osso 0.0.3.15 → 0.0.3.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a63fecde3c20b225ac8f4f52dfa33cbbbcc768337b43b38d3e482e7a6d38806a
-  data.tar.gz: 0ef7c41aef96e4b8299481a5cd9ca7f43c1b59b2ef846b813f9e8aa41957530e
+  metadata.gz: 1dc22e6537d35ba1c6a42ba2c329aa4fdd3d311b07734bc40e708048599aec6b
+  data.tar.gz: 0bcad162c393cc2f37087ecdf68f22df760d78e669af60e4fdd23ece1fd4778c
 SHA512:
-  metadata.gz: cca50c6661352e1f076b747d90038796ba9f76590c9baa18e05128d2bc891a7f7de1090541f464814f28eacb713e0ed8f65fac34ac78a636674000df64092e1f
-  data.tar.gz: a290b9403984ef9d454529008b62be363a1409cf5ff398a7db7e74f7a99e84f4fadb5c54fb7f939243496a863a4a155c841bf92101e1357dae4cbc2ae51a4f96
+  metadata.gz: 5a0b1a2444ab27bcf9b47afe8bcfac939a3e574bda9c423ffb02b1d657d9c737291adac011a2a4b3d003676932d81b2c4c11931302eb92b367dd6b1839ddc58b
+  data.tar.gz: d3f1a44eb09376a2abd4dee264a2efcf8bd57cd28d24854d32e578fbb85baf0837014ae54fe4cd4c5586718c51804a5923635df6cb1a384fe7a153c4546d0051

data/.buildkite/pipeline.yml

@@ -6,6 +6,15 @@ steps:
       - bundle exec rake db:create
       - RACK_ENV=test bundle exec rake db:migrate
       - bundle exec rspec
+    artifact_paths:
+      - coverage/*
+  
+  - name: ":codeclimate:"
+    plugins:
+      - jobready/codeclimate-test-reporter#v2.0:
+          artifact: "coverage/.resultset.json"
+          input_type: simplecov
+          prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
   
   - block: ":rubygems: Publish :red_button:"
     branches: "main"

data/.rubocop.yml

@@ -1,4 +1,5 @@
 AllCops:
+  TargetRubyVersion: 2.6.0
   Exclude:
     - db/**/*
     - lib/osso/db/**/*

data/Gemfile

@@ -12,6 +12,7 @@ group :test do
   gem 'rack-test'
   gem 'rspec', '~> 3.2'
   gem 'rubocop'
+  gem 'simplecov', '= 0.17', require: false
   gem 'webmock', '~> 3.0'
 end
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.15)
+    osso (0.0.3.20)
       activesupport (>= 6.0.3.2)
       graphql
       jwt
@@ -48,6 +48,7 @@ GEM
       activerecord
       database_cleaner (~> 1.8.0)
     diff-lcs (1.4.4)
+    docile (1.3.2)
     factory_bot (6.0.2)
       activesupport (>= 5.0.0)
     faker (2.13.0)
@@ -58,6 +59,7 @@ GEM
     httpclient (2.8.3)
     i18n (1.8.3)
       concurrent-ruby (~> 1.0)
+    json (2.3.1)
     json-jwt (1.13.0)
       activesupport (>= 4.2)
       aes_key_wrap
@@ -66,7 +68,7 @@ GEM
     method_source (1.0.0)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     nokogiri (1.10.9)
@@ -133,6 +135,11 @@ GEM
       nokogiri (>= 1.5.10)
     ruby2_keywords (0.0.2)
     safe_yaml (1.0.5)
+    simplecov (0.17.0)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
     sinatra (2.0.8.1)
       mustermann (~> 1.0)
       rack (~> 2.0)
@@ -174,6 +181,7 @@ DEPENDENCIES
   rack-test
   rspec (~> 3.2)
   rubocop
+  simplecov (= 0.17)
   webmock (~> 3.0)
 
 BUNDLED WITH

data/README.md

@@ -1,2 +1,3 @@
-[![Maintainability](https://api.codeclimate.com/v1/badges/2b04828dc45bcb5abcb1/maintainability)](https://codeclimate.com/github/enterprise-oss/osso-rb/maintainability)
-[![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)
+[![Maintainability](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/maintainability)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/test_coverage)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/test_coverage)
+[![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)

data/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_07_23_162228) do
+ActiveRecord::Schema.define(version: 2020_08_26_201852) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -27,6 +27,14 @@ ActiveRecord::Schema.define(version: 2020_07_23_162228) do
     t.index ["user_id"], name: "index_access_tokens_on_user_id"
   end
 
+  create_table "app_configs", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "contact_email"
+    t.string "logo_url"
+    t.string "name"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
   create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "token"
     t.string "redirect_uri"

data/lib/osso/db/migrate/20200826201852_create_app_config.rb

@@ -0,0 +1,11 @@
+class CreateAppConfig < ActiveRecord::Migration[6.0]
+  def change
+    create_table :app_configs, id: :uuid do |t|
+      t.string :contact_email
+      t.string :logo_url
+      t.string :name
+      
+      t.timestamps
+    end
+  end
+end

data/lib/osso/graphql/mutation.rb

@@ -14,6 +14,13 @@ module Osso
         field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
         field :set_redirect_uris, mutation: Mutations::SetRedirectUris
         field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
+        field :update_app_config, mutation: Mutations::UpdateAppConfig
+
+        def self.authorized?(_object, _context)
+          # mutations are prevented from executing with ready? so
+          # its a bit odd that this hides it
+          true
+        end
       end
     end
   end

data/lib/osso/graphql/mutations.rb

@@ -14,3 +14,4 @@ require_relative 'mutations/delete_enterprise_account'
 require_relative 'mutations/delete_oauth_client'
 require_relative 'mutations/regenerate_oauth_credentials'
 require_relative 'mutations/set_redirect_uris'
+require_relative 'mutations/update_app_config'

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -15,13 +15,26 @@ module Osso
           error.merge(data: nil)
         end
 
-        def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
-          return true if context[:scope] == :admin
+        def ready?(**args)
+          return true if internal_ready?
 
-          domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
-          return true if domain == context[:scope]
+          return true if domain_ready?(args[:domain] || domain(**args))
 
-          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
+          raise ::GraphQL::ExecutionError, 'This user lacks the permission to make the requested changes'
+        end
+
+        def admin_ready?
+          context[:scope] == 'admin'
+        end
+
+        def internal_ready?
+          return true if admin_ready?
+
+          context[:scope] == 'internal'
+        end
+
+        def domain_ready?(domain)
+          context[:email].split('@')[1] == domain
         end
 
         def account_domain(id)

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -13,22 +13,20 @@ module Osso
         field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(id:, **args)
-          provider = Osso::Models::IdentityProvider.find(id)
+        def resolve(**args)
+          provider = identity_provider(**args)
 
           return response_data(identity_provider: provider) if provider.update(args)
 
-          response_error(errors: provder.errors.messages)
+          response_error(errors: provider.errors.messages)
         end
 
-        def ready?(id:, **_args)
-          return true if context[:scope] == :admin
-
-          domain = Osso::Models::IdentityProvider.find(id)&.domain
-
-          return true if domain == context[:scope]
+        def domain(**args)
+          identity_provider(**args)&.domain
+        end
 
-          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        def identity_provider(id:, **_args)
+          @identity_provider ||= Osso::Models::IdentityProvider.find(id)
         end
       end
     end

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -8,17 +8,24 @@ module Osso
 
         argument :domain, String, required: true
         argument :name, String, required: true
+        argument :oauth_client_id, String, required: false
 
         field :enterprise_account, Types::EnterpriseAccount, null: false
         field :errors, [String], null: false
 
         def resolve(**args)
           enterprise_account = Osso::Models::EnterpriseAccount.new(args)
+          enterprise_account.oauth_client_id ||= find_client_db_id(context[:oauth_client_id])
 
           return response_data(enterprise_account: enterprise_account) if enterprise_account.save
 
           response_error(errors: enterprise_account.errors.full_messages)
         end
+
+        def find_client_db_id(oauth_client_identifier)
+          Osso::Models::OauthClient.find_by(identifier: oauth_client_identifier).
+            id
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -12,18 +12,27 @@ module Osso
         field :identity_provider, Types::IdentityProvider, null: false
         field :errors, [String], null: false
 
-        def resolve(enterprise_account_id:, service: nil)
-          enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
-          identity_provider = enterprise_account.identity_providers.build(
-            enterprise_account_id: enterprise_account_id,
+        def resolve(service: nil, **args)
+          customer = enterprise_account(**args)
+
+          identity_provider = customer.identity_providers.build(
             service: service,
-            domain: enterprise_account.domain,
+            domain: customer.domain,
+            oauth_client_id: customer.oauth_client_id,
           )
 
           return response_data(identity_provider: identity_provider) if identity_provider.save
 
           response_error(errors: identity_provider.errors.full_messages)
         end
+
+        def domain(**args)
+          enterprise_account(**args)&.domain
+        end
+
+        def enterprise_account(enterprise_account_id:, **_args)
+          @enterprise_account ||= Osso::Models::EnterpriseAccount.find(enterprise_account_id)
+        end
       end
     end
   end

data/lib/osso/graphql/mutations/create_oauth_client.rb

@@ -20,9 +20,7 @@ module Osso
         end
 
         def ready?(*)
-          return true if context[:scope] == :admin
-
-          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+          admin_ready?
         end
       end
     end

data/lib/osso/graphql/mutations/delete_enterprise_account.rb

@@ -11,22 +11,20 @@ module Osso
         field :enterprise_account, Types::EnterpriseAccount, null: true
         field :errors, [String], null: false
 
-        def resolve(id:)
-          enterprise_account = Osso::Models::EnterpriseAccount.find(id)
-
-          return response_data(enterprise_account: nil) if enterprise_account.destroy
-
-          response_error(errors: enterprise_account.errors.full_messages)
+        def enterprise_account(id:, **_args)
+          @enterprise_account ||= Osso::Models::EnterpriseAccount.find(id)
         end
 
-        def ready?(id:)
-          return true if context[:scope] == :admin
+        def resolve(**args)
+          customer = enterprise_account(**args)
 
-          domain = account_domain(id)
+          return response_data(enterprise_account: nil) if customer.destroy
 
-          return true if domain == context[:scope]
+          response_error(errors: customer.errors.full_messages)
+        end
 
-          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        def domain(**args)
+          enterprise_account(**args).domain
         end
       end
     end

data/lib/osso/graphql/mutations/delete_oauth_client.rb

@@ -20,9 +20,7 @@ module Osso
         end
 
         def ready?(*)
-          return true if context[:scope] == :admin
-
-          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+          admin_ready?
         end
       end
     end

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -21,9 +21,7 @@ module Osso
         end
 
         def ready?(*)
-          return true if context[:scope] == :admin
-
-          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+          admin_ready?
         end
       end
     end

data/lib/osso/graphql/mutations/set_redirect_uris.rb

@@ -24,14 +24,12 @@ module Osso
         end
 
         def ready?(*)
-          return true if context[:scope] == :admin
-
-          raise ::GraphQL::ExecutionError, 'Only admin users may mutate OauthClients'
+          admin_ready?
         end
 
         def update_existing(oauth_client, redirect_uris)
           oauth_client.redirect_uris.each do |redirect|
-            updating_index = redirect_uris.index{ |incoming| incoming[:id] == redirect.id }
+            updating_index = redirect_uris.index { |incoming| incoming[:id] == redirect.id }
 
             if updating_index
               updating = redirect_uris.delete_at(updating_index)

data/lib/osso/graphql/mutations/update_app_config.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class UpdateAppConfig < BaseMutation
+        null false
+
+        argument :name, String, required: false
+        argument :logo_url, String, required: false
+        argument :contact_email, String, required: false
+
+        field :app_config, Types::AppConfig, null: true
+        field :errors, [String], null: false
+
+        def resolve(**args)
+          app_config = Osso::Models::AppConfig.find
+          return response_data(app_config: app_config) if app_config.update(**args)
+
+          response_error(errors: e)
+        end
+
+        def ready?(*)
+          admin_ready?
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -24,6 +24,13 @@ module Osso
           argument :id, ID, required: true
         end
 
+        field(
+          :app_config,
+          Types::AppConfig,
+          null: false,
+          resolve: ->(_obj, _args, _context) { Osso::Models::AppConfig.find },
+        )
+
         field(
           :oauth_client,
           Types::OauthClient,
@@ -32,6 +39,13 @@ module Osso
         ) do
           argument :id, ID, required: true
         end
+
+        field(
+          :current_user,
+          Types::AdminUser,
+          null: false,
+          resolve: ->(_obj, _args, context) { context.to_h },
+        )
       end
     end
   end

data/lib/osso/graphql/resolvers.rb

@@ -7,6 +7,7 @@ module Osso
   end
 end
 
+require_relative 'resolvers/base_resolver'
 require_relative 'resolvers/enterprise_account'
 require_relative 'resolvers/enterprise_accounts'
 require_relative 'resolvers/oauth_clients'

data/lib/osso/graphql/resolvers/base_resolver.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Resolvers
+      class BaseResolver < ::GraphQL::Schema::Resolver
+        def admin_authorized?
+          context[:scope] == 'admin'
+        end
+
+        def internal_authorized?
+          %w[admin internal].include?(context[:scope])
+        end
+
+        def enterprise_authorized?(domain)
+          context[:scope] == domain
+        end
+
+        def context_domain
+          context[:email].split('@')[1]
+        end
+      end
+    end
+  end
+end