osso 0.0.3.1 → 0.0.3.6

data/lib/osso/graphql/types/oauth_client.rb

@@ -2,15 +2,19 @@
 
 require 'graphql'
 
-module Types
-  class OAuthClient < Types::BaseObject
-    description 'An OAuth client used to consume Osso SAML users'
-    implements GraphQL::Types::Relay::Node
+module Osso
+  module GraphQL
+    module Types
+      class OAuthClient < Types::BaseObject
+        description 'An OAuth client used to consume Osso SAML users'
+        implements ::GraphQL::Types::Relay::Node
 
-    global_id_field :gid
-    field :id, ID, null: false
-    field :name, String, null: false
-    field :client_id, String, null: false
-    field :client_secret, String, null: false
+        global_id_field :gid
+        field :id, ID, null: false
+        field :name, String, null: false
+        field :client_id, String, null: false
+        field :client_secret, String, null: false
+      end
+    end
   end
 end

data/lib/osso/graphql/types/user.rb

@@ -2,11 +2,16 @@
 
 require 'graphql'
 require_relative 'base_object'
-module Types
-  class User < Types::BaseObject
-    description 'A User of the application'
 
-    field :id, ID, null: false
-    field :name, String, null: true
+module Osso
+  module GraphQL
+    module Types
+      class User < Types::BaseObject
+        description 'A User of the application'
+
+        field :id, ID, null: false
+        field :name, String, null: true
+      end
+    end
   end
 end

data/lib/osso/helpers/auth.rb

@@ -1,67 +1,71 @@
 # frozen_string_literal: true
 
-module Helpers
-  module Auth
-    attr_accessor :current_scope
-    
-    def enterprise_protected!(domain = nil)
-      return if admin_authorized?
-      return if enterprise_authorized?(domain)
-
-      redirect ENV['JWT_URL']
-    end
+module Osso
+  module Helpers
+    module Auth
+      attr_accessor :current_scope
 
-    def enterprise_authorized?(domain)
-      payload, _args = JWT.decode(
-        token,
-        ENV['JWT_HMAC_SECRET'],
-        true,
-        { algorithm: 'HS256' },
-      )
+      def enterprise_protected!(domain = nil)
+        return if admin_authorized?
+        return if enterprise_authorized?(domain)
 
-      @current_scope = payload['scope']
+        halt 401 if request.post?
 
-      true
-    rescue JWT::DecodeError
-      false
-    end
+        redirect ENV['JWT_URL']
+      end
 
-    def admin_protected!
-      return if admin_authorized?
+      def enterprise_authorized?(_domain)
+        payload, _args = JWT.decode(
+          token,
+          ENV['JWT_HMAC_SECRET'],
+          true,
+          { algorithm: 'HS256' },
+        )
 
-      redirect ENV['JWT_URL']
-    end
+        @current_scope = payload['scope']
 
-    def admin_authorized?
-      payload, _args = JWT.decode(
-        token,
-        ENV['JWT_HMAC_SECRET'],
-        true,
-        { algorithm: 'HS256' },
-      )
-
-      if payload['scope'] == 'admin'
-        @current_scope = :admin
-        return true
+        true
+      rescue JWT::DecodeError
+        false
       end
 
-      false
-    rescue JWT::DecodeError
-      false
-    end
+      def admin_protected!
+        return if admin_authorized?
 
-    def token
-      request.env['admin_token'] || session['admin_token'] || request['admin_token']
-    end
+        redirect ENV['JWT_URL']
+      end
 
-    def chomp_token
-      return unless request['admin_token'].present?
+      def admin_authorized?
+        payload, _args = JWT.decode(
+          token,
+          ENV['JWT_HMAC_SECRET'],
+          true,
+          { algorithm: 'HS256' },
+        )
 
-      session['admin_token'] = request['admin_token']
+        if payload['scope'] == 'admin'
+          @current_scope = :admin
+          return true
+        end
 
-      return if request.post?
+        false
+      rescue JWT::DecodeError
+        false
+      end
+
+      def token
+        request.env['admin_token'] || session['admin_token'] || request['admin_token']
+      end
+
+      def chomp_token
+        return unless request['admin_token'].present?
 
-      redirect request.path
+        session['admin_token'] = request['admin_token']
+
+        return if request.post?
+
+        redirect request.path
+      end
     end
   end
 end

data/lib/osso/helpers/helpers.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-module Helpers
+module Osso
+  module Helpers
+  end
 end
 
 require_relative 'auth'

data/lib/osso/lib/app_config.rb

@@ -7,7 +7,7 @@ module Osso
     def self.included(klass)
       klass.class_eval do
         use Rack::JSONBodyParser
-        use Rack::Session::Cookie, secret: ENV.fetch('SESSION_SECRET')
+        use Rack::Session::Cookie, secret: ENV['SESSION_SECRET']
 
         error ActiveRecord::RecordNotFound do
           status 404

data/lib/osso/lib/route_map.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/MethodLength
+
+module Osso
+  module RouteMap
+    def self.included(klass)
+      klass.class_eval do
+        use Osso::Admin
+        use Osso::Auth
+        use Osso::Oauth
+
+        post '/graphql' do
+          enterprise_protected!
+
+          result = Osso::GraphQL::Schema.execute(
+            params[:query],
+            variables: params[:variables],
+            context: { scope: current_scope },
+          )
+
+          json result
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Metrics/MethodLength

data/lib/osso/models/enterprise_account.rb

@@ -10,19 +10,19 @@ module Osso
     class EnterpriseAccount < ActiveRecord::Base
       belongs_to :oauth_client
       has_many :users
-      has_many :saml_providers
+      has_many :identity_providers
 
       def single_provider?
-        saml_providers.one?
+        identity_providers.one?
       end
 
       def provider
         return nil unless single_provider?
 
-        saml_providers.first
+        identity_providers.first
       end
 
-      alias saml_provider provider
+      alias identity_provider provider
     end
   end
 end

data/lib/osso/models/identity_provider.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Osso
+  module Models
+    # Base class for SAML Providers
+    class IdentityProvider < ActiveRecord::Base
+      NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+      belongs_to :enterprise_account
+      belongs_to :oauth_client
+      has_many :users
+
+      def name
+        service.titlecase
+        # raise(
+        #   NoMethodError,
+        #   '#name must be defined on each provider specific subclass',
+        # )
+      end
+
+      def saml_options
+        attributes.slice(
+          'domain',
+          'idp_cert',
+          'idp_sso_target_url',
+        ).symbolize_keys
+      end
+
+      # def saml_options
+      #   raise(
+      #     NoMethodError,
+      #     '#saml_options must be defined on each provider specific subclass',
+      #   )
+      # end
+
+      def assertion_consumer_service_url
+        [
+          ENV.fetch('BASE_URL'),
+          'auth',
+          'saml',
+          id,
+          'callback',
+        ].join('/')
+      end
+
+      alias acs_url assertion_consumer_service_url
+    end
+  end
+end

data/lib/osso/models/models.rb

@@ -12,5 +12,5 @@ require_relative 'authorization_code'
 require_relative 'enterprise_account'
 require_relative 'oauth_client'
 require_relative 'redirect_uri'
-require_relative 'saml_provider'
+require_relative 'identity_provider'
 require_relative 'user'

data/lib/osso/models/oauth_client.rb

@@ -6,7 +6,7 @@ module Osso
     class OauthClient < ActiveRecord::Base
       has_many :access_tokens
       has_many :refresh_tokens
-      has_many :saml_providers
+      has_many :identity_providers
       has_many :redirect_uris
 
       before_validation :setup, on: :create
@@ -29,4 +29,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/models/saml_provider.rb

@@ -3,28 +3,27 @@
 module Osso
   module Models
     # Base class for SAML Providers
-    class SamlProvider < ActiveRecord::Base
+    class IdentityProvider < ActiveRecord::Base
       NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
-      self.inheritance_column = :provider
       belongs_to :enterprise_account
       belongs_to :oauth_client
       has_many :users
 
       before_create :create_enterprise_account
 
-      def name
-        raise(
-          NoMethodError,
-          '#name must be defined on each provider specific subclass',
-        )
-      end
+      # def name
+      #   raise(
+      #     NoMethodError,
+      #     '#name must be defined on each provider specific subclass',
+      #   )
+      # end
 
-      def saml_options
-        raise(
-          NoMethodError,
-          '#saml_options must be defined on each provider specific subclass',
-        )
-      end
+      # def saml_options
+      #   raise(
+      #     NoMethodError,
+      #     '#saml_options must be defined on each provider specific subclass',
+      #   )
+      # end
 
       def assertion_consumer_service_url
         [
@@ -48,5 +47,3 @@ module Osso
     end
   end
 end
-require_relative 'saml_providers/azure_saml_provider'
-require_relative 'saml_providers/okta_saml_provider'

data/lib/osso/models/saml_providers/azure_saml_provider.rb

@@ -3,7 +3,7 @@
 module Osso
   module Models
     # Subclass for Azure / ADFS IDP instances
-    class AzureSamlProvider < Models::SamlProvider
+    class AzureSamlProvider < Models::IdentityProvider
       def name
         'Azure'
       end
@@ -19,4 +19,4 @@ module Osso
       end
     end
   end
-end
+end

data/lib/osso/models/saml_providers/okta_saml_provider.rb

@@ -3,7 +3,7 @@
 module Osso
   module Models
     # Subclass for Okta IDP instances
-    class OktaSamlProvider < Models::SamlProvider
+    class OktaSamlProvider < Models::IdentityProvider
       def name
         'Okta'
       end

data/lib/osso/models/user.rb

@@ -4,19 +4,19 @@ module Osso
   module Models
     class User < ActiveRecord::Base
       belongs_to :enterprise_account
-      belongs_to :saml_provider
+      belongs_to :identity_provider
       has_many :authorization_codes, dependent: :delete_all
       has_many :access_tokens, dependent: :delete_all
 
       def oauth_client
-        saml_provider.oauth_client
+        identity_provider.oauth_client
       end
 
       def as_json(*)
         {
           email: email,
           id: id,
-          idp: saml_provider.name,
+          idp: identity_provider.name,
         }
       end
     end

data/lib/osso/routes/admin.rb

@@ -6,33 +6,36 @@ module Osso
   class Admin < Sinatra::Base
     include AppConfig
     helpers Helpers::Auth
+    register Sinatra::Namespace
 
     before do
       chomp_token
     end
 
-    get '/' do
-      admin_protected!
+    namespace '/admin' do
+      get '' do
+        admin_protected!
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/enterprise' do
-      admin_protected!
+      get '/enterprise' do
+        admin_protected!
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/enterprise/:domain' do
-      enterprise_protected!(params[:domain])
+      get '/enterprise/:domain' do
+        enterprise_protected!(params[:domain])
 
-      erb :admin
-    end
+        erb :admin
+      end
 
-    get '/config' do
-      admin_protected!
+      get '/config' do
+        admin_protected!
 
-      erb :admin
+        erb :admin
+      end
     end
   end
 end