osso 0.0.3.12 → 0.0.3.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +8 -1
- data/.rubocop.yml +1 -0
- data/Gemfile.lock +2 -2
- data/bin/publish +18 -0
- data/lib/osso/graphql/mutation.rb +7 -3
- data/lib/osso/graphql/mutations.rb +1 -3
- data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +2 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
- data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +3 -5
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +52 -0
- data/lib/osso/graphql/query.rb +7 -0
- data/lib/osso/graphql/resolvers.rb +1 -0
- data/lib/osso/graphql/resolvers/base_resolver.rb +21 -0
- data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/types.rb +2 -1
- data/lib/osso/graphql/types/admin_user.rb +22 -0
- data/lib/osso/graphql/types/base_object.rb +22 -0
- data/lib/osso/graphql/types/enterprise_account.rb +0 -5
- data/lib/osso/graphql/types/identity_provider.rb +0 -6
- data/lib/osso/graphql/types/oauth_client.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri_input.rb +16 -0
- data/lib/osso/helpers/auth.rb +34 -15
- data/lib/osso/lib/route_map.rb +2 -2
- data/lib/osso/models/identity_provider.rb +6 -12
- data/lib/osso/models/oauth_client.rb +5 -0
- data/lib/osso/models/redirect_uri.rb +0 -11
- data/lib/osso/routes/admin.rb +2 -2
- data/lib/osso/routes/auth.rb +29 -12
- data/lib/osso/routes/oauth.rb +25 -18
- data/lib/osso/version.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +13 -4
- data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
- data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
- data/spec/graphql/query/enterprise_account_spec.rb +21 -6
- data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
- data/spec/graphql/query/identity_provider_spec.rb +16 -6
- data/spec/graphql/query/oauth_clients_spec.rb +10 -7
- data/spec/models/identity_provider_spec.rb +12 -0
- data/spec/routes/auth_spec.rb +18 -0
- data/spec/routes/oauth_spec.rb +5 -2
- data/spec/support/views/error.erb +0 -0
- metadata +12 -9
- data/lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb +0 -39
- data/lib/osso/graphql/mutations/delete_redirect_uri.rb +0 -38
- data/lib/osso/graphql/mutations/mark_redirect_uri_primary.rb +0 -34
- data/lib/osso/graphql/types/user.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b28fb9c155136c0d23356543f5d9ae0b15e551293bf18c4fbd44bd3340e6602e
|
4
|
+
data.tar.gz: f5c7495d581f4c27706a3fdeca7618707487308d6bc73d0f2372d4cf8fb1957d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 67543b72337e89ebc7b7c2f80c42df2d8aa4f0c7001959022858f68e72fda5f409627260b614ba2fb1c1afbe51ecdded8449d84137cb2c85eff16225f9e7c387
|
7
|
+
data.tar.gz: 69fdf0abd7db72588068ec909c84bf95a19e7b93ace562ce86f24e278dc5b54cbb8c1b49f77a18d8f161542931610a9b9cd1e70cf9b0edb41b6397f49a7b4bbb
|
data/.buildkite/pipeline.yml
CHANGED
@@ -5,4 +5,11 @@ steps:
|
|
5
5
|
- bundle exec rake db:drop
|
6
6
|
- bundle exec rake db:create
|
7
7
|
- RACK_ENV=test bundle exec rake db:migrate
|
8
|
-
- bundle exec rspec
|
8
|
+
- bundle exec rspec
|
9
|
+
|
10
|
+
- block: ":rubygems: Publish :red_button:"
|
11
|
+
branches: "main"
|
12
|
+
|
13
|
+
- name: "Push :rubygems:"
|
14
|
+
commands: "./bin/publish"
|
15
|
+
branches: "main"
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.17)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
graphql
|
7
7
|
jwt
|
@@ -66,7 +66,7 @@ GEM
|
|
66
66
|
method_source (1.0.0)
|
67
67
|
mini_portile2 (2.4.0)
|
68
68
|
minitest (5.14.1)
|
69
|
-
multi_json (1.
|
69
|
+
multi_json (1.15.0)
|
70
70
|
mustermann (1.1.1)
|
71
71
|
ruby2_keywords (~> 0.0.1)
|
72
72
|
nokogiri (1.10.9)
|
data/bin/publish
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
# Scriptacular - gemify.sh
|
3
|
+
# Create a Ruby gem and push it to rubygems.org
|
4
|
+
# Copyright 2013 Christopher Simpkins
|
5
|
+
# MIT License
|
6
|
+
|
7
|
+
GEM_NAME="osso-rb"
|
8
|
+
GEMSPEC_SUFFIX=".gemspec"
|
9
|
+
|
10
|
+
# run the gem build and parse for the gem release filename
|
11
|
+
GEM_BUILD_NAME=$(gem build "$GEM_NAME$GEMSPEC_SUFFIX" | awk '/File/ {print $2}' -)
|
12
|
+
|
13
|
+
if [ -z "$GEM_BUILD_NAME" ]; then
|
14
|
+
echo "The gem build failed." >&2
|
15
|
+
exit 1
|
16
|
+
fi
|
17
|
+
|
18
|
+
gem push $GEM_BUILD_NAME
|
@@ -6,16 +6,20 @@ module Osso
|
|
6
6
|
module GraphQL
|
7
7
|
module Types
|
8
8
|
class MutationType < BaseObject
|
9
|
-
field :add_redirect_uris_to_oauth_client, mutation: Mutations::AddRedirectUrisToOauthClient, null: false
|
10
9
|
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
|
11
10
|
field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
|
12
11
|
field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
|
13
12
|
field :create_oauth_client, mutation: Mutations::CreateOauthClient
|
14
13
|
field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
|
15
14
|
field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
|
16
|
-
field :
|
17
|
-
field :mark_redirect_uri_primary, mutation: Mutations::MarkRedirectUriPrimary
|
15
|
+
field :set_redirect_uris, mutation: Mutations::SetRedirectUris
|
18
16
|
field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
|
17
|
+
|
18
|
+
def self.authorized?(_object, _context)
|
19
|
+
# mutations are prevented from executing with ready? so
|
20
|
+
# its a bit odd that this hides it
|
21
|
+
true
|
22
|
+
end
|
19
23
|
end
|
20
24
|
end
|
21
25
|
end
|
@@ -6,13 +6,11 @@ module Osso
|
|
6
6
|
end
|
7
7
|
|
8
8
|
require_relative 'mutations/base_mutation'
|
9
|
-
require_relative 'mutations/add_redirect_uris_to_oauth_client'
|
10
9
|
require_relative 'mutations/configure_identity_provider'
|
11
10
|
require_relative 'mutations/create_identity_provider'
|
12
11
|
require_relative 'mutations/create_enterprise_account'
|
13
12
|
require_relative 'mutations/create_oauth_client'
|
14
13
|
require_relative 'mutations/delete_enterprise_account'
|
15
14
|
require_relative 'mutations/delete_oauth_client'
|
16
|
-
require_relative 'mutations/delete_redirect_uri'
|
17
|
-
require_relative 'mutations/mark_redirect_uri_primary'
|
18
15
|
require_relative 'mutations/regenerate_oauth_credentials'
|
16
|
+
require_relative 'mutations/set_redirect_uris'
|
@@ -15,13 +15,26 @@ module Osso
|
|
15
15
|
error.merge(data: nil)
|
16
16
|
end
|
17
17
|
|
18
|
-
def ready?(
|
19
|
-
return true if
|
18
|
+
def ready?(**args)
|
19
|
+
return true if internal_ready?
|
20
20
|
|
21
|
-
|
22
|
-
return true if domain == context[:scope]
|
21
|
+
return true if domain_ready?(args[:domain] || domain(**args))
|
23
22
|
|
24
|
-
raise ::GraphQL::ExecutionError,
|
23
|
+
raise ::GraphQL::ExecutionError, 'This user lacks the permission to make the requested changes'
|
24
|
+
end
|
25
|
+
|
26
|
+
def admin_ready?
|
27
|
+
context[:scope] == 'admin'
|
28
|
+
end
|
29
|
+
|
30
|
+
def internal_ready?
|
31
|
+
return true if admin_ready?
|
32
|
+
|
33
|
+
context[:scope] == 'internal'
|
34
|
+
end
|
35
|
+
|
36
|
+
def domain_ready?(domain)
|
37
|
+
context[:email].split('@')[1] == domain
|
25
38
|
end
|
26
39
|
|
27
40
|
def account_domain(id)
|
@@ -13,22 +13,20 @@ module Osso
|
|
13
13
|
field :identity_provider, Types::IdentityProvider, null: false
|
14
14
|
field :errors, [String], null: false
|
15
15
|
|
16
|
-
def resolve(
|
17
|
-
provider =
|
16
|
+
def resolve(**args)
|
17
|
+
provider = identity_provider(**args)
|
18
18
|
|
19
19
|
return response_data(identity_provider: provider) if provider.update(args)
|
20
20
|
|
21
|
-
response_error(errors:
|
21
|
+
response_error(errors: provider.errors.messages)
|
22
22
|
end
|
23
23
|
|
24
|
-
def
|
25
|
-
|
26
|
-
|
27
|
-
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
-
|
29
|
-
return true if domain == context[:scope]
|
24
|
+
def domain(**args)
|
25
|
+
identity_provider(**args)&.domain
|
26
|
+
end
|
30
27
|
|
31
|
-
|
28
|
+
def identity_provider(id:, **_args)
|
29
|
+
@identity_provider ||= Osso::Models::IdentityProvider.find(id)
|
32
30
|
end
|
33
31
|
end
|
34
32
|
end
|
@@ -8,12 +8,14 @@ module Osso
|
|
8
8
|
|
9
9
|
argument :domain, String, required: true
|
10
10
|
argument :name, String, required: true
|
11
|
+
argument :oauth_client_id, ID, required: false
|
11
12
|
|
12
13
|
field :enterprise_account, Types::EnterpriseAccount, null: false
|
13
14
|
field :errors, [String], null: false
|
14
15
|
|
15
16
|
def resolve(**args)
|
16
17
|
enterprise_account = Osso::Models::EnterpriseAccount.new(args)
|
18
|
+
enterprise_account.oauth_client_id ||= context[:oauth_client_id]
|
17
19
|
|
18
20
|
return response_data(enterprise_account: enterprise_account) if enterprise_account.save
|
19
21
|
|
@@ -12,18 +12,27 @@ module Osso
|
|
12
12
|
field :identity_provider, Types::IdentityProvider, null: false
|
13
13
|
field :errors, [String], null: false
|
14
14
|
|
15
|
-
def resolve(
|
16
|
-
|
17
|
-
|
18
|
-
|
15
|
+
def resolve(service: nil, **args)
|
16
|
+
customer = enterprise_account(**args)
|
17
|
+
|
18
|
+
identity_provider = customer.identity_providers.build(
|
19
19
|
service: service,
|
20
|
-
domain:
|
20
|
+
domain: customer.domain,
|
21
|
+
oauth_client_id: customer.oauth_client_id,
|
21
22
|
)
|
22
23
|
|
23
24
|
return response_data(identity_provider: identity_provider) if identity_provider.save
|
24
25
|
|
25
26
|
response_error(errors: identity_provider.errors.full_messages)
|
26
27
|
end
|
28
|
+
|
29
|
+
def domain(**args)
|
30
|
+
enterprise_account(**args)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def enterprise_account(enterprise_account_id:, **_args)
|
34
|
+
@enterprise_account ||= Osso::Models::EnterpriseAccount.find(enterprise_account_id)
|
35
|
+
end
|
27
36
|
end
|
28
37
|
end
|
29
38
|
end
|
@@ -11,22 +11,20 @@ module Osso
|
|
11
11
|
field :enterprise_account, Types::EnterpriseAccount, null: true
|
12
12
|
field :errors, [String], null: false
|
13
13
|
|
14
|
-
def
|
15
|
-
enterprise_account
|
16
|
-
|
17
|
-
return response_data(enterprise_account: nil) if enterprise_account.destroy
|
18
|
-
|
19
|
-
response_error(errors: enterprise_account.errors.full_messages)
|
14
|
+
def enterprise_account(id:, **_args)
|
15
|
+
@enterprise_account ||= Osso::Models::EnterpriseAccount.find(id)
|
20
16
|
end
|
21
17
|
|
22
|
-
def
|
23
|
-
|
18
|
+
def resolve(**args)
|
19
|
+
customer = enterprise_account(**args)
|
24
20
|
|
25
|
-
|
21
|
+
return response_data(enterprise_account: nil) if customer.destroy
|
26
22
|
|
27
|
-
|
23
|
+
response_error(errors: customer.errors.full_messages)
|
24
|
+
end
|
28
25
|
|
29
|
-
|
26
|
+
def domain(**args)
|
27
|
+
enterprise_account(**args).domain
|
30
28
|
end
|
31
29
|
end
|
32
30
|
end
|
@@ -14,16 +14,14 @@ module Osso
|
|
14
14
|
def resolve(id:)
|
15
15
|
oauth_client = Osso::Models::OauthClient.find(id)
|
16
16
|
oauth_client.generate_secrets
|
17
|
-
|
17
|
+
|
18
18
|
return response_data(oauth_client: oauth_client) if oauth_client.save
|
19
|
-
|
19
|
+
|
20
20
|
response_error(errors: oauth_client.errors.full_messages)
|
21
21
|
end
|
22
22
|
|
23
23
|
def ready?(*)
|
24
|
-
|
25
|
-
|
26
|
-
raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
|
24
|
+
admin_ready?
|
27
25
|
end
|
28
26
|
end
|
29
27
|
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class SetRedirectUris < BaseMutation
|
7
|
+
null false
|
8
|
+
|
9
|
+
argument :id, ID, required: true
|
10
|
+
argument :redirect_uris, [Types::RedirectUrisInput], required: true
|
11
|
+
|
12
|
+
field :oauth_client, Types::OauthClient, null: true
|
13
|
+
field :errors, [String], null: false
|
14
|
+
|
15
|
+
def resolve(id:, redirect_uris:)
|
16
|
+
oauth_client = Osso::Models::OauthClient.find(id)
|
17
|
+
|
18
|
+
update_existing(oauth_client, redirect_uris)
|
19
|
+
create_new(oauth_client, redirect_uris)
|
20
|
+
|
21
|
+
response_data(oauth_client: oauth_client.reload)
|
22
|
+
rescue StandardError => e
|
23
|
+
response_error(errors: e)
|
24
|
+
end
|
25
|
+
|
26
|
+
def ready?(*)
|
27
|
+
admin_ready?
|
28
|
+
end
|
29
|
+
|
30
|
+
def update_existing(oauth_client, redirect_uris)
|
31
|
+
oauth_client.redirect_uris.each do |redirect|
|
32
|
+
updating_index = redirect_uris.index { |incoming| incoming[:id] == redirect.id }
|
33
|
+
|
34
|
+
if updating_index
|
35
|
+
updating = redirect_uris.delete_at(updating_index)
|
36
|
+
redirect.update(updating.to_h)
|
37
|
+
next
|
38
|
+
end
|
39
|
+
|
40
|
+
redirect.destroy
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def create_new(oauth_client, redirect_uris)
|
45
|
+
redirect_uris.map do |uri|
|
46
|
+
oauth_client.redirect_uris.create(uri.to_h.without(:id))
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
data/lib/osso/graphql/query.rb
CHANGED
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Resolvers
|
6
|
+
class BaseResolver < ::GraphQL::Schema::Resolver
|
7
|
+
def admin_authorized?
|
8
|
+
context[:scope] == 'admin'
|
9
|
+
end
|
10
|
+
|
11
|
+
def internal_authorized?
|
12
|
+
%w[admin internal].include?(context[:scope])
|
13
|
+
end
|
14
|
+
|
15
|
+
def enterprise_authorized?(domain)
|
16
|
+
context[:scope] == domain
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -3,22 +3,12 @@
|
|
3
3
|
module Osso
|
4
4
|
module GraphQL
|
5
5
|
module Resolvers
|
6
|
-
class EnterpriseAccount <
|
6
|
+
class EnterpriseAccount < BaseResolver
|
7
7
|
type Types::EnterpriseAccount, null: false
|
8
8
|
|
9
9
|
def resolve(args)
|
10
|
-
return unless admin? || enterprise_authorized?(args[:domain])
|
11
|
-
|
12
10
|
Osso::Models::EnterpriseAccount.find_by(domain: args[:domain])
|
13
11
|
end
|
14
|
-
|
15
|
-
def admin?
|
16
|
-
context[:scope] == :admin
|
17
|
-
end
|
18
|
-
|
19
|
-
def enterprise_authorized?(domain)
|
20
|
-
context[:scope] == domain
|
21
|
-
end
|
22
12
|
end
|
23
13
|
end
|
24
14
|
end
|
@@ -3,11 +3,11 @@
|
|
3
3
|
module Osso
|
4
4
|
module GraphQL
|
5
5
|
module Resolvers
|
6
|
-
class EnterpriseAccounts <
|
6
|
+
class EnterpriseAccounts < BaseResolver
|
7
7
|
type Types::EnterpriseAccount.connection_type, null: true
|
8
8
|
|
9
9
|
def resolve(sort_column: nil, sort_order: nil)
|
10
|
-
return Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope]))
|
10
|
+
return Array(Osso::Models::EnterpriseAccount.find_by(domain: context[:scope])) unless internal_authorized?
|
11
11
|
|
12
12
|
accounts = Osso::Models::EnterpriseAccount
|
13
13
|
|
@@ -3,11 +3,11 @@
|
|
3
3
|
module Osso
|
4
4
|
module GraphQL
|
5
5
|
module Resolvers
|
6
|
-
class OAuthClients <
|
6
|
+
class OAuthClients < BaseResolver
|
7
7
|
type [Types::OauthClient], null: true
|
8
8
|
|
9
9
|
def resolve
|
10
|
-
|
10
|
+
Osso::Models::OauthClient.all
|
11
11
|
end
|
12
12
|
end
|
13
13
|
end
|