osso 0.0.3.1 → 0.0.3.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +4 -1
  3. data/.rubocop.yml +1 -2
  4. data/Gemfile.lock +3 -1
  5. data/bin/console +4 -3
  6. data/config/database.yml +2 -2
  7. data/db/schema.rb +133 -1
  8. data/lib/osso.rb +2 -0
  9. data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
  10. data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
  11. data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
  12. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
  13. data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
  14. data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
  15. data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
  16. data/lib/osso/graphql/mutation.rb +10 -5
  17. data/lib/osso/graphql/mutations.rb +5 -2
  18. data/lib/osso/graphql/mutations/base_mutation.rb +29 -14
  19. data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -18
  20. data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
  21. data/lib/osso/graphql/mutations/create_identity_provider.rb +22 -16
  22. data/lib/osso/graphql/mutations/set_identity_provider.rb +27 -0
  23. data/lib/osso/graphql/query.rb +19 -22
  24. data/lib/osso/graphql/resolvers.rb +5 -1
  25. data/lib/osso/graphql/resolvers/enterprise_account.rb +16 -12
  26. data/lib/osso/graphql/resolvers/enterprise_accounts.rb +10 -6
  27. data/lib/osso/graphql/resolvers/oauth_clients.rb +9 -5
  28. data/lib/osso/graphql/schema.rb +23 -19
  29. data/lib/osso/graphql/types.rb +4 -1
  30. data/lib/osso/graphql/types/base_enum.rb +6 -2
  31. data/lib/osso/graphql/types/base_input_object.rb +10 -0
  32. data/lib/osso/graphql/types/base_object.rb +6 -2
  33. data/lib/osso/graphql/types/enterprise_account.rb +19 -19
  34. data/lib/osso/graphql/types/identity_provider.rb +19 -27
  35. data/lib/osso/graphql/types/identity_provider_service.rb +8 -4
  36. data/lib/osso/graphql/types/oauth_client.rb +13 -9
  37. data/lib/osso/graphql/types/user.rb +10 -5
  38. data/lib/osso/helpers/auth.rb +53 -49
  39. data/lib/osso/helpers/helpers.rb +3 -1
  40. data/lib/osso/lib/app_config.rb +1 -1
  41. data/lib/osso/lib/route_map.rb +28 -0
  42. data/lib/osso/models/enterprise_account.rb +4 -4
  43. data/lib/osso/models/identity_provider.rb +48 -0
  44. data/lib/osso/models/models.rb +1 -1
  45. data/lib/osso/models/oauth_client.rb +2 -2
  46. data/lib/osso/models/saml_provider.rb +13 -16
  47. data/lib/osso/models/saml_providers/azure_saml_provider.rb +2 -2
  48. data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
  49. data/lib/osso/models/user.rb +3 -3
  50. data/lib/osso/routes/admin.rb +18 -15
  51. data/lib/osso/routes/auth.rb +30 -27
  52. data/lib/osso/routes/oauth.rb +50 -45
  53. data/lib/osso/version.rb +1 -1
  54. data/osso-rb.gemspec +3 -3
  55. data/spec/factories/enterprise_account.rb +5 -4
  56. data/spec/factories/identity_providers.rb +49 -0
  57. data/spec/factories/user.rb +1 -1
  58. data/spec/graphql/mutations/configure_identity_provider_spec.rb +65 -0
  59. data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
  60. data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
  61. data/spec/graphql/query/enterprise_account_spec.rb +68 -0
  62. data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
  63. data/spec/graphql/query/identity_provider_spec.rb +62 -0
  64. data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
  65. data/spec/models/azure_saml_provider_spec.rb +14 -14
  66. data/spec/models/identity_provider_spec.rb +17 -0
  67. data/spec/models/okta_saml_provider_spec.rb +15 -15
  68. data/spec/routes/admin_spec.rb +2 -0
  69. data/spec/routes/auth_spec.rb +9 -9
  70. data/spec/routes/oauth_spec.rb +1 -1
  71. data/spec/spec_helper.rb +4 -5
  72. data/spec/support/spec_app.rb +9 -0
  73. data/spec/support/views/{public/index.erb → admin.erb} +0 -0
  74. metadata +37 -13
  75. data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
  76. data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
  77. data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
  78. data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
  79. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
  80. data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
  81. data/lib/osso/db/schema.rb +0 -132
  82. data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -23
  83. data/spec/factories/saml_providers.rb +0 -46
  84. data/spec/models/saml_provider_spec.rb +0 -31
@@ -1,24 +1,30 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Mutations
4
- class CreateIdentityProvider < BaseMutation
5
- null false
6
- argument :enterprise_account_id, ID, required: true
7
- argument :provider_service, Types::IdentityProviderService, required: true
3
+ module Osso
4
+ module GraphQL
5
+ module Mutations
6
+ class CreateIdentityProvider < BaseMutation
7
+ null false
8
8
 
9
- field :identity_provider, Types::IdentityProvider, null: false
10
- field :errors, [String], null: false
9
+ argument :enterprise_account_id, ID, required: true
10
+ argument :service, Types::IdentityProviderService, required: false
11
11
 
12
- def resolve(enterprise_account_id:, provider_service:)
13
- enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
14
- identity_provider = enterprise_account.saml_providers.create!(
15
- provider: provider_service || 'OKTA',
16
- domain: enterprise_account.domain,
17
- )
12
+ field :identity_provider, Types::IdentityProvider, null: false
13
+ field :errors, [String], null: false
18
14
 
19
- return_data(identity_provider: identity_provider)
20
- rescue StandardError => e
21
- return_error(errors: e.full_message)
15
+ def resolve(enterprise_account_id:, service: nil)
16
+ enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
17
+ identity_provider = enterprise_account.identity_providers.build(
18
+ enterprise_account_id: enterprise_account_id,
19
+ service: service,
20
+ domain: enterprise_account.domain,
21
+ )
22
+
23
+ return response_data(identity_provider: identity_provider) if identity_provider.save
24
+
25
+ response_error(errors: identity_provider.errors.full_messages)
26
+ end
27
+ end
22
28
  end
23
29
  end
24
30
  end
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Osso
4
+ module GraphQL
5
+ module Mutations
6
+ class SetSamlProvider < BaseMutation
7
+ null false
8
+
9
+ argument :provider, Types::IdentityProviderService, required: true
10
+ argument :id, ID, required: true
11
+
12
+ field :identity_provider, Types::IdentityProvider, null: false
13
+ field :errors, [String], null: false
14
+
15
+ def resolve(provider:, id:)
16
+ identity_provider = Osso::Models::IdentityProvider.find(id)
17
+ identity_provider.service = provider
18
+ identity_provider.save!
19
+ {
20
+ identity_provider: identity_provider,
21
+ errors: [],
22
+ }
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -1,28 +1,25 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Types
4
- class QueryType < GraphQL::Schema::Object
5
- # field :node, field: GraphQL::Relay::Node.field
6
- field :enterprise_account, null: false, resolver: Resolvers::EnterpriseAccount do
7
- argument :domain, String, required: true
8
- end
9
- field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
10
- field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
3
+ module Osso
4
+ module GraphQL
5
+ module Types
6
+ class QueryType < ::GraphQL::Schema::Object
7
+ field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
8
+ field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
11
9
 
12
- field(
13
- :identity_provider,
14
- Types::IdentityProvider,
15
- null: true,
16
- resolve: ->(_obj, args, _context) { Osso::Models::SamlProvider.find(args[:id]) },
17
- ) do
18
- argument :id, ID, required: true
19
- end
10
+ field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
11
+ argument :domain, String, required: true
12
+ end
20
13
 
21
- # field(
22
- # :viewer,
23
- # Types::User,
24
- # null: true,
25
- # resolve: ->(_obj, _args, context) { context[:current_user] },
26
- # )
14
+ field(
15
+ :identity_provider,
16
+ Types::IdentityProvider,
17
+ null: true,
18
+ resolve: ->(_obj, args, _context) { Osso::Models::IdentityProvider.find(args[:id]) },
19
+ ) do
20
+ argument :id, ID, required: true
21
+ end
22
+ end
23
+ end
27
24
  end
28
25
  end
@@ -1,6 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Resolvers
3
+ module Osso
4
+ module GraphQL
5
+ module Resolvers
6
+ end
7
+ end
4
8
  end
5
9
 
6
10
  require_relative 'resolvers/enterprise_account'
@@ -1,21 +1,25 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Resolvers
4
- class EnterpriseAccount < GraphQL::Schema::Resolver
5
- type Types::EnterpriseAccount, null: false
3
+ module Osso
4
+ module GraphQL
5
+ module Resolvers
6
+ class EnterpriseAccount < ::GraphQL::Schema::Resolver
7
+ type Types::EnterpriseAccount, null: false
6
8
 
7
- def resolve(args)
8
- return unless admin? || enterprise_authorized?(args[:domain])
9
+ def resolve(args)
10
+ return unless admin? || enterprise_authorized?(args[:domain])
9
11
 
10
- Osso::Models::EnterpriseAccount.find_by(domain: args[:domain])
11
- end
12
+ Osso::Models::EnterpriseAccount.find_by(domain: args[:domain])
13
+ end
12
14
 
13
- def admin?
14
- context[:scope] == :admin
15
- end
15
+ def admin?
16
+ context[:scope] == :admin
17
+ end
16
18
 
17
- def enterprise_authorized?(domain)
18
- context[:scope] == domain
19
+ def enterprise_authorized?(domain)
20
+ context[:scope] == domain
21
+ end
22
+ end
19
23
  end
20
24
  end
21
25
  end
@@ -1,13 +1,17 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Resolvers
4
- class EnterpriseAccounts < GraphQL::Schema::Resolver
5
- type [Types::EnterpriseAccount], null: true
3
+ module Osso
4
+ module GraphQL
5
+ module Resolvers
6
+ class EnterpriseAccounts < ::GraphQL::Schema::Resolver
7
+ type [Types::EnterpriseAccount], null: true
6
8
 
7
- def resolve
8
- return Osso::Models::EnterpriseAccount.all if context[:scope] == :admin
9
+ def resolve
10
+ return Osso::Models::EnterpriseAccount.all if context[:scope] == :admin
9
11
 
10
- Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
12
+ Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
13
+ end
14
+ end
11
15
  end
12
16
  end
13
17
  end
@@ -1,11 +1,15 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Resolvers
4
- class OAuthClients < GraphQL::Schema::Resolver
5
- type [Types::OAuthClient], null: true
3
+ module Osso
4
+ module GraphQL
5
+ module Resolvers
6
+ class OAuthClients < ::GraphQL::Schema::Resolver
7
+ type [Types::OAuthClient], null: true
6
8
 
7
- def resolve
8
- return Osso::Models::OAuthClient.all if context[:scope] == :admin
9
+ def resolve
10
+ return Osso::Models::OauthClient.all if context[:scope] == :admin
11
+ end
12
+ end
9
13
  end
10
14
  end
11
15
  end
@@ -11,28 +11,32 @@ GraphQL::Relay::BaseConnection.register_connection_implementation(
11
11
  GraphQL::Relay::RelationConnection,
12
12
  )
13
13
 
14
- class OssoSchema < GraphQL::Schema
15
- query Types::QueryType
16
- mutation Types::MutationType
17
- use GraphQL::Pagination::Connections
14
+ module Osso
15
+ module GraphQL
16
+ class Schema < ::GraphQL::Schema
17
+ use ::GraphQL::Pagination::Connections
18
+ query Types::QueryType
19
+ mutation Types::MutationType
18
20
 
19
- def self.id_from_object(object, _type_definition = nil, _query_ctx = nil)
20
- GraphQL::Schema::UniqueWithinType.encode(object.class.name, object.id)
21
- end
21
+ def self.id_from_object(object, _type_definition = nil, _query_ctx = nil)
22
+ GraphQL::Schema::UniqueWithinType.encode(object.class.name, object.id)
23
+ end
22
24
 
23
- def self.object_from_id(id, _query_ctx = nil)
24
- class_name, item_id = GraphQL::Schema::UniqueWithinType.decode(id)
25
- Object.const_get(class_name).find(item_id)
26
- end
25
+ def self.object_from_id(id, _query_ctx = nil)
26
+ class_name, item_id = GraphQL::Schema::UniqueWithinType.decode(id)
27
+ Object.const_get(class_name).find(item_id)
28
+ end
27
29
 
28
- def self.resolve_type(_type, obj, _ctx)
29
- case obj
30
- when Osso::Models::EnterpriseAccount
31
- Types::EnterpriseAccount
32
- when Osso::Models::SamlProvider
33
- Types::IdentityProvider
34
- else
35
- raise("Unexpected object: #{obj}")
30
+ def self.resolve_type(_type, obj, _ctx)
31
+ case obj
32
+ when Osso::Models::EnterpriseAccount
33
+ Types::EnterpriseAccount
34
+ when Osso::Models::IdentityProvider
35
+ Types::IdentityProvider
36
+ else
37
+ raise("Unexpected object: #{obj}")
38
+ end
39
+ end
36
40
  end
37
41
  end
38
42
  end
@@ -1,10 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Types
3
+ module Osso
4
+ module Types
5
+ end
4
6
  end
5
7
 
6
8
  require_relative 'types/base_object'
7
9
  require_relative 'types/base_enum'
10
+ require_relative 'types/base_input_object'
8
11
  require_relative 'types/identity_provider_service'
9
12
  require_relative 'types/identity_provider'
10
13
  require_relative 'types/enterprise_account'
@@ -1,6 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Types
4
- class BaseEnum < GraphQL::Schema::Enum
3
+ module Osso
4
+ module GraphQL
5
+ module Types
6
+ class BaseEnum < ::GraphQL::Schema::Enum
7
+ end
8
+ end
5
9
  end
6
10
  end
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Osso
4
+ module GraphQL
5
+ module Types
6
+ class BaseInputObject < ::GraphQL::Schema::InputObject
7
+ end
8
+ end
9
+ end
10
+ end
@@ -2,7 +2,11 @@
2
2
 
3
3
  require 'graphql'
4
4
 
5
- module Types
6
- class BaseObject < GraphQL::Schema::Object
5
+ module Osso
6
+ module GraphQL
7
+ module Types
8
+ class BaseObject < ::GraphQL::Schema::Object
9
+ end
10
+ end
7
11
  end
8
12
  end
@@ -2,28 +2,28 @@
2
2
 
3
3
  require 'graphql'
4
4
 
5
- module Types
6
- class EnterpriseAccount < Types::BaseObject
7
- description 'An Account for a company that wishes to use SAML via Osso'
8
- implements GraphQL::Types::Relay::Node
5
+ module Osso
6
+ module GraphQL
7
+ module Types
8
+ class EnterpriseAccount < Types::BaseObject
9
+ description 'An Account for a company that wishes to use SAML via Osso'
10
+ implements ::GraphQL::Types::Relay::Node
9
11
 
10
- global_id_field :gid
11
- field :id, ID, null: false
12
- field :name, String, null: false
13
- field :domain, String, null: false
14
- field :identity_providers, [Types::IdentityProvider], null: true
15
- field :status, String, null: false
12
+ global_id_field :gid
13
+ field :id, ID, null: false
14
+ field :name, String, null: false
15
+ field :domain, String, null: false
16
+ field :identity_providers, [Types::IdentityProvider], null: true
17
+ field :status, String, null: false
16
18
 
17
- def name
18
- object.domain.gsub('.com', '')
19
- end
20
-
21
- def status
22
- 'active'
23
- end
19
+ def status
20
+ 'active'
21
+ end
24
22
 
25
- def identity_providers
26
- object.saml_providers
23
+ def identity_providers
24
+ object.identity_providers
25
+ end
26
+ end
27
27
  end
28
28
  end
29
29
  end
@@ -2,35 +2,27 @@
2
2
 
3
3
  require 'graphql'
4
4
 
5
- module Types
6
- class IdentityProvider < Types::BaseObject
7
- description 'Represents a SAML based IDP instance for an EnterpriseAccount'
8
- implements GraphQL::Types::Relay::Node
5
+ module Osso
6
+ module GraphQL
7
+ module Types
8
+ class IdentityProvider < Types::BaseObject
9
+ description 'Represents a SAML based IDP instance for an EnterpriseAccount'
10
+ implements ::GraphQL::Types::Relay::Node
9
11
 
10
- global_id_field :gid
11
- field :id, ID, null: false
12
- field :enterprise_Account_id, ID, null: false
13
- field :service, Types::IdentityProviderService, null: true
14
- field :domain, String, null: false
15
- field :acs_url, String, null: false
16
- field :sso_url, String, null: true
17
- field :sso_cert, String, null: true
18
- field :configured, Boolean, null: false
12
+ global_id_field :gid
13
+ field :id, ID, null: false
14
+ field :enterprise_account_id, ID, null: false
15
+ field :service, Types::IdentityProviderService, null: true
16
+ field :domain, String, null: false
17
+ field :acs_url, String, null: false
18
+ field :sso_url, String, null: true
19
+ field :sso_cert, String, null: true
20
+ field :configured, Boolean, null: false
19
21
 
20
- def service
21
- @object.provider
22
- end
23
-
24
- def configured
25
- @object.idp_sso_target_url && @object.idp_cert
26
- end
27
-
28
- def sso_cert
29
- @object.idp_cert
30
- end
31
-
32
- def sso_url
33
- @object.idp_sso_target_url
22
+ def configured
23
+ !!(@object.sso_url && @object.sso_cert)
24
+ end
25
+ end
34
26
  end
35
27
  end
36
28
  end
@@ -1,8 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Types
4
- class IdentityProviderService < BaseEnum
5
- value('AZURE', 'Microsoft Azure Identity Provider', value: 'Osso::Models::AzureSamlProvider')
6
- value('OKTA', 'Okta Identity Provider', value: 'Osso::Models::OktaSamlProvider')
3
+ module Osso
4
+ module GraphQL
5
+ module Types
6
+ class IdentityProviderService < BaseEnum
7
+ value('AZURE', 'Microsoft Azure Identity Provider', value: 'Osso::Models::AzureSamlProvider')
8
+ value('OKTA', 'Okta Identity Provider', value: 'Osso::Models::OktaSamlProvider')
9
+ end
10
+ end
7
11
  end
8
12
  end