osso 0.0.3.12 → 0.0.3.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +8 -1
- data/.rubocop.yml +1 -0
- data/Gemfile.lock +2 -2
- data/bin/publish +18 -0
- data/lib/osso/graphql/mutation.rb +7 -3
- data/lib/osso/graphql/mutations.rb +1 -3
- data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +2 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
- data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +3 -5
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +52 -0
- data/lib/osso/graphql/query.rb +7 -0
- data/lib/osso/graphql/resolvers.rb +1 -0
- data/lib/osso/graphql/resolvers/base_resolver.rb +21 -0
- data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/types.rb +2 -1
- data/lib/osso/graphql/types/admin_user.rb +22 -0
- data/lib/osso/graphql/types/base_object.rb +22 -0
- data/lib/osso/graphql/types/enterprise_account.rb +0 -5
- data/lib/osso/graphql/types/identity_provider.rb +0 -6
- data/lib/osso/graphql/types/oauth_client.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri_input.rb +16 -0
- data/lib/osso/helpers/auth.rb +34 -15
- data/lib/osso/lib/route_map.rb +2 -2
- data/lib/osso/models/identity_provider.rb +6 -12
- data/lib/osso/models/oauth_client.rb +5 -0
- data/lib/osso/models/redirect_uri.rb +0 -11
- data/lib/osso/routes/admin.rb +2 -2
- data/lib/osso/routes/auth.rb +29 -12
- data/lib/osso/routes/oauth.rb +25 -18
- data/lib/osso/version.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +13 -4
- data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
- data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
- data/spec/graphql/query/enterprise_account_spec.rb +21 -6
- data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
- data/spec/graphql/query/identity_provider_spec.rb +16 -6
- data/spec/graphql/query/oauth_clients_spec.rb +10 -7
- data/spec/models/identity_provider_spec.rb +12 -0
- data/spec/routes/auth_spec.rb +18 -0
- data/spec/routes/oauth_spec.rb +5 -2
- data/spec/support/views/error.erb +0 -0
- metadata +12 -9
- data/lib/osso/graphql/mutations/add_redirect_uris_to_oauth_client.rb +0 -39
- data/lib/osso/graphql/mutations/delete_redirect_uri.rb +0 -38
- data/lib/osso/graphql/mutations/mark_redirect_uri_primary.rb +0 -34
- data/lib/osso/graphql/types/user.rb +0 -17
data/lib/osso/version.rb
CHANGED
@@ -39,12 +39,15 @@ describe Osso::GraphQL::Schema do
|
|
39
39
|
described_class.execute(
|
40
40
|
mutation,
|
41
41
|
variables: variables,
|
42
|
-
context:
|
42
|
+
context: current_context,
|
43
43
|
)
|
44
44
|
end
|
45
45
|
|
46
46
|
describe 'for an admin user' do
|
47
|
-
let(:
|
47
|
+
let(:current_context) do
|
48
|
+
{ scope: 'admin' }
|
49
|
+
end
|
50
|
+
|
48
51
|
it 'configures an identity provider' do
|
49
52
|
expect(subject.dig('data', 'configureIdentityProvider', 'identityProvider', 'status')).
|
50
53
|
to eq('Configured')
|
@@ -53,7 +56,12 @@ describe Osso::GraphQL::Schema do
|
|
53
56
|
|
54
57
|
describe 'for an email scoped user' do
|
55
58
|
let(:domain) { Faker::Internet.domain_name }
|
56
|
-
let(:
|
59
|
+
let(:current_context) do
|
60
|
+
{
|
61
|
+
scope: 'end-user',
|
62
|
+
email: "user@#{domain}",
|
63
|
+
}
|
64
|
+
end
|
57
65
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
58
66
|
let(:identity_provider) { create(:identity_provider, enterprise_account: enterprise_account, domain: domain) }
|
59
67
|
|
@@ -65,7 +73,12 @@ describe Osso::GraphQL::Schema do
|
|
65
73
|
|
66
74
|
describe 'for the wrong email scoped user' do
|
67
75
|
let(:domain) { Faker::Internet.domain_name }
|
68
|
-
let(:
|
76
|
+
let(:current_context) do
|
77
|
+
{
|
78
|
+
scope: 'end-user',
|
79
|
+
email: "user@#{domain}",
|
80
|
+
}
|
81
|
+
end
|
69
82
|
|
70
83
|
it 'does not configure an identity provider' do
|
71
84
|
expect(subject.dig('errors')).to_not be_empty
|
@@ -33,12 +33,14 @@ describe Osso::GraphQL::Schema do
|
|
33
33
|
described_class.execute(
|
34
34
|
mutation,
|
35
35
|
variables: variables,
|
36
|
-
context:
|
36
|
+
context: current_context,
|
37
37
|
)
|
38
38
|
end
|
39
39
|
|
40
40
|
describe 'for an admin user' do
|
41
|
-
let(:
|
41
|
+
let(:current_context) do
|
42
|
+
{ scope: 'admin' }
|
43
|
+
end
|
42
44
|
it 'creates an Enterprise Account' do
|
43
45
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
44
46
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
@@ -47,7 +49,12 @@ describe Osso::GraphQL::Schema do
|
|
47
49
|
end
|
48
50
|
|
49
51
|
describe 'for an email scoped user' do
|
50
|
-
let(:
|
52
|
+
let(:current_context) do
|
53
|
+
{
|
54
|
+
scope: 'end-user',
|
55
|
+
email: "user@#{domain}",
|
56
|
+
}
|
57
|
+
end
|
51
58
|
|
52
59
|
it 'creates an Enterprise Account' do
|
53
60
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
@@ -56,7 +63,9 @@ describe Osso::GraphQL::Schema do
|
|
56
63
|
end
|
57
64
|
end
|
58
65
|
describe 'for the wrong email scoped user' do
|
59
|
-
let(:
|
66
|
+
let(:current_context) do
|
67
|
+
{ scope: 'end-user', email: 'user@foo.com' }
|
68
|
+
end
|
60
69
|
|
61
70
|
it 'does not create an Enterprise Account' do
|
62
71
|
expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
|
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
|
|
25
25
|
described_class.execute(
|
26
26
|
mutation,
|
27
27
|
variables: variables,
|
28
|
-
context:
|
28
|
+
context: current_context,
|
29
29
|
)
|
30
30
|
end
|
31
31
|
|
32
32
|
describe 'for an admin user' do
|
33
|
-
let(:
|
33
|
+
let(:current_context) do
|
34
|
+
{ scope: 'admin' }
|
35
|
+
end
|
34
36
|
describe 'without a service' do
|
35
37
|
let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
|
36
38
|
|
@@ -54,7 +56,12 @@ describe Osso::GraphQL::Schema do
|
|
54
56
|
|
55
57
|
describe 'for an email scoped user' do
|
56
58
|
let(:domain) { Faker::Internet.domain_name }
|
57
|
-
let(:
|
59
|
+
let(:current_context) do
|
60
|
+
{
|
61
|
+
scope: 'end-user',
|
62
|
+
email: "user@#{domain}",
|
63
|
+
}
|
64
|
+
end
|
58
65
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
59
66
|
|
60
67
|
describe 'without a service' do
|
@@ -80,12 +87,17 @@ describe Osso::GraphQL::Schema do
|
|
80
87
|
|
81
88
|
describe 'for a wrong email scoped user' do
|
82
89
|
let(:domain) { Faker::Internet.domain_name }
|
83
|
-
let(:
|
90
|
+
let(:current_context) do
|
91
|
+
{
|
92
|
+
scope: 'end-user',
|
93
|
+
email: "user@#{domain}",
|
94
|
+
}
|
95
|
+
end
|
84
96
|
let(:enterprise_account) { create(:enterprise_account, domain: domain) }
|
85
97
|
let(:target_account) { create(:enterprise_account) }
|
86
98
|
|
87
99
|
describe 'without a service' do
|
88
|
-
let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
|
100
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id, domain: domain } } }
|
89
101
|
|
90
102
|
it 'does not creates a identity provider' do
|
91
103
|
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
@@ -93,7 +105,7 @@ describe Osso::GraphQL::Schema do
|
|
93
105
|
end
|
94
106
|
|
95
107
|
describe 'with a service' do
|
96
|
-
let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
|
108
|
+
let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA', domain: domain } } }
|
97
109
|
|
98
110
|
it 'does not creates a identity provider' do
|
99
111
|
expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
|
@@ -31,12 +31,14 @@ describe Osso::GraphQL::Schema do
|
|
31
31
|
described_class.execute(
|
32
32
|
mutation,
|
33
33
|
variables: variables,
|
34
|
-
context:
|
34
|
+
context: current_context,
|
35
35
|
)
|
36
36
|
end
|
37
37
|
|
38
38
|
describe 'for an admin user' do
|
39
|
-
let(:
|
39
|
+
let(:current_context) do
|
40
|
+
{ scope: 'admin' }
|
41
|
+
end
|
40
42
|
it 'creates an OauthClient' do
|
41
43
|
expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
|
42
44
|
expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
|
@@ -45,7 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
45
47
|
end
|
46
48
|
|
47
49
|
describe 'for an email scoped user' do
|
48
|
-
let(:
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: 'user@foo.com',
|
54
|
+
}
|
55
|
+
end
|
49
56
|
|
50
57
|
it 'does not create an OauthClient Account' do
|
51
58
|
expect { subject }.to_not(change { Osso::Models::OauthClient.count })
|
@@ -30,12 +30,15 @@ describe Osso::GraphQL::Schema do
|
|
30
30
|
described_class.execute(
|
31
31
|
mutation,
|
32
32
|
variables: variables,
|
33
|
-
context:
|
33
|
+
context: current_context,
|
34
34
|
)
|
35
35
|
end
|
36
36
|
|
37
37
|
describe 'for an admin user' do
|
38
|
-
let(:
|
38
|
+
let(:current_context) do
|
39
|
+
{ scope: 'admin' }
|
40
|
+
end
|
41
|
+
|
39
42
|
it 'deletes an Enterprise Account' do
|
40
43
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
|
41
44
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
|
@@ -44,7 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
44
47
|
end
|
45
48
|
|
46
49
|
describe 'for an email scoped user' do
|
47
|
-
let(:
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: "user@#{domain}",
|
54
|
+
}
|
55
|
+
end
|
48
56
|
|
49
57
|
it 'deletes the Enterprise Account' do
|
50
58
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
|
@@ -52,8 +60,14 @@ describe Osso::GraphQL::Schema do
|
|
52
60
|
to be_nil
|
53
61
|
end
|
54
62
|
end
|
63
|
+
|
55
64
|
describe 'for the wrong email scoped user' do
|
56
|
-
let(:
|
65
|
+
let(:current_context) do
|
66
|
+
{
|
67
|
+
scope: 'end-user',
|
68
|
+
email: 'user@foo.com',
|
69
|
+
}
|
70
|
+
end
|
57
71
|
|
58
72
|
it 'does not delete the Enterprise Account' do
|
59
73
|
expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })
|
@@ -29,21 +29,25 @@ describe Osso::GraphQL::Schema do
|
|
29
29
|
described_class.execute(
|
30
30
|
mutation,
|
31
31
|
variables: variables,
|
32
|
-
context:
|
32
|
+
context: current_context,
|
33
33
|
)
|
34
34
|
end
|
35
35
|
|
36
36
|
describe 'for an admin user' do
|
37
|
-
let(:
|
37
|
+
let(:current_context) do
|
38
|
+
{ scope: 'admin' }
|
39
|
+
end
|
38
40
|
it 'deletes the OauthClient' do
|
39
41
|
expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
|
40
42
|
end
|
41
43
|
end
|
42
44
|
|
43
45
|
describe 'for an email scoped user' do
|
44
|
-
let(:
|
46
|
+
let(:current_context) do
|
47
|
+
{ scope: 'end-user', email: 'user@foo.com' }
|
48
|
+
end
|
45
49
|
|
46
|
-
it 'does not
|
50
|
+
it 'does not deletes the OauthClient' do
|
47
51
|
expect { subject }.to_not(change { Osso::Models::OauthClient.count })
|
48
52
|
end
|
49
53
|
end
|
@@ -37,12 +37,17 @@ describe Osso::GraphQL::Schema do
|
|
37
37
|
described_class.execute(
|
38
38
|
query,
|
39
39
|
variables: variables,
|
40
|
-
context:
|
40
|
+
context: current_context,
|
41
41
|
)
|
42
42
|
end
|
43
43
|
|
44
44
|
describe 'for an admin user' do
|
45
|
-
let(:
|
45
|
+
let(:current_context) do
|
46
|
+
{
|
47
|
+
scope: 'admin',
|
48
|
+
}
|
49
|
+
end
|
50
|
+
|
46
51
|
it 'returns Enterprise Account for domain' do
|
47
52
|
expect(subject['errors']).to be_nil
|
48
53
|
expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
|
@@ -50,7 +55,12 @@ describe Osso::GraphQL::Schema do
|
|
50
55
|
end
|
51
56
|
|
52
57
|
describe 'for an email scoped user' do
|
53
|
-
let(:
|
58
|
+
let(:current_context) do
|
59
|
+
{
|
60
|
+
scope: 'end-user',
|
61
|
+
email: "user@#{domain}",
|
62
|
+
}
|
63
|
+
end
|
54
64
|
it 'returns Enterprise Account for domain' do
|
55
65
|
expect(subject['errors']).to be_nil
|
56
66
|
expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
|
@@ -58,9 +68,14 @@ describe Osso::GraphQL::Schema do
|
|
58
68
|
end
|
59
69
|
|
60
70
|
describe 'for the wrong email scoped user' do
|
61
|
-
let(:
|
62
|
-
|
63
|
-
|
71
|
+
let(:current_context) do
|
72
|
+
{
|
73
|
+
scope: 'end-user',
|
74
|
+
email: 'foo@bar.com',
|
75
|
+
}
|
76
|
+
end
|
77
|
+
it 'does not return Enterprise Account for domain' do
|
78
|
+
expect(subject['errors']).to_not be_nil
|
64
79
|
expect(subject.dig('data', 'enterpriseAccount')).to be_nil
|
65
80
|
end
|
66
81
|
end
|
@@ -5,7 +5,9 @@ require 'spec_helper'
|
|
5
5
|
describe Osso::GraphQL::Schema do
|
6
6
|
describe 'EnterpriseAccounts' do
|
7
7
|
describe 'for an admin user' do
|
8
|
-
let(:
|
8
|
+
let(:current_context) do
|
9
|
+
{ scope: 'admin' }
|
10
|
+
end
|
9
11
|
|
10
12
|
it 'returns paginated Enterprise Accounts' do
|
11
13
|
%w[A B C].map do |name|
|
@@ -44,7 +46,7 @@ describe Osso::GraphQL::Schema do
|
|
44
46
|
response = described_class.execute(
|
45
47
|
query,
|
46
48
|
variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
|
47
|
-
context:
|
49
|
+
context: current_context,
|
48
50
|
)
|
49
51
|
|
50
52
|
expect(response['errors']).to be_nil
|
@@ -32,12 +32,14 @@ describe Osso::GraphQL::Schema do
|
|
32
32
|
described_class.execute(
|
33
33
|
query,
|
34
34
|
variables: variables,
|
35
|
-
context:
|
35
|
+
context: current_context,
|
36
36
|
)
|
37
37
|
end
|
38
38
|
|
39
39
|
describe 'for an admin user' do
|
40
|
-
let(:
|
40
|
+
let(:current_context) do
|
41
|
+
{ scope: 'admin' }
|
42
|
+
end
|
41
43
|
it 'returns Identity Provider for id' do
|
42
44
|
expect(subject['errors']).to be_nil
|
43
45
|
expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
|
@@ -45,8 +47,12 @@ describe Osso::GraphQL::Schema do
|
|
45
47
|
end
|
46
48
|
|
47
49
|
describe 'for an email scoped user' do
|
48
|
-
let(:
|
49
|
-
|
50
|
+
let(:current_context) do
|
51
|
+
{
|
52
|
+
scope: 'end-user',
|
53
|
+
email: "user@#{domain}",
|
54
|
+
}
|
55
|
+
end
|
50
56
|
it 'returns Enterprise Account for domain' do
|
51
57
|
expect(subject['errors']).to be_nil
|
52
58
|
expect(subject.dig('data', 'identityProvider', 'domain')).to eq(domain)
|
@@ -54,8 +60,12 @@ describe Osso::GraphQL::Schema do
|
|
54
60
|
end
|
55
61
|
|
56
62
|
describe 'for the wrong email scoped user' do
|
57
|
-
let(:
|
58
|
-
|
63
|
+
let(:current_context) do
|
64
|
+
{
|
65
|
+
scope: 'end-user',
|
66
|
+
email: 'user@bar.com',
|
67
|
+
}
|
68
|
+
end
|
59
69
|
it 'returns Enterprise Account for domain' do
|
60
70
|
expect(subject['errors']).to_not be_empty
|
61
71
|
expect(subject.dig('data', 'enterpriseAccount')).to be_nil
|
@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
|
|
25
25
|
described_class.execute(
|
26
26
|
query,
|
27
27
|
variables: nil,
|
28
|
-
context:
|
28
|
+
context: current_context,
|
29
29
|
)
|
30
30
|
end
|
31
31
|
|
32
32
|
describe 'for an admin user' do
|
33
|
-
let(:
|
33
|
+
let(:current_context) do
|
34
|
+
{ scope: 'admin' }
|
35
|
+
end
|
34
36
|
|
35
37
|
it 'returns Oauth Clients' do
|
36
38
|
expect(subject['errors']).to be_nil
|
@@ -38,11 +40,12 @@ describe Osso::GraphQL::Schema do
|
|
38
40
|
end
|
39
41
|
end
|
40
42
|
|
41
|
-
describe 'for an
|
42
|
-
let(:
|
43
|
-
|
44
|
-
|
45
|
-
|
43
|
+
describe 'for an internal scoped user' do
|
44
|
+
let(:current_context) do
|
45
|
+
{ scope: 'internal' }
|
46
|
+
end
|
47
|
+
it 'does not return Oauth Clients' do
|
48
|
+
expect(subject['errors']).to_not be_nil
|
46
49
|
expect(subject.dig('data', 'oauthClients')).to be_nil
|
47
50
|
end
|
48
51
|
end
|
@@ -14,4 +14,16 @@ describe Osso::Models::IdentityProvider do
|
|
14
14
|
)
|
15
15
|
end
|
16
16
|
end
|
17
|
+
|
18
|
+
describe '#saml_options' do
|
19
|
+
it 'returns the required args' do
|
20
|
+
expect(subject.saml_options).
|
21
|
+
to match(
|
22
|
+
domain: subject.domain,
|
23
|
+
idp_cert: subject.sso_cert,
|
24
|
+
idp_sso_target_url: subject.sso_url,
|
25
|
+
issuer: subject.domain,
|
26
|
+
)
|
27
|
+
end
|
28
|
+
end
|
17
29
|
end
|
data/spec/routes/auth_spec.rb
CHANGED
@@ -63,6 +63,24 @@ describe Osso::Auth do
|
|
63
63
|
)
|
64
64
|
end.to change { Osso::Models::AuthorizationCode.count }.by(1)
|
65
65
|
end
|
66
|
+
|
67
|
+
describe 'for an IDP initiated login' do
|
68
|
+
it 'redirects with a default state' do
|
69
|
+
mock_saml_omniauth
|
70
|
+
|
71
|
+
post(
|
72
|
+
"/auth/saml/#{okta_provider.id}/callback",
|
73
|
+
nil,
|
74
|
+
{
|
75
|
+
'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
|
76
|
+
'identity_provider' => okta_provider,
|
77
|
+
},
|
78
|
+
)
|
79
|
+
expect(last_response).to be_redirect
|
80
|
+
follow_redirect!
|
81
|
+
expect(last_request.url).to match(/.*state=IDP_INITIATED$/)
|
82
|
+
end
|
83
|
+
end
|
66
84
|
end
|
67
85
|
|
68
86
|
describe 'on subsequent authentications' do
|