osso 0.0.3.13 → 0.0.3.18

data/spec/graphql/mutations/create_enterprise_account_spec.rb

@@ -33,12 +33,14 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         mutation,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
       it 'creates an Enterprise Account' do
         expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
         expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
@@ -47,7 +49,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { domain }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
 
       it 'creates an Enterprise Account' do
         expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
@@ -56,7 +63,9 @@ describe Osso::GraphQL::Schema do
       end
     end
     describe 'for the wrong email scoped user' do
-      let(:current_scope) { 'foo.com' }
+      let(:current_context) do
+        { scope: 'end-user', email: 'user@foo.com' }
+      end
 
       it 'does not create an Enterprise Account' do
         expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })

data/spec/graphql/mutations/create_identity_provider_spec.rb

@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         mutation,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
       describe 'without a service' do
         let(:variables) { { input: { enterpriseAccountId: enterprise_account.id } } }
 
@@ -54,7 +56,12 @@ describe Osso::GraphQL::Schema do
 
     describe 'for an email scoped user' do
       let(:domain) { Faker::Internet.domain_name }
-      let(:current_scope) { domain }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
       let(:enterprise_account) { create(:enterprise_account, domain: domain) }
 
       describe 'without a service' do
@@ -80,12 +87,17 @@ describe Osso::GraphQL::Schema do
 
     describe 'for a wrong email scoped user' do
       let(:domain) { Faker::Internet.domain_name }
-      let(:current_scope) { domain }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
       let(:enterprise_account) { create(:enterprise_account, domain: domain) }
       let(:target_account) { create(:enterprise_account) }
 
       describe 'without a service' do
-        let(:variables) { { input: { enterpriseAccountId: target_account.id } } }
+        let(:variables) { { input: { enterpriseAccountId: target_account.id, domain: domain } } }
 
         it 'does not creates a identity provider' do
           expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })
@@ -93,7 +105,7 @@ describe Osso::GraphQL::Schema do
       end
 
       describe 'with a service' do
-        let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA' } } }
+        let(:variables) { { input: { enterpriseAccountId: target_account.id, service: 'OKTA', domain: domain } } }
 
         it 'does not creates a identity provider' do
           expect { subject }.to_not(change { Osso::Models::IdentityProvider.count })

data/spec/graphql/mutations/create_oauth_client_spec.rb

@@ -31,12 +31,14 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         mutation,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
       it 'creates an OauthClient' do
         expect { subject }.to change { Osso::Models::OauthClient.count }.by(1)
         expect(subject.dig('data', 'createOauthClient', 'oauthClient', 'clientId')).
@@ -45,7 +47,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { 'foo.com' }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: 'user@foo.com',
+        }
+      end
 
       it 'does not create an OauthClient Account' do
         expect { subject }.to_not(change { Osso::Models::OauthClient.count })

data/spec/graphql/mutations/delete_enterprise_account_spec.rb

@@ -30,12 +30,15 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         mutation,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
+
       it 'deletes an Enterprise Account' do
         expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
         expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount')).
@@ -44,7 +47,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { domain }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
 
       it 'deletes the Enterprise Account' do
         expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(-1)
@@ -52,8 +60,14 @@ describe Osso::GraphQL::Schema do
           to be_nil
       end
     end
+
     describe 'for the wrong email scoped user' do
-      let(:current_scope) { 'foo.com' }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: 'user@foo.com',
+        }
+      end
 
       it 'does not delete the Enterprise Account' do
         expect { subject }.to_not(change { Osso::Models::EnterpriseAccount.count })

data/spec/graphql/mutations/delete_oauth_client_spec.rb

@@ -29,21 +29,25 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         mutation,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
       it 'deletes the OauthClient' do
         expect { subject }.to change { Osso::Models::OauthClient.count }.by(-1)
       end
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { 'foo.com' }
+      let(:current_context) do
+        { scope: 'end-user', email: 'user@foo.com' }
+      end
 
-      it 'does not create an OauthClient Account' do
+      it 'does not deletes the OauthClient' do
         expect { subject }.to_not(change { Osso::Models::OauthClient.count })
       end
     end

data/spec/graphql/query/enterprise_account_spec.rb

@@ -37,12 +37,17 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         query,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        {
+          scope: 'admin',
+        }
+      end
+
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to be_nil
         expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
@@ -50,7 +55,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { domain }
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to be_nil
         expect(subject.dig('data', 'enterpriseAccount', 'domain')).to eq(domain)
@@ -58,9 +68,14 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for the wrong email scoped user' do
-      let(:current_scope) { 'bar.com' }
-      it 'returns Enterprise Account for domain' do
-        expect(subject['errors']).to be_nil
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: 'foo@bar.com',
+        }
+      end
+      it 'does not return Enterprise Account for domain' do
+        expect(subject['errors']).to_not be_nil
         expect(subject.dig('data', 'enterpriseAccount')).to be_nil
       end
     end

data/spec/graphql/query/enterprise_accounts_spec.rb

@@ -5,7 +5,9 @@ require 'spec_helper'
 describe Osso::GraphQL::Schema do
   describe 'EnterpriseAccounts' do
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
 
       it 'returns paginated Enterprise Accounts' do
         %w[A B C].map do |name|
@@ -44,7 +46,7 @@ describe Osso::GraphQL::Schema do
         response = described_class.execute(
           query,
           variables: { first: 2, sortOrder: 'descending', sortColumn: 'name' },
-          context: { scope: current_scope },
+          context: current_context,
         )
 
         expect(response['errors']).to be_nil

data/spec/graphql/query/identity_provider_spec.rb

@@ -32,12 +32,14 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         query,
         variables: variables,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
       it 'returns Identity Provider for id' do
         expect(subject['errors']).to be_nil
         expect(subject.dig('data', 'identityProvider', 'id')).to eq(id)
@@ -45,8 +47,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for an email scoped user' do
-      let(:current_scope) { domain }
-
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: "user@#{domain}",
+        }
+      end
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to be_nil
         expect(subject.dig('data', 'identityProvider', 'domain')).to eq(domain)
@@ -54,8 +60,12 @@ describe Osso::GraphQL::Schema do
     end
 
     describe 'for the wrong email scoped user' do
-      let(:current_scope) { 'bar.com' }
-
+      let(:current_context) do
+        {
+          scope: 'end-user',
+          email: 'user@bar.com',
+        }
+      end
       it 'returns Enterprise Account for domain' do
         expect(subject['errors']).to_not be_empty
         expect(subject.dig('data', 'enterpriseAccount')).to be_nil

data/spec/graphql/query/oauth_clients_spec.rb

@@ -25,12 +25,14 @@ describe Osso::GraphQL::Schema do
       described_class.execute(
         query,
         variables: nil,
-        context: { scope: current_scope },
+        context: current_context,
       )
     end
 
     describe 'for an admin user' do
-      let(:current_scope) { :admin }
+      let(:current_context) do
+        { scope: 'admin' }
+      end
 
       it 'returns Oauth Clients' do
         expect(subject['errors']).to be_nil
@@ -38,11 +40,12 @@ describe Osso::GraphQL::Schema do
       end
     end
 
-    describe 'for an email scoped user' do
-      let(:current_scope) { 'foo.com' }
-
-      it 'returns Oauth Clients' do
-        expect(subject['errors']).to be_nil
+    describe 'for an internal scoped user' do
+      let(:current_context) do
+        { scope: 'internal' }
+      end
+      it 'does not return Oauth Clients' do
+        expect(subject['errors']).to_not be_nil
         expect(subject.dig('data', 'oauthClients')).to be_nil
       end
     end

data/spec/models/identity_provider_spec.rb

@@ -14,4 +14,16 @@ describe Osso::Models::IdentityProvider do
       )
     end
   end
+
+  describe '#saml_options' do
+    it 'returns the required args' do
+      expect(subject.saml_options).
+        to match(
+          domain: subject.domain,
+          idp_cert: subject.sso_cert,
+          idp_sso_target_url: subject.sso_url,
+          issuer: subject.domain,
+        )
+    end
+  end
 end

data/spec/routes/auth_spec.rb

@@ -63,6 +63,24 @@ describe Osso::Auth do
             )
           end.to change { Osso::Models::AuthorizationCode.count }.by(1)
         end
+
+        describe 'for an IDP initiated login' do
+          it 'redirects with a default state' do
+            mock_saml_omniauth
+
+            post(
+              "/auth/saml/#{okta_provider.id}/callback",
+              nil,
+              {
+                'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+                'identity_provider' => okta_provider,
+              },
+            )
+            expect(last_response).to be_redirect
+            follow_redirect!
+            expect(last_request.url).to match(/.*state=IDP_INITIATED$/)
+          end
+        end
       end
 
       describe 'on subsequent authentications' do

data/spec/routes/oauth_spec.rb

@@ -8,7 +8,10 @@ describe Osso::Oauth do
   describe 'get /oauth/authorize' do
     describe 'with a valid client ID and redirect URI' do
       describe 'for a domain that does not belong to an enterprise' do
-        it '404s' do
+        # TODO: better error handling and test
+        it 'renders an error page' do
+          described_class.set(:views, spec_views)
+
           create(:enterprise_with_okta, domain: 'foo.com')
 
           get(
@@ -19,7 +22,7 @@ describe Osso::Oauth do
             redirect_uri: client.redirect_uri_values.sample,
           )
 
-          expect(last_response.status).to eq(404)
+          expect(last_response.status).to eq(200)
         end
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.13
+  version: 0.0.3.18
 platform: ruby
 authors:
 - Sam Bauch
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-13 00:00:00.000000000 Z
+date: 2020-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -226,6 +226,7 @@ email:
 executables:
 - annotate
 - console
+- publish
 - setup
 extensions: []
 extra_rdoc_files: []
@@ -246,6 +247,7 @@ files:
 - Rakefile
 - bin/annotate
 - bin/console
+- bin/publish
 - bin/setup
 - config/database.yml
 - db/schema.rb
@@ -282,11 +284,13 @@ files:
 - lib/osso/graphql/mutations/set_redirect_uris.rb
 - lib/osso/graphql/query.rb
 - lib/osso/graphql/resolvers.rb
+- lib/osso/graphql/resolvers/base_resolver.rb
 - lib/osso/graphql/resolvers/enterprise_account.rb
 - lib/osso/graphql/resolvers/enterprise_accounts.rb
 - lib/osso/graphql/resolvers/oauth_clients.rb
 - lib/osso/graphql/schema.rb
 - lib/osso/graphql/types.rb
+- lib/osso/graphql/types/admin_user.rb
 - lib/osso/graphql/types/base_connection.rb
 - lib/osso/graphql/types/base_enum.rb
 - lib/osso/graphql/types/base_input_object.rb
@@ -298,7 +302,6 @@ files:
 - lib/osso/graphql/types/oauth_client.rb
 - lib/osso/graphql/types/redirect_uri.rb
 - lib/osso/graphql/types/redirect_uri_input.rb
-- lib/osso/graphql/types/user.rb
 - lib/osso/helpers/auth.rb
 - lib/osso/helpers/helpers.rb
 - lib/osso/lib/app_config.rb
@@ -348,11 +351,12 @@ files:
 - spec/spec_helper.rb
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
+- spec/support/views/error.erb
 homepage: https://github.com/enterprise-oss/osso-rb
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -368,7 +372,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key:
+signing_key: 
 specification_version: 4
 summary: Main functionality for Osso
 test_files: []