Merge pull request #98 from cronofy/add-client-secret-only-availability-auth

Add client secret only auth for availability

Author: AdamWhittingham

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [0.37.4]
+
+* Support client_secret only clients being able to authorize `#availability` calls. [#97]
+
 ## [0.37.3]
 
  * Support `hmac_valid` as well as the original `hmac_match` for Client to verify a HMAC from a push notification using the client's secret.[#95] 
@@ -192,6 +196,7 @@
 [0.37.1]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.1
 [0.37.2]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.2
 [0.37.3]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.3
+[0.37.4]: https://github.com/cronofy/cronofy-ruby/releases/tag/v0.37.4
 
 [#13]: https://github.com/cronofy/cronofy-ruby/pull/13
 [#16]: https://github.com/cronofy/cronofy-ruby/pull/16
@@ -237,3 +242,4 @@
 [#90]: https://github.com/cronofy/cronofy-ruby/pull/90
 [#91]: https://github.com/cronofy/cronofy-ruby/pull/91
 [#95]: https://github.com/cronofy/cronofy-ruby/pull/95
+[#97]: https://github.com/cronofy/cronofy-ruby/pull/97

lib/cronofy/client.rb

@@ -844,7 +844,7 @@ def availability(options = {})
 
       translate_available_periods(options[:query_periods] || options[:available_periods])
 
-      response = post("/v1/availability", options)
+      response = availability_post("/v1/availability", options)
 
       parse_collections(
         response,
@@ -889,7 +889,7 @@ def sequenced_availability(options = {})
 
       translate_available_periods(options[:query_periods] || options[:available_periods])
 
-      response = post("/v1/sequenced_availability", options)
+      response = availability_post("/v1/sequenced_availability", options)
       parse_collection(Sequence, "sequences", response)
     end
 
@@ -1811,6 +1811,17 @@ def raw_post(url, body)
       wrapped_request { @auth.api_client.request(:post, url, json_request_args(body)) }
     end
 
+    # Availability Query could originally be authenticated via an access_token
+    # Whilst it should be authed via an API key now, we try access_token first
+    # for backward compatibility
+    def availability_post(url, body)
+      if @auth.access_token
+        post(url, body)
+      else
+        wrapped_request { api_key!.post(url, json_request_args(body)) }
+      end
+    end
+
     def wrapped_request
       yield
     rescue OAuth2::Error => e

lib/cronofy/version.rb

@@ -1,3 +1,3 @@
 module Cronofy
-  VERSION = "0.37.3".freeze
+  VERSION = "0.37.4".freeze
 end

spec/lib/cronofy/client_spec.rb

@@ -1257,6 +1257,17 @@
       let(:request_url) { 'https://api.cronofy.com/v1/availability' }
       let(:request_headers) { json_request_headers }
 
+      let(:client_id) { 'example_id' }
+      let(:client_secret) { 'example_secret' }
+      let(:token) { client_secret }
+
+      let(:client) do
+        Cronofy::Client.new(
+          client_id: client_id,
+          client_secret: client_secret,
+        )
+      end
+
       let(:request_body) do
         {
           "participants" => [
@@ -1770,6 +1781,87 @@
         it_behaves_like 'a Cronofy request'
         it_behaves_like 'a Cronofy request with mapped return value'
       end
+
+      context "when trying to auth with only an access_token, as originally implemented" do
+        let(:access_token) { "access_token_123"}
+        let(:client) { Cronofy::Client.new(access_token: access_token) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with both a client_secret and access_token" do
+        let(:access_token) { "access_token_123" }
+        let(:client_secret) { "client_secret_456" }
+        let(:client) { Cronofy::Client.new(access_token: access_token, client_secret: client_secret) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+        describe "it prefers the access_token for backward compatibility" do
+          it_behaves_like 'a Cronofy request'
+          it_behaves_like 'a Cronofy request with mapped return value'
+        end
+      end
+
+      context "when trying to auth without a client_secret or access_token" do
+        let(:client) { Cronofy::Client.new }
+
+        let(:participants) do
+          { members: %w{acc_567236000909002 acc_678347111010113} }
+        end
+
+        let(:required_duration) { 60 }
+
+        let(:available_periods) do
+          [
+            { start: Time.parse("2017-01-03T09:00:00Z"), end: Time.parse("2017-01-03T18:00:00Z") },
+            { start: Time.parse("2017-01-04T09:00:00Z"), end: Time.parse("2017-01-04T18:00:00Z") },
+          ]
+        end
+
+
+        it "raises an API Key error" do
+          expect{ subject }.to raise_error(Cronofy::CredentialsMissingError)
+        end
+      end
     end
   end
 
@@ -1779,6 +1871,17 @@
       let(:request_url) { 'https://api.cronofy.com/v1/sequenced_availability' }
       let(:request_headers) { json_request_headers }
 
+      let(:client_id) { 'example_id' }
+      let(:client_secret) { 'example_secret' }
+      let(:token) { client_secret }
+
+      let(:client) do
+        Cronofy::Client.new(
+          client_id: client_id,
+          client_secret: client_secret,
+        )
+      end
+
       let(:request_body) do
         {
           "sequence" => [
@@ -1937,6 +2040,45 @@
         it_behaves_like 'a Cronofy request'
         it_behaves_like 'a Cronofy request with mapped return value'
       end
+
+      context "when trying to auth with access_token only" do
+        let(:access_token) { "access_token_123"}
+        let(:client) { Cronofy::Client.new(access_token: access_token) }
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
+
+      context "when trying to auth with both access_token and client_secret provided" do
+        let(:client_id) { 'example_id' }
+        let(:client_secret) { 'example_secret' }
+        let(:access_token) { "access_token_123"}
+
+        let(:client) do
+          Cronofy::Client.new(
+            client_id: client_id,
+            client_secret: client_secret,
+            access_token: access_token,
+          )
+        end
+        let(:request_headers) do
+          {
+            "Authorization" => "Bearer #{access_token}",
+            "User-Agent" => "Cronofy Ruby #{::Cronofy::VERSION}",
+            "Content-Type" => "application/json; charset=utf-8",
+          }
+        end
+
+        it_behaves_like 'a Cronofy request'
+        it_behaves_like 'a Cronofy request with mapped return value'
+      end
     end
   end