osso 0.0.11 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3def53429479fcc6f8174b8065830233e8437b3e6cd5e6a2647caa710622028
-  data.tar.gz: dbdaa671b3a6b2ca07e5d48ed247eefbdbe6bd06423247975821088aea097f45
+  metadata.gz: c263ca76f08c31c90de62d7b81c1d1d8b93817dba65f9424b81223ae2c003418
+  data.tar.gz: 6e869dff216866735060d0cae9a478a3bdbc76a59b0a5b2b06ad419dca0c09c3
 SHA512:
-  metadata.gz: '0391fb57427e5f417ee19f2566cda5e432834bff640d14516abdf54a716c401c6ed42559ed5f366855936e2f6d976f86e1c64c1bfd497f9b3443f8a54f240485'
-  data.tar.gz: 1bdc64d6943502b18f7801003131d379879bad62265bc80f4f5cd5c9547604d7fb60b35a174ce9875a1d5b13ef673535bed4566d14d5888de1552b40a9c0d26b
+  metadata.gz: 4e8d2b6df9b9520d209cdda204d8a69d8d072277bbb5d2ec3a961bbdf2710712d07fc6a9b2cfd1683f6e53450b54e61706a4e49418286d9cce161ebc03690bbe
+  data.tar.gz: a9d71e8fc6fe531c48b51c8534a8dfedbb94d265f97ae6b1365ad47485a34ee8cf0ffc5ad4e426f0dc4e1d818f57b425a1fa6c697a8e638a76d80627ee5d728e

data/.rubocop.yml

@@ -1,25 +1,10 @@
 AllCops:
+  NewCops: enable
   TargetRubyVersion: 2.6.0
   Exclude:
     - db/**/*
     - lib/osso/db/**/*
 
-# New rules must be explicitly opted into / out of
-Lint/RaiseException:
-  Enabled: true
-Lint/StructNewOverride:
-  Enabled: true
-Style/HashEachMethods:
-  Enabled: true
-Style/HashTransformKeys:
-  Enabled: true
-Style/HashTransformValues:
-  Enabled: true
-Layout/SpaceAroundMethodCallOperator:
-  Enabled: true
-Style/ExponentialNotation:
-  Enabled: true
-
 Style/TrailingCommaInArguments:
   Description: "Checks for trailing comma in argument lists."
   StyleGuide: "https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas"
@@ -50,6 +35,9 @@ Style/TrailingCommaInHashLiteral:
     - no_comma
   Enabled: true
 
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
 Layout/MultilineMethodCallIndentation:
   EnforcedStyle: indented
 

data/Gemfile

@@ -12,7 +12,7 @@ group :test do
   gem 'rack-test'
   gem 'rspec', '~> 3.10'
   gem 'rubocop'
-  gem 'simplecov', '0.21.1', require: false
+  gem 'simplecov', '0.21.2', require: false
   gem 'webmock', '~> 3.11'
 end
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.11)
+    osso (0.1.0)
       activesupport (>= 6.0.3.2)
       bcrypt (~> 3.1.13)
       graphql
@@ -13,23 +13,24 @@ PATH
       rack (>= 2.1.4)
       rack-contrib
       rack-oauth2
+      rack-protection (~> 2.1.0)
       rake
-      rodauth (>= 2.6, < 2.8)
-      sequel (>= 5.37, < 5.41)
+      rodauth (~> 2.9)
+      sequel (~> 5.40)
       sequel-activerecord_connection (>= 0.3, < 2.0)
       sinatra
-      sinatra-activerecord
+      sinatra-activerecord (>= 2.0.22)
       sinatra-contrib
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.1.0)
-      activesupport (= 6.1.0)
-    activerecord (6.1.0)
-      activemodel (= 6.1.0)
-      activesupport (= 6.1.0)
-    activesupport (6.1.0)
+    activemodel (6.1.1)
+      activesupport (= 6.1.1)
+    activerecord (6.1.1)
+      activemodel (= 6.1.1)
+      activesupport (= 6.1.1)
+    activesupport (6.1.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -43,28 +44,29 @@ GEM
     annotate (3.1.1)
       activerecord (>= 3.2, < 7.0)
       rake (>= 10.4, < 14.0)
-    ast (2.4.1)
+    ast (2.4.2)
     attr_required (1.0.1)
     bcrypt (3.1.16)
     bindata (2.4.8)
     coderay (1.1.3)
-    concurrent-ruby (1.1.7)
-    crack (0.4.4)
+    concurrent-ruby (1.1.8)
+    crack (0.4.5)
+      rexml
     database_cleaner (1.8.5)
     database_cleaner-active_record (1.8.0)
       activerecord
       database_cleaner (~> 1.8.0)
     diff-lcs (1.4.4)
-    docile (1.3.4)
+    docile (1.3.5)
     factory_bot (6.1.0)
       activesupport (>= 5.0.0)
     faker (2.15.1)
       i18n (>= 1.6, < 2)
-    graphql (1.11.6)
+    graphql (1.12.2)
     hashdiff (1.0.1)
     hashie (4.1.0)
     httpclient (2.8.3)
-    i18n (1.8.5)
+    i18n (1.8.7)
       concurrent-ruby (~> 1.0)
     json-jwt (1.13.0)
       activesupport (>= 4.2)
@@ -76,20 +78,21 @@ GEM
     method_source (1.0.0)
     mini_mime (1.0.2)
     mini_portile2 (2.5.0)
-    minitest (5.14.2)
+    minitest (5.14.3)
     multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     nokogiri (1.11.1)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
-    omniauth (1.9.1)
+    omniauth (2.0.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
+      rack-protection
     omniauth-multi-provider (0.2.1)
       omniauth
-    omniauth-saml (1.10.3)
-      omniauth (~> 1.3, >= 1.3.2)
+    omniauth-saml (2.0.0)
+      omniauth (~> 2.0)
       ruby-saml (~> 1.9)
     parallel (1.20.1)
     parser (3.0.0.0)
@@ -116,47 +119,47 @@ GEM
       rack (>= 1.0, < 3)
     rainbow (3.0.0)
     rake (13.0.3)
-    regexp_parser (2.0.2)
+    regexp_parser (2.0.3)
     rexml (3.2.4)
-    roda (3.39.0)
+    roda (3.40.0)
       rack
-    rodauth (2.7.0)
+    rodauth (2.9.0)
       roda (>= 2.6.0)
       sequel (>= 4)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
       rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
+    rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.0)
+    rspec-mocks (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-support (3.10.0)
-    rubocop (1.7.0)
+    rspec-support (3.10.1)
+    rubocop (1.8.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
       rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.3.0)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.1)
       parser (>= 2.7.1.5)
-    ruby-progressbar (1.10.1)
+    ruby-progressbar (1.11.0)
     ruby-saml (1.11.0)
       nokogiri (>= 1.5.10)
-    ruby2_keywords (0.0.2)
-    sequel (5.39.0)
-    sequel-activerecord_connection (1.2.0)
+    ruby2_keywords (0.0.4)
+    sequel (5.40.0)
+    sequel-activerecord_connection (1.2.2)
       activerecord (>= 4.2, < 7)
       after_commit_everywhere (~> 0.1.5)
       sequel (~> 5.16)
-    simplecov (0.21.1)
+    simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
@@ -167,7 +170,7 @@ GEM
       rack (~> 2.2)
       rack-protection (= 2.1.0)
       tilt (~> 2.0)
-    sinatra-activerecord (2.0.21)
+    sinatra-activerecord (2.0.22)
       activerecord (>= 4.1)
       sinatra (>= 1.0)
     sinatra-contrib (2.1.0)
@@ -177,10 +180,10 @@ GEM
       sinatra (= 2.1.0)
       tilt (~> 2.0)
     tilt (2.0.10)
-    tzinfo (2.0.3)
+    tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
-    webmock (3.11.0)
+    unicode-display_width (2.0.0)
+    webmock (3.11.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -201,7 +204,7 @@ DEPENDENCIES
   rack-test
   rspec (~> 3.10)
   rubocop
-  simplecov (= 0.21.1)
+  simplecov (= 0.21.2)
   webmock (~> 3.11)
 
 BUNDLED WITH

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -17,7 +17,7 @@ module Osso
 
           if provider.update(args)
             Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
-            return response_data(identity_provider: provider) 
+            return response_data(identity_provider: provider)
           end
 
           response_error(provider.errors)

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -17,7 +17,7 @@ module Osso
 
           if enterprise_account.save
             Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
-            return response_data(enterprise_account: enterprise_account) 
+            return response_data(enterprise_account: enterprise_account)
           end
 
           response_error(enterprise_account.errors)

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -13,7 +13,7 @@ module Osso
         field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(service: nil, enterprise_account_id:, oauth_client_id:)
+        def resolve(enterprise_account_id:, oauth_client_id:, service: nil)
           customer = enterprise_account(enterprise_account_id: enterprise_account_id)
 
           identity_provider = customer.identity_providers.build(
@@ -27,12 +27,12 @@ module Osso
               service: service, enterprise_account_id: enterprise_account_id, oauth_client_id: oauth_client_id
             })
             return response_data(identity_provider: identity_provider)
-          end  
+          end
 
           response_error(identity_provider.errors)
         end
 
-        def domain(enterprise_account_id:, **args)
+        def domain(enterprise_account_id:, **_args)
           enterprise_account(enterprise_account_id: enterprise_account_id)&.domain
         end
 

data/lib/osso/graphql/mutations/create_oauth_client.rb

@@ -16,7 +16,7 @@ module Osso
 
           if oauth_client.save
             Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
-            return response_data(oauth_client: oauth_client) 
+            return response_data(oauth_client: oauth_client)
           end
 
           response_error(oauth_client.errors)

data/lib/osso/graphql/mutations/delete_enterprise_account.rb

@@ -20,9 +20,8 @@ module Osso
 
           if customer.destroy
             Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: args)
-            return response_data(enterprise_account: nil) 
+            return response_data(enterprise_account: nil)
           end
-          
 
           response_error(customer.errors)
         end

data/lib/osso/graphql/mutations/delete_identity_provider.rb

@@ -16,7 +16,7 @@ module Osso
 
           if identity_provider.destroy
             Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: { id: id })
-            return response_data(identity_provider: nil) 
+            return response_data(identity_provider: nil)
           end
 
           response_error(identity_provider.errors)

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -16,7 +16,13 @@ module Osso
           oauth_client.regenerate_secrets!
 
           if oauth_client.save
-            Osso::Analytics.capture(email: context[:email], event: self.class.name.demodulize, properties: { oauth_client_id: id })
+            Osso::Analytics.capture(
+              email: context[:email],
+              event: self.class.name.demodulize,
+              properties: { 
+                oauth_client_id: id 
+              }
+            )
             return response_data(oauth_client: oauth_client)
           end
 

data/lib/osso/graphql/query.rb

@@ -16,44 +16,39 @@ module Osso
 
         field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
 
-        field(
-          :identity_provider,
-          Types::IdentityProvider,
-          null: true,
-          resolve: ->(_obj, args, _context) { Osso::Models::IdentityProvider.find(args[:id]) },
-        ) do
+        field :admin_users, [Types::AdminUser], null: false
+
+        field :app_config, Types::AppConfig, null: false
+
+        field :current_user, Types::AdminUser, null: false
+
+        field :identity_provider, Types::IdentityProvider, null: true do
           argument :id, ID, required: true
         end
 
-        field(
-          :app_config,
-          Types::AppConfig,
-          null: false,
-          resolve: ->(_obj, _args, _context) { Osso::Models::AppConfig.find },
-        )
-
-        field(
-          :oauth_client,
-          Types::OauthClient,
-          null: true,
-          resolve: ->(_obj, args, _context) { Osso::Models::OauthClient.find(args[:id]) },
-        ) do
+        field :oauth_client, Types::OauthClient, null: true do
           argument :id, ID, required: true
         end
 
-        field(
-          :admin_users,
-          [Types::AdminUser],
-          null: false,
-          resolve: ->(_obj, _args, _context) { Osso::Models::Account.all },
-        )
+        def admin_users
+          Osso::Models::Account.all
+        end
+
+        def app_config
+          Osso::Models::AppConfig.find
+        end
+
+        def current_user
+          context.to_h
+        end
 
-        field(
-          :current_user,
-          Types::AdminUser,
-          null: false,
-          resolve: ->(_obj, _args, context) { context.to_h },
-        )
+        def identity_provider(id:)
+          Osso::Models::IdentityProvider.find(id)
+        end
+
+        def oauth_client(id:)
+          Osso::Models::OauthClient.find(id)
+        end
       end
     end
   end

data/lib/osso/graphql/schema.rb

@@ -14,7 +14,6 @@ GraphQL::Relay::BaseConnection.register_connection_implementation(
 module Osso
   module GraphQL
     class Schema < ::GraphQL::Schema
-      use ::GraphQL::Pagination::Connections
       query Types::QueryType
       mutation Types::MutationType
 

data/lib/osso/lib/analytics.rb

@@ -5,9 +5,9 @@ require 'posthog-ruby'
 module Osso
   # Osso::Analytics provides an interface to track product analytics for any provider.
   # Osso recommends PostHog as an open source solution for your product analytics needs.
-  # If you want to use another product analytics provider, you can patch the Osso::Analytics 
+  # If you want to use another product analytics provider, you can patch the Osso::Analytics
   # class yourself in your parent application. Be sure to implement the public
-  # .identify and .capture class methods with the required method signatures and require 
+  # .identify and .capture class methods with the required method signatures and require
   # your class after requiring Osso.
   class Analytics
     class << self
@@ -40,7 +40,7 @@ module Osso
         @client ||= PostHog::Client.new({
           api_key: ENV['POSTHOG_API_KEY'],
           api_host: ENV['POSTHOG_HOST'],
-          on_error: Proc.new { |status, msg| print msg }
+          on_error: proc { |_status, msg| print msg },
         })
       end
 
@@ -52,4 +52,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/lib/route_map.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'rack/protection'
+
 module Osso
   module RouteMap
     def self.included(klass)

data/lib/osso/models/account.rb

@@ -3,7 +3,7 @@
 module Osso
   module Models
     class Account < ::ActiveRecord::Base
-      enum status_id: { 1 => :Unverified, 2 => :Verified, 3 => :Closed }
+      enum status_id: { Unverified: 1, Verified: 2, Closed: 3 }
 
       def context
         {

data/lib/osso/models/identity_provider.rb

@@ -18,7 +18,7 @@ module Osso
 
       ENTITY_ID_URI_REQUIRED = [
         'PING',
-      ]
+      ].freeze
 
       def name
         service.titlecase
@@ -30,7 +30,7 @@ module Osso
           idp_sso_target_url: sso_url,
           idp_cert: sso_cert,
           issuer: sso_issuer,
-          name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+          name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
         }
       end
 
@@ -56,7 +56,7 @@ module Osso
 
       def set_sso_issuer
         parts = [domain, oauth_client_id]
-        
+
         parts.unshift('https:/') if ENTITY_ID_URI_REQUIRED.any?(service)
 
         self.sso_issuer = parts.join('/')

data/lib/osso/routes/admin.rb

@@ -9,7 +9,7 @@ module Osso
   class Admin < Roda
     DB = Sequel.postgres(extensions: :activerecord_connection)
     use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
-    
+
     plugin :json
     plugin :middleware
     plugin :render, engine: 'erb', views: ENV['RODAUTH_VIEWS'] || DEFAULT_VIEWS_DIR
@@ -64,7 +64,7 @@ module Osso
           rodauth.
           session.
           to_hash.
-          stringify_keys['account_id']
+          stringify_keys['account_id'],
         ).context.
           merge({ rodauth: rodauth })
       end

data/lib/osso/routes/auth.rb

@@ -14,6 +14,8 @@ module Osso
       /[0-9a-f]{8}-[0-9a-f]{3,4}-[0-9a-f]{4}-[0-9a-f]{3,4}-[0-9a-f]{12}/.
         freeze
 
+    use Rack::Protection, allow_if: ->(env) { Rack::Request.new(env)&.path&.end_with?('callback') }
+
     use OmniAuth::Builder do
       OmniAuth::MultiProvider.register(
         self,

data/lib/osso/routes/oauth.rb

@@ -22,7 +22,7 @@ module Osso
 
         @providers = find_providers
 
-        redirect "/auth/saml/#{@providers.first.id}" if @providers.one?
+        return erb :saml_login_form if @providers.one?
 
         return erb :multiple_providers if @providers.count > 1
 

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.11'
+  VERSION = '0.1.0'
 end

data/lib/tasks/bootstrap.rake

@@ -8,9 +8,11 @@ namespace :osso do
   desc 'Bootstrap Osso data for a deployment'
   task :bootstrap do
     %w[Production Staging Development].each do |environment|
+      next if Osso::Models::OauthClient.find_by_name(environment)
+
       Osso::Models::OauthClient.create!(
         name: environment,
-      ) unless Osso::Models::OauthClient.find_by_name(environment)
+      )
     end
 
     Osso::Models::AppConfig.create
@@ -18,7 +20,7 @@ namespace :osso do
     admin_email = ENV['ADMIN_EMAIL']
 
     if admin_email
-      admin = Osso::Models::Account.create(
+      Osso::Models::Account.create(
         email: admin_email,
         status_id: 1,
         role: 'admin',
@@ -29,10 +31,10 @@ namespace :osso do
       rodauth = Osso::Admin.rodauth.new(Osso::Admin.new({
         'HTTP_HOST' => base_uri.host,
         'SERVER_NAME' => base_uri.to_s,
-        'rack.url_scheme' => base_uri.scheme
+        'rack.url_scheme' => base_uri.scheme,
       }))
 
-      account = rodauth.account_from_login(admin_email)
+      rodauth.account_from_login(admin_email)
       rodauth.setup_account_verification
     end
   end

data/osso-rb.gemspec

@@ -26,12 +26,13 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'rack', '>= 2.1.4'
   spec.add_runtime_dependency 'rack-contrib'
   spec.add_runtime_dependency 'rack-oauth2'
+  spec.add_runtime_dependency 'rack-protection', '~> 2.1.0'
   spec.add_runtime_dependency 'rake'
-  spec.add_runtime_dependency 'rodauth', '>= 2.6', '< 2.8'
-  spec.add_runtime_dependency 'sequel', '>= 5.37', '< 5.41'
+  spec.add_runtime_dependency 'rodauth', '~> 2.9'
+  spec.add_runtime_dependency 'sequel', '~> 5.40'
   spec.add_runtime_dependency 'sequel-activerecord_connection', '>= 0.3', '< 2.0'
   spec.add_runtime_dependency 'sinatra'
-  spec.add_runtime_dependency 'sinatra-activerecord'
+  spec.add_runtime_dependency 'sinatra-activerecord', '>= 2.0.22'
   spec.add_runtime_dependency 'sinatra-contrib'
 
   spec.add_development_dependency 'annotate', '~> 3.1'

data/spec/graphql/mutations/create_identity_provider_spec.rb

@@ -91,7 +91,7 @@ describe Osso::GraphQL::Schema do
               },
           }
         end
-        
+
         it 'creates an identity provider' do
           expect { subject }.to change { enterprise_account.identity_providers.count }.by(1)
           expect(subject.dig('data', 'createIdentityProvider', 'identityProvider', 'domain')).

data/spec/models/identity_provider_spec.rb

@@ -66,7 +66,7 @@ describe Osso::Models::IdentityProvider do
           idp_cert: subject.sso_cert,
           idp_sso_target_url: subject.sso_url,
           issuer: subject.sso_issuer,
-          name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+          name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
         )
     end
   end

data/spec/routes/admin_spec.rb

@@ -17,26 +17,26 @@ describe Osso::Admin do
     it 'runs a GraphQL query with a valid jwt' do
       allow_any_instance_of(described_class.rodauth).to receive(:logged_in?).and_return(true)
       allow(Osso::Models::Account).to receive(:find).and_return(account)
-      allow(Osso::GraphQL::Schema).to receive(:execute).and_return({graphql: true})
+      allow(Osso::GraphQL::Schema).to receive(:execute).and_return({ graphql: true })
 
       header 'Content-Type', 'application/json'
-      post("/graphql")
+      post('/graphql')
 
       expect(last_response).to be_ok
-      expect(last_json_response).to eq({graphql: true})
+      expect(last_json_response).to eq({ graphql: true })
     end
 
     it 'returns a 400 for an invalid jwt' do
       header 'Content-Type', 'application/json'
       header 'Authorization', 'Bearer bad-token'
-      post("/graphql")
+      post('/graphql')
 
       expect(last_response.status).to eq 400
     end
-    
+
     it 'returns a 401 without a jwt' do
       header 'Content-Type', 'application/json'
-      post("/graphql")
+      post('/graphql')
 
       expect(last_response.status).to eq 401
     end

data/spec/routes/auth_spec.rb

@@ -6,12 +6,13 @@ describe Osso::Auth do
   before do
     described_class.set(:views, spec_views)
   end
-  describe 'get /auth/saml/:uuid' do
+
+  describe 'post /auth/saml/:uuid' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:okta_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{okta_provider.id}")
+        post("/auth/saml/#{okta_provider.id}")
 
         expect(last_response).to be_redirect
         follow_redirect!
@@ -23,7 +24,7 @@ describe Osso::Auth do
       let(:enterprise) { create(:enterprise_with_okta) }
       let(:azure_provider) { enterprise.identity_providers.first }
       it 'uses omniauth saml' do
-        get("/auth/saml/#{azure_provider.id}")
+        post("/auth/saml/#{azure_provider.id}")
 
         expect(last_response).to be_redirect
         follow_redirect!
@@ -31,6 +32,7 @@ describe Osso::Auth do
       end
     end
   end
+
   describe 'post /auth/saml/:uuid/callback' do
     describe 'for an Okta SAML provider' do
       let(:enterprise) { create(:enterprise_with_okta) }

data/spec/routes/oauth_spec.rb

@@ -28,7 +28,7 @@ describe Osso::Oauth do
       end
 
       describe 'for a request without email or domain' do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the hosted login page' do
           get(
             '/oauth/authorize',
             client_id: client.identifier,
@@ -42,7 +42,7 @@ describe Osso::Oauth do
       end
 
       describe 'for an enterprise domain with one SAML provider' do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
 
           get(
@@ -55,9 +55,7 @@ describe Osso::Oauth do
 
           provider_id = enterprise.identity_providers.first.id
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 
@@ -79,7 +77,7 @@ describe Osso::Oauth do
       end
 
       describe "for an existing user's email address" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
           provider_id = enterprise.identity_providers.first.id
           user = create(:user, email: "user@#{enterprise.domain}", identity_provider_id: provider_id)
@@ -92,14 +90,12 @@ describe Osso::Oauth do
             redirect_uri: client.redirect_uri_values.sample,
           )
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 
       describe "for a new user's email address belonging to an enterprise with one SAML provider" do
-        it 'redirects to /auth/saml/:provider_id' do
+        it 'renders the saml login form' do
           enterprise = create(:enterprise_with_okta, oauth_client: client)
 
           get(
@@ -112,9 +108,7 @@ describe Osso::Oauth do
 
           provider_id = enterprise.identity_providers.first.id
 
-          expect(last_response).to be_redirect
-          follow_redirect!
-          expect(last_request.url).to match("auth/saml/#{provider_id}")
+          expect(last_response.body).to match(provider_id)
         end
       end
 

data/spec/spec_helper.rb

@@ -80,5 +80,7 @@ RSpec.configure do |config|
 
   OmniAuth.config.test_mode = true
   OmniAuth.config.logger = Logger.new('/dev/null')
+  OmniAuth.config.request_validation_phase = proc {}
+
   WebMock.disable_net_connect!(allow_localhost: true)
 end

data/spec/support/views/saml_login_form.erb

@@ -0,0 +1 @@
+<%= @providers.first.id %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.1.0
 platform: ruby
 authors:
 - Sam Bauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-07 00:00:00.000000000 Z
+date: 2021-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -164,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -182,42 +196,30 @@ dependencies:
   name: rodauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '2.6'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '2.6'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.37'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.41'
+        version: '5.40'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.37'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.41'
+        version: '5.40'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -258,14 +260,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.22
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
@@ -486,6 +488,7 @@ files:
 - spec/support/views/hosted_login.erb
 - spec/support/views/layout.erb
 - spec/support/views/multiple_providers.erb
+- spec/support/views/saml_login_form.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
 - MIT