From 3e73ec76976e51abdd73e387b8b9add31395e00b Mon Sep 17 00:00:00 2001 From: Ami Mahloof Date: Thu, 5 Sep 2024 13:14:22 -0400 Subject: [PATCH] move managemnt key check to management tests --- lib/descope/api/v1/auth.rb | 7 ++++++- lib/descope/api/v1/session.rb | 3 +-- lib/descope/mixins/http.rb | 11 ++++++----- .../lib.descope/api/v1/auth/session_spec.rb | 9 ++++++--- .../lib.descope/api/v1/management/access_key_spec.rb | 2 ++ .../lib.descope/api/v1/management/audit_spec.rb | 2 ++ .../lib.descope/api/v1/management/authz_spec.rb | 2 ++ .../lib.descope/api/v1/management/flow_spec.rb | 2 ++ .../lib.descope/api/v1/management/permissions_spec.rb | 2 ++ .../lib.descope/api/v1/management/project_spec.rb | 2 ++ .../lib.descope/api/v1/management/roles_spec.rb | 2 ++ .../lib.descope/api/v1/management/user_spec.rb | 6 +++++- spec/support/client_config.rb | 1 - 13 files changed, 38 insertions(+), 13 deletions(-) diff --git a/lib/descope/api/v1/auth.rb b/lib/descope/api/v1/auth.rb index 4a724d7..8754ad1 100644 --- a/lib/descope/api/v1/auth.rb +++ b/lib/descope/api/v1/auth.rb @@ -246,9 +246,13 @@ def generate_auth_info(response_body, refresh_token, user_jwt, audience = nil) rt_jwt = response_body.fetch('refreshJwt', '') if !rt_jwt.empty? + @logger.debug 'found refreshJwt in response body, adding to jwt_response' + @logger.debug 'validating refreshJwt token...' jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(rt_jwt, audience) elsif refresh_token && !refresh_token.empty? # if refresh_token is in response body (local storage) + @logger.debug 'refreshJwt is empty, but refresh_token was passed, adding to jwt_response' + @logger.debug 'validating passed-in refresh token...' jwt_response[REFRESH_SESSION_TOKEN_NAME] = validate_token(refresh_token, audience) else cookies = response_body.fetch('cookies', {}) @@ -261,7 +265,8 @@ def generate_auth_info(response_body, refresh_token, user_jwt, audience = nil) end if jwt_response[REFRESH_SESSION_TOKEN_NAME].nil? - raise Descope::AuthException.new('Unable to validate refresh token', code: 500) + @logger.debug "Error: Could not find refreshJwt in response body: #{response_body} / cookies: #{cookies} / passed in refresh_token ->#{refresh_token}<-" + raise Descope::AuthException.new('Could not find refreshJwt in response body / cookies / passed in refresh_token', code: 500) end jwt_response = adjust_properties(jwt_response, user_jwt) diff --git a/lib/descope/api/v1/session.rb b/lib/descope/api/v1/session.rb index 4abe876..2ddebff 100644 --- a/lib/descope/api/v1/session.rb +++ b/lib/descope/api/v1/session.rb @@ -20,11 +20,10 @@ def refresh_session(refresh_token: nil, audience: nil) # [amr, drn, exp, iss, rexp, sub, jwt] in the top level of the response dict, please use # them from the sessionToken key instead, as these claims will soon be deprecated from the top level # of the response dict. - + # Make sure you set Enable refresh token rotation in the Project Settings before using this. validate_refresh_token_not_nil(refresh_token) validate_token(refresh_token, audience) res = post(REFRESH_TOKEN_PATH, {}, {}, refresh_token) - cookies = res.fetch(COOKIE_DATA_NAME, {}) refresh_cookie = cookies.fetch(REFRESH_SESSION_COOKIE_NAME, nil) || res.fetch('refreshJwt', nil) generate_jwt_response(response_body: res, refresh_cookie:, audience:) diff --git a/lib/descope/mixins/http.rb b/lib/descope/mixins/http.rb index d09e330..0765f77 100644 --- a/lib/descope/mixins/http.rb +++ b/lib/descope/mixins/http.rb @@ -47,12 +47,13 @@ def retry_options def safe_parse_json(body, cookies: {}) @logger.debug "response => #{JSON.parse(body.to_s)}" res = JSON.parse(body.to_s) - cookies.each do |cookie_name, cookie_value| - if cookie_name == REFRESH_SESSION_COOKIE_NAME - res['cookies'] ||= {} - res['cookies'][cookie_name] = cookie_value - end + + # Handle DSR cookie in response. + if cookies.key?(REFRESH_SESSION_COOKIE_NAME) + res['cookies'] = {} + res['cookies'][REFRESH_SESSION_COOKIE_NAME] = cookies[REFRESH_SESSION_COOKIE_NAME] end + res rescue JSON::ParserError body diff --git a/spec/integration/lib.descope/api/v1/auth/session_spec.rb b/spec/integration/lib.descope/api/v1/auth/session_spec.rb index 95af7d0..81c7275 100644 --- a/spec/integration/lib.descope/api/v1/auth/session_spec.rb +++ b/spec/integration/lib.descope/api/v1/auth/session_spec.rb @@ -30,14 +30,17 @@ @client.logger.info('2. Sign in with password') login_res = @client.password_sign_in(login_id: user[:login_id], password: @password) - @client.logger.info("login_res: #{login_res}") + @client.logger.info("sign_in res: #{login_res}") @client.logger.info('3. sleep 1 second before calling refresh_session') sleep(1) @client.logger.info('4. Refresh session') - login_res = @client.refresh_session(refresh_token: login_res[REFRESH_SESSION_TOKEN_NAME]['jwt']) - new_refresh_token = login_res['refreshSessionToken']['jwt'] + refresh_session_res = @client.refresh_session(refresh_token: login_res[REFRESH_SESSION_TOKEN_NAME]['jwt']) + @client.logger.info("refresh_session_res: #{refresh_session_res}") + + new_refresh_token = refresh_session_res[REFRESH_SESSION_TOKEN_NAME]['jwt'] + @client.logger.info("new_refresh_token: #{new_refresh_token}") @client.logger.info('5. Check new refresh token is not the same as the original one') expect(original_refresh_token).not_to eq(new_refresh_token) diff --git a/spec/integration/lib.descope/api/v1/management/access_key_spec.rb b/spec/integration/lib.descope/api/v1/management/access_key_spec.rb index 4e9f9d7..795776d 100644 --- a/spec/integration/lib.descope/api/v1/management/access_key_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/access_key_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::AccessKey do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) end diff --git a/spec/integration/lib.descope/api/v1/management/audit_spec.rb b/spec/integration/lib.descope/api/v1/management/audit_spec.rb index 3ef9605..c9afd3a 100644 --- a/spec/integration/lib.descope/api/v1/management/audit_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/audit_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Audit do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) @client.logger.info('Deleting all tenants for Ruby SDK...') @client.search_all_tenants(names: ['Ruby-SDK-test'])['tenants'].each do |tenant| diff --git a/spec/integration/lib.descope/api/v1/management/authz_spec.rb b/spec/integration/lib.descope/api/v1/management/authz_spec.rb index 2af6eb9..4dea5a0 100644 --- a/spec/integration/lib.descope/api/v1/management/authz_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/authz_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Authz do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) puts 'authz schema delete' end diff --git a/spec/integration/lib.descope/api/v1/management/flow_spec.rb b/spec/integration/lib.descope/api/v1/management/flow_spec.rb index b8ce624..2e253e1 100644 --- a/spec/integration/lib.descope/api/v1/management/flow_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/flow_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Flow do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) end diff --git a/spec/integration/lib.descope/api/v1/management/permissions_spec.rb b/spec/integration/lib.descope/api/v1/management/permissions_spec.rb index bd0b777..d1be727 100644 --- a/spec/integration/lib.descope/api/v1/management/permissions_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/permissions_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Permission do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) @client.load_all_permissions['permissions'].each do |perm| if perm['description'] == 'Ruby SDK' diff --git a/spec/integration/lib.descope/api/v1/management/project_spec.rb b/spec/integration/lib.descope/api/v1/management/project_spec.rb index 7a60391..d441c93 100644 --- a/spec/integration/lib.descope/api/v1/management/project_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/project_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Project do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) @export_output = @client.export_project end diff --git a/spec/integration/lib.descope/api/v1/management/roles_spec.rb b/spec/integration/lib.descope/api/v1/management/roles_spec.rb index 0819b2f..ea0ed03 100644 --- a/spec/integration/lib.descope/api/v1/management/roles_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/roles_spec.rb @@ -4,6 +4,8 @@ describe Descope::Api::V1::Management::Role do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + @client = DescopeClient.new(Configuration.config) @client.logger.info('Staring cleanup before tests...') @client.logger.info('Deleting all permissions for Ruby SDK...') diff --git a/spec/integration/lib.descope/api/v1/management/user_spec.rb b/spec/integration/lib.descope/api/v1/management/user_spec.rb index e32e054..0c3f841 100644 --- a/spec/integration/lib.descope/api/v1/management/user_spec.rb +++ b/spec/integration/lib.descope/api/v1/management/user_spec.rb @@ -4,10 +4,14 @@ describe Descope::Api::V1::Management::User do before(:all) do + raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? + + @client = DescopeClient.new(Configuration.config) + @password = SpecUtils.generate_password @new_password = SpecUtils.generate_password @user = build(:user) - @client = DescopeClient.new(Configuration.config) + include Descope::Mixins::Common::DeliveryMethod end diff --git a/spec/support/client_config.rb b/spec/support/client_config.rb index 3e7dcdb..46eb8f6 100644 --- a/spec/support/client_config.rb +++ b/spec/support/client_config.rb @@ -5,7 +5,6 @@ module Configuration module_function def config - raise 'DESCOPE_MANAGEMENT_KEY is not set' if ENV['DESCOPE_MANAGEMENT_KEY'].nil? raise 'DESCOPE_PROJECT_ID is not set' if ENV['DESCOPE_PROJECT_ID'].nil? {