osso 0.0.3.21 → 0.0.3.26

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c333af7fbc082441290340a2d49c93256b0d6ba6eda97ae6ab3689ccf3335da7
-  data.tar.gz: b4f51151c6e1608b624a857b2ed657be48c44593af4dd621b558a74fe0cca297
+  metadata.gz: cb9f3d69563582f827ee2bca6484354ef751f2f4a47078227756a866b5bf59b0
+  data.tar.gz: da7fa02b67baf9c336d380bb3798874375b8580d6e414cc29193143ab7b33bb0
 SHA512:
-  metadata.gz: 2d3ab0db1e4f6137bfbfe30c6f90ed098e061fcd6f90cc62f6b7818bba64c9d59a9c56af3ef87ee987b12f472f69fd890d583406c1630cb80ac6b2725118e8c7
-  data.tar.gz: b6c1d1fda9fd6f4d24dfb5e03a8f3271ff5853ed9660921e0318065c8e0d6c57bce4f400a3b1c49f4b2171b203301c1c1782ba9f76b976cf42f65e9be801523c
+  metadata.gz: 2e4eff9a9f7c39460bd0691e6c5f67464e2350e36477d90f10ac1cc47277347f17c1a2a20ec61aff2194a630dc651a1d5f7ebaa3855af09829aaa4f5021a4fb6
+  data.tar.gz: 2f990d6ced375400d60a06200e3f14758c6574657cfd16509e6239511f0f4622bad5106ed1a819089dbf356b9e3612952682b1a52bdd7b450a0f6b8d26f00d56

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.21)
+    osso (0.0.3.26)
       activesupport (>= 6.0.3.2)
       graphql
       jwt

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -13,7 +13,7 @@ module Osso
 
         def resolve(id:)
           oauth_client = Osso::Models::OauthClient.find(id)
-          oauth_client.generate_secrets
+          oauth_client.regenerate_secrets!
 
           return response_data(oauth_client: oauth_client) if oauth_client.save
 

data/lib/osso/models/identity_provider.rb

@@ -4,7 +4,6 @@ module Osso
   module Models
     # Base class for SAML Providers
     class IdentityProvider < ActiveRecord::Base
-      NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
       belongs_to :enterprise_account
       belongs_to :oauth_client
       has_many :users
@@ -41,8 +40,18 @@ module Osso
         self.status = 'CONFIGURED' if sso_url && sso_cert
       end
 
+      def active!
+        update(status: 'ACTIVE')
+      end
+
+      def error!
+        update(status: 'ERROR')
+      end
+
       def root_url
-        ENV['HEROKU_APP_NAME'] || ENV.fetch('BASE_URL')
+        return "https://#{ENV['HEROKU_APP_NAME']}.herokuapp.com" if ENV['HEROKU_APP_NAME']
+
+        ENV.fetch('BASE_URL')
       end
     end
   end

data/lib/osso/models/oauth_client.rb

@@ -26,6 +26,11 @@ module Osso
         self.identifier ||= SecureRandom.hex(16)
         self.secret ||= SecureRandom.hex(32)
       end
+
+      def regenerate_secrets!
+        self.identifier = SecureRandom.hex(16)
+        self.secret = SecureRandom.hex(32)
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -58,8 +58,7 @@ module Osso
           oauth_client: @oauth_client,
           redirect_uri: redirect_uri,
         )
-
-        # Mark IDP as active
+        provider.active!
 
         redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{provider_state}")
       end

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.21'
+  VERSION = '0.0.3.26'
 end

data/spec/factories/identity_providers.rb

@@ -5,6 +5,7 @@ FactoryBot.define do
     id { SecureRandom.uuid }
     domain { Faker::Internet.domain_name }
     oauth_client
+    status { 'PENDING' }
 
     factory :okta_identity_provider, parent: :identity_provider do
       service { 'OKTA' }
@@ -21,6 +22,7 @@ FactoryBot.define do
     end
 
     factory :configured_identity_provider, parent: :identity_provider do
+      status { 'CONFIGURED' }
       sso_cert do
         <<~CERT
           -----BEGIN CERTIFICATE-----

data/spec/models/identity_provider_spec.rb

@@ -6,11 +6,20 @@ describe Osso::Models::IdentityProvider do
   subject { create(:okta_identity_provider) }
 
   describe '#assertion_consumer_service_url' do
-    it 'returns the expected URI' do
+    it 'returns the expected URI for BASE_URL' do
+      ENV['HEROKU_APP_NAME'] = nil
       ENV['BASE_URL'] = 'https://example.com'
 
       expect(subject.assertion_consumer_service_url).to eq(
-        "https://example.com/auth/saml/#{subject.id}/callback",
+        "#{ENV['BASE_URL']}/auth/saml/#{subject.id}/callback",
+      )
+    end
+
+    it 'returns the expected URI for HEROKU_APP_NAME' do
+      ENV['HEROKU_APP_NAME'] = 'test'
+
+      expect(subject.assertion_consumer_service_url).to eq(
+        "https://test.herokuapp.com/auth/saml/#{subject.id}/callback",
       )
     end
   end

data/spec/routes/auth_spec.rb

@@ -104,6 +104,17 @@ describe Osso::Auth do
             )
           end.to_not(change { Osso::Models::User.count })
         end
+        it 'marks the provider as ACTIVE' do
+          post(
+            "/auth/saml/#{okta_provider.id}/callback",
+            nil,
+            {
+              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+              'identity_provider' => okta_provider,
+            },
+          )
+          expect(okta_provider.reload.status).to eq('ACTIVE')
+        end
       end
     end
 
@@ -126,6 +137,21 @@ describe Osso::Auth do
             )
           end.to change { Osso::Models::User.count }.by(1)
         end
+
+        it 'marks the provider ACTIVE' do
+          mock_saml_omniauth
+
+          post(
+            "/auth/saml/#{azure_provider.id}/callback",
+            nil,
+            {
+              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+              'identity_provider' => azure_provider,
+            },
+          )
+
+          expect(azure_provider.reload.status).to eq('ACTIVE')
+        end
       end
 
       describe 'on subsequent authentications' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.21
+  version: 0.0.3.26
 platform: ruby
 authors:
 - Sam Bauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-27 00:00:00.000000000 Z
+date: 2020-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport