osso 0.0.3.2 → 0.0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. checksums.yaml +4 -4
  2. data/.buildkite/pipeline.yml +4 -1
  3. data/.rubocop.yml +1 -2
  4. data/Gemfile.lock +3 -1
  5. data/bin/console +4 -3
  6. data/config/database.yml +2 -2
  7. data/db/schema.rb +133 -1
  8. data/lib/osso.rb +2 -0
  9. data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
  10. data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
  11. data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
  12. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
  13. data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
  14. data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
  15. data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
  16. data/lib/osso/graphql/mutation.rb +10 -5
  17. data/lib/osso/graphql/mutations.rb +5 -2
  18. data/lib/osso/graphql/mutations/base_mutation.rb +35 -14
  19. data/lib/osso/graphql/mutations/configure_identity_provider.rb +31 -21
  20. data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
  21. data/lib/osso/graphql/mutations/create_identity_provider.rb +22 -16
  22. data/lib/osso/graphql/mutations/set_identity_provider.rb +27 -0
  23. data/lib/osso/graphql/query.rb +19 -22
  24. data/lib/osso/graphql/resolvers.rb +5 -1
  25. data/lib/osso/graphql/resolvers/enterprise_account.rb +16 -12
  26. data/lib/osso/graphql/resolvers/enterprise_accounts.rb +10 -6
  27. data/lib/osso/graphql/resolvers/oauth_clients.rb +9 -5
  28. data/lib/osso/graphql/schema.rb +27 -19
  29. data/lib/osso/graphql/types.rb +4 -1
  30. data/lib/osso/graphql/types/base_enum.rb +6 -2
  31. data/lib/osso/graphql/types/base_input_object.rb +10 -0
  32. data/lib/osso/graphql/types/base_object.rb +6 -2
  33. data/lib/osso/graphql/types/enterprise_account.rb +22 -18
  34. data/lib/osso/graphql/types/identity_provider.rb +26 -25
  35. data/lib/osso/graphql/types/identity_provider_service.rb +8 -4
  36. data/lib/osso/graphql/types/oauth_client.rb +13 -9
  37. data/lib/osso/graphql/types/user.rb +10 -5
  38. data/lib/osso/helpers/auth.rb +5 -3
  39. data/lib/osso/lib/app_config.rb +1 -1
  40. data/lib/osso/lib/route_map.rb +28 -0
  41. data/lib/osso/models/enterprise_account.rb +4 -4
  42. data/lib/osso/models/identity_provider.rb +48 -0
  43. data/lib/osso/models/models.rb +1 -1
  44. data/lib/osso/models/oauth_client.rb +2 -2
  45. data/lib/osso/models/saml_provider.rb +13 -16
  46. data/lib/osso/models/saml_providers/azure_saml_provider.rb +2 -2
  47. data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
  48. data/lib/osso/models/user.rb +3 -3
  49. data/lib/osso/routes/admin.rb +18 -15
  50. data/lib/osso/routes/auth.rb +30 -27
  51. data/lib/osso/routes/oauth.rb +50 -45
  52. data/lib/osso/version.rb +1 -1
  53. data/osso-rb.gemspec +3 -3
  54. data/spec/factories/enterprise_account.rb +5 -4
  55. data/spec/factories/identity_providers.rb +49 -0
  56. data/spec/factories/user.rb +1 -1
  57. data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
  58. data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
  59. data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
  60. data/spec/graphql/query/enterprise_account_spec.rb +68 -0
  61. data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
  62. data/spec/graphql/query/identity_provider_spec.rb +65 -0
  63. data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
  64. data/spec/models/azure_saml_provider_spec.rb +14 -14
  65. data/spec/models/identity_provider_spec.rb +17 -0
  66. data/spec/models/okta_saml_provider_spec.rb +15 -15
  67. data/spec/routes/admin_spec.rb +2 -0
  68. data/spec/routes/auth_spec.rb +9 -9
  69. data/spec/routes/oauth_spec.rb +1 -1
  70. data/spec/spec_helper.rb +4 -5
  71. data/spec/support/spec_app.rb +9 -0
  72. data/spec/support/views/admin.erb +5 -0
  73. metadata +37 -12
  74. data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
  75. data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
  76. data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
  77. data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
  78. data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
  79. data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
  80. data/lib/osso/db/schema.rb +0 -132
  81. data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -23
  82. data/spec/factories/saml_providers.rb +0 -46
  83. data/spec/models/saml_provider_spec.rb +0 -31
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5436cc4ffd1836ba000cdea128e83432cc94528d49ab407110fcacf7df05895d
4
- data.tar.gz: c84623f25ff2893b0d7aeec78d6d9cfc28294c194abfaff2fc7e80862de0a70f
3
+ metadata.gz: 5e43fcdb190c819ff0da0cb9ac9358152f42804f7fa116771d9dd458bf141c30
4
+ data.tar.gz: 65f6005798ec50a1ad4dd297c695aa08c80fb2ba8cc059eaa38cfb5f15a13dcc
5
5
  SHA512:
6
- metadata.gz: 854fbac14e9d96122b17af1de627bfb21a70a2f055edf7d9bda2179cd246f19e233b34fc468da9ff59b1a62271b7faaa2a5450c853c6c518d9531f62d4218475
7
- data.tar.gz: e6df4b4874341659bb60704a9bfa1ddadf703b86ff0629c8174ac9bc83ceec019dc07d74e67f5cff71871c7f32dc7ea29a3a1959cb7a07f782ac8cc58fb9f9f5
6
+ metadata.gz: 617a3e1e5a5b476c4758476f7708e12a752d8d448a46866e37352ee319dcd5c08f2d0726d81c4ec1054e5129073840d6d76aad24ef938a1ccaf475bd72cc6d7b
7
+ data.tar.gz: 77f11455be71add868a54d61683be3dc9a09231a92fdbf1abbb05c685732c6469eaeb9acbbd765ff0ff894960224bdcb736525687b234c002a46a1e4d0b2dba6
@@ -1,3 +1,6 @@
1
1
  steps:
2
2
  - name: ":rspec:"
3
- command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
3
+ commands:
4
+ - "bundle install"
5
+ - "bundle exec rake db:test:prepare"
6
+ - "bundle exec rspec"
@@ -1,8 +1,7 @@
1
1
  AllCops:
2
2
  Exclude:
3
- - client/**/*
4
3
  - db/**/*
5
- - node_modules/**/*
4
+ - lib/osso/db/**/*
6
5
 
7
6
  # New rules must be explicitly opted into / out of
8
7
  Lint/RaiseException:
@@ -1,8 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- osso (0.0.3.2)
4
+ osso (0.0.3.7)
5
5
  activesupport (>= 6.0.3.2)
6
+ graphql
6
7
  jwt
7
8
  omniauth-multi-provider
8
9
  omniauth-saml
@@ -48,6 +49,7 @@ GEM
48
49
  activesupport (>= 5.0.0)
49
50
  faker (2.13.0)
50
51
  i18n (>= 1.6, < 2)
52
+ graphql (1.11.1)
51
53
  hashdiff (1.0.1)
52
54
  hashie (4.1.0)
53
55
  httpclient (2.8.3)
@@ -1,7 +1,8 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require "bundler/setup"
4
- require "osso"
4
+ require 'bundler/setup'
5
+ require 'osso'
5
6
 
6
- require "irb"
7
+ require 'irb'
7
8
  IRB.start(__FILE__)
@@ -2,13 +2,13 @@ development:
2
2
  adapter: postgresql
3
3
  encoding: unicode
4
4
  pool: 5
5
- database: osso
5
+ database: ossorb-development
6
6
  host: ''
7
7
  port: 5432
8
8
  test:
9
9
  adapter: postgresql
10
10
  encoding: unicode
11
11
  pool: 5
12
- database: osso-test
12
+ database: ossorb-test
13
13
  host: ''
14
14
  port: 5432
@@ -1 +1,133 @@
1
- # frozen_string_literal: true
1
+ # This file is auto-generated from the current state of the database. Instead
2
+ # of editing this file, please use the migrations feature of Active Record to
3
+ # incrementally modify your database, and then regenerate this schema definition.
4
+ #
5
+ # This file is the source Rails uses to define your schema when running `rails
6
+ # db:schema:load`. When creating a new database, `rails db:schema:load` tends to
7
+ # be faster and is potentially less error prone than running all of your
8
+ # migrations from scratch. Old migrations may fail to apply correctly if those
9
+ # migrations use external dependencies or application code.
10
+ #
11
+ # It's strongly recommended that you check this file into your version control system.
12
+
13
+ ActiveRecord::Schema.define(version: 2020_07_15_205801) do
14
+
15
+ # These are extensions that must be enabled in order to support this database
16
+ enable_extension "pgcrypto"
17
+ enable_extension "plpgsql"
18
+
19
+ create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
20
+ t.string "token"
21
+ t.datetime "expires_at"
22
+ t.datetime "created_at", precision: 6, null: false
23
+ t.datetime "updated_at", precision: 6, null: false
24
+ t.uuid "user_id"
25
+ t.uuid "oauth_client_id"
26
+ t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
27
+ t.index ["user_id"], name: "index_access_tokens_on_user_id"
28
+ end
29
+
30
+ create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
31
+ t.string "token"
32
+ t.string "redirect_uri"
33
+ t.datetime "expires_at"
34
+ t.datetime "created_at", precision: 6, null: false
35
+ t.datetime "updated_at", precision: 6, null: false
36
+ t.uuid "user_id"
37
+ t.uuid "oauth_client_id"
38
+ t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
39
+ t.index ["token"], name: "index_authorization_codes_on_token", unique: true
40
+ t.index ["user_id"], name: "index_authorization_codes_on_user_id"
41
+ end
42
+
43
+ create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
44
+ t.string "domain", null: false
45
+ t.uuid "external_uuid"
46
+ t.integer "external_int_id"
47
+ t.string "external_id"
48
+ t.uuid "oauth_client_id"
49
+ t.string "name", null: false
50
+ t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
51
+ t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
52
+ end
53
+
54
+ create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
55
+ t.string "service"
56
+ t.string "domain", null: false
57
+ t.string "sso_url"
58
+ t.text "sso_cert"
59
+ t.uuid "enterprise_account_id"
60
+ t.uuid "oauth_client_id"
61
+ t.index ["domain"], name: "index_identity_providers_on_domain"
62
+ t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
63
+ t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
64
+ end
65
+
66
+ create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
67
+ t.uuid "resource_owner_id", null: false
68
+ t.uuid "application_id", null: false
69
+ t.string "token", null: false
70
+ t.integer "expires_in", null: false
71
+ t.text "redirect_uri", null: false
72
+ t.datetime "created_at", null: false
73
+ t.datetime "revoked_at"
74
+ t.string "scopes", default: "", null: false
75
+ t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
76
+ t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
77
+ end
78
+
79
+ create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
80
+ t.uuid "resource_owner_id"
81
+ t.uuid "application_id"
82
+ t.string "token", null: false
83
+ t.string "refresh_token"
84
+ t.integer "expires_in"
85
+ t.datetime "revoked_at"
86
+ t.datetime "created_at", null: false
87
+ t.string "scopes"
88
+ t.string "previous_refresh_token", default: "", null: false
89
+ t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
90
+ t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
91
+ t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
92
+ end
93
+
94
+ create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
95
+ t.string "name", null: false
96
+ t.string "secret", null: false
97
+ t.text "redirect_uri", null: false
98
+ t.string "scopes", default: "", null: false
99
+ t.boolean "confidential", default: true, null: false
100
+ t.datetime "created_at", precision: 6, null: false
101
+ t.datetime "updated_at", precision: 6, null: false
102
+ end
103
+
104
+ create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
105
+ t.string "name", null: false
106
+ t.string "secret", null: false
107
+ t.string "identifier", null: false
108
+ t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
109
+ end
110
+
111
+ create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
112
+ t.string "uri", null: false
113
+ t.boolean "primary", default: false, null: false
114
+ t.uuid "oauth_client_id"
115
+ t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
116
+ t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
117
+ end
118
+
119
+ create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
120
+ t.string "email", null: false
121
+ t.string "idp_id", null: false
122
+ t.uuid "identity_provider_id"
123
+ t.uuid "enterprise_account_id"
124
+ t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
125
+ t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
126
+ end
127
+
128
+ add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
129
+ add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
130
+ add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
131
+ add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
132
+ add_foreign_key "users", "identity_providers"
133
+ end
@@ -4,6 +4,8 @@ module Osso
4
4
  require_relative 'osso/helpers/helpers'
5
5
  require_relative 'osso/lib/app_config'
6
6
  require_relative 'osso/lib/oauth2_token'
7
+ require_relative 'osso/lib/route_map'
7
8
  require_relative 'osso/models/models'
8
9
  require_relative 'osso/routes/routes'
10
+ require_relative 'osso/graphql/schema'
9
11
  end
@@ -0,0 +1,12 @@
1
+ class CreateIdentityProviders < ActiveRecord::Migration[6.0]
2
+ def change
3
+ create_table :identity_providers, id: :uuid do |t|
4
+ t.string :service
5
+ t.string :domain, null: false
6
+ t.string :idp_sso_target_url
7
+ t.text :idp_cert
8
+ end
9
+
10
+ add_index :identity_providers, :domain
11
+ end
12
+ end
@@ -1,7 +1,7 @@
1
1
  class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
2
2
  def change
3
- add_column :users, :saml_provider_id, :uuid
3
+ add_column :users, :identity_provider_id, :uuid
4
4
 
5
- add_foreign_key :users, :saml_providers
5
+ add_foreign_key :users, :identity_providers
6
6
  end
7
7
  end
@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
9
9
 
10
10
  add_index :enterprise_accounts, :domain, unique: true
11
11
 
12
- add_reference :saml_providers, :enterprise_account, type: :uuid, index: true
12
+ add_reference :identity_providers, :enterprise_account, type: :uuid, index: true
13
13
  add_reference :users, :enterprise_account, type: :uuid, index: true
14
14
  end
15
15
  end
@@ -0,0 +1,6 @@
1
+ class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
2
+ def change
3
+ add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
4
+ add_reference :identity_providers, :oauth_client, type: :uuid, index: true
5
+ end
6
+ end
@@ -0,0 +1,17 @@
1
+ class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
2
+ def change
3
+ def up
4
+ execute <<-SQL
5
+ CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
6
+ SQL
7
+ chnage_column :identity_providers, :service, :identity_provider_service
8
+ end
9
+
10
+ def down
11
+ chnage_column :identity_providers, :service, :text
12
+ execute <<-SQL
13
+ DROP TYPE identity_provider_service;
14
+ SQL
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,6 @@
1
+ class RenameIdpFieldsOnIdentityProviderToSso < ActiveRecord::Migration[6.0]
2
+ def change
3
+ rename_column :identity_providers, :idp_cert, :sso_cert
4
+ rename_column :identity_providers, :idp_sso_target_url, :sso_url
5
+ end
6
+ end
@@ -0,0 +1,5 @@
1
+ class AddNameToEnterpriseAccount < ActiveRecord::Migration[6.0]
2
+ def change
3
+ add_column :enterprise_accounts, :name, :string, null: false
4
+ end
5
+ end
@@ -2,10 +2,15 @@
2
2
 
3
3
  require_relative 'mutations'
4
4
 
5
- module Types
6
- class MutationType < BaseObject
7
- field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
8
- field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
9
- field :set_saml_provider, mutation: Mutations::SetSamlProvider
5
+ module Osso
6
+ module GraphQL
7
+ module Types
8
+ class MutationType < BaseObject
9
+ field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
10
+ field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
11
+ field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
12
+ field :set_identity_provider, mutation: Mutations::SetSamlProvider
13
+ end
14
+ end
10
15
  end
11
16
  end
@@ -1,9 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Mutations
3
+ module Osso
4
+ module Mutations
5
+ end
4
6
  end
5
7
 
6
8
  require_relative 'mutations/base_mutation'
7
9
  require_relative 'mutations/configure_identity_provider'
8
10
  require_relative 'mutations/create_identity_provider'
9
- require_relative 'mutations/set_saml_provider'
11
+ require_relative 'mutations/create_enterprise_account'
12
+ require_relative 'mutations/set_identity_provider'
@@ -1,20 +1,41 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Mutations
4
- class BaseMutation < GraphQL::Schema::RelayClassicMutation
5
- # This is used for generating payload types
6
- object_class Types::BaseObject
7
- # # This is used for return fields on the mutation's payload
8
- # field_class Types::BaseField
9
- # # This is used for generating the `input: { ... }` object type
10
- # input_object_class Types::BaseInputObject
11
-
12
- def return_data(data)
13
- data.merge(errors: [])
14
- end
3
+ module Osso
4
+ module GraphQL
5
+ module Mutations
6
+ class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
7
+ object_class Types::BaseObject
8
+ input_object_class Types::BaseInputObject
9
+
10
+ def response_data(data)
11
+ data.merge(errors: [])
12
+ end
13
+
14
+ def response_error(error)
15
+ error.merge(data: nil)
16
+ end
17
+
18
+ def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
19
+ return true if context[:scope] == :admin
20
+
21
+ domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
22
+ return true if domain == context[:scope]
23
+
24
+ raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
25
+ end
26
+
27
+ def account_domain(id)
28
+ return false unless id
29
+
30
+ Osso::Models::EnterpriseAccount.find(id)&.domain
31
+ end
32
+
33
+ def provider_domain(id)
34
+ return false unless id
15
35
 
16
- def return_error(error)
17
- error.merge(data: nil)
36
+ Osso::Models::IdentityProvider.find(id)&.domain
37
+ end
38
+ end
18
39
  end
19
40
  end
20
41
  end
@@ -1,26 +1,36 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- module Mutations
4
- class ConfigureIdentityProvider < BaseMutation
5
- null false
6
- argument :id, ID, required: true
7
- # argument :provider, Types::IdentityProviderService, required: true
8
- argument :sso_url, String, required: true
9
- argument :sso_cert, String, required: true
10
-
11
- field :identity_provider, Types::IdentityProvider, null: true
12
- field :errors, [String], null: false
13
-
14
- def resolve(id:, sso_url:, sso_cert:)
15
- provider = Osso::Models::SamlProvider.find(id)
16
- provider.update(
17
- idp_cert: sso_cert,
18
- idp_sso_target_url: sso_url,
19
- )
20
-
21
- return_data(identity_provider: provider)
22
- # rescue StandardError => e
23
- # return_error(errors: e.full_message)
3
+ module Osso
4
+ module GraphQL
5
+ module Mutations
6
+ class ConfigureIdentityProvider < BaseMutation
7
+ null false
8
+ argument :id, ID, required: true
9
+ argument :service, Types::IdentityProviderService, required: false
10
+ argument :sso_url, String, required: false
11
+ argument :sso_cert, String, required: false
12
+
13
+ field :identity_provider, Types::IdentityProvider, null: false
14
+ field :errors, [String], null: false
15
+
16
+ def resolve(id:, **args)
17
+ provider = Osso::Models::IdentityProvider.find(id)
18
+
19
+ return response_data(identity_provider: provider) if provider.update(args)
20
+
21
+ response_error(errors: provder.errors.messages)
22
+ end
23
+
24
+ def ready?(id:, **args)
25
+ return true if context[:scope] == :admin
26
+
27
+ domain = Osso::Models::IdentityProvider.find(id)&.domain
28
+
29
+ return true if domain == context[:scope]
30
+
31
+ raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
32
+ end
33
+ end
24
34
  end
25
35
  end
26
36
  end