osso 0.0.3.14 → 0.0.3.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (65) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +17 -1
  3. data/.rubocop.yml +1 -0
  4. data/Gemfile +1 -0
  5. data/Gemfile.lock +10 -2
  6. data/README.md +3 -2
  7. data/bin/publish +18 -0
  8. data/db/schema.rb +9 -1
  9. data/lib/osso/db/migrate/20200826201852_create_app_config.rb +11 -0
  10. data/lib/osso/graphql/mutation.rb +7 -0
  11. data/lib/osso/graphql/mutations.rb +2 -0
  12. data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
  13. data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
  14. data/lib/osso/graphql/mutations/create_enterprise_account.rb +7 -0
  15. data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
  16. data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
  17. data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
  18. data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
  19. data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +1 -3
  20. data/lib/osso/graphql/mutations/set_redirect_uris.rb +2 -4
  21. data/lib/osso/graphql/mutations/update_app_config.rb +30 -0
  22. data/lib/osso/graphql/query.rb +14 -0
  23. data/lib/osso/graphql/resolvers.rb +1 -0
  24. data/lib/osso/graphql/resolvers/base_resolver.rb +21 -0
  25. data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
  26. data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
  27. data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
  28. data/lib/osso/graphql/types.rb +2 -1
  29. data/lib/osso/graphql/types/admin_user.rb +22 -0
  30. data/lib/osso/graphql/types/app_config.rb +22 -0
  31. data/lib/osso/graphql/types/base_object.rb +22 -0
  32. data/lib/osso/graphql/types/enterprise_account.rb +0 -5
  33. data/lib/osso/graphql/types/identity_provider.rb +0 -6
  34. data/lib/osso/graphql/types/oauth_client.rb +2 -4
  35. data/lib/osso/graphql/types/redirect_uri.rb +2 -4
  36. data/lib/osso/helpers/auth.rb +40 -18
  37. data/lib/osso/lib/route_map.rb +2 -2
  38. data/lib/osso/models/app_config.rb +33 -0
  39. data/lib/osso/models/identity_provider.rb +6 -12
  40. data/lib/osso/models/models.rb +1 -0
  41. data/lib/osso/models/oauth_client.rb +1 -0
  42. data/lib/osso/models/redirect_uri.rb +0 -11
  43. data/lib/osso/routes/admin.rb +2 -2
  44. data/lib/osso/routes/auth.rb +29 -12
  45. data/lib/osso/routes/oauth.rb +25 -18
  46. data/lib/osso/version.rb +1 -1
  47. data/lib/tasks/bootstrap.rake +2 -0
  48. data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
  49. data/spec/graphql/mutations/create_enterprise_account_spec.rb +53 -4
  50. data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
  51. data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
  52. data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
  53. data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
  54. data/spec/graphql/query/enterprise_account_spec.rb +21 -6
  55. data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
  56. data/spec/graphql/query/identity_provider_spec.rb +16 -6
  57. data/spec/graphql/query/oauth_clients_spec.rb +10 -7
  58. data/spec/helpers/auth_spec.rb +97 -0
  59. data/spec/models/identity_provider_spec.rb +12 -0
  60. data/spec/routes/auth_spec.rb +18 -0
  61. data/spec/routes/oauth_spec.rb +5 -2
  62. data/spec/spec_helper.rb +3 -0
  63. data/spec/support/views/error.erb +0 -0
  64. metadata +15 -6
  65. data/lib/osso/graphql/types/user.rb +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e7d4ef2f0655df3347758666ae0dff639659842ef02bb854de42630871cfc3e3
4
- data.tar.gz: 9f77a13360c0ef5f0a2664b3294b1d8997f21b5b29468b3954dd33c569e46f0f
3
+ metadata.gz: 995be763d7567651350cc953d6d800a8bbd86e3de1eda57f7ab673869ffbb6dc
4
+ data.tar.gz: 01aa99f9fc68465df111624a22175ce2d5d110e94e2389d128a1c94cb0466494
5
5
  SHA512:
6
- metadata.gz: b4608569393ebd919ce87c15c033128480ff69aa75c7a5fb0d72bd195be33c088f8466a29a3b89e6a130e07988ab8908500a622644ab98edc13eb3b486099528
7
- data.tar.gz: 6a38a9607747ab062a1597f600dd7ac53bacfe22dbfd487e1ba657ceb2123dbb8241ad8ec016c03460425a66be1a1d7c333ca92234ffc78999204e5804af0a9f
6
+ metadata.gz: e4f45a4c188da6bf0adce208bec4b32ad76850136bed6af4ca221f0f5ccf94c6547b19a8486b92b1e05c57f0224389b25b7f8efd5f0c3a9c260a4a745cb2687c
7
+ data.tar.gz: 7df17b8bd2726c59a828d4ceb6f04e2246eeb9ac651f12a6f7956f0c65a9b45e5dcc4c2266d55eec3816f64ae635f9fbf70a37cb57eb0f4efc94c1b49803499c
@@ -5,4 +5,20 @@ steps:
5
5
  - bundle exec rake db:drop
6
6
  - bundle exec rake db:create
7
7
  - RACK_ENV=test bundle exec rake db:migrate
8
- - bundle exec rspec
8
+ - bundle exec rspec
9
+ artifact_paths:
10
+ - coverage/*
11
+
12
+ - name: ":codeclimate:"
13
+ plugins:
14
+ - jobready/codeclimate-test-reporter#v2.0:
15
+ artifact: "coverage/.resultset.json"
16
+ input_type: simplecov
17
+ prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
18
+
19
+ - block: ":rubygems: Publish :red_button:"
20
+ branches: "main"
21
+
22
+ - name: "Push :rubygems:"
23
+ commands: "./bin/publish"
24
+ branches: "main"
@@ -1,4 +1,5 @@
1
1
  AllCops:
2
+ TargetRubyVersion: 2.6.0
2
3
  Exclude:
3
4
  - db/**/*
4
5
  - lib/osso/db/**/*
data/Gemfile CHANGED
@@ -12,6 +12,7 @@ group :test do
12
12
  gem 'rack-test'
13
13
  gem 'rspec', '~> 3.2'
14
14
  gem 'rubocop'
15
+ gem 'simplecov', '= 0.17', require: false
15
16
  gem 'webmock', '~> 3.0'
16
17
  end
17
18
 
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- osso (0.0.3.14)
4
+ osso (0.0.3.19)
5
5
  activesupport (>= 6.0.3.2)
6
6
  graphql
7
7
  jwt
@@ -48,6 +48,7 @@ GEM
48
48
  activerecord
49
49
  database_cleaner (~> 1.8.0)
50
50
  diff-lcs (1.4.4)
51
+ docile (1.3.2)
51
52
  factory_bot (6.0.2)
52
53
  activesupport (>= 5.0.0)
53
54
  faker (2.13.0)
@@ -58,6 +59,7 @@ GEM
58
59
  httpclient (2.8.3)
59
60
  i18n (1.8.3)
60
61
  concurrent-ruby (~> 1.0)
62
+ json (2.3.1)
61
63
  json-jwt (1.13.0)
62
64
  activesupport (>= 4.2)
63
65
  aes_key_wrap
@@ -66,7 +68,7 @@ GEM
66
68
  method_source (1.0.0)
67
69
  mini_portile2 (2.4.0)
68
70
  minitest (5.14.1)
69
- multi_json (1.14.1)
71
+ multi_json (1.15.0)
70
72
  mustermann (1.1.1)
71
73
  ruby2_keywords (~> 0.0.1)
72
74
  nokogiri (1.10.9)
@@ -133,6 +135,11 @@ GEM
133
135
  nokogiri (>= 1.5.10)
134
136
  ruby2_keywords (0.0.2)
135
137
  safe_yaml (1.0.5)
138
+ simplecov (0.17.0)
139
+ docile (~> 1.1)
140
+ json (>= 1.8, < 3)
141
+ simplecov-html (~> 0.10.0)
142
+ simplecov-html (0.10.2)
136
143
  sinatra (2.0.8.1)
137
144
  mustermann (~> 1.0)
138
145
  rack (~> 2.0)
@@ -174,6 +181,7 @@ DEPENDENCIES
174
181
  rack-test
175
182
  rspec (~> 3.2)
176
183
  rubocop
184
+ simplecov (= 0.17)
177
185
  webmock (~> 3.0)
178
186
 
179
187
  BUNDLED WITH
data/README.md CHANGED
@@ -1,2 +1,3 @@
1
- [![Maintainability](https://api.codeclimate.com/v1/badges/2b04828dc45bcb5abcb1/maintainability)](https://codeclimate.com/github/enterprise-oss/osso-rb/maintainability)
2
- [![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)
1
+ [![Maintainability](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/maintainability)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/maintainability)
2
+ [![Test Coverage](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/test_coverage)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/test_coverage)
3
+ [![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)
@@ -0,0 +1,18 @@
1
+ #!/bin/sh
2
+ # Scriptacular - gemify.sh
3
+ # Create a Ruby gem and push it to rubygems.org
4
+ # Copyright 2013 Christopher Simpkins
5
+ # MIT License
6
+
7
+ GEM_NAME="osso-rb"
8
+ GEMSPEC_SUFFIX=".gemspec"
9
+
10
+ # run the gem build and parse for the gem release filename
11
+ GEM_BUILD_NAME=$(gem build "$GEM_NAME$GEMSPEC_SUFFIX" | awk '/File/ {print $2}' -)
12
+
13
+ if [ -z "$GEM_BUILD_NAME" ]; then
14
+ echo "The gem build failed." >&2
15
+ exit 1
16
+ fi
17
+
18
+ gem push $GEM_BUILD_NAME
@@ -10,7 +10,7 @@
10
10
  #
11
11
  # It's strongly recommended that you check this file into your version control system.
12
12
 
13
- ActiveRecord::Schema.define(version: 2020_07_23_162228) do
13
+ ActiveRecord::Schema.define(version: 2020_08_26_201852) do
14
14
 
15
15
  # These are extensions that must be enabled in order to support this database
16
16
  enable_extension "pgcrypto"
@@ -27,6 +27,14 @@ ActiveRecord::Schema.define(version: 2020_07_23_162228) do
27
27
  t.index ["user_id"], name: "index_access_tokens_on_user_id"
28
28
  end
29
29
 
30
+ create_table "app_configs", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
31
+ t.string "contact_email"
32
+ t.string "logo_url"
33
+ t.string "name"
34
+ t.datetime "created_at", precision: 6, null: false
35
+ t.datetime "updated_at", precision: 6, null: false
36
+ end
37
+
30
38
  create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
31
39
  t.string "token"
32
40
  t.string "redirect_uri"
@@ -0,0 +1,11 @@
1
+ class CreateAppConfig < ActiveRecord::Migration[6.0]
2
+ def change
3
+ create_table :app_configs, id: :uuid do |t|
4
+ t.string :contact_email
5
+ t.string :logo_url
6
+ t.string :name
7
+
8
+ t.timestamps
9
+ end
10
+ end
11
+ end
@@ -14,6 +14,13 @@ module Osso
14
14
  field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
15
15
  field :set_redirect_uris, mutation: Mutations::SetRedirectUris
16
16
  field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
17
+ field :update_app_config, mutation: Mutations::UpdateAppConfig
18
+
19
+ def self.authorized?(_object, _context)
20
+ # mutations are prevented from executing with ready? so
21
+ # its a bit odd that this hides it
22
+ true
23
+ end
17
24
  end
18
25
  end
19
26
  end
@@ -14,3 +14,5 @@ require_relative 'mutations/delete_enterprise_account'
14
14
  require_relative 'mutations/delete_oauth_client'
15
15
  require_relative 'mutations/regenerate_oauth_credentials'
16
16
  require_relative 'mutations/set_redirect_uris'
17
+ require_relative 'mutations/update_app_config'
18
+
@@ -15,13 +15,26 @@ module Osso
15
15
  error.merge(data: nil)
16
16
  end
17
17
 
18
- def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
19
- return true if context[:scope] == :admin
18
+ def ready?(**args)
19
+ return true if internal_ready?
20
20
 
21
- domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
22
- return true if domain == context[:scope]
21
+ return true if domain_ready?(args[:domain] || domain(**args))
23
22
 
24
- raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
23
+ raise ::GraphQL::ExecutionError, 'This user lacks the permission to make the requested changes'
24
+ end
25
+
26
+ def admin_ready?
27
+ context[:scope] == 'admin'
28
+ end
29
+
30
+ def internal_ready?
31
+ return true if admin_ready?
32
+
33
+ context[:scope] == 'internal'
34
+ end
35
+
36
+ def domain_ready?(domain)
37
+ context[:email].split('@')[1] == domain
25
38
  end
26
39
 
27
40
  def account_domain(id)
@@ -13,22 +13,20 @@ module Osso
13
13
  field :identity_provider, Types::IdentityProvider, null: false
14
14
  field :errors, [String], null: false
15
15
 
16
- def resolve(id:, **args)
17
- provider = Osso::Models::IdentityProvider.find(id)
16
+ def resolve(**args)
17
+ provider = identity_provider(**args)
18
18
 
19
19
  return response_data(identity_provider: provider) if provider.update(args)
20
20
 
21
- response_error(errors: provder.errors.messages)
21
+ response_error(errors: provider.errors.messages)
22
22
  end
23
23
 
24
- def ready?(id:, **_args)
25
- return true if context[:scope] == :admin
26
-
27
- domain = Osso::Models::IdentityProvider.find(id)&.domain
28
-
29
- return true if domain == context[:scope]
24
+ def domain(**args)
25
+ identity_provider(**args)&.domain
26
+ end
30
27
 
31
- raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
28
+ def identity_provider(id:, **_args)
29
+ @identity_provider ||= Osso::Models::IdentityProvider.find(id)
32
30
  end
33
31
  end
34
32
  end
@@ -8,17 +8,24 @@ module Osso
8
8
 
9
9
  argument :domain, String, required: true
10
10
  argument :name, String, required: true
11
+ argument :oauth_client_id, String, required: false
11
12
 
12
13
  field :enterprise_account, Types::EnterpriseAccount, null: false
13
14
  field :errors, [String], null: false
14
15
 
15
16
  def resolve(**args)
16
17
  enterprise_account = Osso::Models::EnterpriseAccount.new(args)
18
+ enterprise_account.oauth_client_id ||= find_client_db_id(context[:oauth_client_id])
17
19
 
18
20
  return response_data(enterprise_account: enterprise_account) if enterprise_account.save
19
21
 
20
22
  response_error(errors: enterprise_account.errors.full_messages)
21
23
  end
24
+
25
+ def find_client_db_id(oauth_client_identifier)
26
+ Osso::Models::OauthClient.find_by(identifier: oauth_client_identifier).
27
+ id
28
+ end
22
29
  end
23
30
  end
24
31
  end
@@ -12,18 +12,27 @@ module Osso
12
12
  field :identity_provider, Types::IdentityProvider, null: false
13
13
  field :errors, [String], null: false
14
14
 
15
- def resolve(enterprise_account_id:, service: nil)
16
- enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
17
- identity_provider = enterprise_account.identity_providers.build(
18
- enterprise_account_id: enterprise_account_id,
15
+ def resolve(service: nil, **args)
16
+ customer = enterprise_account(**args)
17
+
18
+ identity_provider = customer.identity_providers.build(
19
19
  service: service,
20
- domain: enterprise_account.domain,
20
+ domain: customer.domain,
21
+ oauth_client_id: customer.oauth_client_id,
21
22
  )
22
23
 
23
24
  return response_data(identity_provider: identity_provider) if identity_provider.save
24
25
 
25
26
  response_error(errors: identity_provider.errors.full_messages)
26
27
  end
28
+
29
+ def domain(**args)
30
+ enterprise_account(**args)&.domain
31
+ end
32
+
33
+ def enterprise_account(enterprise_account_id:, **_args)
34
+ @enterprise_account ||= Osso::Models::EnterpriseAccount.find(enterprise_account_id)
35
+ end
27
36
  end
28
37
  end
29
38
  end
@@ -20,9 +20,7 @@ module Osso
20
20
  end
21
21
 
22
22
  def ready?(*)
23
- return true if context[:scope] == :admin
24
-
25
- raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
23
+ admin_ready?
26
24
  end
27
25
  end
28
26
  end
@@ -11,22 +11,20 @@ module Osso
11
11
  field :enterprise_account, Types::EnterpriseAccount, null: true
12
12
  field :errors, [String], null: false
13
13
 
14
- def resolve(id:)
15
- enterprise_account = Osso::Models::EnterpriseAccount.find(id)
16
-
17
- return response_data(enterprise_account: nil) if enterprise_account.destroy
18
-
19
- response_error(errors: enterprise_account.errors.full_messages)
14
+ def enterprise_account(id:, **_args)
15
+ @enterprise_account ||= Osso::Models::EnterpriseAccount.find(id)
20
16
  end
21
17
 
22
- def ready?(id:)
23
- return true if context[:scope] == :admin
18
+ def resolve(**args)
19
+ customer = enterprise_account(**args)
24
20
 
25
- domain = account_domain(id)
21
+ return response_data(enterprise_account: nil) if customer.destroy
26
22
 
27
- return true if domain == context[:scope]
23
+ response_error(errors: customer.errors.full_messages)
24
+ end
28
25
 
29
- raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
26
+ def domain(**args)
27
+ enterprise_account(**args).domain
30
28
  end
31
29
  end
32
30
  end
@@ -20,9 +20,7 @@ module Osso
20
20
  end
21
21
 
22
22
  def ready?(*)
23
- return true if context[:scope] == :admin
24
-
25
- raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
23
+ admin_ready?
26
24
  end
27
25
  end
28
26
  end
@@ -21,9 +21,7 @@ module Osso
21
21
  end
22
22
 
23
23
  def ready?(*)
24
- return true if context[:scope] == :admin
25
-
26
- raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
24
+ admin_ready?
27
25
  end
28
26
  end
29
27
  end
@@ -24,14 +24,12 @@ module Osso
24
24
  end
25
25
 
26
26
  def ready?(*)
27
- return true if context[:scope] == :admin
28
-
29
- raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
27
+ admin_ready?
30
28
  end
31
29
 
32
30
  def update_existing(oauth_client, redirect_uris)
33
31
  oauth_client.redirect_uris.each do |redirect|
34
- updating_index = redirect_uris.index{ |incoming| incoming[:id] == redirect.id }
32
+ updating_index = redirect_uris.index { |incoming| incoming[:id] == redirect.id }
35
33
 
36
34
  if updating_index
37
35
  updating = redirect_uris.delete_at(updating_index)
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Osso
4
+ module GraphQL
5
+ module Mutations
6
+ class UpdateAppConfig < BaseMutation
7
+ null false
8
+
9
+ argument :name, String, required: false
10
+ argument :logo_url, String, required: false
11
+ argument :contact_email, String, required: false
12
+
13
+
14
+ field :app_config, Types::AppConfig, null: true
15
+ field :errors, [String], null: false
16
+
17
+ def resolve(**args)
18
+ app_config = Osso::Models::AppConfig.find
19
+ return response_data(app_config: app_config) if app_config.update(**args)
20
+
21
+ response_error(errors: e)
22
+ end
23
+
24
+ def ready?(*)
25
+ admin_ready?
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
@@ -24,6 +24,13 @@ module Osso
24
24
  argument :id, ID, required: true
25
25
  end
26
26
 
27
+ field(
28
+ :app_config,
29
+ Types::AppConfig,
30
+ null: false,
31
+ resolve: ->(_obj, _args, _context) { Osso::Models::AppConfig.find },
32
+ )
33
+
27
34
  field(
28
35
  :oauth_client,
29
36
  Types::OauthClient,
@@ -32,6 +39,13 @@ module Osso
32
39
  ) do
33
40
  argument :id, ID, required: true
34
41
  end
42
+
43
+ field(
44
+ :current_user,
45
+ Types::AdminUser,
46
+ null: false,
47
+ resolve: ->(_obj, _args, context) { context.to_h },
48
+ )
35
49
  end
36
50
  end
37
51
  end