osso 0.0.3.2 → 0.0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +4 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +3 -1
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +133 -1
- data/lib/osso.rb +2 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/graphql/mutation.rb +10 -5
- data/lib/osso/graphql/mutations.rb +5 -2
- data/lib/osso/graphql/mutations/base_mutation.rb +35 -14
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +31 -21
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +22 -16
- data/lib/osso/graphql/mutations/set_identity_provider.rb +27 -0
- data/lib/osso/graphql/query.rb +19 -22
- data/lib/osso/graphql/resolvers.rb +5 -1
- data/lib/osso/graphql/resolvers/enterprise_account.rb +16 -12
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +10 -6
- data/lib/osso/graphql/resolvers/oauth_clients.rb +9 -5
- data/lib/osso/graphql/schema.rb +27 -19
- data/lib/osso/graphql/types.rb +4 -1
- data/lib/osso/graphql/types/base_enum.rb +6 -2
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +6 -2
- data/lib/osso/graphql/types/enterprise_account.rb +22 -18
- data/lib/osso/graphql/types/identity_provider.rb +26 -25
- data/lib/osso/graphql/types/identity_provider_service.rb +8 -4
- data/lib/osso/graphql/types/oauth_client.rb +13 -9
- data/lib/osso/graphql/types/user.rb +10 -5
- data/lib/osso/helpers/auth.rb +5 -3
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/enterprise_account.rb +4 -4
- data/lib/osso/models/identity_provider.rb +48 -0
- data/lib/osso/models/models.rb +1 -1
- data/lib/osso/models/oauth_client.rb +2 -2
- data/lib/osso/models/saml_provider.rb +13 -16
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +2 -2
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
- data/lib/osso/models/user.rb +3 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +49 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- data/spec/support/views/admin.erb +5 -0
- metadata +37 -12
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e43fcdb190c819ff0da0cb9ac9358152f42804f7fa116771d9dd458bf141c30
|
4
|
+
data.tar.gz: 65f6005798ec50a1ad4dd297c695aa08c80fb2ba8cc059eaa38cfb5f15a13dcc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 617a3e1e5a5b476c4758476f7708e12a752d8d448a46866e37352ee319dcd5c08f2d0726d81c4ec1054e5129073840d6d76aad24ef938a1ccaf475bd72cc6d7b
|
7
|
+
data.tar.gz: 77f11455be71add868a54d61683be3dc9a09231a92fdbf1abbb05c685732c6469eaeb9acbbd765ff0ff894960224bdcb736525687b234c002a46a1e4d0b2dba6
|
data/.buildkite/pipeline.yml
CHANGED
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.7)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
|
+
graphql
|
6
7
|
jwt
|
7
8
|
omniauth-multi-provider
|
8
9
|
omniauth-saml
|
@@ -48,6 +49,7 @@ GEM
|
|
48
49
|
activesupport (>= 5.0.0)
|
49
50
|
faker (2.13.0)
|
50
51
|
i18n (>= 1.6, < 2)
|
52
|
+
graphql (1.11.1)
|
51
53
|
hashdiff (1.0.1)
|
52
54
|
hashie (4.1.0)
|
53
55
|
httpclient (2.8.3)
|
data/bin/console
CHANGED
data/config/database.yml
CHANGED
@@ -2,13 +2,13 @@ development:
|
|
2
2
|
adapter: postgresql
|
3
3
|
encoding: unicode
|
4
4
|
pool: 5
|
5
|
-
database:
|
5
|
+
database: ossorb-development
|
6
6
|
host: ''
|
7
7
|
port: 5432
|
8
8
|
test:
|
9
9
|
adapter: postgresql
|
10
10
|
encoding: unicode
|
11
11
|
pool: 5
|
12
|
-
database:
|
12
|
+
database: ossorb-test
|
13
13
|
host: ''
|
14
14
|
port: 5432
|
data/db/schema.rb
CHANGED
@@ -1 +1,133 @@
|
|
1
|
-
#
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
+
#
|
5
|
+
# This file is the source Rails uses to define your schema when running `rails
|
6
|
+
# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
|
7
|
+
# be faster and is potentially less error prone than running all of your
|
8
|
+
# migrations from scratch. Old migrations may fail to apply correctly if those
|
9
|
+
# migrations use external dependencies or application code.
|
10
|
+
#
|
11
|
+
# It's strongly recommended that you check this file into your version control system.
|
12
|
+
|
13
|
+
ActiveRecord::Schema.define(version: 2020_07_15_205801) do
|
14
|
+
|
15
|
+
# These are extensions that must be enabled in order to support this database
|
16
|
+
enable_extension "pgcrypto"
|
17
|
+
enable_extension "plpgsql"
|
18
|
+
|
19
|
+
create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
20
|
+
t.string "token"
|
21
|
+
t.datetime "expires_at"
|
22
|
+
t.datetime "created_at", precision: 6, null: false
|
23
|
+
t.datetime "updated_at", precision: 6, null: false
|
24
|
+
t.uuid "user_id"
|
25
|
+
t.uuid "oauth_client_id"
|
26
|
+
t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
|
27
|
+
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "token"
|
32
|
+
t.string "redirect_uri"
|
33
|
+
t.datetime "expires_at"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
t.uuid "user_id"
|
37
|
+
t.uuid "oauth_client_id"
|
38
|
+
t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
|
39
|
+
t.index ["token"], name: "index_authorization_codes_on_token", unique: true
|
40
|
+
t.index ["user_id"], name: "index_authorization_codes_on_user_id"
|
41
|
+
end
|
42
|
+
|
43
|
+
create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
44
|
+
t.string "domain", null: false
|
45
|
+
t.uuid "external_uuid"
|
46
|
+
t.integer "external_int_id"
|
47
|
+
t.string "external_id"
|
48
|
+
t.uuid "oauth_client_id"
|
49
|
+
t.string "name", null: false
|
50
|
+
t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
|
51
|
+
t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
|
52
|
+
end
|
53
|
+
|
54
|
+
create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
55
|
+
t.string "service"
|
56
|
+
t.string "domain", null: false
|
57
|
+
t.string "sso_url"
|
58
|
+
t.text "sso_cert"
|
59
|
+
t.uuid "enterprise_account_id"
|
60
|
+
t.uuid "oauth_client_id"
|
61
|
+
t.index ["domain"], name: "index_identity_providers_on_domain"
|
62
|
+
t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
|
63
|
+
t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
|
64
|
+
end
|
65
|
+
|
66
|
+
create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
67
|
+
t.uuid "resource_owner_id", null: false
|
68
|
+
t.uuid "application_id", null: false
|
69
|
+
t.string "token", null: false
|
70
|
+
t.integer "expires_in", null: false
|
71
|
+
t.text "redirect_uri", null: false
|
72
|
+
t.datetime "created_at", null: false
|
73
|
+
t.datetime "revoked_at"
|
74
|
+
t.string "scopes", default: "", null: false
|
75
|
+
t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
|
76
|
+
t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
77
|
+
end
|
78
|
+
|
79
|
+
create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
80
|
+
t.uuid "resource_owner_id"
|
81
|
+
t.uuid "application_id"
|
82
|
+
t.string "token", null: false
|
83
|
+
t.string "refresh_token"
|
84
|
+
t.integer "expires_in"
|
85
|
+
t.datetime "revoked_at"
|
86
|
+
t.datetime "created_at", null: false
|
87
|
+
t.string "scopes"
|
88
|
+
t.string "previous_refresh_token", default: "", null: false
|
89
|
+
t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
|
90
|
+
t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
91
|
+
t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
92
|
+
end
|
93
|
+
|
94
|
+
create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
95
|
+
t.string "name", null: false
|
96
|
+
t.string "secret", null: false
|
97
|
+
t.text "redirect_uri", null: false
|
98
|
+
t.string "scopes", default: "", null: false
|
99
|
+
t.boolean "confidential", default: true, null: false
|
100
|
+
t.datetime "created_at", precision: 6, null: false
|
101
|
+
t.datetime "updated_at", precision: 6, null: false
|
102
|
+
end
|
103
|
+
|
104
|
+
create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
105
|
+
t.string "name", null: false
|
106
|
+
t.string "secret", null: false
|
107
|
+
t.string "identifier", null: false
|
108
|
+
t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
|
109
|
+
end
|
110
|
+
|
111
|
+
create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
112
|
+
t.string "uri", null: false
|
113
|
+
t.boolean "primary", default: false, null: false
|
114
|
+
t.uuid "oauth_client_id"
|
115
|
+
t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
|
116
|
+
t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
|
117
|
+
end
|
118
|
+
|
119
|
+
create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
120
|
+
t.string "email", null: false
|
121
|
+
t.string "idp_id", null: false
|
122
|
+
t.uuid "identity_provider_id"
|
123
|
+
t.uuid "enterprise_account_id"
|
124
|
+
t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
|
125
|
+
t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
|
126
|
+
end
|
127
|
+
|
128
|
+
add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
|
129
|
+
add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
|
130
|
+
add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
|
131
|
+
add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
|
132
|
+
add_foreign_key "users", "identity_providers"
|
133
|
+
end
|
data/lib/osso.rb
CHANGED
@@ -4,6 +4,8 @@ module Osso
|
|
4
4
|
require_relative 'osso/helpers/helpers'
|
5
5
|
require_relative 'osso/lib/app_config'
|
6
6
|
require_relative 'osso/lib/oauth2_token'
|
7
|
+
require_relative 'osso/lib/route_map'
|
7
8
|
require_relative 'osso/models/models'
|
8
9
|
require_relative 'osso/routes/routes'
|
10
|
+
require_relative 'osso/graphql/schema'
|
9
11
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :identity_providers, id: :uuid do |t|
|
4
|
+
t.string :service
|
5
|
+
t.string :domain, null: false
|
6
|
+
t.string :idp_sso_target_url
|
7
|
+
t.text :idp_cert
|
8
|
+
end
|
9
|
+
|
10
|
+
add_index :identity_providers, :domain
|
11
|
+
end
|
12
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
|
2
2
|
def change
|
3
|
-
add_column :users, :
|
3
|
+
add_column :users, :identity_provider_id, :uuid
|
4
4
|
|
5
|
-
add_foreign_key :users, :
|
5
|
+
add_foreign_key :users, :identity_providers
|
6
6
|
end
|
7
7
|
end
|
@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
|
|
9
9
|
|
10
10
|
add_index :enterprise_accounts, :domain, unique: true
|
11
11
|
|
12
|
-
add_reference :
|
12
|
+
add_reference :identity_providers, :enterprise_account, type: :uuid, index: true
|
13
13
|
add_reference :users, :enterprise_account, type: :uuid, index: true
|
14
14
|
end
|
15
15
|
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
|
4
|
+
add_reference :identity_providers, :oauth_client, type: :uuid, index: true
|
5
|
+
end
|
6
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
def up
|
4
|
+
execute <<-SQL
|
5
|
+
CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
|
6
|
+
SQL
|
7
|
+
chnage_column :identity_providers, :service, :identity_provider_service
|
8
|
+
end
|
9
|
+
|
10
|
+
def down
|
11
|
+
chnage_column :identity_providers, :service, :text
|
12
|
+
execute <<-SQL
|
13
|
+
DROP TYPE identity_provider_service;
|
14
|
+
SQL
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -2,10 +2,15 @@
|
|
2
2
|
|
3
3
|
require_relative 'mutations'
|
4
4
|
|
5
|
-
module
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class MutationType < BaseObject
|
9
|
+
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
|
10
|
+
field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
|
11
|
+
field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
|
12
|
+
field :set_identity_provider, mutation: Mutations::SetSamlProvider
|
13
|
+
end
|
14
|
+
end
|
10
15
|
end
|
11
16
|
end
|
@@ -1,9 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
3
|
+
module Osso
|
4
|
+
module Mutations
|
5
|
+
end
|
4
6
|
end
|
5
7
|
|
6
8
|
require_relative 'mutations/base_mutation'
|
7
9
|
require_relative 'mutations/configure_identity_provider'
|
8
10
|
require_relative 'mutations/create_identity_provider'
|
9
|
-
require_relative 'mutations/
|
11
|
+
require_relative 'mutations/create_enterprise_account'
|
12
|
+
require_relative 'mutations/set_identity_provider'
|
@@ -1,20 +1,41 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
|
7
|
+
object_class Types::BaseObject
|
8
|
+
input_object_class Types::BaseInputObject
|
9
|
+
|
10
|
+
def response_data(data)
|
11
|
+
data.merge(errors: [])
|
12
|
+
end
|
13
|
+
|
14
|
+
def response_error(error)
|
15
|
+
error.merge(data: nil)
|
16
|
+
end
|
17
|
+
|
18
|
+
def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
|
19
|
+
return true if context[:scope] == :admin
|
20
|
+
|
21
|
+
domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
|
22
|
+
return true if domain == context[:scope]
|
23
|
+
|
24
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
|
25
|
+
end
|
26
|
+
|
27
|
+
def account_domain(id)
|
28
|
+
return false unless id
|
29
|
+
|
30
|
+
Osso::Models::EnterpriseAccount.find(id)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def provider_domain(id)
|
34
|
+
return false unless id
|
15
35
|
|
16
|
-
|
17
|
-
|
36
|
+
Osso::Models::IdentityProvider.find(id)&.domain
|
37
|
+
end
|
38
|
+
end
|
18
39
|
end
|
19
40
|
end
|
20
41
|
end
|
@@ -1,26 +1,36 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class ConfigureIdentityProvider < BaseMutation
|
7
|
+
null false
|
8
|
+
argument :id, ID, required: true
|
9
|
+
argument :service, Types::IdentityProviderService, required: false
|
10
|
+
argument :sso_url, String, required: false
|
11
|
+
argument :sso_cert, String, required: false
|
12
|
+
|
13
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
14
|
+
field :errors, [String], null: false
|
15
|
+
|
16
|
+
def resolve(id:, **args)
|
17
|
+
provider = Osso::Models::IdentityProvider.find(id)
|
18
|
+
|
19
|
+
return response_data(identity_provider: provider) if provider.update(args)
|
20
|
+
|
21
|
+
response_error(errors: provder.errors.messages)
|
22
|
+
end
|
23
|
+
|
24
|
+
def ready?(id:, **args)
|
25
|
+
return true if context[:scope] == :admin
|
26
|
+
|
27
|
+
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
+
|
29
|
+
return true if domain == context[:scope]
|
30
|
+
|
31
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
|
32
|
+
end
|
33
|
+
end
|
24
34
|
end
|
25
35
|
end
|
26
36
|
end
|