::InvalidRequestError)
+          end
+        end
+      end
+
+      context 'with missing code argument' do
+        it 'returns an argument error' do
+          expect do
+            described_class.verify_challenge(
+              authentication_challenge_id: 'auth_challenge_01FZ4YVRBMXP5ZM0A7BP4AJ12J',
+            )
+          end.to raise_error(
+            ArgumentError,
+            "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments",
+          )
+        end
+      end
+
+      context 'with missing authentication_challenge_id argument' do
+        it 'returns an error' do
+          expect do
+            described_class.verify_challenge(
+              code: '897792',
+            )
+          end.to raise_error(
+            ArgumentError,
+            "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments",
+          )
+        end
+      end
+
+      context 'with missing code and authentication_challenge_id arguments' do
+        it 'returns an argument error' do
+          expect do
+            described_class.verify_challenge
+          end.to raise_error(
+            ArgumentError,
+            "Incomplete arguments: 'authentication_challenge_id' and 'code' are required arguments",
+          )
+        end
+      end
+    end
+  end
+
+  describe '.get_factor' do
+    context 'with a valid id' do
+      it 'returns a factor' do
+        VCR.use_cassette 'mfa/get_factor_valid' do
+          factor = described_class.get_factor(
+            id: 'auth_factor_01FZ4WMXXA09XF6NK1XMKNWB3M',
+          )
+          expect(factor.id.instance_of?(String))
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'returns an error' do
+        VCR.use_cassette 'mfa/get_factor_invalid' do
+          expect do
+            described_class.get_factor(
+              id: 'auth_factor_invalid',
+            )
+          end.to raise_error(WorkOSV2::APIError)
+        end
+      end
+    end
+  end
+
+  describe '.delete_factor' do
+    context 'deletes facotr' do
+      it 'uses delete_factor to delete factor' do
+        VCR.use_cassette 'mfa/delete_factor' do
+          response = described_class.delete_factor(
+            id: 'auth_factor_01FZ4WMXXA09XF6NK1XMKNWB3M',
+          )
+          expect(response).to be(true)
+        end
+      end
+    end
+  end
+end

data/spec/lib/workos/organizations_spec.rb

@@ -0,0 +1,257 @@
+# frozen_string_literal: true
+# typed: false
+
+describe WorkOSV2::Organizations do
+  it_behaves_like 'client'
+
+  describe '.create_organization' do
+    context 'with valid payload' do
+      context 'with no idempotency key' do
+        it 'creates an organization' do
+          VCR.use_cassette 'organization/create' do
+            organization = described_class.create_organization(
+              domains: ['example.io'],
+              name: 'Test Organization',
+            )
+
+            expect(organization.id).to eq('org_01FCPEJXEZR4DSBA625YMGQT9N')
+            expect(organization.name).to eq('Test Organization')
+            expect(organization.domains.first[:domain]).to eq('example.io')
+          end
+        end
+      end
+
+      context 'with idempotency key' do
+        context 'when idempotency key is used once' do
+          it 'creates an organization' do
+            VCR.use_cassette 'organization/create_with_idempotency_key' do
+              organization = described_class.create_organization(
+                domains: ['example.io'],
+                name: 'Test Organization',
+                idempotency_key: 'key',
+              )
+
+              expect(organization.name).to eq('Test Organization')
+              expect(organization.domains.first[:domain]).to eq('example.io')
+            end
+          end
+        end
+
+        context 'when idempotency key is used more than once' do
+          context 'with duplicate event payloads' do
+            it 'returns the already created organization' do
+              VCR.use_cassette 'organization/create_with_duplicate_idempotency_key_and_payload' do
+                organization1 = described_class.create_organization(
+                  domains: ['example.com'],
+                  name: 'Test Organization',
+                  idempotency_key: 'foo',
+                )
+
+                organization2 = described_class.create_organization(
+                  domains: ['example.com'],
+                  name: 'Test Organization',
+                  idempotency_key: 'foo',
+                )
+
+                expect(organization1.id).to eq(organization2.id)
+              end
+            end
+          end
+
+          context 'with different event payloads' do
+            it 'raises an error' do
+              VCR.use_cassette 'organization/create_with_duplicate_idempotency_key_and_different_payload' do
+                described_class.create_organization(
+                  domains: ['example.me'],
+                  name: 'Test Organization',
+                  idempotency_key: 'bar',
+                )
+
+                expect do
+                  described_class.create_organization(
+                    domains: ['example.me'],
+                    name: 'Organization Test',
+                    idempotency_key: 'bar',
+                  )
+                end.to raise_error(
+                  WorkOSV2::InvalidRequestError,
+                  /Status 400, Another idempotency key \(bar\) with different request parameters was found. Please use a different idempotency key./,
+                )
+              end
+            end
+          end
+        end
+      end
+    end
+
+    context 'with an invalid payload' do
+      it 'returns an error' do
+        VCR.use_cassette 'organization/create_invalid' do
+          expect do
+            described_class.create_organization(
+              domains: ['example.com'],
+              name: 'Test Organization 2',
+            )
+          end.to raise_error(
+            WorkOSV2::APIError,
+            /An Organization with the domain example.com already exists/,
+          )
+        end
+      end
+    end
+  end
+
+  describe '.list_organizations' do
+    context 'with no options' do
+      it 'returns organizations and metadata' do
+        expected_metadata = {
+          'after' => nil,
+          'before' => 'before-id',
+        }
+
+        VCR.use_cassette 'organization/list' do
+          organizations = described_class.list_organizations
+
+          expect(organizations.data.size).to eq(6)
+          expect(organizations.list_metadata).to eq(expected_metadata)
+        end
+      end
+    end
+
+    context 'with the before option' do
+      it 'forms the proper request to the API' do
+        request_args = [
+          '/organizations?before=before-id',
+          'Content-Type' => 'application/json'
+        ]
+
+        expected_request = Net::HTTP::Get.new(*request_args)
+
+        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
+          and_return(expected_request)
+
+        VCR.use_cassette 'organization/list', match_requests_on: [:path] do
+          organizations = described_class.list_organizations(
+            before: 'before-id',
+          )
+
+          expect(organizations.data.size).to eq(6)
+        end
+      end
+    end
+
+    context 'with the after option' do
+      it 'forms the proper request to the API' do
+        request_args = [
+          '/organizations?after=after-id',
+          'Content-Type' => 'application/json'
+        ]
+
+        expected_request = Net::HTTP::Get.new(*request_args)
+
+        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
+          and_return(expected_request)
+
+        VCR.use_cassette 'organization/list', match_requests_on: [:path] do
+          organizations = described_class.list_organizations(after: 'after-id')
+
+          expect(organizations.data.size).to eq(6)
+        end
+      end
+    end
+
+    context 'with the limit option' do
+      it 'forms the proper request to the API' do
+        request_args = [
+          '/organizations?limit=10',
+          'Content-Type' => 'application/json'
+        ]
+
+        expected_request = Net::HTTP::Get.new(*request_args)
+
+        expect(Net::HTTP::Get).to receive(:new).with(*request_args).
+          and_return(expected_request)
+
+        VCR.use_cassette 'organization/list', match_requests_on: [:path] do
+          organizations = described_class.list_organizations(limit: 10)
+
+          expect(organizations.data.size).to eq(6)
+        end
+      end
+    end
+  end
+
+  describe '.get_organization' do
+    context 'with a valid id' do
+      it 'gets the organization details' do
+        VCR.use_cassette('organization/get') do
+          organization = described_class.get_organization(
+            id: 'org_01F9293WD2PDEEV4Y625XPZVG7',
+          )
+
+          expect(organization.id).to eq('org_01F9293WD2PDEEV4Y625XPZVG7')
+          expect(organization.name).to eq('Foo Corp')
+          expect(organization.domains.first[:domain]).to eq('foo-corp.com')
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'raises an error' do
+        VCR.use_cassette('organization/get_invalid') do
+          expect do
+            described_class.get_organization(id: 'invalid')
+          end.to raise_error(
+            WorkOSV2::APIError,
+            'Status 404, Not Found - request ID: ',
+          )
+        end
+      end
+    end
+  end
+
+  describe '.update_organization' do
+    context 'with valid payload' do
+      it 'creates an organization' do
+        VCR.use_cassette 'organization/update' do
+          organization = described_class.update_organization(
+            organization: 'org_01F6Q6TFP7RD2PF6J03ANNWDKV',
+            domains: ['example.me'],
+            name: 'Test Organization',
+          )
+
+          expect(organization.id).to eq('org_01F6Q6TFP7RD2PF6J03ANNWDKV')
+          expect(organization.name).to eq('Test Organization')
+          expect(organization.domains.first[:domain]).to eq('example.me')
+        end
+      end
+    end
+  end
+
+  describe '.delete_organization' do
+    context 'with a valid id' do
+      it 'returns true' do
+        VCR.use_cassette('organization/delete') do
+          response = described_class.delete_organization(
+            id: 'org_01F4A8TD0B4N1Y9SJ8SH635HDB',
+          )
+
+          expect(response).to be(true)
+        end
+      end
+    end
+
+    context 'with an invalid id' do
+      it 'returns false' do
+        VCR.use_cassette('organization/delete_invalid') do
+          expect do
+            described_class.delete_organization(id: 'invalid')
+          end.to raise_error(
+            WorkOSV2::APIError,
+            'Status 404, Not Found - request ID: ',
+          )
+        end
+      end
+    end
+  end
+end

data/spec/lib/workos/passwordless_spec.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+# typed: false
+
+describe WorkOSV2::Passwordless do
+  it_behaves_like 'client'
+
+  describe '.create_session' do
+    context 'with valid options payload' do
+      let(:valid_options) do
+        {
+          email: 'demo@workos-okta.com',
+          type: 'MagicLink',
+          redirect_uri: 'foo.com/auth/callback',
+        }
+      end
+
+      it 'creates a session' do
+        VCR.use_cassette('passwordless/create_session') do
+          response = described_class.create_session(valid_options)
+
+          expect(response.email).to eq 'demo@workos-okta.com'
+        end
+      end
+    end
+
+    context 'with invalid event payload' do
+      let(:invalid_options) do
+        {}
+      end
+
+      it 'raises an error' do
+        VCR.use_cassette('passwordless/create_session_invalid') do
+          expect do
+            described_class.create_session(invalid_options)
+          end.to raise_error(
+            WorkOSV2::InvalidRequestError,
+            /Status 422, Validation failed \(email: email must be a string; type: type must be a valid enum value\)/,
+          )
+        end
+      end
+    end
+  end
+
+  describe '.send_session' do
+    context 'with valid session id' do
+      let(:valid_options) do
+        {
+          email: 'demo@workos-okta.com',
+          type: 'MagicLink',
+        }
+      end
+
+      it 'send a session' do
+        VCR.use_cassette('passwordless/send_session') do
+          response = described_class.send_session(
+            'passwordless_session_01EJC0F4KH42T11Y2DHPEB09BM',
+          )
+
+          expect(response['success']).to eq true
+        end
+      end
+    end
+
+    context 'with invalid session id' do
+      it 'raises an error' do
+        VCR.use_cassette('passwordless/send_session_invalid') do
+          expect do
+            described_class.send_session('session_123')
+          end.to raise_error(
+            WorkOSV2::InvalidRequestError,
+            /Status 422, The passwordless session 'session_123' has expired or is invalid./,
+          )
+        end
+      end
+    end
+  end
+end

data/spec/lib/workos/portal_spec.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+# typed: false
+
+describe WorkOSV2::Portal do
+  it_behaves_like 'client'
+
+  describe '.generate_link' do
+    let(:organization) { 'org_01EHQMYV6MBK39QC5PZXHY59C3' }
+
+    describe 'with a valid organization' do
+      context 'with the sso intent' do
+        it 'returns an Admin Portal link' do
+          VCR.use_cassette 'portal/generate_link_sso' do
+            portal_link = described_class.generate_link(
+              intent: 'sso',
+              organization: organization,
+            )
+
+            expect(portal_link).to eq(
+              'https://id.workos.com/portal/launch?secret=secret',
+            )
+          end
+        end
+      end
+
+      describe 'with the dsync intent' do
+        it 'returns an Admin Portal link' do
+          VCR.use_cassette 'portal/generate_link_dsync' do
+            portal_link = described_class.generate_link(
+              intent: 'dsync',
+              organization: organization,
+            )
+
+            expect(portal_link).to eq(
+              'https://id.workos.com/portal/launch?secret=secret',
+            )
+          end
+        end
+      end
+
+      describe 'with the audit_logs intent' do
+        it 'returns an Admin Portal link' do
+          VCR.use_cassette 'portal/generate_link_audit_logs', match_requests_on: %i[path body] do
+            portal_link = described_class.generate_link(
+              intent: 'audit_logs',
+              organization: organization,
+            )
+
+            expect(portal_link).to eq(
+              'https://id.workos.com/portal/launch?secret=secret',
+            )
+          end
+        end
+      end
+    end
+
+    describe 'with an invalid organization' do
+      it 'raises an error' do
+        VCR.use_cassette 'portal/generate_link_invalid' do
+          expect do
+            described_class.generate_link(
+              intent: 'sso',
+              organization: 'bogus-id',
+            )
+          end.to raise_error(
+            WorkOSV2::InvalidRequestError,
+            /Could not find an organization with the id, bogus-id/,
+          )
+        end
+      end
+    end
+
+    describe 'with an invalid intent' do
+      it 'raises an error' do
+        expect do
+          described_class.generate_link(
+            intent: 'bogus-intent',
+            organization: organization,
+          )
+        end.to raise_error(
+          ArgumentError,
+          /bogus-intent is not a valid value/,
+        )
+      end
+    end
+  end
+end