Merge branch 'secret-management'

Author: lornajane

README.md

@@ -379,6 +379,36 @@ Or you can specify the number and country manually
 $client->numbers()->purchase('14155550100', 'US');
 ```
 
+### Managing Secrets
+
+An API is provided to allow you to rotate your API secrets. You can create a new secret (up to a maximum of two secrets) and delete the existing one once all applications have been updated.
+
+Get a list of the secrets:
+
+```php
+$secretCollection = $client->account()->listSecrets(API_KEY);
+
+foreach($secretCollection['secrets'] as $secret) {
+    echo "ID: " . $secret['id'] . " (created " . $secret['created_at'] .")\n";
+}
+```
+
+Create a new secret (the created dates will help you know which is which):
+
+```php
+$client->account()->createSecret(API_KEY, 'awes0meNewSekret!!;');
+```
+
+Delete the old secret (any application still using these credentials will stop working):
+
+```php
+try {
+    $response = $client->account()->deleteSecret(API_KEY, 'd0f40c7e-91f2-4fe0-8bc6-8942587b622c');
+} catch(\Nexmo\Client\Exception\Request $e) {
+    echo $e->getMessage();
+}
+```
+
 ## Troubleshooting
 
 Some users have issues making requests due to the following error:
@@ -400,7 +430,6 @@ curl.cainfo = "/etc/pki/tls/cacert.pem"
 curl.cainfo = "C:\php\extras\ssl\cacert.pem"
 ```
 
-    
 API Coverage
 ------------
 
@@ -409,6 +438,7 @@ API Coverage
     * [X] Pricing
     * [ ] Settings
     * [ ] Top Up
+    * [X] Secret Management
     * [X] Numbers
         * [X] Search
         * [X] Buy

src/Account/Client.php

@@ -2,6 +2,7 @@
 
 namespace Nexmo\Account;
 
+use Nexmo\ApiErrorHandler;
 use Nexmo\Client\ClientAwareInterface;
 use Nexmo\Client\ClientAwareTrait;
 use Nexmo\Network;
@@ -95,6 +96,78 @@ public function topUp($trx)
         }
     }
 
+    public function listSecrets($apiKey)
+    {
+        $body = $this->get( \Nexmo\Client::BASE_API . '/accounts/'.$apiKey.'/secrets');
+        return SecretCollection::fromApi($body);
+    }
+
+    public function getSecret($apiKey, $secretId)
+    {
+        $body = $this->get( \Nexmo\Client::BASE_API . '/accounts/'.$apiKey.'/secrets/'. $secretId);
+        return Secret::fromApi($body);
+    }
+
+    public function createSecret($apiKey, $newSecret)
+    {
+        $body = [
+            'secret' => $newSecret
+        ];
+
+        $request = new Request(
+            \Nexmo\Client::BASE_API . '/accounts/'.$apiKey.'/secrets'
+            ,'POST'
+            , 'php://temp'
+            , ['content-type' => 'application/json']
+        );
+
+        $request->getBody()->write(json_encode($body));
+        $response = $this->client->send($request);
+
+        $rawBody = $response->getBody()->getContents();
+        $responseBody = json_decode($rawBody, true);
+        ApiErrorHandler::check($responseBody, $response->getStatusCode());
+
+        return Secret::fromApi($responseBody);
+    }
+
+    public function deleteSecret($apiKey, $secretId)
+    {
+        $request = new Request(
+            \Nexmo\Client::BASE_API . '/accounts/'.$apiKey.'/secrets/'. $secretId
+            ,'DELETE'
+            , 'php://temp'
+            , ['content-type' => 'application/json']
+        );
+
+        $response = $this->client->send($request);
+        $rawBody = $response->getBody()->getContents();
+        $body = json_decode($rawBody, true);
+
+        // This will throw an exception on any error
+        ApiErrorHandler::check($body, $response->getStatusCode());
+
+        // This returns a 204, so no response body
+    }
+
+    protected function get($url) {
+       $request = new Request(
+           $url
+           ,'GET'
+           , 'php://temp'
+           , ['content-type' => 'application/json']
+        );
+
+        $response = $this->client->send($request);
+        $rawBody = $response->getBody()->getContents();
+        $body = json_decode($rawBody, true);
+
+        // This will throw an exception on any error
+        ApiErrorHandler::check($body, $response->getStatusCode());
+
+        return $body;
+    }
+
     protected function getException(ResponseInterface $response, $application = null)
     {
         $body = json_decode($response->getBody()->getContents(), true);
@@ -111,4 +184,4 @@ protected function getException(ResponseInterface $response, $application = null
         return $e;
     }
 
-}
+}

src/Account/Secret.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace Nexmo\Account;
+
+use Nexmo\InvalidResponseException;
+
+class Secret implements \ArrayAccess {
+    protected $data;
+
+    public function __construct($data) {
+        $this->data = $data;
+    }
+
+    public function getId() {
+        return $this['id'];
+    }
+
+    public function getCreatedAt() {
+        return $this['created_at'];
+    }
+
+    public function getLinks() {
+        return $this['_links'];
+    }
+
+    public static function fromApi($data) {
+        if (!isset($data['id'])) {
+            throw new InvalidResponseException("Missing key: 'id");
+        }
+        if (!isset($data['created_at'])) {
+            throw new InvalidResponseException("Missing key: 'created_at");
+        }
+        return new self($data);
+    }
+
+    public function offsetExists($offset)
+    {
+        return isset($this->data[$offset]);
+    }
+
+    public function offsetGet($offset)
+    {
+        return $this->data[$offset];
+    }
+
+    public function offsetSet($offset, $value)
+    {
+        throw new \Exception('Secret::offsetSet is not implemented');
+    }
+
+    public function offsetUnset($offset)
+    {
+        throw new \Exception('Secret::offsetUnset is not implemented');
+    }
+
+}

src/Account/SecretCollection.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace Nexmo\Account;
+
+class SecretCollection implements \ArrayAccess {
+    protected $data;
+
+    public function __construct($secrets, $links) {
+        $this->data = [
+            'secrets' => $secrets,
+            '_links' => $links
+        ];
+    }
+
+    public function getSecrets() {
+        return $this['secrets'];
+    }
+
+    public function getLinks() {
+        return $this['_links'];
+    }
+
+    public static function fromApi($data) {
+        $secrets = [];
+        foreach ($data['_embedded']['secrets'] as $s) {
+            $secrets[] = Secret::fromApi($s);
+        }
+        return new self($secrets, $data['_links']);
+    }
+
+    public function offsetExists($offset)
+    {
+        return isset($this->data[$offset]);
+    }
+
+    public function offsetGet($offset)
+    {
+        return $this->data[$offset];
+    }
+
+    public function offsetSet($offset, $value)
+    {
+        throw new \Exception('SecretCollection::offsetSet is not implemented');
+    }
+
+    public function offsetUnset($offset)
+    {
+        throw new \Exception('SecretCollection::offsetUnset is not implemented');
+    }
+
+}

src/ApiErrorHandler.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Nexmo;
+use Nexmo\Client\Exception;
+
+class ApiErrorHandler {
+    public static function check($body, $statusCode) {
+        $statusCodeType = (int) ($statusCode / 100);
+
+        // If it's ok, we can continue
+        if ($statusCodeType == 2) {
+            return;
+        }
+
+        // Build up our error message
+        $errorMessage = $body['title'];
+        if (isset($body['detail']) && $body['detail']) {
+            $errorMessage .= ': '.$body['detail'].'.';
+        } else {
+            $errorMessage .= '.';
+        }
+
+        $errorMessage .= ' See '.$body['type'].' for more information';
+
+        // If it's a 5xx error, throw an exception
+        if ($statusCodeType == 5) {
+            throw new Exception\Server($errorMessage, $statusCode);
+        }
+
+        // Otherwise it's a 4xx, so we may have more context for the user
+        // If it's a validation error, share that information
+        if (isset($body['invalid_parameters'])) {
+            throw new Exception\Validation($errorMessage, $statusCode, null, $body['invalid_parameters']);
+        }
+
+        // Otherwise throw a normal error
+        throw new Exception\Request($errorMessage, $statusCode);
+    }
+}

src/Client.php

@@ -187,9 +187,12 @@ public static function signRequest(RequestInterface $request, SignatureSecret $c
 
     public static function authRequest(RequestInterface $request, Basic $credentials)
     {
-        switch($request->getHeaderLine('content-type')){
-        case 'application/json':
-            if (static::requiresAuthInUrlNotBody($request)) {
+        switch($request->getHeaderLine('content-type')) {
+            case 'application/json':
+            if (static::requiresBasicAuth($request)) {
+                $c = $credentials->asArray();
+                $request = $request->withHeader('Authorization', 'Basic ' . base64_encode($c['api_key'] . ':' . $c['api_secret']));
+            } else if (static::requiresAuthInUrlNotBody($request)) {
                 $query = [];
                 parse_str($request->getUri()->getQuery(), $query);
                 $query = array_merge($query, $credentials->asArray());
@@ -455,6 +458,14 @@ public function __get($name)
         return $this->factory->getApi($name);
     }
 
+    protected static function requiresBasicAuth(\Psr\Http\Message\RequestInterface $request)
+    {
+        $path = $request->getUri()->getPath();
+        $isSecretManagementEndpoint = strpos($path, '/accounts') === 0 && strpos($path, '/secrets') !== false;
+
+        return $isSecretManagementEndpoint;
+    }
+
     protected static function requiresAuthInUrlNotBody(\Psr\Http\Message\RequestInterface $request)
     {
         $path = $request->getUri()->getPath();

src/Client/Exception/Validation.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Nexmo Client Library for PHP
+ *
+ * @copyright Copyright (c) 2016 Nexmo, Inc. (http://nexmo.com)
+ * @license   https://github.com/Nexmo/nexmo-php/blob/master/LICENSE.txt MIT License
+ */
+
+namespace Nexmo\Client\Exception;
+
+use Throwable;
+
+class Validation extends Request
+{
+    public function __construct($message = "", $code = 0, Throwable $previous = null, $errors)
+    {
+        $this->errors = $errors;
+        parent::__construct($message, $code, $previous);
+    }
+
+    public function getValidationErrors() {
+        return $this->errors;
+    }
+}

src/InvalidResponseException.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace Nexmo;
+
+class InvalidResponseException extends \Exception {
+
+}