osso 0.0.3.12 → 0.0.3.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +8 -1
  3. data/.rubocop.yml +1 -0
  4. data/Gemfile.lock +2 -2
  5. data/bin/publish +18 -0
  6. data/lib/osso/graphql/mutation.rb +7 -3
  7. data/lib/osso/graphql/mutations.rb +1 -3
  8. data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
  9. data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
  10. data/lib/osso/graphql/mutations/create_enterprise_account.rb +2 -0
  11. data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
  12. data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
  13. data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
  14. data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
  15. data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +3 -5
  16. data/lib/osso/graphql/mutations/set_redirect_uris.rb +52 -0
  17. data/lib/osso/graphql/query.rb +7 -0
  18. data/lib/osso/graphql/resolvers.rb +1 -0
  19. data/lib/osso/graphql/resolvers/base_resolver.rb +21 -0
  20. data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
  21. data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
  22. data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
  23. data/lib/osso/graphql/types.rb +2 -1
  24. data/lib/osso/graphql/types/admin_user.rb +22 -0
  25. data/lib/osso/graphql/types/base_object.rb +22 -0
  26. data/lib/osso/graphql/types/enterprise_account.rb +0 -5
  27. data/lib/osso/graphql/types/identity_provider.rb +0 -6
  28. data/lib/osso/graphql/types/oauth_client.rb +2 -4
  29. data/lib/osso/graphql/types/redirect_uri.rb +2 -4
  30. data/lib/osso/graphql/types/redirect_uri_input.rb +16 -0
  31. data/lib/osso/helpers/auth.rb +34 -15
  32. data/lib/osso/lib/route_map.rb +2 -2
  33. data/lib/osso/models/identity_provider.rb +6 -12
  34. data/lib/osso/models/oauth_client.rb +5 -0
  35. data/lib/osso/models/redirect_uri.rb +0 -11
  36. data/lib/osso/routes/admin.rb +2 -2
  37. data/lib/osso/routes/auth.rb +29 -12
  38. data/lib/osso/routes/oauth.rb +25 -18
  39. data/lib/osso/version.rb +1 -1
  40. data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
  41. data/spec/graphql/mutations/create_enterprise_account_spec.rb +13 -4
  42. data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
  43. data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
  44. data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
  45. data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
  46. data/spec/graphql/query/enterprise_account_spec.rb +21 -6
  47. data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
  48. data/spec/graphql/query/identity_provider_spec.rb +16 -6
  49. data/spec/graphql/query/oauth_clients_spec.rb +10 -7
  50. data/spec/models/identity_provider_spec.rb +12 -0
  51. data/spec/routes/auth_spec.rb +18 -0
  52. data/spec/routes/oauth_spec.rb +5 -2
  53. data/spec/support/views/error.erb +0 -0
  54. metadata +12 -9
  55. data/lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb +0 -39
  56. data/lib/osso/graphql/mutations/delete_redirect_uri.rb +0 -38
  57. data/lib/osso/graphql/mutations/mark_redirect_uri_primary.rb +0 -34
  58. data/lib/osso/graphql/types/user.rb +0 -17
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Osso
4
- VERSION = '0.0.3.12'
4
+ VERSION = '0.0.3.17'
5
5
  end
@@ -39,12 +39,15 @@ describe Osso::GraphQL::Schema do
39
39
  described_class.execute(
40
40
  mutation,
41
41
  variables: variables,
42
- context: { scope: current_scope },
42
+ context: current_context,
43
43
  )
44
44
  end
45
45
 
46
46
  describe 'for an admin user' do
47
- let(:current_scope) { :admin }
47
+ let(:current_context) do
48
+ { scope: 'admin' }
49
+ end
50
+
48
51
  it 'configures an identity provider' do
49
52
  expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
50
53
  to eq('Configured')
@@ -53,7 +56,12 @@ describe Osso::GraphQL::Schema do
53
56
 
54
57
  describe 'for an email scoped user' do
55
58
  let(:domain) { Faker::Internet.domain_name }
56
- let(:current_scope) { domain }
59
+ let(:current_context) do
60
+ {
61
+ scope: 'end-user',
62
+ email: "user@#{domain}",
63
+ }
64
+ end
57
65
  let(:enterprise_account) { create(:enterprise_account, domain: domain) }
58
66
  let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
59
67
 
@@ -65,7 +73,12 @@ describe Osso::GraphQL::Schema do
65
73
 
66
74
  describe 'for the wrong email scoped user' do
67
75
  let(:domain) { Faker::Internet.domain_name }
68
- let(:current_scope) { domain }
76
+ let(:current_context) do
77
+ {
78
+ scope: 'end-user',
79
+ email: "user@#{domain}",
80
+ }
81
+ end
69
82
 
70
83
  it 'does not configure an identity provider' do
71
84
  expect(subject.dig('errors')).to_not be_empty
@@ -33,12 +33,14 @@ describe Osso::GraphQL::Schema do
33
33
  described_class.execute(
34
34
  mutation,
35
35
  variables: variables,
36
- context: { scope: current_scope },
36
+ context: current_context,
37
37
  )
38
38
  end
39
39
 
40
40
  describe 'for an admin user' do
41
- let(:current_scope) { :admin }
41
+ let(:current_context) do
42
+ { scope: 'admin' }
43
+ end
42
44
  it 'creates an Enterprise Account' do
43
45
  expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
44
46
  expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
@@ -47,7 +49,12 @@ describe Osso::GraphQL::Schema do
47
49
  end
48
50
 
49
51
  describe 'for an email scoped user' do
50
- let(:current_scope) { domain }
52
+ let(:current_context) do
53
+ {
54
+ scope: 'end-user',
55
+ email: "user@#{domain}",
56
+ }
57
+ end
51
58
 
52
59
  it 'creates an Enterprise Account' do
53
60
  expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
@@ -56,7 +63,9 @@ describe Osso::GraphQL::Schema do
56
63
  end
57
64
  end
58
65
  describe 'for the wrong email scoped user' do
59
- let(:current_scope) { 'foo.com' }
66
+ let(:current_context) do
67
+ { scope: 'end-user', email: 'user@foo.com' }
68
+ end
60
69
 
61
70
  it 'does not create an Enterprise Account' do
62
71
  expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
25
25
  described_class.execute(
26
26
  mutation,
27
27
  variables: variables,
28
- context: { scope: current_scope },
28
+ context: current_context,
29
29
  )
30
30
  end
31
31
 
32
32
  describe 'for an admin user' do
33
- let(:current_scope) { :admin }
33
+ let(:current_context) do
34
+ { scope: 'admin' }
35
+ end
34
36
  describe 'without a service' do
35
37
  let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
36
38
 
@@ -54,7 +56,12 @@ describe Osso::GraphQL::Schema do
54
56
 
55
57
  describe 'for an email scoped user' do
56
58
  let(:domain) { Faker::Internet.domain_name }
57
- let(:current_scope) { domain }
59
+ let(:current_context) do
60
+ {
61
+ scope: 'end-user',
62
+ email: "user@#{domain}",
63
+ }
64
+ end
58
65
  let(:enterprise_account) { create(:enterprise_account, domain: domain) }
59
66
 
60
67
  describe 'without a service' do
@@ -80,12 +87,17 @@ describe Osso::GraphQL::Schema do
80
87
 
81
88
  describe 'for a wrong email scoped user' do
82
89
  let(:domain) { Faker::Internet.domain_name }
83
- let(:current_scope) { domain }
90
+ let(:current_context) do
91
+ {
92
+ scope: 'end-user',
93
+ email: "user@#{domain}",
94
+ }
95
+ end
84
96
  let(:enterprise_account) { create(:enterprise_account, domain: domain) }
85
97
  let(:target_account) { create(:enterprise_account) }
86
98
 
87
99
  describe 'without a service' do
88
- let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
100
+ let(:variables) { { input: { enterpriseAccountId: target_account.id, domain: domain } } }
89
101
 
90
102
  it 'does not creates a identity provider' do
91
103
  expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
@@ -93,7 +105,7 @@ describe Osso::GraphQL::Schema do
93
105
  end
94
106
 
95
107
  describe 'with a service' do
96
- let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
108
+ let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA', domain: domain } } }
97
109
 
98
110
  it 'does not creates a identity provider' do
99
111
  expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
@@ -31,12 +31,14 @@ describe Osso::GraphQL::Schema do
31
31
  described_class.execute(
32
32
  mutation,
33
33
  variables: variables,
34
- context: { scope: current_scope },
34
+ context: current_context,
35
35
  )
36
36
  end
37
37
 
38
38
  describe 'for an admin user' do
39
- let(:current_scope) { :admin }
39
+ let(:current_context) do
40
+ { scope: 'admin' }
41
+ end
40
42
  it 'creates an OauthClient' do
41
43
  expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
42
44
  expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
@@ -45,7 +47,12 @@ describe Osso::GraphQL::Schema do
45
47
  end
46
48
 
47
49
  describe 'for an email scoped user' do
48
- let(:current_scope) { 'foo.com' }
50
+ let(:current_context) do
51
+ {
52
+ scope: 'end-user',
53
+ email: 'user@foo.com',
54
+ }
55
+ end
49
56
 
50
57
  it 'does not create an OauthClient Account' do
51
58
  expect { subject }.to_not(change { Osso::Models::OauthClient.count })
@@ -30,12 +30,15 @@ describe Osso::GraphQL::Schema do
30
30
  described_class.execute(
31
31
  mutation,
32
32
  variables: variables,
33
- context: { scope: current_scope },
33
+ context: current_context,
34
34
  )
35
35
  end
36
36
 
37
37
  describe 'for an admin user' do
38
- let(:current_scope) { :admin }
38
+ let(:current_context) do
39
+ { scope: 'admin' }
40
+ end
41
+
39
42
  it 'deletes an Enterprise Account' do
40
43
  expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
41
44
  expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
@@ -44,7 +47,12 @@ describe Osso::GraphQL::Schema do
44
47
  end
45
48
 
46
49
  describe 'for an email scoped user' do
47
- let(:current_scope) { domain }
50
+ let(:current_context) do
51
+ {
52
+ scope: 'end-user',
53
+ email: "user@#{domain}",
54
+ }
55
+ end
48
56
 
49
57
  it 'deletes the Enterprise Account' do
50
58
  expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
@@ -52,8 +60,14 @@ describe Osso::GraphQL::Schema do
52
60
  to be_nil
53
61
  end
54
62
  end
63
+
55
64
  describe 'for the wrong email scoped user' do
56
- let(:current_scope) { 'foo.com' }
65
+ let(:current_context) do
66
+ {
67
+ scope: 'end-user',
68
+ email: 'user@foo.com',
69
+ }
70
+ end
57
71
 
58
72
  it 'does not delete the Enterprise Account' do
59
73
  expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
@@ -29,21 +29,25 @@ describe Osso::GraphQL::Schema do
29
29
  described_class.execute(
30
30
  mutation,
31
31
  variables: variables,
32
- context: { scope: current_scope },
32
+ context: current_context,
33
33
  )
34
34
  end
35
35
 
36
36
  describe 'for an admin user' do
37
- let(:current_scope) { :admin }
37
+ let(:current_context) do
38
+ { scope: 'admin' }
39
+ end
38
40
  it 'deletes the OauthClient' do
39
41
  expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
40
42
  end
41
43
  end
42
44
 
43
45
  describe 'for an email scoped user' do
44
- let(:current_scope) { 'foo.com' }
46
+ let(:current_context) do
47
+ { scope: 'end-user', email: 'user@foo.com' }
48
+ end
45
49
 
46
- it 'does not create an OauthClient Account' do
50
+ it 'does not deletes the OauthClient' do
47
51
  expect { subject }.to_not(change { Osso::Models::OauthClient.count })
48
52
  end
49
53
  end
@@ -37,12 +37,17 @@ describe Osso::GraphQL::Schema do
37
37
  described_class.execute(
38
38
  query,
39
39
  variables: variables,
40
- context: { scope: current_scope },
40
+ context: current_context,
41
41
  )
42
42
  end
43
43
 
44
44
  describe 'for an admin user' do
45
- let(:current_scope) { :admin }
45
+ let(:current_context) do
46
+ {
47
+ scope: 'admin',
48
+ }
49
+ end
50
+
46
51
  it 'returns Enterprise Account for domain' do
47
52
  expect(subject['errors']).to be_nil
48
53
  expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
@@ -50,7 +55,12 @@ describe Osso::GraphQL::Schema do
50
55
  end
51
56
 
52
57
  describe 'for an email scoped user' do
53
- let(:current_scope) { domain }
58
+ let(:current_context) do
59
+ {
60
+ scope: 'end-user',
61
+ email: "user@#{domain}",
62
+ }
63
+ end
54
64
  it 'returns Enterprise Account for domain' do
55
65
  expect(subject['errors']).to be_nil
56
66
  expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
@@ -58,9 +68,14 @@ describe Osso::GraphQL::Schema do
58
68
  end
59
69
 
60
70
  describe 'for the wrong email scoped user' do
61
- let(:current_scope) { 'bar.com' }
62
- it 'returns Enterprise Account for domain' do
63
- expect(subject['errors']).to be_nil
71
+ let(:current_context) do
72
+ {
73
+ scope: 'end-user',
74
+ email: 'foo@bar.com',
75
+ }
76
+ end
77
+ it 'does not return Enterprise Account for domain' do
78
+ expect(subject['errors']).to_not be_nil
64
79
  expect(subject.dig('data', 'enterpriseAccount')).to be_nil
65
80
  end
66
81
  end
@@ -5,7 +5,9 @@ require 'spec_helper'
5
5
  describe Osso::GraphQL::Schema do
6
6
  describe 'EnterpriseAccounts' do
7
7
  describe 'for an admin user' do
8
- let(:current_scope) { :admin }
8
+ let(:current_context) do
9
+ { scope: 'admin' }
10
+ end
9
11
 
10
12
  it 'returns paginated Enterprise Accounts' do
11
13
  %w[A B C].map do |name|
@@ -44,7 +46,7 @@ describe Osso::GraphQL::Schema do
44
46
  response = described_class.execute(
45
47
  query,
46
48
  variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
47
- context: { scope: current_scope },
49
+ context: current_context,
48
50
  )
49
51
 
50
52
  expect(response['errors']).to be_nil
@@ -32,12 +32,14 @@ describe Osso::GraphQL::Schema do
32
32
  described_class.execute(
33
33
  query,
34
34
  variables: variables,
35
- context: { scope: current_scope },
35
+ context: current_context,
36
36
  )
37
37
  end
38
38
 
39
39
  describe 'for an admin user' do
40
- let(:current_scope) { :admin }
40
+ let(:current_context) do
41
+ { scope: 'admin' }
42
+ end
41
43
  it 'returns Identity Provider for id' do
42
44
  expect(subject['errors']).to be_nil
43
45
  expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
@@ -45,8 +47,12 @@ describe Osso::GraphQL::Schema do
45
47
  end
46
48
 
47
49
  describe 'for an email scoped user' do
48
- let(:current_scope) { domain }
49
-
50
+ let(:current_context) do
51
+ {
52
+ scope: 'end-user',
53
+ email: "user@#{domain}",
54
+ }
55
+ end
50
56
  it 'returns Enterprise Account for domain' do
51
57
  expect(subject['errors']).to be_nil
52
58
  expect(subject.dig('data', 'identityProvider', 'domain')).to eq(domain)
@@ -54,8 +60,12 @@ describe Osso::GraphQL::Schema do
54
60
  end
55
61
 
56
62
  describe 'for the wrong email scoped user' do
57
- let(:current_scope) { 'bar.com' }
58
-
63
+ let(:current_context) do
64
+ {
65
+ scope: 'end-user',
66
+ email: 'user@bar.com',
67
+ }
68
+ end
59
69
  it 'returns Enterprise Account for domain' do
60
70
  expect(subject['errors']).to_not be_empty
61
71
  expect(subject.dig('data', 'enterpriseAccount')).to be_nil
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
25
25
  described_class.execute(
26
26
  query,
27
27
  variables: nil,
28
- context: { scope: current_scope },
28
+ context: current_context,
29
29
  )
30
30
  end
31
31
 
32
32
  describe 'for an admin user' do
33
- let(:current_scope) { :admin }
33
+ let(:current_context) do
34
+ { scope: 'admin' }
35
+ end
34
36
 
35
37
  it 'returns Oauth Clients' do
36
38
  expect(subject['errors']).to be_nil
@@ -38,11 +40,12 @@ describe Osso::GraphQL::Schema do
38
40
  end
39
41
  end
40
42
 
41
- describe 'for an email scoped user' do
42
- let(:current_scope) { 'foo.com' }
43
-
44
- it 'returns Oauth Clients' do
45
- expect(subject['errors']).to be_nil
43
+ describe 'for an internal scoped user' do
44
+ let(:current_context) do
45
+ { scope: 'internal' }
46
+ end
47
+ it 'does not return Oauth Clients' do
48
+ expect(subject['errors']).to_not be_nil
46
49
  expect(subject.dig('data', 'oauthClients')).to be_nil
47
50
  end
48
51
  end
@@ -14,4 +14,16 @@ describe Osso::Models::IdentityProvider do
14
14
  )
15
15
  end
16
16
  end
17
+
18
+ describe '#saml_options' do
19
+ it 'returns the required args' do
20
+ expect(subject.saml_options).
21
+ to match(
22
+ domain: subject.domain,
23
+ idp_cert: subject.sso_cert,
24
+ idp_sso_target_url: subject.sso_url,
25
+ issuer: subject.domain,
26
+ )
27
+ end
28
+ end
17
29
  end
@@ -63,6 +63,24 @@ describe Osso::Auth do
63
63
  )
64
64
  end.to change { Osso::Models::AuthorizationCode.count }.by(1)
65
65
  end
66
+
67
+ describe 'for an IDP initiated login' do
68
+ it 'redirects with a default state' do
69
+ mock_saml_omniauth
70
+
71
+ post(
72
+ "/auth/saml/#{okta_provider.id}/callback",
73
+ nil,
74
+ {
75
+ 'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
76
+ 'identity_provider' => okta_provider,
77
+ },
78
+ )
79
+ expect(last_response).to be_redirect
80
+ follow_redirect!
81
+ expect(last_request.url).to match(/.*state=IDP_INITIATED$/)
82
+ end
83
+ end
66
84
  end
67
85
 
68
86
  describe 'on subsequent authentications' do