Merge branch 'main' into password-hash-types

Author: gjtorikian

context7.json

@@ -0,0 +1,4 @@
+{
+  "url": "https://context7.com/workos/workos-python",
+  "public_key": "pk_q7NnKuFFXMWA7WnmjMHQU"
+}

tests/test_api_keys.py

@@ -0,0 +1,50 @@
+# type: ignore
+import pytest
+
+from tests.utils.fixtures.mock_api_key import MockApiKey
+from tests.utils.syncify import syncify
+from workos.api_keys import API_KEY_VALIDATION_PATH, ApiKeys, AsyncApiKeys
+
+
+@pytest.mark.sync_and_async(ApiKeys, AsyncApiKeys)
+class TestApiKeys:
+    @pytest.fixture
+    def mock_api_key(self):
+        return MockApiKey().dict()
+
+    @pytest.fixture
+    def api_key(self):
+        return "sk_my_api_key"
+
+    def test_validate_api_key_with_valid_key(
+        self,
+        module_instance,
+        api_key,
+        mock_api_key,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {"api_key": mock_api_key}
+        request_kwargs = capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        api_key_details = syncify(module_instance.validate_api_key(value=api_key))
+
+        assert request_kwargs["url"].endswith(API_KEY_VALIDATION_PATH)
+        assert request_kwargs["method"] == "post"
+        assert api_key_details.id == mock_api_key["id"]
+        assert api_key_details.name == mock_api_key["name"]
+        assert api_key_details.object == "api_key"
+
+    def test_validate_api_key_with_invalid_key(
+        self,
+        module_instance,
+        mock_http_client_with_response,
+    ):
+        mock_http_client_with_response(
+            module_instance._http_client,
+            {"api_key": None},
+            200,
+        )
+
+        assert syncify(module_instance.validate_api_key(value="invalid-key")) is None

tests/test_client.py

@@ -37,6 +37,9 @@ def test_client_with_api_key_and_client_id_environment_variables(self):
         os.environ.pop("WORKOS_API_KEY")
         os.environ.pop("WORKOS_CLIENT_ID")
 
+    def test_initialize_api_keys(self, default_client):
+        assert bool(default_client.api_keys)
+
     def test_initialize_sso(self, default_client):
         assert bool(default_client.sso)
 
@@ -112,6 +115,9 @@ def test_client_with_api_key_and_client_id_environment_variables(self):
         os.environ.pop("WORKOS_API_KEY")
         os.environ.pop("WORKOS_CLIENT_ID")
 
+    def test_initialize_api_keys(self, default_client):
+        assert bool(default_client.api_keys)
+
     def test_initialize_directory_sync(self, default_client):
         assert bool(default_client.directory_sync)
 

tests/test_pipes.py

@@ -0,0 +1,167 @@
+import pytest
+
+from tests.utils.syncify import syncify
+from workos.pipes import AsyncPipes, Pipes
+
+
+@pytest.mark.sync_and_async(Pipes, AsyncPipes)
+class TestPipes:
+    @pytest.fixture
+    def mock_access_token(self):
+        return {
+            "object": "access_token",
+            "access_token": "test_access_token_123",
+            "expires_at": "2026-01-09T12:00:00.000Z",
+            "scopes": ["read:users", "write:users"],
+            "missing_scopes": [],
+        }
+
+    def test_get_access_token_success_with_expiry(
+        self,
+        module_instance,
+        mock_access_token,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": True,
+            "access_token": mock_access_token,
+        }
+        request_kwargs = capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        result = syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+            )
+        )
+
+        assert request_kwargs["url"].endswith("data-integrations/test-provider/token")
+        assert request_kwargs["method"] == "post"
+        assert request_kwargs["json"]["user_id"] == "user_123"
+        assert result.active is True
+        assert result.access_token.access_token == mock_access_token["access_token"]
+        assert result.access_token.scopes == mock_access_token["scopes"]
+
+    def test_get_access_token_success_without_expiry(
+        self,
+        module_instance,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": True,
+            "access_token": {
+                "object": "access_token",
+                "access_token": "test_token",
+                "expires_at": None,
+                "scopes": ["read"],
+                "missing_scopes": [],
+            },
+        }
+        capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        result = syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+            )
+        )
+
+        assert result.active is True
+        assert result.access_token.expires_at is None
+
+    def test_get_access_token_with_organization_id(
+        self,
+        module_instance,
+        mock_access_token,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": True,
+            "access_token": mock_access_token,
+        }
+        request_kwargs = capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+                organization_id="org_456",
+            )
+        )
+
+        assert request_kwargs["json"]["organization_id"] == "org_456"
+
+    def test_get_access_token_without_organization_id(
+        self,
+        module_instance,
+        mock_access_token,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": True,
+            "access_token": mock_access_token,
+        }
+        request_kwargs = capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+            )
+        )
+
+        assert "organization_id" not in request_kwargs["json"]
+
+    def test_get_access_token_not_installed(
+        self,
+        module_instance,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": False,
+            "error": "not_installed",
+        }
+        capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        result = syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+            )
+        )
+
+        assert result.active is False
+        assert result.error == "not_installed"
+
+    def test_get_access_token_needs_reauthorization(
+        self,
+        module_instance,
+        capture_and_mock_http_client_request,
+    ):
+        response_body = {
+            "active": False,
+            "error": "needs_reauthorization",
+        }
+        capture_and_mock_http_client_request(
+            module_instance._http_client, response_body, 200
+        )
+
+        result = syncify(
+            module_instance.get_access_token(
+                provider="test-provider",
+                user_id="user_123",
+            )
+        )
+
+        assert result.active is False
+        assert result.error == "needs_reauthorization"

tests/test_sso.py

@@ -30,6 +30,7 @@ def mock_magic_link_profile(self):
             first_name=None,
             last_name=None,
             role=None,
+            roles=None,
             groups=None,
             raw_attributes={},
         ).dict()

tests/test_user_management.py

@@ -6,6 +6,7 @@
 
 from tests.utils.fixtures.mock_auth_factor_totp import MockAuthenticationFactorTotp
 from tests.utils.fixtures.mock_email_verification import MockEmailVerification
+from tests.utils.fixtures.mock_feature_flag import MockFeatureFlag
 from tests.utils.fixtures.mock_invitation import MockInvitation
 from tests.utils.fixtures.mock_magic_auth import MockMagicAuth
 from tests.utils.fixtures.mock_organization_membership import MockOrganizationMembership
@@ -146,6 +147,14 @@ def mock_invitations_multiple_pages(self):
         invitations_list = [MockInvitation(id=str(i)).dict() for i in range(40)]
         return list_response_of(data=invitations_list)
 
+    @pytest.fixture
+    def mock_feature_flags(self):
+        return {
+            "data": [MockFeatureFlag(id=f"flag_{str(i)}").dict() for i in range(2)],
+            "object": "list",
+            "list_metadata": {"before": None, "after": None},
+        }
+
 
 class TestUserManagementBase(UserManagementFixtures):
     @pytest.fixture(autouse=True)
@@ -1194,3 +1203,84 @@ def test_revoke_invitation(
         )
         assert request_kwargs["method"] == "post"
         assert isinstance(invitation, Invitation)
+
+    def test_resend_invitation(
+        self, capture_and_mock_http_client_request, mock_invitation
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_invitation, 200
+        )
+
+        invitation = syncify(self.user_management.resend_invitation("invitation_ABCDE"))
+
+        assert request_kwargs["url"].endswith(
+            "user_management/invitations/invitation_ABCDE/resend"
+        )
+        assert request_kwargs["method"] == "post"
+        assert isinstance(invitation, Invitation)
+        assert invitation.id == "invitation_ABCDE"
+
+    def test_resend_invitation_not_found(self, capture_and_mock_http_client_request):
+        error_response = {
+            "message": "Invitation not found",
+            "code": "not_found",
+        }
+        capture_and_mock_http_client_request(self.http_client, error_response, 404)
+
+        with pytest.raises(Exception):
+            syncify(self.user_management.resend_invitation("invitation_nonexistent"))
+
+    def test_resend_invitation_expired(self, capture_and_mock_http_client_request):
+        error_response = {
+            "message": "Invite has expired.",
+            "code": "invite_expired",
+        }
+        capture_and_mock_http_client_request(self.http_client, error_response, 400)
+
+        with pytest.raises(Exception):
+            syncify(self.user_management.resend_invitation("invitation_expired"))
+
+    def test_resend_invitation_revoked(self, capture_and_mock_http_client_request):
+        error_response = {
+            "message": "Invite has been revoked.",
+            "code": "invite_revoked",
+        }
+        capture_and_mock_http_client_request(self.http_client, error_response, 400)
+
+        with pytest.raises(Exception):
+            syncify(self.user_management.resend_invitation("invitation_revoked"))
+
+    def test_resend_invitation_accepted(self, capture_and_mock_http_client_request):
+        error_response = {
+            "message": "Invite has already been accepted.",
+            "code": "invite_accepted",
+        }
+        capture_and_mock_http_client_request(self.http_client, error_response, 400)
+
+        with pytest.raises(Exception):
+            syncify(self.user_management.resend_invitation("invitation_accepted"))
+
+    def test_list_feature_flags(
+        self, mock_feature_flags, capture_and_mock_http_client_request
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_feature_flags, 200
+        )
+
+        feature_flags_response = syncify(
+            self.user_management.list_feature_flags(
+                user_id="user_01H7ZGXFP5C6BBQY6Z7277ZCT0"
+            )
+        )
+
+        def to_dict(x):
+            return x.dict()
+
+        assert request_kwargs["method"] == "get"
+        assert request_kwargs["url"].endswith(
+            "/user_management/users/user_01H7ZGXFP5C6BBQY6Z7277ZCT0/feature-flags"
+        )
+        assert (
+            list(map(to_dict, feature_flags_response.data))
+            == mock_feature_flags["data"]
+        )

tests/test_vault.py

@@ -107,6 +107,34 @@ def test_read_object_none_object_id(self):
         ):
             self.vault.read_object(object_id=None)
 
+    def test_read_object_by_name_success(
+        self, mock_vault_object, capture_and_mock_http_client_request
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_vault_object, 200
+        )
+
+        vault_object = self.vault.read_object_by_name(name="test-secret")
+
+        assert request_kwargs["method"] == "get"
+        assert request_kwargs["url"].endswith("/vault/v1/kv/name/test-secret")
+        assert vault_object.id == "vault_01234567890abcdef"
+        assert vault_object.name == "test-secret"
+        assert vault_object.value == "secret-value"
+        assert vault_object.metadata.environment_id == "env_01234567890abcdef"
+
+    def test_read_object_by_name_missing_name(self):
+        with pytest.raises(
+            ValueError, match="Incomplete arguments: 'name' is a required argument"
+        ):
+            self.vault.read_object_by_name(name="")
+
+    def test_read_object_by_name_none_name(self):
+        with pytest.raises(
+            ValueError, match="Incomplete arguments: 'name' is a required argument"
+        ):
+            self.vault.read_object_by_name(name=None)
+
     def test_list_objects_default_params(
         self, mock_vault_objects_list, capture_and_mock_http_client_request
     ):