osso 0.0.3.23 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d6374d1bf4804936900b667a432e5cd651b050813338821a491c930e868c22c
-  data.tar.gz: e4f3826a5300fce7bfaff6fc58c91a938e7f17763b7515df9d2df454b1fff0f3
+  metadata.gz: 944f6bc6e008f62881aae3d160c28d00a32eabb2440a3fa53d2987253b6f41ad
+  data.tar.gz: bcc00cb690a234be7bddecea1d8ff71c8bb31c3b0ddd19446db6945e7284e015
 SHA512:
-  metadata.gz: f091491e21a3e4131504da14d39a4e6b2901ae34e98e3fc60d05136fee29e48e2b94b999d8c38fff613caa54af2a1ea0d7b61c5793087955abf8e3f82b5f0d66
-  data.tar.gz: a6b78f9747cef840b2269dace7b6e305759c9355c8a710051b0478a2f31a5ef7c92f91873386bb02f5aa6d9b0f7fc13a1c44d7190543800094bc61cd94621d05
+  metadata.gz: 4a8bfeac2fc1b09ddf9e324c33d65038dc6044a9d3ec1edf5432d02e56e3fa4a8f9240942c4dedad24c89d2d20f03a871e9588a17d53aa2acb8f5bdb2691a5e6
+  data.tar.gz: afeb1f84b915cb97792333b2526e5576d94a9b60c6145e40d88932c96c6a57a4268d29fa25300108c695a1d32b6dde06aca8014ab6c218c0f93e6da33beafd62

data/.ruby-version

@@ -0,0 +1 @@
+2.6.6

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.23)
+    osso (0.0.4)
       activesupport (>= 6.0.3.2)
       graphql
       jwt
@@ -31,14 +31,13 @@ GEM
       zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aes_key_wrap (1.0.1)
+    aes_key_wrap (1.1.0)
     annotate (3.1.1)
       activerecord (>= 3.2, < 7.0)
       rake (>= 10.4, < 14.0)
     ast (2.4.1)
     attr_required (1.0.1)
-    backports (3.18.1)
-    bindata (2.4.7)
+    bindata (2.4.8)
     coderay (1.1.3)
     concurrent-ruby (1.1.6)
     crack (0.4.3)
@@ -53,7 +52,7 @@ GEM
       activesupport (>= 5.0.0)
     faker (2.13.0)
       i18n (>= 1.6, < 2)
-    graphql (1.11.1)
+    graphql (1.11.4)
     hashdiff (1.0.1)
     hashie (4.1.0)
     httpclient (2.8.3)
@@ -64,23 +63,23 @@ GEM
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
-    jwt (2.2.1)
+    jwt (2.2.2)
     method_source (1.0.0)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
     multi_json (1.15.0)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
-    nokogiri (1.10.9)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
     omniauth-multi-provider (0.2.1)
       omniauth
-    omniauth-saml (1.10.1)
+    omniauth-saml (1.10.2)
       omniauth (~> 1.3, >= 1.3.2)
-      ruby-saml (~> 1.7)
+      ruby-saml (~> 1.9)
     parallel (1.19.2)
     parser (2.7.1.4)
       ast (~> 2.4.1)
@@ -92,13 +91,13 @@ GEM
     rack (2.2.3)
     rack-contrib (2.2.0)
       rack (~> 2.0)
-    rack-oauth2 (1.14.0)
+    rack-oauth2 (1.16.0)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
-    rack-protection (2.0.8.1)
+    rack-protection (2.1.0)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -140,20 +139,19 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    sinatra (2.0.8.1)
+    sinatra (2.1.0)
       mustermann (~> 1.0)
-      rack (~> 2.0)
-      rack-protection (= 2.0.8.1)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
       tilt (~> 2.0)
     sinatra-activerecord (2.0.18)
       activerecord (>= 4.1)
       sinatra (>= 1.0)
-    sinatra-contrib (2.0.8.1)
-      backports (>= 2.8.2)
+    sinatra-contrib (2.1.0)
       multi_json
       mustermann (~> 1.0)
-      rack-protection (= 2.0.8.1)
-      sinatra (= 2.0.8.1)
+      rack-protection (= 2.1.0)
+      sinatra (= 2.1.0)
       tilt (~> 2.0)
     thread_safe (0.3.6)
     tilt (2.0.10)

data/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_08_26_201852) do
+ActiveRecord::Schema.define(version: 2020_09_13_154919) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -62,7 +62,7 @@ ActiveRecord::Schema.define(version: 2020_08_26_201852) do
   end
 
 # Could not dump table "identity_providers" because of following StandardError
-#   Unknown type 'identity_provider_status' for column 'status'
+#   Unknown type 'identity_provider_service' for column 'service'
 
   create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "name", null: false

data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb

@@ -1,17 +1,13 @@
 class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
-  def change
-    def up
-      execute <<-SQL
-        CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
-      SQL
-      change_column :identity_providers, :service, :identity_provider_service
-    end
-  
-    def down
-      chnage_column :identity_providers, :service, :text
-      execute <<-SQL
-        DROP TYPE identity_provider_service;
-      SQL
-    end
+  def up
+    execute "CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');"
+    change_column :identity_providers, :service, 'identity_provider_service USING CAST(service as identity_provider_service)'
+  end
+
+  def down
+    chnage_column :identity_providers, :service, :text
+    execute <<-SQL
+      DROP TYPE identity_provider_service;
+    SQL
   end
 end

data/lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb

@@ -0,0 +1,28 @@
+class AddOneLoginToIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
+  disable_ddl_transaction!
+
+  def up
+    execute <<-SQL
+      ALTER TYPE identity_provider_service ADD VALUE 'ONELOGIN';
+    SQL
+  end
+  
+  def down
+    execute <<~SQL
+      CREATE TYPE identity_provider_service_new AS ENUM ('AZURE', 'OKTA');
+
+      -- Remove values that won't be compatible with new definition
+      DELETE FROM identity_providers WHERE service = 'ONELOGIN';
+      
+      -- Convert to new type, casting via text representation
+      ALTER TABLE identity_providers 
+        ALTER COLUMN service TYPE identity_provider_service_new 
+          USING (service::text::identity_provider_service_new);
+      
+      -- and swap the types
+      DROP TYPE identity_provider_service;
+      
+      ALTER TYPE identity_provider_service_new RENAME TO identity_provider_service;
+    SQL
+  end
+end

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -11,8 +11,23 @@ module Osso
           data.merge(errors: [])
         end
 
-        def response_error(error)
-          error.merge(data: nil)
+        def response_error(errors)
+          raise ::GraphQL::ExecutionError.new(
+            'Mutation error',
+            extensions: {
+              'errors' => field_errors(errors),
+            }
+          )
+        end
+
+        def field_errors(errors)
+          errors.map do |attribute, messages|
+            attribute = attribute.to_s.camelize(:lower)
+            {
+              attribute: attribute,
+              message: messages,
+            }
+          end
         end
 
         def ready?(**args)

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -10,15 +10,14 @@ module Osso
         argument :sso_url, String, required: false
         argument :sso_cert, String, required: false
 
-        field :identity_provider, Types::IdentityProvider, null: false
-        field :errors, [String], null: false
+        field :identity_provider, Types::IdentityProvider, null: true
 
         def resolve(**args)
           provider = identity_provider(**args)
 
           return response_data(identity_provider: provider) if provider.update(args)
-
-          response_error(errors: provider.errors.messages)
+          
+          response_error(provider.errors)
         end
 
         def domain(**args)

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -19,7 +19,7 @@ module Osso
 
           return response_data(enterprise_account: enterprise_account) if enterprise_account.save
 
-          response_error(errors: enterprise_account.errors.full_messages)
+          response_error(enterprise_account.errors)
         end
 
         def find_client_db_id(oauth_client_identifier)

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -23,7 +23,7 @@ module Osso
 
           return response_data(identity_provider: identity_provider) if identity_provider.save
 
-          response_error(errors: identity_provider.errors.full_messages)
+          response_error(identity_provider.errors)
         end
 
         def domain(**args)

data/lib/osso/graphql/mutations/create_oauth_client.rb

@@ -16,7 +16,7 @@ module Osso
 
           return response_data(oauth_client: oauth_client) if oauth_client.save
 
-          response_error(errors: oauth_client.errors.full_messages)
+          response_error(oauth_client.errors)
         end
 
         def ready?(*)

data/lib/osso/graphql/mutations/delete_enterprise_account.rb

@@ -20,7 +20,7 @@ module Osso
 
           return response_data(enterprise_account: nil) if customer.destroy
 
-          response_error(errors: customer.errors.full_messages)
+          response_error(customer.errors)
         end
 
         def domain(**args)

data/lib/osso/graphql/mutations/delete_oauth_client.rb

@@ -16,7 +16,7 @@ module Osso
 
           return response_data(oauth_client: nil) if oauth_client.destroy
 
-          response_error(errors: oauth_client.errors.full_messages)
+          response_error(oauth_client.errors)
         end
 
         def ready?(*)

data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb

@@ -13,11 +13,11 @@ module Osso
 
         def resolve(id:)
           oauth_client = Osso::Models::OauthClient.find(id)
-          oauth_client.generate_secrets
+          oauth_client.regenerate_secrets!
 
           return response_data(oauth_client: oauth_client) if oauth_client.save
 
-          response_error(errors: oauth_client.errors.full_messages)
+          response_error(oauth_client.errors)
         end
 
         def ready?(*)

data/lib/osso/graphql/mutations/set_redirect_uris.rb

@@ -20,7 +20,7 @@ module Osso
 
           response_data(oauth_client: oauth_client.reload)
         rescue StandardError => e
-          response_error(errors: e)
+          response_error(e)
         end
 
         def ready?(*)
@@ -33,17 +33,17 @@ module Osso
 
             if updating_index
               updating = redirect_uris.delete_at(updating_index)
-              redirect.update(updating.to_h)
+              redirect.update!(updating.to_h)
               next
             end
 
-            redirect.destroy
+            redirect.destroy!
           end
         end
 
         def create_new(oauth_client, redirect_uris)
           redirect_uris.map do |uri|
-            oauth_client.redirect_uris.create(uri.to_h.without(:id))
+            oauth_client.redirect_uris.create!(uri.to_h.without(:id))
           end
         end
       end

data/lib/osso/graphql/mutations/update_app_config.rb

@@ -17,7 +17,7 @@ module Osso
           app_config = Osso::Models::AppConfig.find
           return response_data(app_config: app_config) if app_config.update(**args)
 
-          response_error(errors: e)
+          response_error(app_config.errors)
         end
 
         def ready?(*)

data/lib/osso/graphql/types.rb

@@ -11,6 +11,7 @@ require_relative 'types/base_enum'
 require_relative 'types/base_input_object'
 require_relative 'types/admin_user'
 require_relative 'types/app_config'
+require_relative 'types/error'
 require_relative 'types/identity_provider_service'
 require_relative 'types/identity_provider_status'
 require_relative 'types/identity_provider'

data/lib/osso/graphql/types/error.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'graphql'
+
+module Osso
+  module GraphQL
+    module Types
+      class Error < Types::BaseObject
+        description 'A mutation error'
+
+        field :attribute, String, null: false
+        field :message, String, null: false
+
+        def self.authorized?(_object, _context)
+          true
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/types/identity_provider.rb

@@ -16,11 +16,6 @@ module Osso
         field :sso_url, String, null: true
         field :sso_cert, String, null: true
         field :status, Types::IdentityProviderStatus, null: false
-        field :documentation_pdf_url, String, null: true
-
-        def documentation_pdf_url
-          ENV['BASE_URL'] + '/identity_provider/documentation/' + @object.id
-        end
       end
     end
   end

data/lib/osso/graphql/types/identity_provider_service.rb

@@ -4,8 +4,9 @@ module Osso
   module GraphQL
     module Types
       class IdentityProviderService < BaseEnum
-        value('AZURE', 'Microsoft Azure Identity Provider', value: 'Osso::Models::AzureSamlProvider')
-        value('OKTA', 'Okta Identity Provider', value: 'Osso::Models::OktaSamlProvider')
+        value('AZURE', 'Microsoft Azure Identity Provider', value: 'AZURE')
+        value('OKTA', 'Okta Identity Provider', value: 'OKTA')
+        value('ONELOGIN', 'OneLogin Identity Provider', value: 'ONELOGIN')
       end
     end
   end

data/lib/osso/models/identity_provider.rb

@@ -4,11 +4,14 @@ module Osso
   module Models
     # Base class for SAML Providers
     class IdentityProvider < ActiveRecord::Base
-      NAME_FORMAT = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
       belongs_to :enterprise_account
       belongs_to :oauth_client
       has_many :users
       before_save :set_status
+      validate :sso_cert_valid
+
+      PEM_HEADER = "-----BEGIN CERTIFICATE-----\n"
+      PEM_FOOTER = "\n-----END CERTIFICATE-----"
 
       def name
         service.titlecase
@@ -41,11 +44,35 @@ module Osso
         self.status = 'CONFIGURED' if sso_url && sso_cert
       end
 
+      def active!
+        update(status: 'ACTIVE')
+      end
+
+      def error!
+        update(status: 'ERROR')
+      end
+
       def root_url
-        return "https://${ENV['HEROKU_APP_NAME']}.herokuapp.com" if ENV['HEROKU_APP_NAME']
+        return "https://#{ENV['HEROKU_APP_NAME']}.herokuapp.com" if ENV['HEROKU_APP_NAME']
 
         ENV.fetch('BASE_URL')
       end
+
+      def sso_cert_valid
+        return if sso_cert.blank?
+
+        has_header_and_footer = sso_cert.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)
+
+        if has_header_and_footer
+          OpenSSL::X509::Certificate.new(sso_cert)
+          self.sso_cert = has_header_and_footer[:cert]
+        else
+          OpenSSL::X509::Certificate.new([PEM_HEADER, sso_cert, PEM_FOOTER].join)
+        end
+
+      rescue OpenSSL::X509::CertificateError
+        errors.add(:sso_cert, 'x509 Certificate is malformed')
+      end
     end
   end
 end

data/lib/osso/models/oauth_client.rb

@@ -26,6 +26,11 @@ module Osso
         self.identifier ||= SecureRandom.hex(16)
         self.secret ||= SecureRandom.hex(32)
       end
+
+      def regenerate_secrets!
+        self.identifier = SecureRandom.hex(16)
+        self.secret = SecureRandom.hex(32)
+      end
     end
   end
 end

data/lib/osso/routes/auth.rb

@@ -41,6 +41,7 @@ module Osso
         provider = Models::IdentityProvider.find(params[:id])
         @oauth_client = provider.oauth_client
 
+        # TODO: PORC for validating attributes
         attributes = env['omniauth.auth']&.
           extra&.
           response_object&.
@@ -58,8 +59,7 @@ module Osso
           oauth_client: @oauth_client,
           redirect_uri: redirect_uri,
         )
-
-        # Mark IDP as active
+        provider.active!
 
         redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{provider_state}")
       end

data/lib/osso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Osso
-  VERSION = '0.0.3.23'
+  VERSION = '0.0.4'
 end

data/spec/factories/identity_providers.rb

@@ -5,6 +5,7 @@ FactoryBot.define do
     id { SecureRandom.uuid }
     domain { Faker::Internet.domain_name }
     oauth_client
+    status { 'PENDING' }
 
     factory :okta_identity_provider, parent: :identity_provider do
       service { 'OKTA' }
@@ -21,6 +22,7 @@ FactoryBot.define do
     end
 
     factory :configured_identity_provider, parent: :identity_provider do
+      status { 'CONFIGURED' }
       sso_cert do
         <<~CERT
           -----BEGIN CERTIFICATE-----

data/spec/graphql/mutations/configure_identity_provider_spec.rb

@@ -12,7 +12,7 @@ describe Osso::GraphQL::Schema do
           id: identity_provider.id,
           service: 'OKTA',
           ssoUrl: 'https://example.com',
-          ssoCert: 'BEGIN_CERTIFICATE',
+          ssoCert: valid_x509_pem,
         },
       }
     end

data/spec/models/identity_provider_spec.rb

@@ -6,11 +6,20 @@ describe Osso::Models::IdentityProvider do
   subject { create(:okta_identity_provider) }
 
   describe '#assertion_consumer_service_url' do
-    it 'returns the expected URI' do
+    it 'returns the expected URI for BASE_URL' do
+      ENV['HEROKU_APP_NAME'] = nil
       ENV['BASE_URL'] = 'https://example.com'
 
       expect(subject.assertion_consumer_service_url).to eq(
-        "https://example.com/auth/saml/#{subject.id}/callback",
+        "#{ENV['BASE_URL']}/auth/saml/#{subject.id}/callback",
+      )
+    end
+
+    it 'returns the expected URI for HEROKU_APP_NAME' do
+      ENV['HEROKU_APP_NAME'] = 'test'
+
+      expect(subject.assertion_consumer_service_url).to eq(
+        "https://test.herokuapp.com/auth/saml/#{subject.id}/callback",
       )
     end
   end
@@ -26,4 +35,25 @@ describe Osso::Models::IdentityProvider do
         )
     end
   end
+  
+  describe '#validate_sso_cert' do
+    it 'rejects an invalid cert' do
+      subject.update(sso_cert: 'bad-cert')
+
+      expect(subject.errors.full_messages.first).to include('x509 Certificate is malformed')
+    end
+
+    it 'massages a cert with header and footer' do
+      subject.update(sso_cert: valid_x509_pem)
+
+      expect(subject.errors).to be_empty
+      expect(subject.sso_cert).to_not include('BEGIN CERTIFICATE')
+    end
+
+    it 'accepts a cert without header and footer' do
+      subject.update(sso_cert: raw_x509_string)
+
+      expect(subject.errors).to be_empty
+    end
+  end
 end

data/spec/routes/auth_spec.rb

@@ -104,6 +104,17 @@ describe Osso::Auth do
             )
           end.to_not(change { Osso::Models::User.count })
         end
+        it 'marks the provider as ACTIVE' do
+          post(
+            "/auth/saml/#{okta_provider.id}/callback",
+            nil,
+            {
+              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+              'identity_provider' => okta_provider,
+            },
+          )
+          expect(okta_provider.reload.status).to eq('ACTIVE')
+        end
       end
     end
 
@@ -126,6 +137,21 @@ describe Osso::Auth do
             )
           end.to change { Osso::Models::User.count }.by(1)
         end
+
+        it 'marks the provider ACTIVE' do
+          mock_saml_omniauth
+
+          post(
+            "/auth/saml/#{azure_provider.id}/callback",
+            nil,
+            {
+              'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
+              'identity_provider' => azure_provider,
+            },
+          )
+
+          expect(azure_provider.reload.status).to eq('ACTIVE')
+        end
       end
 
       describe 'on subsequent authentications' do

data/spec/spec_helper.rb

@@ -21,6 +21,9 @@ require File.expand_path '../lib/osso.rb', __dir__
 require File.expand_path 'support/spec_app', __dir__
 
 module RSpecMixin
+  PEM_HEADER = "-----BEGIN CERTIFICATE-----\n"
+  PEM_FOOTER = "\n-----END CERTIFICATE-----"
+
   include Rack::Test::Methods
 
   def app
@@ -46,6 +49,16 @@ module RSpecMixin
   def spec_views
     File.dirname(__FILE__) + '/support/views'
   end
+
+  def valid_x509_pem
+    raw = File.read(File.dirname(__FILE__) + '/support/fixtures/test.pem')
+    OpenSSL::X509::Certificate.new(raw).to_pem
+  end
+
+  def raw_x509_string
+    raw = valid_x509_pem.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)
+    raw[:cert]
+  end
 end
 
 RSpec.configure do |config|

data/spec/support/fixtures/test.pem

@@ -0,0 +1,30 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANDYf/XXreldztPH
+0IJSkvgeQVZCu1ie+D2Ij9nEzJAuM10bD4p2IjI8EQUKUTn1OBbX4ykhn5Ovw9SU
+D8qEllQCzq7zuX54BEm8cHX3IXTpMLM90T2zJayS+3hQqXHzGXeX3fuP1KhNrrkL
+HAlDEtVD/vwIci/TS2Mep7weytOjAgMBAAECgYA23kpwCmQUhaLLHRn4wzz9luVP
+hmS2Gb3aXMB+VCfyUVEJSwzAMd02GXXXPyir83Ly/XEe40iLgogOl3+2kzLzEegI
+1wx9mydlar0kBIDKJkYdnikbvy0IKFNXRxqHl0Oecy9lArDKmBmadYsse8hsZLX2
+eZUmB8G50TeDyz/4gQJBAO1OM4dT/Uo/zTaTDMs7A+td1C4gvjpI7aKPwHdwmvoc
+dQN9BKoAV0EMoUcXvAeVreWEYGZrMwXQB6xT7aydyUMCQQDhTFffVlvsqOmQYhzf
+lbKS8orI0SZZHz8F5dnj1zwb4Xp+hl6tIAkxcZ1DxP4emfc1htd4GswzNqSVfFJv
+JXYhAkEAsmdWSekUxVtN9jd7KNbHTY2O1Nb87GijbtFPyvu3J015kxPMC9qRvm+2
+V/I6BCG9SI3Kw3TYOQh6nE3Eoz9EbQJBAKvzm4F+pOwsQw8KguT2mPNkoB4C2xTc
+LzquIi2t4VeaMOaOYYYa1EljYFcP66+pbS7yOlOViFJyGw1odHYWDmECQCBGi7f5
+qT4Bs3DoaIyD0w9F3LY/ny7+Pa7WGUqQvQWygUDObBtwojXhg/A9BGckUrQ2jmu/
+bhqnqQJs3f05ETA=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICDTCCAXYCCQCm0tqsG7zO2TANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCEJyb29rbHluMRYwFAYDVQQK
+DA1FbnRlcnByaXNlT1NTMB4XDTIwMDkwMjE0MTEyMVoXDTIxMDkwMjE0MTEyMVow
+SzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhCcm9v
+a2x5bjEWMBQGA1UECgwNRW50ZXJwcmlzZU9TUzCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA0Nh/9det6V3O08fQglKS+B5BVkK7WJ74PYiP2cTMkC4zXRsPinYi
+MjwRBQpROfU4FtfjKSGfk6/D1JQPyoSWVALOrvO5fngESbxwdfchdOkwsz3RPbMl
+rJL7eFCpcfMZd5fd+4/UqE2uuQscCUMS1UP+/AhyL9NLYx6nvB7K06MCAwEAATAN
+BgkqhkiG9w0BAQsFAAOBgQDGze/POq+GSwOIYftr83+YkNTIQAg+bl8hiFMtJ3OV
+buFsI/oUGaKloXOrDLbygk+lvimFbj36k3IhwRI7iXJDCwZGxtVCC4+8VNqqT1Yj
+uZT9xHGYVszzGc8nz4wcaQ8M/W4mCuXet1qDwAi0Zo9yLBnyEdc6pluDdJuz0cg6
+xQ==
+-----END CERTIFICATE-----

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: osso
 version: !ruby/object:Gem::Version
-  version: 0.0.3.23
+  version: 0.0.4
 platform: ruby
 authors:
 - Sam Bauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-27 00:00:00.000000000 Z
+date: 2020-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -231,7 +231,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".DS_Store"
 - ".buildkite/hooks/environment"
 - ".buildkite/hooks/pre-command"
 - ".buildkite/pipeline.yml"
@@ -239,6 +238,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
@@ -271,6 +271,7 @@ files:
 - lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb
 - lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb
 - lib/osso/db/migrate/20200826201852_create_app_config.rb
+- lib/osso/db/migrate/20200913154919_add_one_login_to_identity_provider_service_enum.rb
 - lib/osso/graphql/.DS_Store
 - lib/osso/graphql/mutation.rb
 - lib/osso/graphql/mutations.rb
@@ -299,6 +300,7 @@ files:
 - lib/osso/graphql/types/base_input_object.rb
 - lib/osso/graphql/types/base_object.rb
 - lib/osso/graphql/types/enterprise_account.rb
+- lib/osso/graphql/types/error.rb
 - lib/osso/graphql/types/identity_provider.rb
 - lib/osso/graphql/types/identity_provider_service.rb
 - lib/osso/graphql/types/identity_provider_status.rb
@@ -346,14 +348,13 @@ files:
 - spec/graphql/query/identity_provider_spec.rb
 - spec/graphql/query/oauth_clients_spec.rb
 - spec/helpers/auth_spec.rb
-- spec/models/azure_saml_provider_spec.rb
 - spec/models/identity_provider_spec.rb
-- spec/models/okta_saml_provider_spec.rb
 - spec/routes/admin_spec.rb
 - spec/routes/app_spec.rb
 - spec/routes/auth_spec.rb
 - spec/routes/oauth_spec.rb
 - spec/spec_helper.rb
+- spec/support/fixtures/test.pem
 - spec/support/spec_app.rb
 - spec/support/views/admin.erb
 - spec/support/views/error.erb

data/spec/models/azure_saml_provider_spec.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-# describe Osso::Models::AzureSamlProvider do
-#   subject { create(:azure_identity_provider) }
-
-#   describe '#saml_options' do
-#     it 'returns the required args' do
-#       expect(subject.saml_options).
-#         to match(
-#           domain: subject.domain,
-#           idp_cert: subject.idp_cert,
-#           idp_sso_target_url: subject.idp_sso_target_url,
-#           issuer: "id:#{subject.id}",
-#         )
-#     end
-#   end
-# end

data/spec/models/okta_saml_provider_spec.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-# describe Osso::Models::OktaSamlProvider do
-#   subject { create(:okta_identity_provider) }
-
-#   describe '#saml_options' do
-#     it 'returns the required args' do
-#       expect(subject.saml_options).
-#         to match(
-#           domain: subject.domain,
-#           idp_cert: subject.idp_cert,
-#           idp_sso_target_url: subject.idp_sso_target_url,
-#           issuer: subject.id,
-#           name_identifier_format: described_class::NAME_FORMAT,
-#         )
-#     end
-#   end
-# end