osso 0.0.3.26 → 0.0.3.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/osso/graphql/mutations/base_mutation.rb +17 -2
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +3 -4
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +1 -1
- data/lib/osso/graphql/mutations/create_identity_provider.rb +1 -1
- data/lib/osso/graphql/mutations/create_oauth_client.rb +1 -1
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +1 -1
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +1 -1
- data/lib/osso/graphql/mutations/regenerate_oauth_credentials.rb +1 -1
- data/lib/osso/graphql/mutations/set_redirect_uris.rb +4 -4
- data/lib/osso/graphql/mutations/update_app_config.rb +1 -1
- data/lib/osso/graphql/types.rb +1 -0
- data/lib/osso/graphql/types/error.rb +20 -0
- data/lib/osso/models/identity_provider.rb +20 -0
- data/lib/osso/routes/auth.rb +1 -0
- data/lib/osso/version.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +1 -1
- data/spec/models/identity_provider_spec.rb +21 -0
- data/spec/spec_helper.rb +13 -0
- data/spec/support/fixtures/test.pem +30 -0
- metadata +4 -5
- data/spec/models/azure_saml_provider_spec.rb +0 -19
- data/spec/models/okta_saml_provider_spec.rb +0 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 61667cd9c9821cbbd903bd5ea753dfb67338a801e442b5e7ce21d77e06e2ada6
|
4
|
+
data.tar.gz: ef180637bd4da14905549a161e153e4a7b6b1dc9b9079d0e98952f7730e6d6ba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59dde627b70d7f46a680dbf00ae260cd98613a679daaf14a2a08e7ce6aef7ab627ecf8b1ba8a459438b518f85e24b2db1e63375814c526f12733284fbbdc5a78
|
7
|
+
data.tar.gz: '09a8f59725b4a61aad3a92e8a676377d798049da26951882903c40a8ab7e2945e153097d4e94d896dc601d1d1fc01f518d05adc58af141ce56bc4a12697f40ab'
|
data/Gemfile.lock
CHANGED
@@ -11,8 +11,23 @@ module Osso
|
|
11
11
|
data.merge(errors: [])
|
12
12
|
end
|
13
13
|
|
14
|
-
def response_error(
|
15
|
-
|
14
|
+
def response_error(errors)
|
15
|
+
raise ::GraphQL::ExecutionError.new(
|
16
|
+
'Mutation error',
|
17
|
+
extensions: {
|
18
|
+
'errors' => field_errors(errors),
|
19
|
+
}
|
20
|
+
)
|
21
|
+
end
|
22
|
+
|
23
|
+
def field_errors(errors)
|
24
|
+
errors.map do |attribute, messages|
|
25
|
+
attribute = attribute.to_s.camelize(:lower)
|
26
|
+
{
|
27
|
+
attribute: attribute,
|
28
|
+
message: messages,
|
29
|
+
}
|
30
|
+
end
|
16
31
|
end
|
17
32
|
|
18
33
|
def ready?(**args)
|
@@ -10,15 +10,14 @@ module Osso
|
|
10
10
|
argument :sso_url, String, required: false
|
11
11
|
argument :sso_cert, String, required: false
|
12
12
|
|
13
|
-
field :identity_provider, Types::IdentityProvider, null:
|
14
|
-
field :errors, [String], null: false
|
13
|
+
field :identity_provider, Types::IdentityProvider, null: true
|
15
14
|
|
16
15
|
def resolve(**args)
|
17
16
|
provider = identity_provider(**args)
|
18
17
|
|
19
18
|
return response_data(identity_provider: provider) if provider.update(args)
|
20
|
-
|
21
|
-
response_error(
|
19
|
+
|
20
|
+
response_error(provider.errors)
|
22
21
|
end
|
23
22
|
|
24
23
|
def domain(**args)
|
@@ -19,7 +19,7 @@ module Osso
|
|
19
19
|
|
20
20
|
return response_data(enterprise_account: enterprise_account) if enterprise_account.save
|
21
21
|
|
22
|
-
response_error(
|
22
|
+
response_error(enterprise_account.errors)
|
23
23
|
end
|
24
24
|
|
25
25
|
def find_client_db_id(oauth_client_identifier)
|
@@ -20,7 +20,7 @@ module Osso
|
|
20
20
|
|
21
21
|
response_data(oauth_client: oauth_client.reload)
|
22
22
|
rescue StandardError => e
|
23
|
-
response_error(
|
23
|
+
response_error(e)
|
24
24
|
end
|
25
25
|
|
26
26
|
def ready?(*)
|
@@ -33,17 +33,17 @@ module Osso
|
|
33
33
|
|
34
34
|
if updating_index
|
35
35
|
updating = redirect_uris.delete_at(updating_index)
|
36
|
-
redirect.update(updating.to_h)
|
36
|
+
redirect.update!(updating.to_h)
|
37
37
|
next
|
38
38
|
end
|
39
39
|
|
40
|
-
redirect.destroy
|
40
|
+
redirect.destroy!
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
44
44
|
def create_new(oauth_client, redirect_uris)
|
45
45
|
redirect_uris.map do |uri|
|
46
|
-
oauth_client.redirect_uris.create(uri.to_h.without(:id))
|
46
|
+
oauth_client.redirect_uris.create!(uri.to_h.without(:id))
|
47
47
|
end
|
48
48
|
end
|
49
49
|
end
|
data/lib/osso/graphql/types.rb
CHANGED
@@ -11,6 +11,7 @@ require_relative 'types/base_enum'
|
|
11
11
|
require_relative 'types/base_input_object'
|
12
12
|
require_relative 'types/admin_user'
|
13
13
|
require_relative 'types/app_config'
|
14
|
+
require_relative 'types/error'
|
14
15
|
require_relative 'types/identity_provider_service'
|
15
16
|
require_relative 'types/identity_provider_status'
|
16
17
|
require_relative 'types/identity_provider'
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'graphql'
|
4
|
+
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class Error < Types::BaseObject
|
9
|
+
description 'A mutation error'
|
10
|
+
|
11
|
+
field :attribute, String, null: false
|
12
|
+
field :message, String, null: false
|
13
|
+
|
14
|
+
def self.authorized?(_object, _context)
|
15
|
+
true
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -8,6 +8,10 @@ module Osso
|
|
8
8
|
belongs_to :oauth_client
|
9
9
|
has_many :users
|
10
10
|
before_save :set_status
|
11
|
+
validate :sso_cert_valid
|
12
|
+
|
13
|
+
PEM_HEADER = "-----BEGIN CERTIFICATE-----\n"
|
14
|
+
PEM_FOOTER = "\n-----END CERTIFICATE-----"
|
11
15
|
|
12
16
|
def name
|
13
17
|
service.titlecase
|
@@ -53,6 +57,22 @@ module Osso
|
|
53
57
|
|
54
58
|
ENV.fetch('BASE_URL')
|
55
59
|
end
|
60
|
+
|
61
|
+
def sso_cert_valid
|
62
|
+
return if sso_cert.blank?
|
63
|
+
|
64
|
+
has_header_and_footer = sso_cert.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)
|
65
|
+
|
66
|
+
if has_header_and_footer
|
67
|
+
OpenSSL::X509::Certificate.new(sso_cert)
|
68
|
+
self.sso_cert = has_header_and_footer[:cert]
|
69
|
+
else
|
70
|
+
OpenSSL::X509::Certificate.new([PEM_HEADER, sso_cert, PEM_FOOTER].join)
|
71
|
+
end
|
72
|
+
|
73
|
+
rescue OpenSSL::X509::CertificateError
|
74
|
+
errors.add(:sso_cert, 'x509 Certificate is malformed')
|
75
|
+
end
|
56
76
|
end
|
57
77
|
end
|
58
78
|
end
|
data/lib/osso/routes/auth.rb
CHANGED
data/lib/osso/version.rb
CHANGED
@@ -35,4 +35,25 @@ describe Osso::Models::IdentityProvider do
|
|
35
35
|
)
|
36
36
|
end
|
37
37
|
end
|
38
|
+
|
39
|
+
describe '#validate_sso_cert' do
|
40
|
+
it 'rejects an invalid cert' do
|
41
|
+
subject.update(sso_cert: 'bad-cert')
|
42
|
+
|
43
|
+
expect(subject.errors.full_messages.first).to include('x509 Certificate is malformed')
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'massages a cert with header and footer' do
|
47
|
+
subject.update(sso_cert: valid_x509_pem)
|
48
|
+
|
49
|
+
expect(subject.errors).to be_empty
|
50
|
+
expect(subject.sso_cert).to_not include('BEGIN CERTIFICATE')
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'accepts a cert without header and footer' do
|
54
|
+
subject.update(sso_cert: raw_x509_string)
|
55
|
+
|
56
|
+
expect(subject.errors).to be_empty
|
57
|
+
end
|
58
|
+
end
|
38
59
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -21,6 +21,9 @@ require File.expand_path '../lib/osso.rb', __dir__
|
|
21
21
|
require File.expand_path 'support/spec_app', __dir__
|
22
22
|
|
23
23
|
module RSpecMixin
|
24
|
+
PEM_HEADER = "-----BEGIN CERTIFICATE-----\n"
|
25
|
+
PEM_FOOTER = "\n-----END CERTIFICATE-----"
|
26
|
+
|
24
27
|
include Rack::Test::Methods
|
25
28
|
|
26
29
|
def app
|
@@ -46,6 +49,16 @@ module RSpecMixin
|
|
46
49
|
def spec_views
|
47
50
|
File.dirname(__FILE__) + '/support/views'
|
48
51
|
end
|
52
|
+
|
53
|
+
def valid_x509_pem
|
54
|
+
raw = File.read(File.dirname(__FILE__) + '/support/fixtures/test.pem')
|
55
|
+
OpenSSL::X509::Certificate.new(raw).to_pem
|
56
|
+
end
|
57
|
+
|
58
|
+
def raw_x509_string
|
59
|
+
raw = valid_x509_pem.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)
|
60
|
+
raw[:cert]
|
61
|
+
end
|
49
62
|
end
|
50
63
|
|
51
64
|
RSpec.configure do |config|
|
@@ -0,0 +1,30 @@
|
|
1
|
+
-----BEGIN PRIVATE KEY-----
|
2
|
+
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANDYf/XXreldztPH
|
3
|
+
0IJSkvgeQVZCu1ie+D2Ij9nEzJAuM10bD4p2IjI8EQUKUTn1OBbX4ykhn5Ovw9SU
|
4
|
+
D8qEllQCzq7zuX54BEm8cHX3IXTpMLM90T2zJayS+3hQqXHzGXeX3fuP1KhNrrkL
|
5
|
+
HAlDEtVD/vwIci/TS2Mep7weytOjAgMBAAECgYA23kpwCmQUhaLLHRn4wzz9luVP
|
6
|
+
hmS2Gb3aXMB+VCfyUVEJSwzAMd02GXXXPyir83Ly/XEe40iLgogOl3+2kzLzEegI
|
7
|
+
1wx9mydlar0kBIDKJkYdnikbvy0IKFNXRxqHl0Oecy9lArDKmBmadYsse8hsZLX2
|
8
|
+
eZUmB8G50TeDyz/4gQJBAO1OM4dT/Uo/zTaTDMs7A+td1C4gvjpI7aKPwHdwmvoc
|
9
|
+
dQN9BKoAV0EMoUcXvAeVreWEYGZrMwXQB6xT7aydyUMCQQDhTFffVlvsqOmQYhzf
|
10
|
+
lbKS8orI0SZZHz8F5dnj1zwb4Xp+hl6tIAkxcZ1DxP4emfc1htd4GswzNqSVfFJv
|
11
|
+
JXYhAkEAsmdWSekUxVtN9jd7KNbHTY2O1Nb87GijbtFPyvu3J015kxPMC9qRvm+2
|
12
|
+
V/I6BCG9SI3Kw3TYOQh6nE3Eoz9EbQJBAKvzm4F+pOwsQw8KguT2mPNkoB4C2xTc
|
13
|
+
LzquIi2t4VeaMOaOYYYa1EljYFcP66+pbS7yOlOViFJyGw1odHYWDmECQCBGi7f5
|
14
|
+
qT4Bs3DoaIyD0w9F3LY/ny7+Pa7WGUqQvQWygUDObBtwojXhg/A9BGckUrQ2jmu/
|
15
|
+
bhqnqQJs3f05ETA=
|
16
|
+
-----END PRIVATE KEY-----
|
17
|
+
-----BEGIN CERTIFICATE-----
|
18
|
+
MIICDTCCAXYCCQCm0tqsG7zO2TANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJV
|
19
|
+
UzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCEJyb29rbHluMRYwFAYDVQQK
|
20
|
+
DA1FbnRlcnByaXNlT1NTMB4XDTIwMDkwMjE0MTEyMVoXDTIxMDkwMjE0MTEyMVow
|
21
|
+
SzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhCcm9v
|
22
|
+
a2x5bjEWMBQGA1UECgwNRW50ZXJwcmlzZU9TUzCBnzANBgkqhkiG9w0BAQEFAAOB
|
23
|
+
jQAwgYkCgYEA0Nh/9det6V3O08fQglKS+B5BVkK7WJ74PYiP2cTMkC4zXRsPinYi
|
24
|
+
MjwRBQpROfU4FtfjKSGfk6/D1JQPyoSWVALOrvO5fngESbxwdfchdOkwsz3RPbMl
|
25
|
+
rJL7eFCpcfMZd5fd+4/UqE2uuQscCUMS1UP+/AhyL9NLYx6nvB7K06MCAwEAATAN
|
26
|
+
BgkqhkiG9w0BAQsFAAOBgQDGze/POq+GSwOIYftr83+YkNTIQAg+bl8hiFMtJ3OV
|
27
|
+
buFsI/oUGaKloXOrDLbygk+lvimFbj36k3IhwRI7iXJDCwZGxtVCC4+8VNqqT1Yj
|
28
|
+
uZT9xHGYVszzGc8nz4wcaQ8M/W4mCuXet1qDwAi0Zo9yLBnyEdc6pluDdJuz0cg6
|
29
|
+
xQ==
|
30
|
+
-----END CERTIFICATE-----
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: osso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.3.
|
4
|
+
version: 0.0.3.27
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Bauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -231,7 +231,6 @@ executables:
|
|
231
231
|
extensions: []
|
232
232
|
extra_rdoc_files: []
|
233
233
|
files:
|
234
|
-
- ".DS_Store"
|
235
234
|
- ".buildkite/hooks/environment"
|
236
235
|
- ".buildkite/hooks/pre-command"
|
237
236
|
- ".buildkite/pipeline.yml"
|
@@ -299,6 +298,7 @@ files:
|
|
299
298
|
- lib/osso/graphql/types/base_input_object.rb
|
300
299
|
- lib/osso/graphql/types/base_object.rb
|
301
300
|
- lib/osso/graphql/types/enterprise_account.rb
|
301
|
+
- lib/osso/graphql/types/error.rb
|
302
302
|
- lib/osso/graphql/types/identity_provider.rb
|
303
303
|
- lib/osso/graphql/types/identity_provider_service.rb
|
304
304
|
- lib/osso/graphql/types/identity_provider_status.rb
|
@@ -346,14 +346,13 @@ files:
|
|
346
346
|
- spec/graphql/query/identity_provider_spec.rb
|
347
347
|
- spec/graphql/query/oauth_clients_spec.rb
|
348
348
|
- spec/helpers/auth_spec.rb
|
349
|
-
- spec/models/azure_saml_provider_spec.rb
|
350
349
|
- spec/models/identity_provider_spec.rb
|
351
|
-
- spec/models/okta_saml_provider_spec.rb
|
352
350
|
- spec/routes/admin_spec.rb
|
353
351
|
- spec/routes/app_spec.rb
|
354
352
|
- spec/routes/auth_spec.rb
|
355
353
|
- spec/routes/oauth_spec.rb
|
356
354
|
- spec/spec_helper.rb
|
355
|
+
- spec/support/fixtures/test.pem
|
357
356
|
- spec/support/spec_app.rb
|
358
357
|
- spec/support/views/admin.erb
|
359
358
|
- spec/support/views/error.erb
|
@@ -1,19 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'spec_helper'
|
4
|
-
|
5
|
-
# describe Osso::Models::AzureSamlProvider do
|
6
|
-
# subject { create(:azure_identity_provider) }
|
7
|
-
|
8
|
-
# describe '#saml_options' do
|
9
|
-
# it 'returns the required args' do
|
10
|
-
# expect(subject.saml_options).
|
11
|
-
# to match(
|
12
|
-
# domain: subject.domain,
|
13
|
-
# idp_cert: subject.idp_cert,
|
14
|
-
# idp_sso_target_url: subject.idp_sso_target_url,
|
15
|
-
# issuer: "id:#{subject.id}",
|
16
|
-
# )
|
17
|
-
# end
|
18
|
-
# end
|
19
|
-
# end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'spec_helper'
|
4
|
-
|
5
|
-
# describe Osso::Models::OktaSamlProvider do
|
6
|
-
# subject { create(:okta_identity_provider) }
|
7
|
-
|
8
|
-
# describe '#saml_options' do
|
9
|
-
# it 'returns the required args' do
|
10
|
-
# expect(subject.saml_options).
|
11
|
-
# to match(
|
12
|
-
# domain: subject.domain,
|
13
|
-
# idp_cert: subject.idp_cert,
|
14
|
-
# idp_sso_target_url: subject.idp_sso_target_url,
|
15
|
-
# issuer: subject.id,
|
16
|
-
# name_identifier_format: described_class::NAME_FORMAT,
|
17
|
-
# )
|
18
|
-
# end
|
19
|
-
# end
|
20
|
-
# end
|