Merge branch 'master' into dependabot/bundler/examples/ruby-api/sinatra-4.2.0

Author: arpit-jn

Gemfile.lock

@@ -11,23 +11,23 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (8.1.1)
-      actionview (= 8.1.1)
-      activesupport (= 8.1.1)
+    actionpack (8.1.2)
+      actionview (= 8.1.2)
+      activesupport (= 8.1.2)
       nokogiri (>= 1.8.5)
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actionview (8.1.1)
-      activesupport (= 8.1.1)
+    actionview (8.1.2)
+      activesupport (= 8.1.2)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (8.1.1)
+    activesupport (8.1.2)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
@@ -44,11 +44,11 @@ GEM
       public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.3.0)
-    bigdecimal (3.3.1)
+    bigdecimal (4.0.1)
     builder (3.3.0)
     coderay (1.1.3)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.5)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
     coveralls (0.7.1)
       multi_json (~> 1.3)
       rest-client
@@ -59,7 +59,7 @@ GEM
       bigdecimal
       rexml
     crass (1.0.6)
-    date (3.5.0)
+    date (3.5.1)
     diff-lcs (1.6.2)
     docile (1.4.1)
     domain_name (0.6.20240107)
@@ -68,7 +68,7 @@ GEM
       dotenv (= 2.8.1)
       railties (>= 3.2)
     drb (2.2.3)
-    erb (6.0.0)
+    erb (6.0.1)
     erubi (1.13.0)
     faker (2.23.0)
       i18n (>= 1.8.11, < 2)
@@ -104,10 +104,10 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.7)
       domain_name (~> 0.5)
-    i18n (1.14.7)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    io-console (0.8.1)
-    irb (1.15.3)
+    io-console (0.8.2)
+    irb (1.16.0)
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
@@ -130,28 +130,29 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2024.1105)
     mini_portile2 (2.8.9)
-    minitest (5.26.2)
+    minitest (6.0.1)
+      prism (~> 1.5)
     multi_json (1.15.0)
     nenv (0.3.0)
     netrc (0.11.0)
-    nokogiri (1.18.9)
+    nokogiri (1.19.1)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.18.9-aarch64-linux-gnu)
+    nokogiri (1.19.1-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-aarch64-linux-musl)
+    nokogiri (1.19.1-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm-linux-gnu)
+    nokogiri (1.19.1-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm-linux-musl)
+    nokogiri (1.19.1-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm64-darwin)
+    nokogiri (1.19.1-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-darwin)
+    nokogiri (1.19.1-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-gnu)
+    nokogiri (1.19.1-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-musl)
+    nokogiri (1.19.1-x86_64-linux-musl)
       racc (~> 1.4)
     notiffany (0.1.3)
       nenv (~> 0.1)
@@ -167,12 +168,12 @@ GEM
     pry (0.15.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    psych (5.2.6)
+    psych (5.3.1)
       date
       stringio
     public_suffix (7.0.0)
     racc (1.8.1)
-    rack (3.2.4)
+    rack (3.2.5)
     rack-session (2.1.1)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
@@ -187,9 +188,9 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (8.1.1)
-      actionpack (= 8.1.1)
-      activesupport (= 8.1.1)
+    railties (8.1.2)
+      actionpack (= 8.1.2)
+      activesupport (= 8.1.2)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -201,7 +202,7 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rdoc (6.15.1)
+    rdoc (7.1.0)
       erb
       psych (>= 4.0.0)
       tsort
@@ -242,7 +243,7 @@ GEM
     rubocop-ast (1.49.0)
       parser (>= 3.3.7.2)
       prism (~> 1.7)
-    rubocop-rails (2.34.1)
+    rubocop-rails (2.34.3)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
@@ -260,7 +261,7 @@ GEM
       simplecov (~> 0.19)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    stringio (3.1.8)
+    stringio (3.2.0)
     sync (0.5.0)
     term-ansicolor (1.11.2)
       tins (~> 1.0)
@@ -283,7 +284,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zache (0.15.0)
+    zache (0.15.2)
     zeitwerk (2.7.1)
 
 PLATFORMS

lib/auth0/api/v2/users.rb

@@ -1,7 +1,7 @@
 module Auth0
   module Api
     module V2
-      # Methods to use the users endpoints
+      # Methods to use the users' endpoints
       module Users
         include Auth0::Mixins::Validation
 
@@ -94,10 +94,10 @@ def delete_user(user_id)
         # Some considerations:
         # The properties of the new object will replace the old ones.
         # The metadata fields are an exception to this rule (user_metadata and app_metadata). These properties are
-        # merged instead of being replaced but be careful, the merge only occurs on the first level.
+        # merged instead of being replaced, but be careful, the merge only occurs on the first level.
         # If you are updating email_verified, phone_verified, username or password you need to specify the connection
         # property too.
-        # If your are updating email or phone_number you need to specify the connection and the client_id properties.
+        # If you are updating email or phone_number you need to specify the connection and the client_id properties.
         # @see https://auth0.com/docs/api/v2#!/Users/patch_users_by_id
         # @param user_id [string] The user_id of the user to update.
         # @param body [hash] The optional parameters to update.
@@ -137,7 +137,7 @@ def delete_user_provider(user_id, provider_name)
         # update:current_user_identities scope. In this case only the link_with param is required in the body,
         # containing the JWT obtained upon the secondary account's authentication.
         # 2. With an API V2 generated token with update:users scope. In this case you need to send provider and user_id
-        # in the body. Optionally you can also send the connection_id param which is suitable for identifying a
+        # in the body. Optionally, you can also send the connection_id param, which is suitable for identifying a
         # particular database connection for the 'auth0' provider.
         # @see https://auth0.com/docs/api/v2#!/Users/post_identities
         # @param user_id [string] The user_id of the primary identity where you are linking the secondary account to.

lib/auth0/mixins/httpproxy.rb

@@ -1,13 +1,16 @@
-require "addressable/uri"
-require "retryable"
-require_relative "../exception.rb"
+# frozen_string_literal: true
+
+require 'addressable/uri'
+require 'retryable'
+require_relative '../exception'
 
 module Auth0
   module Mixins
     # here's the proxy for Rest calls based on rest-client, we're building all request on that gem
     # for now, if you want to feel free to use your own http client
     module HTTPProxy
       attr_accessor :headers, :base_uri, :timeout, :retry_count
+
       DEFAULT_RETRIES = 3
       MAX_ALLOWED_RETRIES = 10
       MAX_REQUEST_RETRY_JITTER = 250
@@ -16,19 +19,19 @@ module HTTPProxy
       BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
-      %i(get post post_file post_form put patch delete delete_with_body).each do |method|
+      %i[get post post_file post_form put patch delete delete_with_body].each do |method|
         define_method(method) do |uri, body = {}, extra_headers = {}|
-          body = body.delete_if { |_, v| v.nil? }
-          token = get_token()
+          body = safe_merge_body(body, extra_headers)
+          token = get_token
           authorization_header(token) unless token.nil?
           request_with_retry(method, uri, body, extra_headers)
         end
       end
 
       def retry_options
         sleep_timer = lambda do |attempt|
-          wait = BASE_DELAY * (2**attempt-1) # Exponential delay with each subsequent request attempt.
-          wait += rand(wait+1..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = BASE_DELAY * (2**attempt - 1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait + 1..wait + MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
           wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
           wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
           wait / 1000.to_f.round(2) # convert ms to seconds
@@ -55,6 +58,7 @@ def url(path)
 
       def add_headers(h = {})
         raise ArgumentError, 'Headers must be an object which responds to #to_hash' unless h.respond_to?(:to_hash)
+
         @headers ||= {}
         @headers.merge!(h.to_hash)
       end
@@ -72,36 +76,38 @@ def request_with_retry(method, uri, body = {}, extra_headers = {})
       end
 
       def request(method, uri, body = {}, extra_headers = {})
-        result = if method == :get
-          @headers ||= {}
-          get_headers = @headers.merge({params: body}).merge(extra_headers)
-          call(:get, encode_uri(uri), timeout, get_headers)
-        elsif method == :delete
-          @headers ||= {}
-          delete_headers = @headers.merge({ params: body })
-          call(:delete, encode_uri(uri), timeout, delete_headers)
-        elsif method == :delete_with_body
-          call(:delete, encode_uri(uri), timeout, headers, body.to_json)
-        elsif method == :post_file
-          body.merge!(multipart: true)
-          # Ignore the default Content-Type headers and let the HTTP client define them
-          post_file_headers = headers.except('Content-Type') if headers != nil
-          # Actual call with the altered headers
-          call(:post, encode_uri(uri), timeout, post_file_headers, body)
-        elsif method == :post_form
-          form_post_headers = headers.except('Content-Type') if headers != nil
-          call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
-        else
-          call(method, encode_uri(uri), timeout, headers, body.to_json)
-        end
+        result = case method
+                 when :get
+                   @headers ||= {}
+                   get_headers = @headers.merge({ params: body }).merge(extra_headers)
+                   call(:get, encode_uri(uri), timeout, get_headers)
+                 when :delete
+                   @headers ||= {}
+                   delete_headers = @headers.merge({ params: body })
+                   call(:delete, encode_uri(uri), timeout, delete_headers)
+                 when :delete_with_body
+                   call(:delete, encode_uri(uri), timeout, headers, body.to_json)
+                 when :post_file
+                   body.merge!(multipart: true)
+                   # Ignore the default Content-Type headers and let the HTTP client define them
+                   post_file_headers = headers.except('Content-Type') unless headers.nil?
+                   # Actual call with the altered headers
+                   call(:post, encode_uri(uri), timeout, post_file_headers, body)
+                 when :post_form
+                   form_post_headers = headers.except('Content-Type') unless headers.nil?
+                   call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
+                 else
+                   call(method, encode_uri(uri), timeout, headers, body.to_json)
+                 end
 
         case result.code
         when 200...226 then safe_parse_json(result.body)
         when 400       then raise Auth0::BadRequest.new(result.body, code: result.code, headers: result.headers)
         when 401       then raise Auth0::Unauthorized.new(result.body, code: result.code, headers: result.headers)
         when 403       then raise Auth0::AccessDenied.new(result.body, code: result.code, headers: result.headers)
         when 404       then raise Auth0::NotFound.new(result.body, code: result.code, headers: result.headers)
-        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code, headers: result.headers)
+        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code,
+                                                                               headers: result.headers)
         when 500       then raise Auth0::ServerError.new(result.body, code: result.code, headers: result.headers)
         else           raise Auth0::Unsupported.new(result.body, code: result.code, headers: result.headers)
         end
@@ -118,11 +124,19 @@ def call(method, url, timeout, headers, body = nil)
       rescue RestClient::Exception => e
         case e
         when RestClient::RequestTimeout
-          raise Auth0::RequestTimeout.new(e.message)
+          raise Auth0::RequestTimeout, e.message
         else
-          return e.response
+          e.response
         end
       end
+
+      private
+      
+      def safe_merge_body(body, extra = {})
+        return body unless body.is_a?(Hash)
+        merged = extra.any? ? body.merge(extra) : body
+        merged.compact
+      end
     end
   end
 end