osso 0.0.3.16 → 0.0.3.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +9 -0
- data/.rubocop.yml +1 -0
- data/Gemfile +1 -0
- data/Gemfile.lock +9 -1
- data/README.md +3 -2
- data/db/schema.rb +9 -1
- data/lib/osso/db/migrate/20200826201852_create_app_config.rb +11 -0
- data/lib/osso/graphql/mutation.rb +7 -0
- data/lib/osso/graphql/mutations.rb +1 -0
- data/lib/osso/graphql/mutations/base_mutation.rb +18 -5
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +8 -10
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +7 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +14 -5
- data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +9 -11
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -3
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +1 -3
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +1 -3
- data/lib/osso/graphql/mutations/update_app_config.rb +29 -0
- data/lib/osso/graphql/query.rb +14 -0
- data/lib/osso/graphql/resolvers.rb +1 -0
- data/lib/osso/graphql/resolvers/base_resolver.rb +25 -0
- data/lib/osso/graphql/resolvers/enterprise_account.rb +1 -11
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/types.rb +2 -1
- data/lib/osso/graphql/types/admin_user.rb +22 -0
- data/lib/osso/graphql/types/app_config.rb +22 -0
- data/lib/osso/graphql/types/base_object.rb +22 -0
- data/lib/osso/graphql/types/enterprise_account.rb +0 -5
- data/lib/osso/graphql/types/identity_provider.rb +0 -6
- data/lib/osso/graphql/types/oauth_client.rb +2 -4
- data/lib/osso/graphql/types/redirect_uri.rb +2 -4
- data/lib/osso/helpers/auth.rb +40 -18
- data/lib/osso/lib/route_map.rb +2 -2
- data/lib/osso/models/app_config.rb +33 -0
- data/lib/osso/models/identity_provider.rb +5 -5
- data/lib/osso/models/models.rb +1 -0
- data/lib/osso/models/oauth_client.rb +3 -2
- data/lib/osso/routes/admin.rb +8 -2
- data/lib/osso/routes/auth.rb +7 -3
- data/lib/osso/routes/oauth.rb +21 -14
- data/lib/osso/version.rb +1 -1
- data/lib/tasks/bootstrap.rake +2 -0
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +17 -4
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +53 -4
- data/spec/graphql/mutations/create_identity_provider_spec.rb +18 -6
- data/spec/graphql/mutations/create_oauth_client_spec.rb +10 -3
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +18 -4
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +8 -4
- data/spec/graphql/query/enterprise_account_spec.rb +21 -6
- data/spec/graphql/query/enterprise_accounts_spec.rb +4 -2
- data/spec/graphql/query/identity_provider_spec.rb +16 -6
- data/spec/graphql/query/oauth_clients_spec.rb +10 -7
- data/spec/helpers/auth_spec.rb +97 -0
- data/spec/routes/oauth_spec.rb +5 -2
- data/spec/spec_helper.rb +3 -0
- data/spec/support/views/error.erb +0 -0
- metadata +10 -3
- data/lib/osso/graphql/types/user.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c333af7fbc082441290340a2d49c93256b0d6ba6eda97ae6ab3689ccf3335da7
|
4
|
+
data.tar.gz: b4f51151c6e1608b624a857b2ed657be48c44593af4dd621b558a74fe0cca297
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2d3ab0db1e4f6137bfbfe30c6f90ed098e061fcd6f90cc62f6b7818bba64c9d59a9c56af3ef87ee987b12f472f69fd890d583406c1630cb80ac6b2725118e8c7
|
7
|
+
data.tar.gz: b6c1d1fda9fd6f4d24dfb5e03a8f3271ff5853ed9660921e0318065c8e0d6c57bce4f400a3b1c49f4b2171b203301c1c1782ba9f76b976cf42f65e9be801523c
|
data/.buildkite/pipeline.yml
CHANGED
@@ -6,6 +6,15 @@ steps:
|
|
6
6
|
- bundle exec rake db:create
|
7
7
|
- RACK_ENV=test bundle exec rake db:migrate
|
8
8
|
- bundle exec rspec
|
9
|
+
artifact_paths:
|
10
|
+
- coverage/*
|
11
|
+
|
12
|
+
- name: ":codeclimate:"
|
13
|
+
plugins:
|
14
|
+
- jobready/codeclimate-test-reporter#v2.0:
|
15
|
+
artifact: "coverage/.resultset.json"
|
16
|
+
input_type: simplecov
|
17
|
+
prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
|
9
18
|
|
10
19
|
- block: ":rubygems: Publish :red_button:"
|
11
20
|
branches: "main"
|
data/.rubocop.yml
CHANGED
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.21)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
graphql
|
7
7
|
jwt
|
@@ -48,6 +48,7 @@ GEM
|
|
48
48
|
activerecord
|
49
49
|
database_cleaner (~> 1.8.0)
|
50
50
|
diff-lcs (1.4.4)
|
51
|
+
docile (1.3.2)
|
51
52
|
factory_bot (6.0.2)
|
52
53
|
activesupport (>= 5.0.0)
|
53
54
|
faker (2.13.0)
|
@@ -58,6 +59,7 @@ GEM
|
|
58
59
|
httpclient (2.8.3)
|
59
60
|
i18n (1.8.3)
|
60
61
|
concurrent-ruby (~> 1.0)
|
62
|
+
json (2.3.1)
|
61
63
|
json-jwt (1.13.0)
|
62
64
|
activesupport (>= 4.2)
|
63
65
|
aes_key_wrap
|
@@ -133,6 +135,11 @@ GEM
|
|
133
135
|
nokogiri (>= 1.5.10)
|
134
136
|
ruby2_keywords (0.0.2)
|
135
137
|
safe_yaml (1.0.5)
|
138
|
+
simplecov (0.17.0)
|
139
|
+
docile (~> 1.1)
|
140
|
+
json (>= 1.8, < 3)
|
141
|
+
simplecov-html (~> 0.10.0)
|
142
|
+
simplecov-html (0.10.2)
|
136
143
|
sinatra (2.0.8.1)
|
137
144
|
mustermann (~> 1.0)
|
138
145
|
rack (~> 2.0)
|
@@ -174,6 +181,7 @@ DEPENDENCIES
|
|
174
181
|
rack-test
|
175
182
|
rspec (~> 3.2)
|
176
183
|
rubocop
|
184
|
+
simplecov (= 0.17)
|
177
185
|
webmock (~> 3.0)
|
178
186
|
|
179
187
|
BUNDLED WITH
|
data/README.md
CHANGED
@@ -1,2 +1,3 @@
|
|
1
|
-
[![Maintainability](https://api.codeclimate.com/v1/badges/
|
2
|
-
[![
|
1
|
+
[![Maintainability](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/maintainability)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/maintainability)
|
2
|
+
[![Test Coverage](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/test_coverage)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/test_coverage)
|
3
|
+
[![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)
|
data/db/schema.rb
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
#
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
12
12
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
13
|
+
ActiveRecord::Schema.define(version: 2020_08_26_201852) do
|
14
14
|
|
15
15
|
# These are extensions that must be enabled in order to support this database
|
16
16
|
enable_extension "pgcrypto"
|
@@ -27,6 +27,14 @@ ActiveRecord::Schema.define(version: 2020_07_23_162228) do
|
|
27
27
|
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
28
|
end
|
29
29
|
|
30
|
+
create_table "app_configs", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "contact_email"
|
32
|
+
t.string "logo_url"
|
33
|
+
t.string "name"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
end
|
37
|
+
|
30
38
|
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
39
|
t.string "token"
|
32
40
|
t.string "redirect_uri"
|
@@ -14,6 +14,13 @@ module Osso
|
|
14
14
|
field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
|
15
15
|
field :set_redirect_uris, mutation: Mutations::SetRedirectUris
|
16
16
|
field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
|
17
|
+
field :update_app_config, mutation: Mutations::UpdateAppConfig
|
18
|
+
|
19
|
+
def self.authorized?(_object, _context)
|
20
|
+
# mutations are prevented from executing with ready? so
|
21
|
+
# its a bit odd that this hides it
|
22
|
+
true
|
23
|
+
end
|
17
24
|
end
|
18
25
|
end
|
19
26
|
end
|
@@ -15,13 +15,26 @@ module Osso
|
|
15
15
|
error.merge(data: nil)
|
16
16
|
end
|
17
17
|
|
18
|
-
def ready?(
|
19
|
-
return true if
|
18
|
+
def ready?(**args)
|
19
|
+
return true if internal_ready?
|
20
20
|
|
21
|
-
|
22
|
-
return true if domain == context[:scope]
|
21
|
+
return true if domain_ready?(args[:domain] || domain(**args))
|
23
22
|
|
24
|
-
raise ::GraphQL::ExecutionError,
|
23
|
+
raise ::GraphQL::ExecutionError, 'This user lacks the permission to make the requested changes'
|
24
|
+
end
|
25
|
+
|
26
|
+
def admin_ready?
|
27
|
+
context[:scope] == 'admin'
|
28
|
+
end
|
29
|
+
|
30
|
+
def internal_ready?
|
31
|
+
return true if admin_ready?
|
32
|
+
|
33
|
+
context[:scope] == 'internal'
|
34
|
+
end
|
35
|
+
|
36
|
+
def domain_ready?(domain)
|
37
|
+
context[:email].split('@')[1] == domain
|
25
38
|
end
|
26
39
|
|
27
40
|
def account_domain(id)
|
@@ -13,22 +13,20 @@ module Osso
|
|
13
13
|
field :identity_provider, Types::IdentityProvider, null: false
|
14
14
|
field :errors, [String], null: false
|
15
15
|
|
16
|
-
def resolve(
|
17
|
-
provider =
|
16
|
+
def resolve(**args)
|
17
|
+
provider = identity_provider(**args)
|
18
18
|
|
19
19
|
return response_data(identity_provider: provider) if provider.update(args)
|
20
20
|
|
21
|
-
response_error(errors:
|
21
|
+
response_error(errors: provider.errors.messages)
|
22
22
|
end
|
23
23
|
|
24
|
-
def
|
25
|
-
|
26
|
-
|
27
|
-
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
-
|
29
|
-
return true if domain == context[:scope]
|
24
|
+
def domain(**args)
|
25
|
+
identity_provider(**args)&.domain
|
26
|
+
end
|
30
27
|
|
31
|
-
|
28
|
+
def identity_provider(id:, **_args)
|
29
|
+
@identity_provider ||= Osso::Models::IdentityProvider.find(id)
|
32
30
|
end
|
33
31
|
end
|
34
32
|
end
|
@@ -8,17 +8,24 @@ module Osso
|
|
8
8
|
|
9
9
|
argument :domain, String, required: true
|
10
10
|
argument :name, String, required: true
|
11
|
+
argument :oauth_client_id, String, required: false
|
11
12
|
|
12
13
|
field :enterprise_account, Types::EnterpriseAccount, null: false
|
13
14
|
field :errors, [String], null: false
|
14
15
|
|
15
16
|
def resolve(**args)
|
16
17
|
enterprise_account = Osso::Models::EnterpriseAccount.new(args)
|
18
|
+
enterprise_account.oauth_client_id ||= find_client_db_id(context[:oauth_client_id])
|
17
19
|
|
18
20
|
return response_data(enterprise_account: enterprise_account) if enterprise_account.save
|
19
21
|
|
20
22
|
response_error(errors: enterprise_account.errors.full_messages)
|
21
23
|
end
|
24
|
+
|
25
|
+
def find_client_db_id(oauth_client_identifier)
|
26
|
+
Osso::Models::OauthClient.find_by(identifier: oauth_client_identifier).
|
27
|
+
id
|
28
|
+
end
|
22
29
|
end
|
23
30
|
end
|
24
31
|
end
|
@@ -12,18 +12,27 @@ module Osso
|
|
12
12
|
field :identity_provider, Types::IdentityProvider, null: false
|
13
13
|
field :errors, [String], null: false
|
14
14
|
|
15
|
-
def resolve(
|
16
|
-
|
17
|
-
|
18
|
-
|
15
|
+
def resolve(service: nil, **args)
|
16
|
+
customer = enterprise_account(**args)
|
17
|
+
|
18
|
+
identity_provider = customer.identity_providers.build(
|
19
19
|
service: service,
|
20
|
-
domain:
|
20
|
+
domain: customer.domain,
|
21
|
+
oauth_client_id: customer.oauth_client_id,
|
21
22
|
)
|
22
23
|
|
23
24
|
return response_data(identity_provider: identity_provider) if identity_provider.save
|
24
25
|
|
25
26
|
response_error(errors: identity_provider.errors.full_messages)
|
26
27
|
end
|
28
|
+
|
29
|
+
def domain(**args)
|
30
|
+
enterprise_account(**args)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def enterprise_account(enterprise_account_id:, **_args)
|
34
|
+
@enterprise_account ||= Osso::Models::EnterpriseAccount.find(enterprise_account_id)
|
35
|
+
end
|
27
36
|
end
|
28
37
|
end
|
29
38
|
end
|
@@ -11,22 +11,20 @@ module Osso
|
|
11
11
|
field :enterprise_account, Types::EnterpriseAccount, null: true
|
12
12
|
field :errors, [String], null: false
|
13
13
|
|
14
|
-
def
|
15
|
-
enterprise_account
|
16
|
-
|
17
|
-
return response_data(enterprise_account: nil) if enterprise_account.destroy
|
18
|
-
|
19
|
-
response_error(errors: enterprise_account.errors.full_messages)
|
14
|
+
def enterprise_account(id:, **_args)
|
15
|
+
@enterprise_account ||= Osso::Models::EnterpriseAccount.find(id)
|
20
16
|
end
|
21
17
|
|
22
|
-
def
|
23
|
-
|
18
|
+
def resolve(**args)
|
19
|
+
customer = enterprise_account(**args)
|
24
20
|
|
25
|
-
|
21
|
+
return response_data(enterprise_account: nil) if customer.destroy
|
26
22
|
|
27
|
-
|
23
|
+
response_error(errors: customer.errors.full_messages)
|
24
|
+
end
|
28
25
|
|
29
|
-
|
26
|
+
def domain(**args)
|
27
|
+
enterprise_account(**args).domain
|
30
28
|
end
|
31
29
|
end
|
32
30
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class UpdateAppConfig < BaseMutation
|
7
|
+
null false
|
8
|
+
|
9
|
+
argument :name, String, required: false
|
10
|
+
argument :logo_url, String, required: false
|
11
|
+
argument :contact_email, String, required: false
|
12
|
+
|
13
|
+
field :app_config, Types::AppConfig, null: true
|
14
|
+
field :errors, [String], null: false
|
15
|
+
|
16
|
+
def resolve(**args)
|
17
|
+
app_config = Osso::Models::AppConfig.find
|
18
|
+
return response_data(app_config: app_config) if app_config.update(**args)
|
19
|
+
|
20
|
+
response_error(errors: e)
|
21
|
+
end
|
22
|
+
|
23
|
+
def ready?(*)
|
24
|
+
admin_ready?
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/osso/graphql/query.rb
CHANGED
@@ -24,6 +24,13 @@ module Osso
|
|
24
24
|
argument :id, ID, required: true
|
25
25
|
end
|
26
26
|
|
27
|
+
field(
|
28
|
+
:app_config,
|
29
|
+
Types::AppConfig,
|
30
|
+
null: false,
|
31
|
+
resolve: ->(_obj, _args, _context) { Osso::Models::AppConfig.find },
|
32
|
+
)
|
33
|
+
|
27
34
|
field(
|
28
35
|
:oauth_client,
|
29
36
|
Types::OauthClient,
|
@@ -32,6 +39,13 @@ module Osso
|
|
32
39
|
) do
|
33
40
|
argument :id, ID, required: true
|
34
41
|
end
|
42
|
+
|
43
|
+
field(
|
44
|
+
:current_user,
|
45
|
+
Types::AdminUser,
|
46
|
+
null: false,
|
47
|
+
resolve: ->(_obj, _args, context) { context.to_h },
|
48
|
+
)
|
35
49
|
end
|
36
50
|
end
|
37
51
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Resolvers
|
6
|
+
class BaseResolver < ::GraphQL::Schema::Resolver
|
7
|
+
def admin_authorized?
|
8
|
+
context[:scope] == 'admin'
|
9
|
+
end
|
10
|
+
|
11
|
+
def internal_authorized?
|
12
|
+
%w[admin internal].include?(context[:scope])
|
13
|
+
end
|
14
|
+
|
15
|
+
def enterprise_authorized?(domain)
|
16
|
+
context[:scope] == domain
|
17
|
+
end
|
18
|
+
|
19
|
+
def context_domain
|
20
|
+
context[:email].split('@')[1]
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|