osso 0.0.3.1 → 0.0.3.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +4 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +3 -1
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +133 -1
- data/lib/osso.rb +2 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/graphql/mutation.rb +10 -5
- data/lib/osso/graphql/mutations.rb +5 -2
- data/lib/osso/graphql/mutations/base_mutation.rb +29 -14
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -18
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +22 -16
- data/lib/osso/graphql/mutations/set_identity_provider.rb +27 -0
- data/lib/osso/graphql/query.rb +19 -22
- data/lib/osso/graphql/resolvers.rb +5 -1
- data/lib/osso/graphql/resolvers/enterprise_account.rb +16 -12
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +10 -6
- data/lib/osso/graphql/resolvers/oauth_clients.rb +9 -5
- data/lib/osso/graphql/schema.rb +23 -19
- data/lib/osso/graphql/types.rb +4 -1
- data/lib/osso/graphql/types/base_enum.rb +6 -2
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +6 -2
- data/lib/osso/graphql/types/enterprise_account.rb +19 -19
- data/lib/osso/graphql/types/identity_provider.rb +19 -27
- data/lib/osso/graphql/types/identity_provider_service.rb +8 -4
- data/lib/osso/graphql/types/oauth_client.rb +13 -9
- data/lib/osso/graphql/types/user.rb +10 -5
- data/lib/osso/helpers/auth.rb +53 -49
- data/lib/osso/helpers/helpers.rb +3 -1
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/enterprise_account.rb +4 -4
- data/lib/osso/models/identity_provider.rb +48 -0
- data/lib/osso/models/models.rb +1 -1
- data/lib/osso/models/oauth_client.rb +2 -2
- data/lib/osso/models/saml_provider.rb +13 -16
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +2 -2
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
- data/lib/osso/models/user.rb +3 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +49 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +65 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +62 -0
- data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- data/spec/support/views/{public/index.erb → admin.erb} +0 -0
- metadata +37 -13
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
@@ -1,24 +1,30 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class CreateIdentityProvider < BaseMutation
|
7
|
+
null false
|
8
8
|
|
9
|
-
|
10
|
-
|
9
|
+
argument :enterprise_account_id, ID, required: true
|
10
|
+
argument :service, Types::IdentityProviderService, required: false
|
11
11
|
|
12
|
-
|
13
|
-
|
14
|
-
identity_provider = enterprise_account.saml_providers.create!(
|
15
|
-
provider: provider_service || 'OKTA',
|
16
|
-
domain: enterprise_account.domain,
|
17
|
-
)
|
12
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
13
|
+
field :errors, [String], null: false
|
18
14
|
|
19
|
-
|
20
|
-
|
21
|
-
|
15
|
+
def resolve(enterprise_account_id:, service: nil)
|
16
|
+
enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
|
17
|
+
identity_provider = enterprise_account.identity_providers.build(
|
18
|
+
enterprise_account_id: enterprise_account_id,
|
19
|
+
service: service,
|
20
|
+
domain: enterprise_account.domain,
|
21
|
+
)
|
22
|
+
|
23
|
+
return response_data(identity_provider: identity_provider) if identity_provider.save
|
24
|
+
|
25
|
+
response_error(errors: identity_provider.errors.full_messages)
|
26
|
+
end
|
27
|
+
end
|
22
28
|
end
|
23
29
|
end
|
24
30
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class SetSamlProvider < BaseMutation
|
7
|
+
null false
|
8
|
+
|
9
|
+
argument :provider, Types::IdentityProviderService, required: true
|
10
|
+
argument :id, ID, required: true
|
11
|
+
|
12
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
13
|
+
field :errors, [String], null: false
|
14
|
+
|
15
|
+
def resolve(provider:, id:)
|
16
|
+
identity_provider = Osso::Models::IdentityProvider.find(id)
|
17
|
+
identity_provider.service = provider
|
18
|
+
identity_provider.save!
|
19
|
+
{
|
20
|
+
identity_provider: identity_provider,
|
21
|
+
errors: [],
|
22
|
+
}
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/osso/graphql/query.rb
CHANGED
@@ -1,28 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
|
10
|
-
field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Types
|
6
|
+
class QueryType < ::GraphQL::Schema::Object
|
7
|
+
field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
|
8
|
+
field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
|
11
9
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
null: true,
|
16
|
-
resolve: ->(_obj, args, _context) { Osso::Models::SamlProvider.find(args[:id]) },
|
17
|
-
) do
|
18
|
-
argument :id, ID, required: true
|
19
|
-
end
|
10
|
+
field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
|
11
|
+
argument :domain, String, required: true
|
12
|
+
end
|
20
13
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
14
|
+
field(
|
15
|
+
:identity_provider,
|
16
|
+
Types::IdentityProvider,
|
17
|
+
null: true,
|
18
|
+
resolve: ->(_obj, args, _context) { Osso::Models::IdentityProvider.find(args[:id]) },
|
19
|
+
) do
|
20
|
+
argument :id, ID, required: true
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
27
24
|
end
|
28
25
|
end
|
@@ -1,21 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Resolvers
|
6
|
+
class EnterpriseAccount < ::GraphQL::Schema::Resolver
|
7
|
+
type Types::EnterpriseAccount, null: false
|
6
8
|
|
7
|
-
|
8
|
-
|
9
|
+
def resolve(args)
|
10
|
+
return unless admin? || enterprise_authorized?(args[:domain])
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
+
Osso::Models::EnterpriseAccount.find_by(domain: args[:domain])
|
13
|
+
end
|
12
14
|
|
13
|
-
|
14
|
-
|
15
|
-
|
15
|
+
def admin?
|
16
|
+
context[:scope] == :admin
|
17
|
+
end
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
+
def enterprise_authorized?(domain)
|
20
|
+
context[:scope] == domain
|
21
|
+
end
|
22
|
+
end
|
19
23
|
end
|
20
24
|
end
|
21
25
|
end
|
@@ -1,13 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Resolvers
|
6
|
+
class EnterpriseAccounts < ::GraphQL::Schema::Resolver
|
7
|
+
type [Types::EnterpriseAccount], null: true
|
6
8
|
|
7
|
-
|
8
|
-
|
9
|
+
def resolve
|
10
|
+
return Osso::Models::EnterpriseAccount.all if context[:scope] == :admin
|
9
11
|
|
10
|
-
|
12
|
+
Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
|
13
|
+
end
|
14
|
+
end
|
11
15
|
end
|
12
16
|
end
|
13
17
|
end
|
@@ -1,11 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Resolvers
|
6
|
+
class OAuthClients < ::GraphQL::Schema::Resolver
|
7
|
+
type [Types::OAuthClient], null: true
|
6
8
|
|
7
|
-
|
8
|
-
|
9
|
+
def resolve
|
10
|
+
return Osso::Models::OauthClient.all if context[:scope] == :admin
|
11
|
+
end
|
12
|
+
end
|
9
13
|
end
|
10
14
|
end
|
11
15
|
end
|
data/lib/osso/graphql/schema.rb
CHANGED
@@ -11,28 +11,32 @@ GraphQL::Relay::BaseConnection.register_connection_implementation(
|
|
11
11
|
GraphQL::Relay::RelationConnection,
|
12
12
|
)
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
module Osso
|
15
|
+
module GraphQL
|
16
|
+
class Schema < ::GraphQL::Schema
|
17
|
+
use ::GraphQL::Pagination::Connections
|
18
|
+
query Types::QueryType
|
19
|
+
mutation Types::MutationType
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
-
|
21
|
+
def self.id_from_object(object, _type_definition = nil, _query_ctx = nil)
|
22
|
+
GraphQL::Schema::UniqueWithinType.encode(object.class.name, object.id)
|
23
|
+
end
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
25
|
+
def self.object_from_id(id, _query_ctx = nil)
|
26
|
+
class_name, item_id = GraphQL::Schema::UniqueWithinType.decode(id)
|
27
|
+
Object.const_get(class_name).find(item_id)
|
28
|
+
end
|
27
29
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
30
|
+
def self.resolve_type(_type, obj, _ctx)
|
31
|
+
case obj
|
32
|
+
when Osso::Models::EnterpriseAccount
|
33
|
+
Types::EnterpriseAccount
|
34
|
+
when Osso::Models::IdentityProvider
|
35
|
+
Types::IdentityProvider
|
36
|
+
else
|
37
|
+
raise("Unexpected object: #{obj}")
|
38
|
+
end
|
39
|
+
end
|
36
40
|
end
|
37
41
|
end
|
38
42
|
end
|
data/lib/osso/graphql/types.rb
CHANGED
@@ -1,10 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
3
|
+
module Osso
|
4
|
+
module Types
|
5
|
+
end
|
4
6
|
end
|
5
7
|
|
6
8
|
require_relative 'types/base_object'
|
7
9
|
require_relative 'types/base_enum'
|
10
|
+
require_relative 'types/base_input_object'
|
8
11
|
require_relative 'types/identity_provider_service'
|
9
12
|
require_relative 'types/identity_provider'
|
10
13
|
require_relative 'types/enterprise_account'
|
@@ -2,28 +2,28 @@
|
|
2
2
|
|
3
3
|
require 'graphql'
|
4
4
|
|
5
|
-
module
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class EnterpriseAccount < Types::BaseObject
|
9
|
+
description 'An Account for a company that wishes to use SAML via Osso'
|
10
|
+
implements ::GraphQL::Types::Relay::Node
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
12
|
+
global_id_field :gid
|
13
|
+
field :id, ID, null: false
|
14
|
+
field :name, String, null: false
|
15
|
+
field :domain, String, null: false
|
16
|
+
field :identity_providers, [Types::IdentityProvider], null: true
|
17
|
+
field :status, String, null: false
|
16
18
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
def status
|
22
|
-
'active'
|
23
|
-
end
|
19
|
+
def status
|
20
|
+
'active'
|
21
|
+
end
|
24
22
|
|
25
|
-
|
26
|
-
|
23
|
+
def identity_providers
|
24
|
+
object.identity_providers
|
25
|
+
end
|
26
|
+
end
|
27
27
|
end
|
28
28
|
end
|
29
29
|
end
|
@@ -2,35 +2,27 @@
|
|
2
2
|
|
3
3
|
require 'graphql'
|
4
4
|
|
5
|
-
module
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class IdentityProvider < Types::BaseObject
|
9
|
+
description 'Represents a SAML based IDP instance for an EnterpriseAccount'
|
10
|
+
implements ::GraphQL::Types::Relay::Node
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
12
|
+
global_id_field :gid
|
13
|
+
field :id, ID, null: false
|
14
|
+
field :enterprise_account_id, ID, null: false
|
15
|
+
field :service, Types::IdentityProviderService, null: true
|
16
|
+
field :domain, String, null: false
|
17
|
+
field :acs_url, String, null: false
|
18
|
+
field :sso_url, String, null: true
|
19
|
+
field :sso_cert, String, null: true
|
20
|
+
field :configured, Boolean, null: false
|
19
21
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
def configured
|
25
|
-
@object.idp_sso_target_url && @object.idp_cert
|
26
|
-
end
|
27
|
-
|
28
|
-
def sso_cert
|
29
|
-
@object.idp_cert
|
30
|
-
end
|
31
|
-
|
32
|
-
def sso_url
|
33
|
-
@object.idp_sso_target_url
|
22
|
+
def configured
|
23
|
+
!!(@object.sso_url && @object.sso_cert)
|
24
|
+
end
|
25
|
+
end
|
34
26
|
end
|
35
27
|
end
|
36
28
|
end
|
@@ -1,8 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Types
|
6
|
+
class IdentityProviderService < BaseEnum
|
7
|
+
value('AZURE', 'Microsoft Azure Identity Provider', value: 'Osso::Models::AzureSamlProvider')
|
8
|
+
value('OKTA', 'Okta Identity Provider', value: 'Osso::Models::OktaSamlProvider')
|
9
|
+
end
|
10
|
+
end
|
7
11
|
end
|
8
12
|
end
|