osso 0.0.3.12 → 0.0.3.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +8 -1
- data/.rubocop.yml +1 -0
- data/Gemfile.lock +2 -2
- data/bin/publish +18 -0
- data/lib/osso/graphql/mutation.rb +7 -3
- data/lib/osso/graphql/mutations.rb +1 -3
- data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +2 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
- data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +3 -5
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +52 -0
- data/lib/osso/graphql/query.rb +7 -0
- data/lib/osso/graphql/resolvers.rb +1 -0
- data/lib/osso/graphql/resolvers/base_resolver.rb +21 -0
- data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/types.rb +2 -1
- data/lib/osso/graphql/types/admin_user.rb +22 -0
- data/lib/osso/graphql/types/base_object.rb +22 -0
- data/lib/osso/graphql/types/enterprise_account.rb +0 -5
- data/lib/osso/graphql/types/identity_provider.rb +0 -6
- data/lib/osso/graphql/types/oauth_client.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri_input.rb +16 -0
- data/lib/osso/helpers/auth.rb +34 -15
- data/lib/osso/lib/route_map.rb +2 -2
- data/lib/osso/models/identity_provider.rb +6 -12
- data/lib/osso/models/oauth_client.rb +5 -0
- data/lib/osso/models/redirect_uri.rb +0 -11
- data/lib/osso/routes/admin.rb +2 -2
- data/lib/osso/routes/auth.rb +29 -12
- data/lib/osso/routes/oauth.rb +25 -18
- data/lib/osso/version.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +13 -4
- data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
- data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
- data/spec/graphql/query/enterprise_account_spec.rb +21 -6
- data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
- data/spec/graphql/query/identity_provider_spec.rb +16 -6
- data/spec/graphql/query/oauth_clients_spec.rb +10 -7
- data/spec/models/identity_provider_spec.rb +12 -0
- data/spec/routes/auth_spec.rb +18 -0
- data/spec/routes/oauth_spec.rb +5 -2
- data/spec/support/views/error.erb +0 -0
- metadata +12 -9
- data/lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb +0 -39
- data/lib/osso/graphql/mutations/delete_redirect_uri.rb +0 -38
- data/lib/osso/graphql/mutations/mark_redirect_uri_primary.rb +0 -34
- data/lib/osso/graphql/types/user.rb +0 -17
data/lib/osso/version.rb
CHANGED
@@ -39,12 +39,15 @@ describe Osso::GraphQL::Schema do
|
|
39
39
|
described_class.execute(
|
40
40
|
mutation,
|
41
41
|
variables: variables,
|
42
|
-
context:
|
42
|
+
context: current_context,
|
43
43
|
)
|
44
44
|
end
|
45
45
|
|
46
46
|
describe 'for an admin user' do
|
47
|
-
let(:
|
47
|
+
let(:current_context) do
|
48
|
+
{ scope: 'admin' }
|
49
|
+
end
|
50
|
+
|
48
51
|
it 'configures an identity provider' do
|
49
52
|
expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
|
50
53
|
to eq('Configured')
|
@@ -53,7 +56,12 @@ describe Osso::GraphQL::Schema do
|
|
53
56
|
|
54
57
|
describe 'for an email scoped user' do
|
55
58
|
let(:domain) { Faker::Internet.domain_name }
|
56
|
-
let(:
|
59
|
+
let(:current_context) do
|
60
|
+
{
|
61
|
+
scope: 'end-user',
|
62
|
+
email: "user@#{domain}",
|
63
|
+
}
|
64
|
+
end
|
57
65
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
58
66
|
let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
|
59
67
|
|
@@ -65,7 +73,12 @@ describe Osso::GraphQL::Schema do
|
|
65
73
|
|
66
74
|
describe 'for the wrong email scoped user' do
|
67
75
|
let(:domain) { Faker::Internet.domain_name }
|
68
|
-
let(:
|
76
|
+
let(:current_context) do
|
77
|
+
{
|
78
|
+
scope: 'end-user',
|
79
|
+
email: "user@#{domain}",
|
80
|
+
}
|
81
|
+
end
|
69
82
|
|
70
83
|
it 'does not configure an identity provider' do
|
71
84
|
expect(subject.dig('errors')).to_not be_empty
|
@@ -33,12 +33,14 @@ describe Osso::GraphQL::Schema do
|
|
33
33
|
described_class.execute(
|
34
34
|
mutation,
|
35
35
|
variables: variables,
|
36
|
-
context:
|
36
|
+
context: current_context,
|
37
37
|
)
|
38
38
|
end
|
39
39
|
|
40
40
|
describe 'for an admin user' do
|
41
|
-
let(:
|
41
|
+
let(:current_context) do
|
42
|
+
{ scope: 'admin' }
|
43
|
+
end
|
42
44
|
it 'creates an Enterprise Account' do
|
43
45
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
44
46
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
@@ -47,7 +49,12 @@ describe Osso::GraphQL::Schema do
|
|
47
49
|
end
|
48
50
|
|
49
51
|
describe 'for an email scoped user' do
|
50
|
-
let(:
|
52
|
+
let(:current_context) do
|
53
|
+
{
|
54
|
+
scope: 'end-user',
|
55
|
+
email: "user@#{domain}",
|
56
|
+
}
|
57
|
+
end
|
51
58
|
|
52
59
|
it 'creates an Enterprise Account' do
|
53
60
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
@@ -56,7 +63,9 @@ describe Osso::GraphQL::Schema do
|
|
56
63
|
end
|
57
64
|
end
|
58
65
|
describe 'for the wrong email scoped user' do
|
59
|
-
let(:
|
66
|
+
let(:current_context) do
|
67
|
+
{ scope: 'end-user', email: 'user@foo.com' }
|
68
|
+
end
|
60
69
|
|
61
70
|
it 'does not create an Enterprise Account' do
|
62
71
|
expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
|
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
|
|
25
25
|
described_class.execute(
|
26
26
|
mutation,
|
27
27
|
variables: variables,
|
28
|
-
context:
|
28
|
+
context: current_context,
|
29
29
|
)
|
30
30
|
end
|
31
31
|
|
32
32
|
describe 'for an admin user' do
|
33
|
-
let(:
|
33
|
+
let(:current_context) do
|
34
|
+
{ scope: 'admin' }
|
35
|
+
end
|
34
36
|
describe 'without a service' do
|
35
37
|
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
|
36
38
|
|
@@ -54,7 +56,12 @@ describe Osso::GraphQL::Schema do
|
|
54
56
|
|
55
57
|
describe 'for an email scoped user' do
|
56
58
|
let(:domain) { Faker::Internet.domain_name }
|
57
|
-
let(:
|
59
|
+
let(:current_context) do
|
60
|
+
{
|
61
|
+
scope: 'end-user',
|
62
|
+
email: "user@#{domain}",
|
63
|
+
}
|
64
|
+
end
|
58
65
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
59
66
|
|
60
67
|
describe 'without a service' do
|
@@ -80,12 +87,17 @@ describe Osso::GraphQL::Schema do
|
|
80
87
|
|
81
88
|
describe 'for a wrong email scoped user' do
|
82
89
|
let(:domain) { Faker::Internet.domain_name }
|
83
|
-
let(:
|
90
|
+
let(:current_context) do
|
91
|
+
{
|
92
|
+
scope: 'end-user',
|
93
|
+
email: "user@#{domain}",
|
94
|
+
}
|
95
|
+
end
|
84
96
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
85
97
|
let(:target_account) { create(:enterprise_account) }
|
86
98
|
|
87
99
|
describe 'without a service' do
|
88
|
-
let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
|
100
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id, domain: domain } } }
|
89
101
|
|
90
102
|
it 'does not creates a identity provider' do
|
91
103
|
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
@@ -93,7 +105,7 @@ describe Osso::GraphQL::Schema do
|
|
93
105
|
end
|
94
106
|
|
95
107
|
describe 'with a service' do
|
96
|
-
let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
|
108
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA', domain: domain } } }
|
97
109
|
|
98
110
|
it 'does not creates a identity provider' do
|
99
111
|
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
@@ -31,12 +31,14 @@ describe Osso::GraphQL::Schema do
|
|
31
31
|
described_class.execute(
|
32
32
|
mutation,
|
33
33
|
variables: variables,
|
34
|
-
context:
|
34
|
+
context: current_context,
|
35
35
|
)
|
36
36
|
end
|
37
37
|
|
38
38
|
describe 'for an admin user' do
|
39
|
-
let(:
|
39
|
+
let(:current_context) do
|
40
|
+
{ scope: 'admin' }
|
41
|
+
end
|
40
42
|
it 'creates an OauthClient' do
|
41
43
|
expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
|
42
44
|
expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
|
@@ -45,7 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
45
47
|
end
|
46
48
|
|
47
49
|
describe 'for an email scoped user' do
|
48
|
-
let(:
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: 'user@foo.com',
|
54
|
+
}
|
55
|
+
end
|
49
56
|
|
50
57
|
it 'does not create an OauthClient Account' do
|
51
58
|
expect { subject }.to_not(change { Osso::Models::OauthClient.count })
|
@@ -30,12 +30,15 @@ describe Osso::GraphQL::Schema do
|
|
30
30
|
described_class.execute(
|
31
31
|
mutation,
|
32
32
|
variables: variables,
|
33
|
-
context:
|
33
|
+
context: current_context,
|
34
34
|
)
|
35
35
|
end
|
36
36
|
|
37
37
|
describe 'for an admin user' do
|
38
|
-
let(:
|
38
|
+
let(:current_context) do
|
39
|
+
{ scope: 'admin' }
|
40
|
+
end
|
41
|
+
|
39
42
|
it 'deletes an Enterprise Account' do
|
40
43
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
|
41
44
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
|
@@ -44,7 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
44
47
|
end
|
45
48
|
|
46
49
|
describe 'for an email scoped user' do
|
47
|
-
let(:
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: "user@#{domain}",
|
54
|
+
}
|
55
|
+
end
|
48
56
|
|
49
57
|
it 'deletes the Enterprise Account' do
|
50
58
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
|
@@ -52,8 +60,14 @@ describe Osso::GraphQL::Schema do
|
|
52
60
|
to be_nil
|
53
61
|
end
|
54
62
|
end
|
63
|
+
|
55
64
|
describe 'for the wrong email scoped user' do
|
56
|
-
let(:
|
65
|
+
let(:current_context) do
|
66
|
+
{
|
67
|
+
scope: 'end-user',
|
68
|
+
email: 'user@foo.com',
|
69
|
+
}
|
70
|
+
end
|
57
71
|
|
58
72
|
it 'does not delete the Enterprise Account' do
|
59
73
|
expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
|
@@ -29,21 +29,25 @@ describe Osso::GraphQL::Schema do
|
|
29
29
|
described_class.execute(
|
30
30
|
mutation,
|
31
31
|
variables: variables,
|
32
|
-
context:
|
32
|
+
context: current_context,
|
33
33
|
)
|
34
34
|
end
|
35
35
|
|
36
36
|
describe 'for an admin user' do
|
37
|
-
let(:
|
37
|
+
let(:current_context) do
|
38
|
+
{ scope: 'admin' }
|
39
|
+
end
|
38
40
|
it 'deletes the OauthClient' do
|
39
41
|
expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
|
40
42
|
end
|
41
43
|
end
|
42
44
|
|
43
45
|
describe 'for an email scoped user' do
|
44
|
-
let(:
|
46
|
+
let(:current_context) do
|
47
|
+
{ scope: 'end-user', email: 'user@foo.com' }
|
48
|
+
end
|
45
49
|
|
46
|
-
it 'does not
|
50
|
+
it 'does not deletes the OauthClient' do
|
47
51
|
expect { subject }.to_not(change { Osso::Models::OauthClient.count })
|
48
52
|
end
|
49
53
|
end
|
@@ -37,12 +37,17 @@ describe Osso::GraphQL::Schema do
|
|
37
37
|
described_class.execute(
|
38
38
|
query,
|
39
39
|
variables: variables,
|
40
|
-
context:
|
40
|
+
context: current_context,
|
41
41
|
)
|
42
42
|
end
|
43
43
|
|
44
44
|
describe 'for an admin user' do
|
45
|
-
let(:
|
45
|
+
let(:current_context) do
|
46
|
+
{
|
47
|
+
scope: 'admin',
|
48
|
+
}
|
49
|
+
end
|
50
|
+
|
46
51
|
it 'returns Enterprise Account for domain' do
|
47
52
|
expect(subject['errors']).to be_nil
|
48
53
|
expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
|
@@ -50,7 +55,12 @@ describe Osso::GraphQL::Schema do
|
|
50
55
|
end
|
51
56
|
|
52
57
|
describe 'for an email scoped user' do
|
53
|
-
let(:
|
58
|
+
let(:current_context) do
|
59
|
+
{
|
60
|
+
scope: 'end-user',
|
61
|
+
email: "user@#{domain}",
|
62
|
+
}
|
63
|
+
end
|
54
64
|
it 'returns Enterprise Account for domain' do
|
55
65
|
expect(subject['errors']).to be_nil
|
56
66
|
expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
|
@@ -58,9 +68,14 @@ describe Osso::GraphQL::Schema do
|
|
58
68
|
end
|
59
69
|
|
60
70
|
describe 'for the wrong email scoped user' do
|
61
|
-
let(:
|
62
|
-
|
63
|
-
|
71
|
+
let(:current_context) do
|
72
|
+
{
|
73
|
+
scope: 'end-user',
|
74
|
+
email: 'foo@bar.com',
|
75
|
+
}
|
76
|
+
end
|
77
|
+
it 'does not return Enterprise Account for domain' do
|
78
|
+
expect(subject['errors']).to_not be_nil
|
64
79
|
expect(subject.dig('data', 'enterpriseAccount')).to be_nil
|
65
80
|
end
|
66
81
|
end
|
@@ -5,7 +5,9 @@ require 'spec_helper'
|
|
5
5
|
describe Osso::GraphQL::Schema do
|
6
6
|
describe 'EnterpriseAccounts' do
|
7
7
|
describe 'for an admin user' do
|
8
|
-
let(:
|
8
|
+
let(:current_context) do
|
9
|
+
{ scope: 'admin' }
|
10
|
+
end
|
9
11
|
|
10
12
|
it 'returns paginated Enterprise Accounts' do
|
11
13
|
%w[A B C].map do |name|
|
@@ -44,7 +46,7 @@ describe Osso::GraphQL::Schema do
|
|
44
46
|
response = described_class.execute(
|
45
47
|
query,
|
46
48
|
variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
|
47
|
-
context:
|
49
|
+
context: current_context,
|
48
50
|
)
|
49
51
|
|
50
52
|
expect(response['errors']).to be_nil
|
@@ -32,12 +32,14 @@ describe Osso::GraphQL::Schema do
|
|
32
32
|
described_class.execute(
|
33
33
|
query,
|
34
34
|
variables: variables,
|
35
|
-
context:
|
35
|
+
context: current_context,
|
36
36
|
)
|
37
37
|
end
|
38
38
|
|
39
39
|
describe 'for an admin user' do
|
40
|
-
let(:
|
40
|
+
let(:current_context) do
|
41
|
+
{ scope: 'admin' }
|
42
|
+
end
|
41
43
|
it 'returns Identity Provider for id' do
|
42
44
|
expect(subject['errors']).to be_nil
|
43
45
|
expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
|
@@ -45,8 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
45
47
|
end
|
46
48
|
|
47
49
|
describe 'for an email scoped user' do
|
48
|
-
let(:
|
49
|
-
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: "user@#{domain}",
|
54
|
+
}
|
55
|
+
end
|
50
56
|
it 'returns Enterprise Account for domain' do
|
51
57
|
expect(subject['errors']).to be_nil
|
52
58
|
expect(subject.dig('data', 'identityProvider', 'domain')).to eq(domain)
|
@@ -54,8 +60,12 @@ describe Osso::GraphQL::Schema do
|
|
54
60
|
end
|
55
61
|
|
56
62
|
describe 'for the wrong email scoped user' do
|
57
|
-
let(:
|
58
|
-
|
63
|
+
let(:current_context) do
|
64
|
+
{
|
65
|
+
scope: 'end-user',
|
66
|
+
email: 'user@bar.com',
|
67
|
+
}
|
68
|
+
end
|
59
69
|
it 'returns Enterprise Account for domain' do
|
60
70
|
expect(subject['errors']).to_not be_empty
|
61
71
|
expect(subject.dig('data', 'enterpriseAccount')).to be_nil
|
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
|
|
25
25
|
described_class.execute(
|
26
26
|
query,
|
27
27
|
variables: nil,
|
28
|
-
context:
|
28
|
+
context: current_context,
|
29
29
|
)
|
30
30
|
end
|
31
31
|
|
32
32
|
describe 'for an admin user' do
|
33
|
-
let(:
|
33
|
+
let(:current_context) do
|
34
|
+
{ scope: 'admin' }
|
35
|
+
end
|
34
36
|
|
35
37
|
it 'returns Oauth Clients' do
|
36
38
|
expect(subject['errors']).to be_nil
|
@@ -38,11 +40,12 @@ describe Osso::GraphQL::Schema do
|
|
38
40
|
end
|
39
41
|
end
|
40
42
|
|
41
|
-
describe 'for an
|
42
|
-
let(:
|
43
|
-
|
44
|
-
|
45
|
-
|
43
|
+
describe 'for an internal scoped user' do
|
44
|
+
let(:current_context) do
|
45
|
+
{ scope: 'internal' }
|
46
|
+
end
|
47
|
+
it 'does not return Oauth Clients' do
|
48
|
+
expect(subject['errors']).to_not be_nil
|
46
49
|
expect(subject.dig('data', 'oauthClients')).to be_nil
|
47
50
|
end
|
48
51
|
end
|
@@ -14,4 +14,16 @@ describe Osso::Models::IdentityProvider do
|
|
14
14
|
)
|
15
15
|
end
|
16
16
|
end
|
17
|
+
|
18
|
+
describe '#saml_options' do
|
19
|
+
it 'returns the required args' do
|
20
|
+
expect(subject.saml_options).
|
21
|
+
to match(
|
22
|
+
domain: subject.domain,
|
23
|
+
idp_cert: subject.sso_cert,
|
24
|
+
idp_sso_target_url: subject.sso_url,
|
25
|
+
issuer: subject.domain,
|
26
|
+
)
|
27
|
+
end
|
28
|
+
end
|
17
29
|
end
|
data/spec/routes/auth_spec.rb
CHANGED
@@ -63,6 +63,24 @@ describe Osso::Auth do
|
|
63
63
|
)
|
64
64
|
end.to change { Osso::Models::AuthorizationCode.count }.by(1)
|
65
65
|
end
|
66
|
+
|
67
|
+
describe 'for an IDP initiated login' do
|
68
|
+
it 'redirects with a default state' do
|
69
|
+
mock_saml_omniauth
|
70
|
+
|
71
|
+
post(
|
72
|
+
"/auth/saml/#{okta_provider.id}/callback",
|
73
|
+
nil,
|
74
|
+
{
|
75
|
+
'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
|
76
|
+
'identity_provider' => okta_provider,
|
77
|
+
},
|
78
|
+
)
|
79
|
+
expect(last_response).to be_redirect
|
80
|
+
follow_redirect!
|
81
|
+
expect(last_request.url).to match(/.*state=IDP_INITIATED$/)
|
82
|
+
end
|
83
|
+
end
|
66
84
|
end
|
67
85
|
|
68
86
|
describe 'on subsequent authentications' do
|