osso 0.0.3.17 → 0.0.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +9 -0
- data/Gemfile +1 -0
- data/Gemfile.lock +9 -1
- data/README.md +3 -2
- data/db/schema.rb +9 -1
- data/lib/osso/db/migrate/20200826201852_create_app_config.rb +11 -0
- data/lib/osso/graphql/mutation.rb +1 -0
- data/lib/osso/graphql/mutations.rb +1 -0
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +7 -2
- data/lib/osso/graphql/mutations/update_app_config.rb +29 -0
- data/lib/osso/graphql/query.rb +7 -0
- data/lib/osso/graphql/resolvers/base_resolver.rb +4 -0
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +1 -1
- data/lib/osso/graphql/types.rb +1 -0
- data/lib/osso/graphql/types/app_config.rb +22 -0
- data/lib/osso/helpers/auth.rb +17 -14
- data/lib/osso/models/app_config.rb +33 -0
- data/lib/osso/models/identity_provider.rb +7 -5
- data/lib/osso/models/models.rb +1 -0
- data/lib/osso/models/oauth_client.rb +2 -2
- data/lib/osso/routes/admin.rb +7 -1
- data/lib/osso/version.rb +1 -1
- data/lib/tasks/bootstrap.rake +2 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +40 -0
- data/spec/helpers/auth_spec.rb +97 -0
- data/spec/spec_helper.rb +3 -0
- metadata +7 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1f017aca126a5a5d516394ae1f13be3eaa91deb759f602571ba372fec06b1ee2
|
4
|
+
data.tar.gz: ccac449dd89bf23b16a56a190837b2deeffc85bee95f7d7e6f7fd245b9762e17
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e80f57d49d9a440d6e77c9b1b69a73e44b5ef28fda17289c19b1ed9a7ad5157391544899ae4b0d783864200faab119bf92343fe6f20b13ed2820068d5ceb80aa
|
7
|
+
data.tar.gz: 9fc798d93fb897fb166a7234f9fef33d2d4fcf4d9df703f77963a604fe2b664ba7bd1f577079e787ea5706de6e22eed75138151d435a5ace8a1ab1d32af09285
|
data/.buildkite/pipeline.yml
CHANGED
@@ -6,6 +6,15 @@ steps:
|
|
6
6
|
- bundle exec rake db:create
|
7
7
|
- RACK_ENV=test bundle exec rake db:migrate
|
8
8
|
- bundle exec rspec
|
9
|
+
artifact_paths:
|
10
|
+
- coverage/*
|
11
|
+
|
12
|
+
- name: ":codeclimate:"
|
13
|
+
plugins:
|
14
|
+
- jobready/codeclimate-test-reporter#v2.0:
|
15
|
+
artifact: "coverage/.resultset.json"
|
16
|
+
input_type: simplecov
|
17
|
+
prefix: '/var/lib/buildkite-agent/builds/enterprise-oss-bk-1/enterpriseoss/osso-rb/'
|
9
18
|
|
10
19
|
- block: ":rubygems: Publish :red_button:"
|
11
20
|
branches: "main"
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.22)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
graphql
|
7
7
|
jwt
|
@@ -48,6 +48,7 @@ GEM
|
|
48
48
|
activerecord
|
49
49
|
database_cleaner (~> 1.8.0)
|
50
50
|
diff-lcs (1.4.4)
|
51
|
+
docile (1.3.2)
|
51
52
|
factory_bot (6.0.2)
|
52
53
|
activesupport (>= 5.0.0)
|
53
54
|
faker (2.13.0)
|
@@ -58,6 +59,7 @@ GEM
|
|
58
59
|
httpclient (2.8.3)
|
59
60
|
i18n (1.8.3)
|
60
61
|
concurrent-ruby (~> 1.0)
|
62
|
+
json (2.3.1)
|
61
63
|
json-jwt (1.13.0)
|
62
64
|
activesupport (>= 4.2)
|
63
65
|
aes_key_wrap
|
@@ -133,6 +135,11 @@ GEM
|
|
133
135
|
nokogiri (>= 1.5.10)
|
134
136
|
ruby2_keywords (0.0.2)
|
135
137
|
safe_yaml (1.0.5)
|
138
|
+
simplecov (0.17.0)
|
139
|
+
docile (~> 1.1)
|
140
|
+
json (>= 1.8, < 3)
|
141
|
+
simplecov-html (~> 0.10.0)
|
142
|
+
simplecov-html (0.10.2)
|
136
143
|
sinatra (2.0.8.1)
|
137
144
|
mustermann (~> 1.0)
|
138
145
|
rack (~> 2.0)
|
@@ -174,6 +181,7 @@ DEPENDENCIES
|
|
174
181
|
rack-test
|
175
182
|
rspec (~> 3.2)
|
176
183
|
rubocop
|
184
|
+
simplecov (= 0.17)
|
177
185
|
webmock (~> 3.0)
|
178
186
|
|
179
187
|
BUNDLED WITH
|
data/README.md
CHANGED
@@ -1,2 +1,3 @@
|
|
1
|
-
[![Maintainability](https://api.codeclimate.com/v1/badges/
|
2
|
-
[![
|
1
|
+
[![Maintainability](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/maintainability)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/maintainability)
|
2
|
+
[![Test Coverage](https://api.codeclimate.com/v1/badges/0d80be043d2747e91ef3/test_coverage)](https://codeclimate.com/repos/5f4676cc3f757b01b6011403/test_coverage)
|
3
|
+
[![Build status](https://badge.buildkite.com/0e01845bdd51be4131b9cbd496d9caa39cd48f171fc2d9a9ca.svg)](https://buildkite.com/enterpriseoss/osso-rb)
|
data/db/schema.rb
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
#
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
12
12
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
13
|
+
ActiveRecord::Schema.define(version: 2020_08_26_201852) do
|
14
14
|
|
15
15
|
# These are extensions that must be enabled in order to support this database
|
16
16
|
enable_extension "pgcrypto"
|
@@ -27,6 +27,14 @@ ActiveRecord::Schema.define(version: 2020_07_23_162228) do
|
|
27
27
|
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
28
|
end
|
29
29
|
|
30
|
+
create_table "app_configs", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "contact_email"
|
32
|
+
t.string "logo_url"
|
33
|
+
t.string "name"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
end
|
37
|
+
|
30
38
|
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
39
|
t.string "token"
|
32
40
|
t.string "redirect_uri"
|
@@ -14,6 +14,7 @@ module Osso
|
|
14
14
|
field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
|
15
15
|
field :set_redirect_uris, mutation: Mutations::SetRedirectUris
|
16
16
|
field :regenerate_oauth_credentials, mutation: Mutations::RegenerateOauthCredentials
|
17
|
+
field :update_app_config, mutation: Mutations::UpdateAppConfig
|
17
18
|
|
18
19
|
def self.authorized?(_object, _context)
|
19
20
|
# mutations are prevented from executing with ready? so
|
@@ -8,19 +8,24 @@ module Osso
|
|
8
8
|
|
9
9
|
argument :domain, String, required: true
|
10
10
|
argument :name, String, required: true
|
11
|
-
argument :oauth_client_id,
|
11
|
+
argument :oauth_client_id, String, required: false
|
12
12
|
|
13
13
|
field :enterprise_account, Types::EnterpriseAccount, null: false
|
14
14
|
field :errors, [String], null: false
|
15
15
|
|
16
16
|
def resolve(**args)
|
17
17
|
enterprise_account = Osso::Models::EnterpriseAccount.new(args)
|
18
|
-
enterprise_account.oauth_client_id ||= context[:oauth_client_id]
|
18
|
+
enterprise_account.oauth_client_id ||= find_client_db_id(context[:oauth_client_id])
|
19
19
|
|
20
20
|
return response_data(enterprise_account: enterprise_account) if enterprise_account.save
|
21
21
|
|
22
22
|
response_error(errors: enterprise_account.errors.full_messages)
|
23
23
|
end
|
24
|
+
|
25
|
+
def find_client_db_id(oauth_client_identifier)
|
26
|
+
Osso::Models::OauthClient.find_by(identifier: oauth_client_identifier).
|
27
|
+
id
|
28
|
+
end
|
24
29
|
end
|
25
30
|
end
|
26
31
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class UpdateAppConfig < BaseMutation
|
7
|
+
null false
|
8
|
+
|
9
|
+
argument :name, String, required: false
|
10
|
+
argument :logo_url, String, required: false
|
11
|
+
argument :contact_email, String, required: false
|
12
|
+
|
13
|
+
field :app_config, Types::AppConfig, null: true
|
14
|
+
field :errors, [String], null: false
|
15
|
+
|
16
|
+
def resolve(**args)
|
17
|
+
app_config = Osso::Models::AppConfig.find
|
18
|
+
return response_data(app_config: app_config) if app_config.update(**args)
|
19
|
+
|
20
|
+
response_error(errors: e)
|
21
|
+
end
|
22
|
+
|
23
|
+
def ready?(*)
|
24
|
+
admin_ready?
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/osso/graphql/query.rb
CHANGED
@@ -24,6 +24,13 @@ module Osso
|
|
24
24
|
argument :id, ID, required: true
|
25
25
|
end
|
26
26
|
|
27
|
+
field(
|
28
|
+
:app_config,
|
29
|
+
Types::AppConfig,
|
30
|
+
null: false,
|
31
|
+
resolve: ->(_obj, _args, _context) { Osso::Models::AppConfig.find },
|
32
|
+
)
|
33
|
+
|
27
34
|
field(
|
28
35
|
:oauth_client,
|
29
36
|
Types::OauthClient,
|
@@ -7,7 +7,7 @@ module Osso
|
|
7
7
|
type Types::EnterpriseAccount.connection_type, null: true
|
8
8
|
|
9
9
|
def resolve(sort_column: nil, sort_order: nil)
|
10
|
-
return Array(Osso::Models::EnterpriseAccount.find_by(domain:
|
10
|
+
return Array(Osso::Models::EnterpriseAccount.find_by(domain: context_domain)) unless internal_authorized?
|
11
11
|
|
12
12
|
accounts = Osso::Models::EnterpriseAccount
|
13
13
|
|
data/lib/osso/graphql/types.rb
CHANGED
@@ -10,6 +10,7 @@ require_relative 'types/base_object'
|
|
10
10
|
require_relative 'types/base_enum'
|
11
11
|
require_relative 'types/base_input_object'
|
12
12
|
require_relative 'types/admin_user'
|
13
|
+
require_relative 'types/app_config'
|
13
14
|
require_relative 'types/identity_provider_service'
|
14
15
|
require_relative 'types/identity_provider_status'
|
15
16
|
require_relative 'types/identity_provider'
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'graphql'
|
4
|
+
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class AppConfig < Types::BaseObject
|
9
|
+
description 'Configuration values for your application'
|
10
|
+
|
11
|
+
field :id, ID, null: false
|
12
|
+
field :name, String, null: true
|
13
|
+
field :logo_url, String, null: true
|
14
|
+
field :contact_email, String, null: true
|
15
|
+
|
16
|
+
def self.authorized?(_object, context)
|
17
|
+
admin_authorized?(context)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
data/lib/osso/helpers/auth.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'pry'
|
4
3
|
module Osso
|
5
4
|
module Helpers
|
6
5
|
module Auth
|
@@ -12,6 +11,8 @@ module Osso
|
|
12
11
|
|
13
12
|
def token_protected!
|
14
13
|
decode(token)
|
14
|
+
rescue JWT::DecodeError
|
15
|
+
halt 401
|
15
16
|
end
|
16
17
|
|
17
18
|
def enterprise_protected!(domain = nil)
|
@@ -24,6 +25,21 @@ module Osso
|
|
24
25
|
redirect ENV['JWT_URL']
|
25
26
|
end
|
26
27
|
|
28
|
+
def internal_protected!
|
29
|
+
return if admin_authorized?
|
30
|
+
return if internal_authorized?
|
31
|
+
|
32
|
+
redirect ENV['JWT_URL']
|
33
|
+
end
|
34
|
+
|
35
|
+
def admin_protected!
|
36
|
+
return true if admin_authorized?
|
37
|
+
|
38
|
+
redirect ENV['JWT_URL']
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
27
43
|
def enterprise_authorized?(domain)
|
28
44
|
decode(token)
|
29
45
|
|
@@ -33,13 +49,6 @@ module Osso
|
|
33
49
|
false
|
34
50
|
end
|
35
51
|
|
36
|
-
def internal_protected!
|
37
|
-
return if admin_authorized?
|
38
|
-
return if internal_authorized?
|
39
|
-
|
40
|
-
redirect ENV['JWT_URL']
|
41
|
-
end
|
42
|
-
|
43
52
|
def internal_authorized?
|
44
53
|
decode(token)
|
45
54
|
|
@@ -48,12 +57,6 @@ module Osso
|
|
48
57
|
false
|
49
58
|
end
|
50
59
|
|
51
|
-
def admin_protected!
|
52
|
-
return if admin_authorized?
|
53
|
-
|
54
|
-
redirect ENV['JWT_URL']
|
55
|
-
end
|
56
|
-
|
57
60
|
def admin_authorized?
|
58
61
|
decode(token)
|
59
62
|
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Osso
|
4
|
+
module Models
|
5
|
+
class AppConfig < ::ActiveRecord::Base
|
6
|
+
validate :limit_to_one, on: :create
|
7
|
+
|
8
|
+
def self.find
|
9
|
+
first
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def limit_to_one
|
15
|
+
return if Osso::Models::AppConfig.count.zero?
|
16
|
+
|
17
|
+
errors[:base] << 'AppConfig already exists'
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
# == Schema Information
|
24
|
+
#
|
25
|
+
# Table name: app_configs
|
26
|
+
#
|
27
|
+
# id :uuid not null, primary key
|
28
|
+
# contact_email :string
|
29
|
+
# logo_url :string
|
30
|
+
# name :string
|
31
|
+
# created_at :datetime not null
|
32
|
+
# updated_at :datetime not null
|
33
|
+
#
|
@@ -12,10 +12,6 @@ module Osso
|
|
12
12
|
|
13
13
|
def name
|
14
14
|
service.titlecase
|
15
|
-
# raise(
|
16
|
-
# NoMethodError,
|
17
|
-
# '#name must be defined on each provider specific subclass',
|
18
|
-
# )
|
19
15
|
end
|
20
16
|
|
21
17
|
def saml_options
|
@@ -29,7 +25,7 @@ module Osso
|
|
29
25
|
|
30
26
|
def assertion_consumer_service_url
|
31
27
|
[
|
32
|
-
|
28
|
+
root_url,
|
33
29
|
'auth',
|
34
30
|
'saml',
|
35
31
|
id,
|
@@ -44,6 +40,12 @@ module Osso
|
|
44
40
|
|
45
41
|
self.status = 'CONFIGURED' if sso_url && sso_cert
|
46
42
|
end
|
43
|
+
|
44
|
+
def root_url
|
45
|
+
return "https://${ENV['HEROKU_APP_NAME]}.herokuapp.com" if ENV['HEROKU_APP_NAME']
|
46
|
+
|
47
|
+
ENV.fetch('BASE_URL')
|
48
|
+
end
|
47
49
|
end
|
48
50
|
end
|
49
51
|
end
|
data/lib/osso/models/models.rb
CHANGED
data/lib/osso/routes/admin.rb
CHANGED
@@ -13,6 +13,12 @@ module Osso
|
|
13
13
|
end
|
14
14
|
|
15
15
|
namespace '/admin' do
|
16
|
+
get '/login' do
|
17
|
+
token_protected!
|
18
|
+
|
19
|
+
erb :admin
|
20
|
+
end
|
21
|
+
|
16
22
|
get '' do
|
17
23
|
internal_protected!
|
18
24
|
|
@@ -20,7 +26,7 @@ module Osso
|
|
20
26
|
end
|
21
27
|
|
22
28
|
get '/enterprise' do
|
23
|
-
|
29
|
+
token_protected!
|
24
30
|
|
25
31
|
erb :admin
|
26
32
|
end
|
data/lib/osso/version.rb
CHANGED
data/lib/tasks/bootstrap.rake
CHANGED
@@ -5,6 +5,7 @@ require 'spec_helper'
|
|
5
5
|
describe Osso::GraphQL::Schema do
|
6
6
|
describe 'CreateIdentityProvider' do
|
7
7
|
let(:domain) { Faker::Internet.domain_name }
|
8
|
+
let!(:oauth_client) { create(:oauth_client) }
|
8
9
|
let(:variables) do
|
9
10
|
{
|
10
11
|
input: {
|
@@ -41,11 +42,45 @@ describe Osso::GraphQL::Schema do
|
|
41
42
|
let(:current_context) do
|
42
43
|
{ scope: 'admin' }
|
43
44
|
end
|
45
|
+
let(:variables) do
|
46
|
+
{
|
47
|
+
input: {
|
48
|
+
name: Faker::Company.name,
|
49
|
+
domain: domain,
|
50
|
+
oauthClientId: oauth_client.id,
|
51
|
+
},
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'creates an Enterprise Account' do
|
56
|
+
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
57
|
+
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
58
|
+
to eq(domain)
|
59
|
+
end
|
60
|
+
|
61
|
+
it 'attaches the Enterprise Account to the correct OAuth Client' do
|
62
|
+
expect { subject }.to change { oauth_client.enterprise_accounts.count }.by(1)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe 'for an internal scoped user' do
|
67
|
+
let(:current_context) do
|
68
|
+
{
|
69
|
+
scope: 'internal',
|
70
|
+
email: 'user@saasco.com',
|
71
|
+
oauth_client_id: oauth_client.identifier,
|
72
|
+
}
|
73
|
+
end
|
74
|
+
|
44
75
|
it 'creates an Enterprise Account' do
|
45
76
|
expect { subject }.to change { Osso::Models::EnterpriseAccount.count }.by(1)
|
46
77
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
47
78
|
to eq(domain)
|
48
79
|
end
|
80
|
+
|
81
|
+
it 'attaches the Enterprise Account to the correct OAuth Client' do
|
82
|
+
expect { subject }.to change { oauth_client.enterprise_accounts.count }.by(1)
|
83
|
+
end
|
49
84
|
end
|
50
85
|
|
51
86
|
describe 'for an email scoped user' do
|
@@ -53,6 +88,7 @@ describe Osso::GraphQL::Schema do
|
|
53
88
|
{
|
54
89
|
scope: 'end-user',
|
55
90
|
email: "user@#{domain}",
|
91
|
+
oauth_client_id: oauth_client.identifier,
|
56
92
|
}
|
57
93
|
end
|
58
94
|
|
@@ -61,6 +97,10 @@ describe Osso::GraphQL::Schema do
|
|
61
97
|
expect(subject.dig('data', 'createEnterpriseAccount', 'enterpriseAccount', 'domain')).
|
62
98
|
to eq(domain)
|
63
99
|
end
|
100
|
+
|
101
|
+
it 'attaches the Enterprise Account to the correct OAuth Client' do
|
102
|
+
expect { subject }.to change { oauth_client.enterprise_accounts.count }.by(1)
|
103
|
+
end
|
64
104
|
end
|
65
105
|
describe 'for the wrong email scoped user' do
|
66
106
|
let(:current_context) do
|
@@ -0,0 +1,97 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Osso::Helpers::Auth do
|
6
|
+
before do
|
7
|
+
ENV['JWT_HMAC_SECRET'] = 'super-secret'
|
8
|
+
end
|
9
|
+
|
10
|
+
subject(:app) do
|
11
|
+
Class.new { include Osso::Helpers::Auth }
|
12
|
+
end
|
13
|
+
|
14
|
+
describe 'with the token as a header' do
|
15
|
+
before do
|
16
|
+
allow_any_instance_of(subject).to receive(:request) do
|
17
|
+
double('Request', env: { 'admin_token' => token }, post?: false)
|
18
|
+
end
|
19
|
+
|
20
|
+
allow_any_instance_of(subject).to receive(:redirect) do
|
21
|
+
false
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe 'with an admin token' do
|
26
|
+
let(:token) { encode({ scope: 'admin' }) }
|
27
|
+
|
28
|
+
it 'allows #token_protected! methods' do
|
29
|
+
expect(subject.new.token_protected!).to_not be(false)
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'allows #enterprise_protected! methods' do
|
33
|
+
expect(subject.new.enterprise_protected!).to_not be(false)
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'allows #internal_protected! methods' do
|
37
|
+
expect(subject.new.internal_protected!).to_not be(false)
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'allows #admin_protected! methods' do
|
41
|
+
expect(subject.new.admin_protected!).to_not be(false)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
describe 'with an internal token' do
|
46
|
+
let(:token) { encode({ scope: 'internal' }) }
|
47
|
+
|
48
|
+
it 'allows #token_protected! methods' do
|
49
|
+
expect(subject.new.token_protected!).to_not be(false)
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'allows #enterprise_protected! methods' do
|
53
|
+
expect(subject.new.enterprise_protected!).to_not be(false)
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'allows #internal_protected! methods' do
|
57
|
+
expect(subject.new.internal_protected!).to_not be(false)
|
58
|
+
end
|
59
|
+
|
60
|
+
it 'allows #admin_protected! methods' do
|
61
|
+
expect(subject.new.admin_protected!).to be(false)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
describe 'with an end-user token' do
|
66
|
+
let(:token) { encode({ scope: 'end-user', email: 'user@example.com' }) }
|
67
|
+
|
68
|
+
it 'allows #token_protected! methods' do
|
69
|
+
expect(subject.new.token_protected!).to_not be(false)
|
70
|
+
end
|
71
|
+
|
72
|
+
it 'allows #enterprise_protected! methods for the scoped domain' do
|
73
|
+
expect(subject.new.enterprise_protected!('example.com')).to_not be(false)
|
74
|
+
end
|
75
|
+
|
76
|
+
it 'halts #enterprise_protected! methods for the wrong scoped domain' do
|
77
|
+
expect(subject.new.enterprise_protected!('foo.com')).to be(false)
|
78
|
+
end
|
79
|
+
|
80
|
+
it 'halts #internal_protected! methods' do
|
81
|
+
expect(subject.new.internal_protected!).to be(false)
|
82
|
+
end
|
83
|
+
|
84
|
+
it 'halts #admin_protected! methods' do
|
85
|
+
expect(subject.new.admin_protected!).to be(false)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
def encode(payload)
|
91
|
+
JWT.encode(
|
92
|
+
payload,
|
93
|
+
ENV['JWT_HMAC_SECRET'],
|
94
|
+
'HS256',
|
95
|
+
)
|
96
|
+
end
|
97
|
+
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: osso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.3.
|
4
|
+
version: 0.0.3.22
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Bauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-08-
|
11
|
+
date: 2020-08-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -270,6 +270,7 @@ files:
|
|
270
270
|
- lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb
|
271
271
|
- lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb
|
272
272
|
- lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb
|
273
|
+
- lib/osso/db/migrate/20200826201852_create_app_config.rb
|
273
274
|
- lib/osso/graphql/.DS_Store
|
274
275
|
- lib/osso/graphql/mutation.rb
|
275
276
|
- lib/osso/graphql/mutations.rb
|
@@ -282,6 +283,7 @@ files:
|
|
282
283
|
- lib/osso/graphql/mutations/delete_oauth_client.rb
|
283
284
|
- lib/osso/graphql/mutations/regenerate_oauth_credentials.rb
|
284
285
|
- lib/osso/graphql/mutations/set_redirect_uris.rb
|
286
|
+
- lib/osso/graphql/mutations/update_app_config.rb
|
285
287
|
- lib/osso/graphql/query.rb
|
286
288
|
- lib/osso/graphql/resolvers.rb
|
287
289
|
- lib/osso/graphql/resolvers/base_resolver.rb
|
@@ -291,6 +293,7 @@ files:
|
|
291
293
|
- lib/osso/graphql/schema.rb
|
292
294
|
- lib/osso/graphql/types.rb
|
293
295
|
- lib/osso/graphql/types/admin_user.rb
|
296
|
+
- lib/osso/graphql/types/app_config.rb
|
294
297
|
- lib/osso/graphql/types/base_connection.rb
|
295
298
|
- lib/osso/graphql/types/base_enum.rb
|
296
299
|
- lib/osso/graphql/types/base_input_object.rb
|
@@ -308,6 +311,7 @@ files:
|
|
308
311
|
- lib/osso/lib/oauth2_token.rb
|
309
312
|
- lib/osso/lib/route_map.rb
|
310
313
|
- lib/osso/models/access_token.rb
|
314
|
+
- lib/osso/models/app_config.rb
|
311
315
|
- lib/osso/models/authorization_code.rb
|
312
316
|
- lib/osso/models/enterprise_account.rb
|
313
317
|
- lib/osso/models/identity_provider.rb
|
@@ -341,6 +345,7 @@ files:
|
|
341
345
|
- spec/graphql/query/enterprise_accounts_spec.rb
|
342
346
|
- spec/graphql/query/identity_provider_spec.rb
|
343
347
|
- spec/graphql/query/oauth_clients_spec.rb
|
348
|
+
- spec/helpers/auth_spec.rb
|
344
349
|
- spec/models/azure_saml_provider_spec.rb
|
345
350
|
- spec/models/identity_provider_spec.rb
|
346
351
|
- spec/models/okta_saml_provider_spec.rb
|