Add ability to authenticate with a refresh token

huntresslabs · Mar 26, 2024 · 79703c2 · 79703c2
1 parent 1ec564d
commit 79703c2
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 9 deletions.
diff --git a/lib/servicenow/client.rb b/lib/servicenow/client.rb
@@ -6,6 +6,26 @@ class Client
 
     class << self
       def authenticate(instance_id, client_id, client_secret, username, password)
+        authenticate_with_params(instance_id,
+          grant_type: "password",
+          client_id: client_id,
+          client_secret: client_secret,
+          username: username,
+          password: password
+        )
+      end
+
+      def authenticate_with_refresh_token(instance_id, client_id, client_secret, refresh_token)
+        authenticate_with_params(instance_id,
+          grant_type: "refresh_token",
+          client_id: client_id,
+          client_secret: client_secret,
+          refresh_token: refresh_token,
+          scope: "useraccount"
+        )
+      end
+
+      private def authenticate_with_params(instance_id, params)
         connection_options = {
           url: "https://#{instance_id}.service-now.com/"
         }
@@ -17,14 +37,6 @@ def authenticate(instance_id, client_id, client_secret, username, password)
           faraday.adapter Faraday.default_adapter
         end
 
-        params = {
-          grant_type: "password",
-          client_id: client_id,
-          client_secret: client_secret,
-          username: username,
-          password: password
-        }
-
         response = conn.post('oauth_token.do', params)
         connection = Connection.new(instance_id, response.body["access_token"])
         Client.new(connection)
@@ -47,4 +59,4 @@ def cmdb_instance(instance_class)
       Client::CMDB.new(@connection, instance_class)
     end
   end
-end
+end
diff --git a/spec/client_spec.rb b/spec/client_spec.rb
@@ -0,0 +1,54 @@
+RSpec.describe ServiceNow::Client do
+  let(:instance_id)   { "instance_id_foo" }
+  let(:client_id)     { "client_id_foo" }
+  let(:client_secret) { "client_secret_foo" }
+  let(:username)      { "some_user" }
+  let(:password)      { "p4ssw0rd" }
+  let(:refresh_token) { "refresh_token_foo" }
+  let(:access_token)  { "access_token_foo" }
+
+  let(:connection)    { double(Faraday) }
+  let(:response)      { double(Faraday::Response, body: {"access_token" => access_token}) }
+
+  describe ".authenticate" do
+    it "connects" do
+      expect(Faraday).to receive(:new).with({url: "https://#{instance_id}.service-now.com/"}).and_return(connection)
+      expect(connection).to receive(:post).with("oauth_token.do",
+        {
+          client_id: client_id,
+          client_secret: client_secret,
+          grant_type: "password",
+          username: username,
+          password: password
+        }
+      ).and_return(response)
+
+      client = described_class.authenticate(instance_id, client_id, client_secret, username, password)
+
+      expect(client).to be_a(described_class)
+      expect(client.connection).to be_a(ServiceNow::Connection)
+      expect(client.connection.headers["Authorization"]).to eq("Bearer #{access_token}")
+    end
+  end
+
+  describe ".authenticate_with_refresh_token" do
+    it "connects" do
+      expect(Faraday).to receive(:new).with({url: "https://#{instance_id}.service-now.com/"}).and_return(connection)
+      expect(connection).to receive(:post).with("oauth_token.do",
+        {
+          client_id: client_id,
+          client_secret: client_secret,
+          grant_type: "refresh_token",
+          refresh_token: refresh_token,
+          scope: "useraccount"
+        }
+      ).and_return(response)
+
+      client = described_class.authenticate_with_refresh_token(instance_id, client_id, client_secret, refresh_token)
+
+      expect(client).to be_a(described_class)
+      expect(client.connection).to be_a(ServiceNow::Connection)
+      expect(client.connection.headers["Authorization"]).to eq("Bearer #{access_token}")
+    end
+  end
+end