3.6.0 Release (#92)

* Bug fix to ensure that requests do not follow redirects
* Bug fix to ensure that public key is cached using `kid` header of JWT found within a response header
* Added Policies: ConditionalGeofence, MethodAmount, Factors, Legacy
* Added Requirement enum
* enum34 only required on python versions < 3.4
* Deprecated: TimeFence
* Deprecated: `ServiceSecurityPolicy`
* Deprecated: `get_service_policy` method on `ServiceManagingBaseClient` class
* Deprecated: `set_service_policy` method on `ServiceManagingBaseClient` class
* Deprecated: `get_authorization_response` method on `ServiceClient` class
* Deprecated: `handle_webhook` method on `ServiceClient` class
* Added: `get_advanced_service_policy` method on `ServiceManagingBaseClient` class
* Added: `set_advanced_service_policy` method on `ServiceManagingBaseClient` class
* Added: `get_advanced_authorization_response` method on `ServiceClient` class
* Added: `handle_advanced_webhook` method on `ServiceClient` class
* Added: `AdvancedAuthorizationResponse` class
* Added: `AuthorizationResponsePolicy` class

Author: Brad Porter

CHANGES.rst

@@ -1,6 +1,27 @@
 CHANGELOG for LaunchKey Python SDK
 ==================================
 
+3.6.0
+-----
+
+* Bug fix to ensure that requests do not follow redirects
+* Bug fix to ensure that public key is cached using `kid` header of JWT found within a response header
+* Added Policies: ConditionalGeofence, MethodAmount, Factors, Legacy
+* Added Requirement enum
+* enum34 only required on python versions < 3.4
+* Deprecated: TimeFence
+* Deprecated: `ServiceSecurityPolicy`
+* Deprecated: `get_service_policy` method on `ServiceManagingBaseClient` class
+* Deprecated: `set_service_policy` method on `ServiceManagingBaseClient` class
+* Deprecated: `get_authorization_response` method on `ServiceClient` class
+* Deprecated: `handle_webhook` method on `ServiceClient` class
+* Added: `get_advanced_service_policy` method on `ServiceManagingBaseClient` class
+* Added: `set_advanced_service_policy` method on `ServiceManagingBaseClient` class
+* Added: `get_advanced_authorization_response` method on `ServiceClient` class
+* Added: `handle_advanced_webhook` method on `ServiceClient` class
+* Added: `AdvancedAuthorizationResponse` class
+* Added: `AuthorizationResponsePolicy` class
+
 3.5.0
 -----
 

README.rst

@@ -253,9 +253,13 @@ Contributing
 
 1. Fork it
 2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Verify your code passes unit tests (`python setup.py test`)
-4. Verify your code passes tests, linting, and PEP-8 on all supported python
+3. Conform to the following standards:
+    * PEP-8
+    * Relative imports for same level or submodules
+
+4. Verify your code passes unit tests (`python setup.py test`)
+5. Verify your code passes tests, linting, and PEP-8 on all supported python
     versions (`tox`)
-5. Commit your changes (`git commit -am 'Add some feature'`)
-6. Push to the branch (`git push origin my-new-feature`)
-7. Create new Pull Request
+6. Commit your changes (`git commit -am 'Add some feature'`)
+7. Push to the branch (`git push origin my-new-feature`)
+8. Create new Pull Request

examples/cli/cli.py

@@ -82,9 +82,15 @@ def main(ctx, entity_type, entity_id, private_key, api):
               help="How many custom denial reasons to include. "
                    "If this is not included default denial reasons are used.",
               type=click.IntRange(min=2))
+@click.option('--use-advanced',
+              is_flag=True,
+              default=False,
+              help="Whether to retrieve the Advanced Authorization Response "
+                   "or the old Authorization Response",
+              type=click.BOOL)
 @click.pass_context
 def authorize(ctx, service_id, username, context, title, ttl, push_title,
-              push_body, denial_reason_count):
+              push_body, denial_reason_count, use_advanced):
     """SERVICE_ID USERNAME"""
     client = get_service_client(service_id, ctx.obj['factory'])
 
@@ -146,9 +152,14 @@ def authorize(ctx, service_id, username, context, title, ttl, push_title,
     click.echo("Checking for response from user.")
 
     try:
-        auth_response = wait_for_response(
-            client.get_authorization_response, [auth.auth_request]
-        )
+        if use_advanced:
+            auth_response = wait_for_response(
+                client.get_advanced_authorization_response, [auth.auth_request]
+            )
+        else:
+            auth_response = wait_for_response(
+                client.get_authorization_response, [auth.auth_request]
+            )
 
         if auth_response.authorized:
             message = "Authorization request approved by user."
@@ -173,7 +184,7 @@ def authorize(ctx, service_id, username, context, title, ttl, push_title,
                 "User Push ID": auth_response.user_push_id,
                 "Org User Hash": auth_response.organization_user_hash,
                 "Auth Methods": auth_response.auth_methods,
-                "Auth Policy": auth_response.auth_policy
+                "Auth Policy": auth_response.policy if use_advanced else auth_response.auth_policy
             },
             color=color
         )

examples/flask-webhooks-example/instance/example_config.py

@@ -9,3 +9,4 @@
 ORGANIZATION_KEY = open("/path/to/private.key").read()
 DIRECTORY_ID = "e243bf77-9966-4fbd-90ed-bb7f4405d9cf"
 SERVICE_ID = "babdb1b5-cb52-4231-9e72-c72732a47c00"
+USE_ADVANCED_WEBHOOKS = True

examples/flask-webhooks-example/launchkey_example_app/__init__.py

@@ -25,7 +25,8 @@ def setup_logging():
     app.config['ORGANIZATION_KEY'],
     app.config['DIRECTORY_ID'],
     app.config['SERVICE_ID'],
-    app.config.get('LAUNCHKEY_API', LAUNCHKEY_PRODUCTION)
+    app.config.get('LAUNCHKEY_API', LAUNCHKEY_PRODUCTION),
+    app.config.get("USE_ADVANCED_WEBHOOKS", False)
 )
 
 launchkey_service.update_directory_webhook_url(

examples/flask-webhooks-example/launchkey_example_app/services/launchkey_service.py

@@ -3,7 +3,7 @@
 
 class LaunchKeyService:
     def __init__(self, organization_id, organization_key, directory_id,
-                 service_id, launchkey_url):
+                 service_id, launchkey_url, use_advanced_webhooks):
         self.organization_id = organization_id
         self.directory_id = directory_id
         self.service_id = service_id
@@ -22,6 +22,8 @@ def __init__(self, organization_id, organization_key, directory_id,
             service_id
         )
 
+        self.use_advanced_webhooks = use_advanced_webhooks
+
     def update_directory_webhook_url(self, webhook_url):
         self.organization_client.update_directory(
             self.directory_id,
@@ -54,7 +56,10 @@ def session_end(self, username):
         self.service_client.session_end(username)
 
     def handle_service_webhook(self, body, headers, method, path):
-        return self.service_client.handle_webhook(body, headers, method, path)
+        if self.use_advanced_webhooks:
+            return self.service_client.handle_advanced_webhook(body, headers, method, path)
+        else:
+            return self.service_client.handle_webhook(body, headers, method, path)
 
     def handle_directory_webhook(self, body, headers, method, path):
         return self.directory_client.handle_webhook(body, headers, method, path)

examples/flask-webhooks-example/launchkey_example_app/views/__init__.py

@@ -2,7 +2,7 @@
 from flask.views import MethodView
 
 from launchkey.entities.directory import DeviceLinkCompletionResponse
-from launchkey.entities.service import AuthorizationResponse, SessionEndRequest
+from launchkey.entities.service import AuthorizationResponse, AdvancedAuthorizationResponse, SessionEndRequest
 from launchkey.exceptions import AuthorizationInProgress
 
 
@@ -165,7 +165,8 @@ def __init__(self, launchkey_service, database_service, logger):
     def post(self):
         package = self.launchkey_service.handle_service_webhook(
             request.data, request.headers, request.method, request.path)
-        if isinstance(package, AuthorizationResponse):
+        if isinstance(package, AdvancedAuthorizationResponse) or isinstance(package, AuthorizationResponse):
+            self.logger.info(f"Service Webhook Received {type(package)}")
             auth_request = self.database_service.get_auth_request(
                 package.authorization_request_id)
             if auth_request:

features/base_environment.py

@@ -15,12 +15,12 @@ def before_all(context):
         context.organization_private_key,
         url=getattr(context, 'launchkey_url', LAUNCHKEY_PRODUCTION)
     )
-    sample_app_package = 'com.launchkey.android.authenticator.demo'
+    sample_app_package = 'com.launchkey.android.authenticator.demo.javaApp'
 
     desired_caps = dict()
     # Increase the default idle time in order to prevent the session from
     # closing while non device tests are being ran.
-    desired_caps['newCommandTimeout'] = 300
+    desired_caps['newCommandTimeout'] = 600
     desired_caps['appPackage'] = sample_app_package
     desired_caps[
         'appWaitActivity'] = 'com.launchkey.android.authenticator.demo.' \

features/directory_client/devices/directory-client-device-link.feature

@@ -12,6 +12,11 @@ Feature: Directory Client can link Devices
     And the Device linking response contains a valid Linking Code
     And the Device linking response contains a valid Device ID
 
+  Scenario: Linking Devices with TTL returns QR Code URL and linking code
+    When I make a Device linking request with a TTL of 300 seconds
+    Then the Device linking response contains a valid QR Code URL
+    And the Device linking response contains a valid Linking Code
+
   Scenario: Linking Devices adds the device to the User's Device list
     When I make a Device linking request
     And I retrieve the Devices list for the current User
@@ -25,4 +30,4 @@ Feature: Directory Client can link Devices
     When I link my device
     And I retrieve the Devices list for the current User
     Then there should be 1 Device in the Devices list
-    And all of the devices should be active
+    And all of the devices should be active

features/directory_client/devices/directory-client-device-unlink.feature

@@ -14,6 +14,7 @@ Feature: Directory Client can unlink devices
     Then there should be 0 Devices in the Devices list
 
   Scenario: Unlinking invalid Device throws NotFoundException
+    Given I have made a Device linking request
     When I attempt to unlink the device with the ID "67c87654-aed9-11e7-98e9-0469f8dc10a5"
     Then a EntityNotFound error occurs
 

features/directory_client/services/policy/directory-client-service-policy-get.feature

@@ -63,3 +63,142 @@ Feature: Directory Client can retrieve Directory Service Policy
   Scenario: Getting the policy for invalid Service throws Forbidden
     When I attempt to retrieve the Policy for the Directory Service with the ID "eba60cb8-c649-11e7-abc4-cec278b6b50a"
     Then a ServiceNotFound error occurs
+
+  Scenario: Setting Fences on a Method Amount Policy works as expected
+    When I create a new MethodAmountPolicy
+    And I add the following GeoCircleFence items
+      | latitude | longitude | radius | name        |
+      | 45.1250  | 150.51    | 15200  | Large Fence |
+      | -50.0111 | -140      | 100    | Small Fence |
+    And I add the following TerritoryFence items
+      | country | admin_area | postal_code | name  |
+      | US      | US-NV      | 89120       | US-NV |
+      | US      | US-CA      | 90001       | US-CA |
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the Directory Service Policy has "4" fences
+    And the Directory Service Policy contains the GeoCircleFence "Large Fence"
+    And the "Large Fence" fence has a latitude of "45.1250"
+    And the "Large Fence" fence has a longitude of "150.51"
+    And the "Large Fence" fence has a radius of "15200"
+    And the Directory Service Policy contains the GeoCircleFence "Small Fence"
+    And the "Small Fence" fence has a latitude of "-50.0111"
+    And the "Small Fence" fence has a longitude of "-140"
+    And the "Small Fence" fence has a radius of "100"
+    And the Directory Service Policy contains the TerritoryFence "US-NV"
+    And the "US-NV" fence has a country of "US"
+    And the "US-NV" fence has an administrative_area of "US-NV"
+    And the "US-NV" fence has a postal_code of "89120"
+    And the Directory Service Policy contains the TerritoryFence "US-CA"
+    And the "US-CA" fence has a country of "US"
+    And the "US-CA" fence has an administrative_area of "US-CA"
+    And the "US-CA" fence has a postal_code of "90001"
+
+  Scenario: Setting Fences on a Factors Policy works as expected
+    When I create a new Factors Policy
+    And I set the factors to "KNOWLEDGE"
+    And I add the following GeoCircleFence items
+      | latitude | longitude | radius | name        |
+      | 45.1250  | 150.51    | 15200  | Large Fence |
+      | -50.0111 | -140      | 100    | Small Fence |
+    And I add the following TerritoryFence items
+      | country | admin_area | postal_code | name  |
+      | US      | US-NV      | 89120       | US-NV |
+      | US      | US-CA      | 90001       | US-CA |
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the Directory Service Policy has "4" fences
+    And the Directory Service Policy contains the GeoCircleFence "Large Fence"
+    And the "Large Fence" fence has a latitude of "45.1250"
+    And the "Large Fence" fence has a longitude of "150.51"
+    And the "Large Fence" fence has a radius of "15200"
+    And the Directory Service Policy contains the GeoCircleFence "Small Fence"
+    And the "Small Fence" fence has a latitude of "-50.0111"
+    And the "Small Fence" fence has a longitude of "-140"
+    And the "Small Fence" fence has a radius of "100"
+    And the Directory Service Policy contains the TerritoryFence "US-NV"
+    And the "US-NV" fence has a country of "US"
+    And the "US-NV" fence has an administrative_area of "US-NV"
+    And the "US-NV" fence has a postal_code of "89120"
+    And the Directory Service Policy contains the TerritoryFence "US-CA"
+    And the "US-CA" fence has a country of "US"
+    And the "US-CA" fence has an administrative_area of "US-CA"
+    And the "US-CA" fence has a postal_code of "90001"
+
+  Scenario: Setting Inside Policy to Factors Policy works as expected
+    Given the Directory Service is set to any Conditional Geofence Policy
+    When I set the inside Policy to a new Factors Policy
+    And I set the inside Policy factors to "Knowledge"
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the inside Policy should be a FactorsPolicy
+    And the inside Policy factors should be set to "Knowledge"
+    And deny_rooted_jailbroken should be set to "False"
+    And deny_emulator_simulator should be set to "False"
+    And the Directory Service Policy has "1" fence
+
+  Scenario: Setting Inside Policy to Methods Amount Policy works as expected
+    Given the Directory Service is set to any Conditional Geofence Policy
+    When I set the inside Policy to a new MethodAmountPolicy
+    And I set the inside Policy amount to "2"
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the inside Policy should be a MethodAmountPolicy
+    And the inside Policy amount should be set to "2"
+    And deny_rooted_jailbroken should be set to "False"
+    And deny_emulator_simulator should be set to "False"
+    And the Directory Service Policy has "1" fence
+
+  Scenario: Setting Outside Policy to Factors Policy works as expected
+    Given the Directory Service is set to any Conditional Geofence Policy
+    When I set the outside Policy to a new Factors Policy
+    And I set the outside Policy factors to "Knowledge"
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the outside Policy should be a FactorsPolicy
+    And the outside Policy factors should be set to "Knowledge"
+    And deny_rooted_jailbroken should be set to "False"
+    And deny_emulator_simulator should be set to "False"
+    And the Directory Service Policy has "1" fence
+
+  Scenario: Setting Outside Policy to Methods Amount Policy works as expected
+    Given the Directory Service is set to any Conditional Geofence Policy
+    When I set the outside Policy to a new MethodAmountPolicy
+    And I set the outside Policy amount to "2"
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the outside Policy should be a MethodAmountPolicy
+    And the outside Policy amount should be set to "2"
+    And deny_rooted_jailbroken should be set to "False"
+    And deny_emulator_simulator should be set to "False"
+    And the Directory Service Policy has "1" fence
+
+  Scenario: Setting Fences on a Conditional Geofence Policy works as expected
+    Given the Directory Service is set to any Conditional Geofence Policy
+    When I add the following GeoCircleFence items
+      | latitude | longitude | radius | name        |
+      | 45.1250  | 150.51    | 15200  | Large Fence |
+      | -50.0111 | -140      | 100    | Small Fence |
+    And I add the following TerritoryFence items
+      | country | admin_area | postal_code | name  |
+      | US      | US-NV      | 89120       | US-NV |
+      | US      | US-CA      | 90001       | US-CA |
+    And I set the Advanced Policy for the Current Directory Service to the new policy
+    And I retrieve the Advanced Policy for the Current Directory Service
+    Then the Directory Service Policy has "5" fences
+    And the Directory Service Policy contains the GeoCircleFence "Large Fence"
+    And the "Large Fence" fence has a latitude of "45.1250"
+    And the "Large Fence" fence has a longitude of "150.51"
+    And the "Large Fence" fence has a radius of "15200"
+    And the Directory Service Policy contains the GeoCircleFence "Small Fence"
+    And the "Small Fence" fence has a latitude of "-50.0111"
+    And the "Small Fence" fence has a longitude of "-140"
+    And the "Small Fence" fence has a radius of "100"
+    And the Directory Service Policy contains the TerritoryFence "US-NV"
+    And the "US-NV" fence has a country of "US"
+    And the "US-NV" fence has an administrative_area of "US-NV"
+    And the "US-NV" fence has a postal_code of "89120"
+    And the Directory Service Policy contains the TerritoryFence "US-CA"
+    And the "US-CA" fence has a country of "US"
+    And the "US-CA" fence has an administrative_area of "US-CA"
+    And the "US-CA" fence has a postal_code of "90001"