Merge branch 'main' into dependabot/bundler/bundler-security-group-ea…

…a564582d

.github/workflows/ci.yaml

@@ -7,10 +7,18 @@ on:
   pull_request:
     branches:
       - main
+  workflow_dispatch:
+    inputs:
+      DESCOPE_LOG_LEVEL:
+        description: "Descope Log Level"
+        default: "info"
+
+env:
+  DESCOPE_LOG_LEVEL: ${{ github.event.inputs.DESCOPE_LOG_LEVEL || 'info' }}
 
 jobs:
-  build:
-    name: Build Ruby SDK
+  ci:
+    name: Descope Ruby SDK CI
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
@@ -25,12 +33,18 @@ jobs:
         run: bundle install
 
       - name: Run RSpec Test
-        run: bundle exec rspec
+        run: bundle exec rspec spec/lib.descope
+
+      - name: Run RSpec Integration Tests
+        env:
+          DESCOPE_MANAGEMENT_KEY: ${{ secrets.DESCOPE_MANAGEMENT_KEY }}
+          DESCOPE_PROJECT_ID: ${{ secrets.DESCOPE_PROJECT_ID }}
+        run: bundle exec rspec spec/integration
 
       # in order  to release use conventional commits
       # $ git commit --allow-empty -m "chore: release 1.0.0" -m "Release-As: 1.0.0" && git push
       # this will open a new PR with the changelog and bump the version
-      # Release Please assumes you are using Conventional Commit messages.
+      # Release Please will assume that you are using Conventional Commit messages.
       #
       # The most important prefixes you should have in mind are:
       #

Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 gemspec
 
@@ -7,9 +9,12 @@ group :development do
 end
 
 group :test do
-  gem 'super_diff','0.11.0', require: false
   gem 'factory_bot', '6.4.6', require: false
-  gem 'selenium-webdriver', '4.17.0', require: false
-  gem 'rotp', '6.3.0', require: false
+  gem 'faker', require: false
   gem 'rack-test', '2.1.0', require: false
+  gem 'rotp', '6.3.0', require: false
+  gem 'rspec', '3.13.0', require: false
+  gem 'selenium-webdriver', '4.17.0', require: false
+  gem 'simplecov', '0.22.0', require: false
+  gem 'super_diff', '0.11.0', require: false
 end

Gemfile.lock

@@ -78,19 +78,19 @@ GEM
     retryable (3.0.5)
     rexml (3.2.6)
     rotp (6.3.0)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.0)
     rubocop (1.60.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
@@ -144,16 +144,16 @@ DEPENDENCIES
   concurrent-ruby (~> 1.1)
   descope!
   factory_bot (= 6.4.6)
-  faker (~> 2.0)
+  faker
   fuubar (~> 2.0)
   rack-test (= 2.1.0)
   rake (~> 13.0)
   rotp (= 6.3.0)
-  rspec (~> 3.11)
+  rspec (= 3.13.0)
   rubocop (= 1.60.2)
   rubocop-rails (= 2.23.1)
   selenium-webdriver (= 4.17.0)
-  simplecov (~> 0.9)
+  simplecov (= 0.22.0)
   super_diff (= 0.11.0)
 
 BUNDLED WITH

examples/ruby-on-rails-api/descope/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../../../..
   specs:
-    descope (1.0.3)
+    descope (1.0.4)
       addressable (~> 2.8)
       jwt (~> 2.7)
       rest-client (~> 2.1)

lib/descope/api/v1/management/role.rb

@@ -36,7 +36,9 @@ def update_role(name: nil, new_name: nil, description: nil, permission_names: ni
 
           def delete_role(name: nil, tenant_id: nil)
             # Delete an existing role. IMPORTANT: This action is irreversible. Use carefully.
-            post(ROLE_DELETE_PATH, { name:, tenantId: tenant_id })
+            request_params = { name: }
+            request_params[:tenantId] = tenant_id if tenant_id
+            post(ROLE_DELETE_PATH, request_params)
           end
 
           def load_all_roles

lib/descope/mixins/http.rb

@@ -96,7 +96,7 @@ def request(method, uri, body = {}, extra_headers = {})
 
         raise Descope::Unsupported.new("No response from server", code: 400) unless result && result.respond_to?(:code)
 
-        @logger.info "http status code: #{result.code}"
+        @logger.info("API Request: [#{method}] #{uri} - Response Code: #{result.code}")
         case result.code
         when 200...226 then safe_parse_json(result.body)
         when 400       then raise Descope::BadRequest.new(result.body, code: result.code, headers: result.headers)

spec/integration/lib.descope/api/v1/auth/enchantedlink_spec.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+def poll_for_session(descope_client, pending_ref)
+  max_tries = 15
+  i = 0
+  done = false
+  while !done && i < max_tries
+    begin
+      i += 1
+      @client.logger.info('waiting 4 seconds for session to be created...')
+      sleep(4)
+      print '.'
+      @client.logger.info("Getting session for pending_ref: #{pending_ref}...")
+      jwt_response = descope_client.enchanted_link_get_session(pending_ref)
+      done = true
+    rescue Descope::AuthException, Descope::Unauthorized => e
+      @client.logger.info("Failed pending session, err: #{e}")
+     nil
+    end
+
+    next unless jwt_response
+
+    @client.logger.info("jwt_response: #{jwt_response}")
+    refresh_token = jwt_response[Descope::Mixins::Common::REFRESH_SESSION_TOKEN_NAME]['jwt']
+
+    @client.logger.info("refresh_token: #{refresh_token}")
+    done = true
+    return refresh_token
+  end
+end
+
+def verify_session(descope_client: nil, res: nil, user: nil)
+  raise StandardError, 'Missing required parameters' if descope_client.nil? || res.nil? || user.nil?
+
+  token = res['link'].match(/.+verify\?t=(.+)/)[1]
+  @client.logger.info("token: #{token}")
+
+  expect do
+    descope_client.enchanted_link_verify_token(token)
+    @client.logger.info('EnchantedLink Token Verified! now getting session information...')
+    @client.logger.info('Polling for session...')
+    refresh_token = poll_for_session(descope_client, res['pendingRef'])
+    my_details = descope_client.me(refresh_token)
+    expect(my_details['email']).to eq(user['email'])
+    @client.logger.info('EnchantedLink Token Verified via sign in!')
+  rescue StandardError => e
+    raise StandardError, "Verification failed - Could not verify token #{e.message}"
+
+  end.to_not raise_error
+end
+
+describe Descope::Api::V1::Auth::EnchantedLink do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test EnchantedLink for test user' do
+    it 'should sign in with enchanted link' do
+      user = build(:user)
+      test_user = @client.create_test_user(**user)['user']
+      @client.logger.info("Should sign in a test user => #{test_user['loginIds'][0]} with enchanted link...")
+      res = @client.generate_enchanted_link_for_test_user(login_id: test_user['loginIds'][0], uri: 'http://localhost:3000/verify')
+      @client.logger.info("res: #{res}")
+      @client.logger.info('Verifying session...')
+      verify_session(descope_client: @client, res:, user: test_user)
+    end
+  end
+end

spec/integration/lib.descope/api/v1/auth/magiclink_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Auth::MagicLink do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test Magiclink for test user' do
+    it 'should sign in with magiclink' do
+      user = build(:user)
+      test_user = @client.create_test_user(**user)['user']
+      @client.create_test_user(**user)
+      res = @client.generate_magic_link_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: test_user['loginIds'][0],
+        uri: 'http://localhost:3000/verify'
+      )
+      @client.logger.info("res: #{res}")
+      token = res['link'].match(/^http.+verify\?t=(.+)/)[1]
+      @client.logger.info("token: #{token}")
+
+      expect do
+        @client.logger.info('Verifying token...')
+        jwt_response = @client.magiclink_verify_token(token)
+        @client.logger.info("jwt_response #{jwt_response}")
+        my_details = @client.me(jwt_response['refreshSessionToken']['jwt'])
+        @client.logger.info('verifying session...')
+        expect(my_details['email']).to eq(test_user['email'])
+        @client.logger.info('Magiclink Token Verified via sign in!')
+      rescue StandardError => e
+        raise StandardError, "Verification failed - Could not verify token: #{e.message}"
+
+      end.to_not raise_error
+    end
+  end
+end

spec/integration/lib.descope/api/v1/auth/otp_spec.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Descope::Api::V1::Auth::OTP do
+  before(:all) do
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  after(:all) do
+    @client.logger.info('Cleaning up test users...')
+    all_users = @client.search_all_users
+    all_users['users'].each do |user|
+      if user['middleName'] == 'Ruby SDK User'
+        @client.logger.info("Deleting ruby spec test user #{user['loginIds'][0]}")
+        @client.delete_user(user['loginIds'][0])
+      end
+    end
+  end
+
+  context 'test otp sign-in with test user' do
+    it 'should sign in with otp' do
+      user = build(:user)
+      test_user = @client.create_test_user(**user)['user']
+      @client.create_test_user(**user)
+      res = @client.generate_otp_for_test_user(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: test_user['loginIds'][0]
+      )
+      @client.logger.info("res: #{res}")
+      @client.otp_verify_code(
+        method: Descope::Mixins::Common::DeliveryMethod::EMAIL,
+        login_id: user[:login_id],
+        code: res['code']
+      )
+    end
+  end
+end

spec/integration/lib.descope/api/v1/auth/password_spec.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rotp'
+
+describe Descope::Api::V1::Auth::Password do
+  before(:all) do
+    @password = SpecUtils.generate_password
+    @new_password = SpecUtils.generate_password
+    @user = build(:user)
+    @client = DescopeClient.new(Configuration.config)
+  end
+
+  context 'test password methods' do
+    it 'should get password policy' do
+      # Get the configured password policy for the project.
+      res = @client.get_password_policy
+      @client.logger.info("Password policy: #{res}")
+    end
+
+    it 'should sign up with password' do
+      res = @client.password_sign_up(login_id: @user[:login_id], password: @password, user: @user)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should sign in with password' do
+      res = @client.password_sign_in(login_id: @user[:login_id], password: @password)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should replace the password' do
+      res = @client.password_replace(login_id: @user[:login_id], old_password: @password, new_password: @new_password)
+      expect { res }.not_to raise_error
+    end
+
+    it 'should login with new password' do
+      res = @client.password_sign_in(login_id: @user[:login_id], password: @new_password)
+      expect { res }.not_to raise_error
+    end
+  end
+end