zoom_rb 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6298bd85028abebb9ba4b82a23d22ddefeeca40d424cd71274c1696f20986d59
-  data.tar.gz: f312fbe762644b491bb9e51c56b500797f0e457edcc30d99235ba9859e56ede7
+  metadata.gz: f1daca097d96a5590a12307f6fb353a613e8c74ae5c0a0ab93fde738fcd3518b
+  data.tar.gz: 33bbfbb55bb2343c296cddfd92906b799fd57ded467f7755e836971b58f675ad
 SHA512:
-  metadata.gz: 27314937fc73a8c099edd373160f062e05c1f02b3ab35955877f7cdd48cd645031165a4873f83cd6332e69f1c03eb9fd02e851036d8a1c46c8b01f358fe69406
-  data.tar.gz: 9317f1791b0f20c0a53ddc0fe7518aab7d3760b41f7a7fe81aa22d3a4a0785aab200dd0f478930cfa3e6b2271e78043c5f1b62dd7704f7dce8755ebee537f6a4
+  metadata.gz: 3c02b9b0964774320e19da1a8269e864c012b86ea32e4383d1e69618dc6d6a2e927fb263782009c199a57003c3b11b6c928b3d5945a955df8aaf4050fabd0721
+  data.tar.gz: a5b0c0c8ae5d8c59e30967a4b48e1372dccd0642dd90a5bc8551b917b0a91f8a912dfe2a4c056caae6659ac477812cfd79b745659ac361b63649edbc2a163c86

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.1.0
+
+### New features
+* Support the new Zoom API OAuth security measures which are described here:
+  https://marketplace.zoom.us/docs/guides/stay-up-to-date/announcements/#zoom-oauth-security-updates
+* Support the code_verifier parameter in the access_tokens call.
+
 # 1.0.2
 
 ### Fixes:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    zoom_rb (1.0.2)
+    zoom_rb (1.1.0)
       httparty (~> 0.13)
       json (>= 1.8)
       jwt

data/lib/zoom/actions/token.rb

@@ -6,12 +6,16 @@ module Zoom
       extend Zoom::Actions
 
       post 'access_tokens',
-        '/oauth/token?grant_type=authorization_code&code=:auth_code&redirect_uri=:redirect_uri',
-        oauth: true
+        '/oauth/token',
+        oauth: true,
+        require: %i[grant_type code redirect_uri],
+        permit: :code_verifier,
+        args_to_params: { auth_code: :code }
 
       post 'refresh_tokens',
-        '/oauth/token?grant_type=refresh_token&refresh_token=:refresh_token',
-        oauth: true
+        '/oauth/token',
+        oauth: true,
+        require: %i[grant_type refresh_token]
 
       post 'data_compliance', '/oauth/data/compliance',
         oauth: true,
@@ -19,8 +23,10 @@ module Zoom
           client_id user_id account_id deauthorization_event_received compliance_completed
         ]
 
-      post 'revoke_tokens', '/oauth/revoke?token=:access_token',
-        oauth: true
+      post 'revoke_tokens', '/oauth/revoke',
+        oauth: true,
+        require: :token,
+        args_to_params: { access_token: :token }
     end
   end
 end

data/lib/zoom/actions.rb

@@ -26,31 +26,40 @@ module Zoom
       end
     end
 
-    def self.make_request(client, method, parsed_path, params, request_options)
+    def self.make_request(args)
+      client, method, parsed_path, params, request_options, oauth =
+        args.values_at :client, :method, :parsed_path, :params, :request_options, :oauth
       case method
       when :get
         request_options[:query] = params
       when :post, :put, :patch
-        request_options[:body] = params.to_json
+        request_options[:body] =
+          oauth ? URI.encode_www_form(params.to_a) : params.to_json
       end
       client.class.public_send(method, parsed_path, **request_options)
     end
 
     [:get, :post, :patch, :put, :delete].each do |method|
       define_method(method) do |name, path, options={}|
-        required, permitted, oauth = options.values_at :require, :permit, :oauth
+        required, permitted, oauth, args_to_params, headers =
+          options.values_at :require, :permit, :oauth, :args_to_params, :headers
         required = Array(required) unless required.is_a?(Hash)
         permitted = Array(permitted) unless permitted.is_a?(Hash)
 
         define_method(name) do |*args|
           path_keys = Zoom::Actions.extract_path_keys(path)
-          params = Zoom::Params.new(Utils.extract_options!(args))
+          params = Utils.extract_options!(args)
+          args_to_params&.each { |key, value| params[value] = params.delete key if params[key] }
+          params = Zoom::Params.new(params)
           parsed_path = Zoom::Actions.parse_path(path, path_keys, params)
           request_options = Zoom::Actions.determine_request_options(self, oauth)
           params = params.require(path_keys) unless path_keys.empty?
           params_without_required = required.empty? ? params : params.require(required)
           params_without_required.permit(permitted) unless permitted.empty?
-          response = Zoom::Actions.make_request(self, method, parsed_path, params, request_options)
+          response = Zoom::Actions.make_request({
+            client: self, method: method, parsed_path: parsed_path,
+            params: params, request_options: request_options, oauth: oauth
+          })
           Utils.parse_response(response)
         end
       end

data/lib/zoom/client.rb

@@ -35,14 +35,20 @@ module Zoom
 
     def oauth_request_headers
       {
-        'Authorization' => "Basic #{auth_token}"
-      }.merge(headers)
+        'Authorization' => "Basic #{auth_token}",
+        'Accept' => 'application/json',
+        'Content-Type' => 'application/x-www-form-urlencoded',
+      }
     end
 
-    def request_headers
+    def bearer_authorization_header
       {
         'Authorization' => "Bearer #{access_token}"
-      }.merge(headers)
+      }
+    end
+
+    def request_headers
+      bearer_authorization_header.merge(headers)
     end
 
     def auth_token

data/lib/zoom/clients/oauth.rb

@@ -13,7 +13,7 @@ module Zoom
       # Returns (access_token, refresh_token)
       #
       def initialize(config)
-        Zoom::Params.new(config).permit( %i[auth_token auth_code redirect_uri access_token refresh_token timeout])
+        Zoom::Params.new(config).permit( %i[auth_token auth_code redirect_uri access_token refresh_token timeout code_verifier])
         Zoom::Params.new(config).require_one_of(%i[access_token refresh_token auth_code])
         if (config.keys & [:auth_code, :redirect_uri]).any?
           Zoom::Params.new(config).require( %i[auth_code redirect_uri])
@@ -28,13 +28,19 @@ module Zoom
       end
 
       def refresh
-        response = refresh_tokens(refresh_token: @refresh_token)
+        response = refresh_tokens(grant_type: 'refresh_token', refresh_token: @refresh_token)
         set_tokens(response)
         response
       end
 
       def oauth
-        response = access_tokens(auth_code: @auth_code, redirect_uri: @redirect_uri)
+        response = access_tokens(
+          grant_type: 'authorization_code',
+          auth_code: @auth_code,
+          redirect_uri: @redirect_uri,
+          code_verifier: @code_verifier
+        )
+
         set_tokens(response)
         response
       end

data/lib/zoom/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Zoom
-  VERSION = '1.0.2'
+  VERSION = '1.1.0'
 end

data/spec/fixtures/token/revoke_token.json

@@ -0,0 +1,3 @@
+{
+  "status": "success"
+}

data/spec/lib/zoom/actions/token/access_token_spec.rb

@@ -4,23 +4,49 @@ require 'spec_helper'
 
 describe Zoom::Actions::Token do
   let(:zc) { oauth_client }
-  let(:args) { { auth_code: 'xxx', redirect_uri: 'http://localhost:3000' } }
+  let(:args) { { grant_type: 'authorization_code', auth_code: 'xxx', redirect_uri: 'http://localhost:3000', code_verifier: 'xxx' } }
+  let(:body) { { grant_type: 'authorization_code', redirect_uri: 'http://localhost:3000', code_verifier: 'xxx', code: 'xxx'  } }
 
   describe '#access_tokens action' do
+    let(:path) { '/oauth/token' }
+
+    let(:params) do
+      {
+        base_uri: 'https://zoom.us/',
+        body: URI.encode_www_form(body.to_a),
+        headers: {
+          'Accept'=>'application/json',
+          'Authorization'=>'Basic eHh4Onh4eA==',
+          'Content-Type'=>'application/x-www-form-urlencoded'
+        }
+      }
+    end
+
     before :each do
-      stub_request(
-        :post,
-        zoom_auth_url('oauth/token')
-      ).to_return(body: json_response('token', 'access_token'),
-                    headers: { 'Content-Type' => 'application/json' })
+      Zoom.configure do |config|
+        config.api_key = 'xxx'
+        config.api_secret = 'xxx'
+      end
+
+      allow(Zoom::Utils).to receive(:parse_response).and_return(code: 200)
+      allow(Zoom::Client::OAuth).to(
+        receive(:post).with(path, params)
+          .and_return(body: json_response('token', 'access_token'),
+                        headers: { 'Content-Type' => 'application/json' })
+      )
     end
 
-    it "requires an error when args missing" do
-      expect { zc.access_tokens }.to raise_error(Zoom::ParameterMissing, [:auth_code, :redirect_uri].to_s)
+    it "raises an error when args missing" do
+      expect { zc.access_tokens }.to raise_error(Zoom::ParameterMissing, [:grant_type, :code, :redirect_uri].to_s)
     end
 
     it 'returns a hash' do
       expect(zc.access_tokens(args)).to be_kind_of(Hash)
     end
+
+    it 'passes args in the body and sends x-www-form-urlencoded header' do
+      zc.access_tokens(args)
+      expect(Zoom::Client::OAuth).to have_received(:post).with(path, params)
+    end
   end
 end

data/spec/lib/zoom/actions/token/data_compliance_spec.rb

@@ -23,6 +23,11 @@ describe Zoom::Actions::Token do
 
   describe '#data_compliance action' do
     before :each do
+      Zoom.configure do |config|
+        config.api_key = 'xxx'
+        config.api_secret = 'xxx'
+      end
+
       stub_request(
         :post,
         zoom_auth_url('oauth/data/compliance')
@@ -30,7 +35,7 @@ describe Zoom::Actions::Token do
                     headers: { 'Content-Type' => 'application/json' })
     end
 
-    it "requires an error when args missing" do
+    it "raises an error when args missing" do
       expect { zc.data_compliance }.to raise_error(Zoom::ParameterMissing, [:client_id, :user_id, :account_id, :deauthorization_event_received, :compliance_completed].to_s)
     end
 

data/spec/lib/zoom/actions/token/refresh_token_spec.rb

@@ -4,23 +4,48 @@ require 'spec_helper'
 
 describe Zoom::Actions::Token do
   let(:zc) { oauth_client }
-  let(:args) { { refresh_token: 'xxx' } }
+  let(:args) { { grant_type: 'refresh_token', refresh_token: 'xxx' } }
 
   describe '#refresh_tokens action' do
+    let(:path) { '/oauth/token' }
+
+    let(:params) do
+      {
+        base_uri: 'https://zoom.us/',
+        body: URI.encode_www_form(args.to_a),
+        headers: {
+          'Accept'=>'application/json',
+          'Authorization'=>'Basic eHh4Onh4eA==',
+          'Content-Type'=>'application/x-www-form-urlencoded'
+        }
+      }
+    end
+
     before :each do
-      stub_request(
-        :post,
-        zoom_auth_url('oauth/token')
-      ).to_return(body: json_response('token', 'refresh_token'),
-                    headers: { 'Content-Type' => 'application/json' })
+      Zoom.configure do |config|
+        config.api_key = 'xxx'
+        config.api_secret = 'xxx'
+      end
+
+      allow(Zoom::Utils).to receive(:parse_response).and_return(code: 200)
+      allow(Zoom::Client::OAuth).to(
+        receive(:post).with(path, params)
+          .and_return(body: json_response('token', 'access_token'),
+                        headers: { 'Content-Type' => 'application/json' })
+      )
     end
 
-    it "requires an error when args missing" do
-      expect { zc.refresh_tokens }.to raise_error(Zoom::ParameterMissing, [:refresh_token].to_s)
+    it "raises an error when args missing" do
+      expect { zc.refresh_tokens }.to raise_error(Zoom::ParameterMissing, [:grant_type, :refresh_token].to_s)
     end
 
     it 'returns a hash' do
       expect(zc.refresh_tokens(args)).to be_kind_of(Hash)
     end
+
+    it 'passes args in the body and sends x-www-form-urlencoded header' do
+      zc.refresh_tokens(args)
+      expect(Zoom::Client::OAuth).to have_received(:post).with(path, params)
+    end
   end
 end

data/spec/lib/zoom/actions/token/revoke_token_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Zoom::Actions::Token do
+  let(:zc) { oauth_client }
+  let(:args) { { access_token: 'xxx' } }
+  let(:body) { { token: 'xxx' } }
+
+  describe '#revoke_tokens action' do
+    let(:path) { '/oauth/revoke' }
+
+    let(:params) do
+      {
+        base_uri: 'https://zoom.us/',
+        body: URI.encode_www_form(body.to_a),
+        headers: {
+          'Accept'=>'application/json',
+          'Authorization'=>'Basic eHh4Onh4eA==',
+          'Content-Type'=>'application/x-www-form-urlencoded'
+        }
+      }
+    end
+
+    before :each do
+      Zoom.configure do |config|
+        config.api_key = 'xxx'
+        config.api_secret = 'xxx'
+      end
+
+      allow(Zoom::Utils).to receive(:parse_response).and_return(code: 200)
+      allow(Zoom::Client::OAuth).to(
+        receive(:post).with(path, params)
+          .and_return(body: json_response('token', 'access_token'),
+                        headers: { 'Content-Type' => 'application/json' })
+      )
+    end
+
+    it "raises an error when args missing" do
+      expect { zc.revoke_tokens }.to raise_error(Zoom::ParameterMissing, [:token].to_s)
+    end
+
+    it 'returns a hash' do
+      expect(zc.revoke_tokens(args)).to be_kind_of(Hash)
+    end
+
+    it 'passes args in the body and sends x-www-form-urlencoded header' do
+      zc.revoke_tokens(args)
+      expect(Zoom::Client::OAuth).to have_received(:post).with(path, params)
+    end
+  end
+end

data/spec/lib/zoom/actions_spec.rb

@@ -12,7 +12,7 @@ describe Zoom::Actions do
 
   describe 'self.extract_path_keys' do
     subject { described_class.extract_path_keys(path) }
-    
+
     it { is_expected.to match_array(path_keys) }
   end
 
@@ -23,10 +23,22 @@ describe Zoom::Actions do
   end
 
   describe 'self.make_request' do
-    subject { described_class.make_request(client, method, parsed_path, params, request_options) }
+    subject do
+      described_class.make_request({
+        client: client, method: method, parsed_path: parsed_path,
+        params: params, request_options: request_options
+      })
+    end
 
     let(:request_options) { Zoom::Actions.determine_request_options(client, oauth) }
 
+    before :each do
+      Zoom.configure do |config|
+        config.api_key = 'xxx'
+        config.api_secret = 'xxx'
+      end
+    end
+
     context 'when get' do
       let(:method) { :get }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zoom_rb
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.1.0
 platform: ruby
 authors:
 - Kyle Boe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-20 00:00:00.000000000 Z
+date: 2022-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -266,6 +266,7 @@ files:
 - spec/fixtures/token/access_token.json
 - spec/fixtures/token/data_compliance.json
 - spec/fixtures/token/refresh_token.json
+- spec/fixtures/token/revoke_token.json
 - spec/fixtures/user/assistant/create.json
 - spec/fixtures/user/assistant/list.json
 - spec/fixtures/user/assistant/set.json
@@ -395,6 +396,7 @@ files:
 - spec/lib/zoom/actions/token/access_token_spec.rb
 - spec/lib/zoom/actions/token/data_compliance_spec.rb
 - spec/lib/zoom/actions/token/refresh_token_spec.rb
+- spec/lib/zoom/actions/token/revoke_token_spec.rb
 - spec/lib/zoom/actions/user/assistant/create_spec.rb
 - spec/lib/zoom/actions/user/assistant/delete_all_spec.rb
 - spec/lib/zoom/actions/user/assistant/delete_spec.rb
@@ -544,6 +546,7 @@ test_files:
 - spec/fixtures/token/access_token.json
 - spec/fixtures/token/data_compliance.json
 - spec/fixtures/token/refresh_token.json
+- spec/fixtures/token/revoke_token.json
 - spec/fixtures/user/assistant/create.json
 - spec/fixtures/user/assistant/list.json
 - spec/fixtures/user/assistant/set.json
@@ -673,6 +676,7 @@ test_files:
 - spec/lib/zoom/actions/token/access_token_spec.rb
 - spec/lib/zoom/actions/token/data_compliance_spec.rb
 - spec/lib/zoom/actions/token/refresh_token_spec.rb
+- spec/lib/zoom/actions/token/revoke_token_spec.rb
 - spec/lib/zoom/actions/user/assistant/create_spec.rb
 - spec/lib/zoom/actions/user/assistant/delete_all_spec.rb
 - spec/lib/zoom/actions/user/assistant/delete_spec.rb