lib/workos/user_management.rb in workos-4.1.0 vs lib/workos/user_management.rb in workos-4.2.0
- old
+ new
@@ -1,7 +1,6 @@
# frozen_string_literal: true
-# typed: true
require 'net/http'
require 'uri'
module WorkOS
@@ -9,36 +8,35 @@
# WorkOS User platform. You'll need a valid API key.
# rubocop:disable Metrics/ModuleLength
module UserManagement
module Types
- # The ProviderEnum is type-safe declaration of a
+ # The ProviderEnum is a declaration of a
# fixed set of values for User Management Providers.
- class Provider < T::Enum
- enums do
- GitHub = new('GitHubOAuth')
- Google = new('GoogleOAuth')
- Microsoft = new('MicrosoftOAuth')
- AuthKit = new('authkit')
- end
+ class Provider
+ GitHub = 'GitHubOAuth'
+ Google = 'GoogleOAuth'
+ Microsoft = 'MicrosoftOAuth'
+ AuthKit = 'authkit'
+
+ ALL = [GitHub, Google, Microsoft, AuthKit].freeze
end
- # The AuthFactorType is type-safe declaration of a
+ # The AuthFactorType is a declaration of a
# fixed set of factor values to enroll
- class AuthFactorType < T::Enum
- enums do
- Totp = new('totp')
- end
+ class AuthFactorType
+ Totp = 'totp'
+
+ ALL = [Totp].freeze
end
end
class << self
- extend T::Sig
include Client
- PROVIDERS = WorkOS::UserManagement::Types::Provider.values.map(&:serialize).freeze
- AUTH_FACTOR_TYPES = WorkOS::UserManagement::Types::AuthFactorType.values.map(&:serialize).freeze
+ PROVIDERS = WorkOS::UserManagement::Types::Provider::ALL
+ AUTH_FACTOR_TYPES = WorkOS::UserManagement::Types::AuthFactorType::ALL
# Generate an OAuth 2.0 authorization URL that automatically directs a user
# to their Identity Provider.
#
# @param [String] redirect_uri The URI where users are directed
@@ -72,22 +70,10 @@
# "&redirect_uri=https%3A%2F%2Fyour-app.com%2Fcallback&" \
# "response_type=code&state=%7B%3Anext_page%3D%3E%22%2Fdocs%22%7D"
#
# @return [String]
# rubocop:disable Metrics/ParameterLists
- sig do
- params(
- redirect_uri: String,
- client_id: T.nilable(String),
- domain_hint: T.nilable(String),
- login_hint: T.nilable(String),
- provider: T.nilable(String),
- connection_id: T.nilable(String),
- organization_id: T.nilable(String),
- state: T.nilable(String),
- ).returns(String)
- end
def authorization_url(
redirect_uri:,
client_id: nil,
domain_hint: nil,
login_hint: nil,
@@ -122,13 +108,10 @@
# Get a User
#
# @param [String] id The unique ID of the User.
#
# @return WorkOS::User
- sig do
- params(id: String).returns(WorkOS::User)
- end
def get_user(id:)
response = execute_request(
request: get_request(
path: "/user_management/users/#{id}",
auth: true,
@@ -149,15 +132,10 @@
# before a provided User ID.
# @option options [String] after Pagination cursor to receive records
# before a provided User ID.
#
# @return [WorkOS::User]
- sig do
- params(
- options: T::Hash[Symbol, String],
- ).returns(WorkOS::Types::ListStruct)
- end
def list_users(options = {})
options[:order] ||= 'desc'
response = execute_request(
request: get_request(
path: '/user_management/users',
@@ -183,30 +161,34 @@
# @param [String] email The email address of the user.
# @param [String] password The password to set for the user.
# @param [String] first_name The user's first name.
# @param [String] last_name The user's last name.
# @param [Boolean] email_verified Whether the user's email address was previously verified.
+ # @param [String] password_hash The user's hashed password.
+ # @option [String] password_hash_type The algorithm originally used to hash the password.
#
# @return [WorkOS::User]
- sig do
- params(
- email: String,
- password: T.nilable(String),
- first_name: T.nilable(String),
- last_name: T.nilable(String),
- email_verified: T.nilable(T::Boolean),
- ).returns(WorkOS::User)
- end
- def create_user(email:, password: nil, first_name: nil, last_name: nil, email_verified: nil)
+ # rubocop:disable Metrics/ParameterLists
+ def create_user(
+ email:,
+ password: nil,
+ first_name: nil,
+ last_name: nil,
+ email_verified: nil,
+ password_hash: nil,
+ password_hash_type: nil
+ )
request = post_request(
path: '/user_management/users',
body: {
email: email,
password: password,
first_name: first_name,
last_name: last_name,
email_verified: email_verified,
+ password_hash: password_hash,
+ password_hash_type: password_hash_type,
},
auth: true,
)
response = execute_request(request: request)
@@ -224,22 +206,10 @@
# @param [String] password_hash The user's hashed password.
# @option [String] password_hash_type The algorithm originally used to hash the password.
# Valid values are bcrypt.
#
# @return [WorkOS::User]
- # rubocop:disable Metrics/ParameterLists
- sig do
- params(
- id: String,
- first_name: T.nilable(String),
- last_name: T.nilable(String),
- email_verified: T.nilable(T::Boolean),
- password: T.nilable(String),
- password_hash: T.nilable(String),
- password_hash_type: T.nilable(String),
- ).returns(WorkOS::User)
- end
def update_user(
id:,
first_name: nil,
last_name: nil,
email_verified: nil,
@@ -269,15 +239,10 @@
# Delete a User
#
# @param [String] id The unique ID of the User.
#
# @return [Bool] - returns `true` if successful
- sig do
- params(
- id: String,
- ).returns(T::Boolean)
- end
def delete_user(id:)
response = execute_request(
request: delete_request(
path: "/user_management/users/#{id}",
auth: true,
@@ -294,20 +259,10 @@
# @param [String] client_id The WorkOS client ID for the environment
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
-
- sig do
- params(
- email: String,
- password: String,
- client_id: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_password(email:, password:, client_id:, ip_address: nil, user_agent: nil)
response = execute_request(
request: post_request(
path: '/user_management/authenticate',
body: {
@@ -332,19 +287,10 @@
# @param [String] client_id The WorkOS client ID for the environment
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
-
- sig do
- params(
- code: String,
- client_id: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_code(
code:,
client_id:,
ip_address: nil,
user_agent: nil
@@ -372,19 +318,10 @@
# @param [String] client_id The WorkOS client ID for the environment
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::RefreshAuthenticationResponse
-
- sig do
- params(
- refresh_token: String,
- client_id: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::RefreshAuthenticationResponse)
- end
def authenticate_with_refresh_token(
refresh_token:,
client_id:,
ip_address: nil,
user_agent: nil
@@ -415,21 +352,10 @@
# @param [String] link_authorization_code Used to link an OAuth profile to an existing user,
# after having completed a Magic Code challenge.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
-
- sig do
- params(
- code: String,
- email: String,
- client_id: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- link_authorization_code: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_magic_auth(
code:,
email:,
client_id:,
ip_address: nil,
@@ -453,29 +379,19 @@
)
WorkOS::AuthenticationResponse.new(response.body)
end
-
# Authenticate a user into an organization they are a member of.
#
# @param [String] client_id The WorkOS client ID for the environment.
# @param [String] organization_id The organization ID the user selected to sign in to.
# @param [String] pending_authentication_token The pending authentication token
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
- sig do
- params(
- client_id: String,
- organization_id: String,
- pending_authentication_token: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_organization_selection(
client_id:,
organization_id:,
pending_authentication_token:,
ip_address: nil,
@@ -509,21 +425,10 @@
# authentication request.
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
-
- sig do
- params(
- code: String,
- client_id: String,
- pending_authentication_token: String,
- authentication_challenge_id: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_totp(
code:,
client_id:,
pending_authentication_token:,
authentication_challenge_id:,
@@ -557,20 +462,10 @@
# authentication attempt due to an unverified email address.
# @param [String] ip_address The IP address of the request from the user who is attempting to authenticate.
# @param [String] user_agent The user agent of the request from the user who is attempting to authenticate.
#
# @return WorkOS::AuthenticationResponse
-
- sig do
- params(
- code: String,
- client_id: String,
- pending_authentication_token: String,
- ip_address: T.nilable(String),
- user_agent: T.nilable(String),
- ).returns(WorkOS::AuthenticationResponse)
- end
def authenticate_with_email_verification(
code:,
client_id:,
pending_authentication_token:,
ip_address: nil,
@@ -600,15 +495,10 @@
#
# @param [String] session_id The session ID can be found in the `sid`
# claim of the access token
#
# @return String
- sig do
- params(
- session_id: String,
- ).returns(String)
- end
def get_logout_url(session_id:)
URI::HTTPS.build(
host: WorkOS.config.api_hostname,
path: '/user_management/sessions/logout',
query: "session_id=#{session_id}",
@@ -617,15 +507,10 @@
# Revokes a session
#
# @param [String] session_id The session ID can be found in the `sid`
# claim of the access token
- sig do
- params(
- session_id: String,
- ).void
- end
def revoke_session(session_id:)
execute_request(
request: post_request(
path: '/user_management/sessions/revoke',
body: {
@@ -640,15 +525,10 @@
# The JWKS can be used to validate the access token returned upon successful authentication
#
# @param [String] client_id The WorkOS client ID for the environment
#
# @return String
- sig do
- params(
- client_id: String,
- ).returns(String)
- end
def get_jwks_url(client_id)
URI::HTTPS.build(
host: WorkOS.config.api_hostname,
path: "/sso/jwks/#{client_id}",
).to_s
@@ -657,15 +537,10 @@
# Create a one-time Magic Auth code and emails it to the user.
#
# @param [String] email The email address the one-time code will be sent to.
#
# @return Boolean
- sig do
- params(
- email: String,
- ).returns(T::Boolean)
- end
def send_magic_auth_code(email:)
response = execute_request(
request: post_request(
path: '/user_management/magic_auth/send',
body: {
@@ -685,18 +560,10 @@
# @param [String] totp_issuer For totp factors. Typically your application
# or company name, this helps users distinguish between factors in authenticator apps.
# @param [String] totp_user For totp factors. Used as the account name in authenticator apps.
#
# @return WorkOS::AuthenticationFactorAndChallenge
- sig do
- params(
- user_id: String,
- type: String,
- totp_issuer: T.nilable(String),
- totp_user: T.nilable(String),
- ).returns(WorkOS::AuthenticationFactorAndChallenge)
- end
def enroll_auth_factor(user_id:, type:, totp_issuer: nil, totp_user: nil)
validate_auth_factor_type(
type: type,
)
@@ -718,15 +585,10 @@
# Get all auth factors for a user
#
# @param [String] user_id The id for the user.
#
# @return WorkOS::ListStruct
- sig do
- params(
- user_id: String,
- ).returns(WorkOS::Types::ListStruct)
- end
def list_auth_factors(user_id:)
response = execute_request(
request: get_request(
path: "/user_management/users/#{user_id}/auth_factors",
auth: true,
@@ -748,15 +610,10 @@
# Sends a verification email to the provided user.
#
# @param [String] user_id The unique ID of the User whose email address will be verified.
#
# @return WorkOS::UserResponse
- sig do
- params(
- user_id: String,
- ).returns(WorkOS::UserResponse)
- end
def send_verification_email(user_id:)
response = execute_request(
request: post_request(
path: "/user_management/users/#{user_id}/email_verification/send",
auth: true,
@@ -770,16 +627,10 @@
#
# @param [String] user_id The unique ID of the User whose email address will be verified.
# @param [String] code The one-time code emailed to the user.
#
# @return WorkOS::UserResponse
- sig do
- params(
- user_id: String,
- code: String,
- ).returns(WorkOS::UserResponse)
- end
def verify_email(user_id:, code:)
response = execute_request(
request: post_request(
path: "/user_management/users/#{user_id}/email_verification/confirm",
body: {
@@ -796,16 +647,10 @@
#
# @param [String] email The email of the user that wishes to reset their password.
# @param [String] password_reset_url The URL that will be linked to in the email.
#
# @return [Bool] - returns `true` if successful
- sig do
- params(
- email: String,
- password_reset_url: String,
- ).returns(T::Boolean)
- end
def send_password_reset_email(email:, password_reset_url:)
request = post_request(
path: '/user_management/password_reset/send',
body: {
email: email,
@@ -823,16 +668,10 @@
#
# @param [String] token The token that was sent to the user.
# @param [String] new_password The new password to set for the user.
#
# @return WorkOS::User
- sig do
- params(
- token: String,
- new_password: String,
- ).returns(WorkOS::User)
- end
def reset_password(token:, new_password:)
response = execute_request(
request: post_request(
path: '/user_management/password_reset/confirm',
body: {
@@ -849,13 +688,10 @@
# Get an Organization Membership
#
# @param [String] id The unique ID of the Organization Membership.
#
# @return WorkOS::OrganizationMembership
- sig do
- params(id: String).returns(WorkOS::OrganizationMembership)
- end
def get_organization_membership(id:)
response = execute_request(
request: get_request(
path: "/user_management/organization_memberships/#{id}",
auth: true,
@@ -876,15 +712,10 @@
# before a provided User ID.
# @option options [String] after Pagination cursor to receive records
# before a provided User ID.
#
# @return [WorkOS::OrganizationMembership]
- sig do
- params(
- options: T::Hash[Symbol, String],
- ).returns(WorkOS::Types::ListStruct)
- end
def list_organization_memberships(options = {})
options[:order] ||= 'desc'
response = execute_request(
request: get_request(
path: '/user_management/organization_memberships',
@@ -909,16 +740,10 @@
#
# @param [String] user_id The ID of the User.
# @param [String] organization_id The ID of the Organization to which the user belongs to.
#
# @return [WorkOS::OrganizationMembership]
- sig do
- params(
- user_id: String,
- organization_id: String,
- ).returns(WorkOS::OrganizationMembership)
- end
def create_organization_membership(user_id:, organization_id:)
request = post_request(
path: '/user_management/organization_memberships',
body: {
user_id: user_id,
@@ -935,15 +760,10 @@
# Delete an Organization Membership
#
# @param [String] id The unique ID of the Organization Membership.
#
# @return [Bool] - returns `true` if successful
- sig do
- params(
- id: String,
- ).returns(T::Boolean)
- end
def delete_organization_membership(id:)
response = execute_request(
request: delete_request(
path: "/user_management/organization_memberships/#{id}",
auth: true,
@@ -956,13 +776,10 @@
# Gets an Invitation
#
# @param [String] id The unique ID of the Invitation.
#
# @return WorkOS::Invitation
- sig do
- params(id: String).returns(WorkOS::Invitation)
- end
def get_invitation(id:)
response = execute_request(
request: get_request(
path: "/user_management/invitations/#{id}",
auth: true,
@@ -983,15 +800,10 @@
# before a provided User ID.
# @option options [String] after Pagination cursor to receive records
# before a provided User ID.
#
# @return [WorkOS::Invitation]
- sig do
- params(
- options: T::Hash[Symbol, String],
- ).returns(WorkOS::Types::ListStruct)
- end
def list_invitations(options = {})
options[:order] ||= 'desc'
response = execute_request(
request: get_request(
path: '/user_management/invitations',
@@ -1017,29 +829,23 @@
# @param [String] email The email address of the recipient.
# @param [String] organization_id The ID of the Organization to which the recipient is being invited.
# @param [Integer] expires_in_days The number of days the invitations will be valid for.
# Must be between 1 and 30, defaults to 7 if not specified.
# @param [String] inviter_user_id The ID of the User sending the invitation.
+ # @param [String] role_slug The slug of the role to assign to the user upon invitation.
#
# @return WorkOS::Invitation
- sig do
- params(
- email: String,
- organization_id: T.nilable(String),
- expires_in_days: T.nilable(Integer),
- inviter_user_id: T.nilable(String),
- ).returns(WorkOS::Invitation)
- end
- def send_invitation(email:, organization_id: nil, expires_in_days: nil, inviter_user_id: nil)
+ def send_invitation(email:, organization_id: nil, expires_in_days: nil, inviter_user_id: nil, role_slug: nil)
response = execute_request(
request: post_request(
path: '/user_management/invitations',
body: {
email: email,
organization_id: organization_id,
expires_in_days: expires_in_days,
inviter_user_id: inviter_user_id,
+ role_slug: role_slug,
},
auth: true,
),
)
@@ -1049,13 +855,10 @@
# Revokes an existing Invitation.
#
# @param [String] id The unique ID of the Invitation.
#
# @return WorkOS::Invitation
- sig do
- params(id: String).returns(WorkOS::Invitation)
- end
def revoke_invitation(id:)
request = post_request(
path: "/user_management/invitations/#{id}/revoke",
auth: true,
)
@@ -1065,18 +868,10 @@
WorkOS::Invitation.new(response.body)
end
private
- sig do
- params(
- provider: T.nilable(String),
- connection_id: T.nilable(String),
- organization_id: T.nilable(String),
- ).void
- end
-
def validate_authorization_url_arguments(
provider:,
connection_id:,
organization_id:
)
@@ -1087,15 +882,9 @@
return unless provider && !PROVIDERS.include?(provider)
raise ArgumentError, "#{provider} is not a valid value." \
" `provider` must be in #{PROVIDERS}"
- end
-
- sig do
- params(
- type: String,
- ).void
end
def validate_auth_factor_type(
type:
)