osso 0.0.3.3 → 0.0.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b1788a4933cd6a5e4fef31d6e92c8c63cc9fd9e6cf6fb838b71f65161e9845b
-  data.tar.gz: 82508ceb2a7af276c64a6a1ae2ba3febc118e71d4c89fcb194db1d0ec35c686a
+  metadata.gz: 73de8a2c5af9b7d62c94a5ed34c094455dc9b49b7345eb252308f7048e1164c0
+  data.tar.gz: c37913b5f3a857245d588ad03155ece0c5aca99c22c4c56069f50d442cb74db5
 SHA512:
-  metadata.gz: 363d13744052824deea9a26478549daac1dfd49d850577329f6c87efbe4f0de23d1aca40ee1aa39b8cd4324503267e5e81b192086532db796c122ca79e2a9c14
-  data.tar.gz: 9313221346428718b1d06b2ef10c9dcb453cd02716f4ccfaa956e956d19b420290c0818215cebba204aa843acb5a668dfdb6d11e285de1f3f847a786968c78a0
+  metadata.gz: 3047a07787aa764d105e77580846d60a943d4bd859baed5c861aebd8face6fb461342f3cccc01cc58e33d66310ba0d852185605fea09eb54d21c126aa149230c
+  data.tar.gz: f61b3e5aa31946a69512762601d08ecc021be26a56df0b182fc826d53e7be0836ea019c90ad09fc6b927dc3b37ee8efbc01e6145c0c4af4ff97198b9cd89828c

data/.buildkite/pipeline.yml

@@ -1,3 +1,6 @@
 steps:
   - name: ":rspec:"
-    command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
+    commands: 
+        - "bundle install"
+        - "bundle exec rake db:test:prepare"
+        - "bundle exec rspec"

data/.gitignore

@@ -7,4 +7,4 @@
 /spec/reports/
 /tmp/
 *.gem
-*.DS_Store
+.DS_Store

data/.rubocop.yml

@@ -1,8 +1,7 @@
 AllCops:
   Exclude:
-    - client/**/*
     - db/**/*
-    - node_modules/**/*
+    - lib/osso/db/**/*
 
 # New rules must be explicitly opted into / out of
 Lint/RaiseException:

data/Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    osso (0.0.3.3)
+    osso (0.0.3.8)
       activesupport (>= 6.0.3.2)
+      graphql
       jwt
       omniauth-multi-provider
       omniauth-saml
@@ -48,6 +49,7 @@ GEM
       activesupport (>= 5.0.0)
     faker (2.13.0)
       i18n (>= 1.6, < 2)
+    graphql (1.11.1)
     hashdiff (1.0.1)
     hashie (4.1.0)
     httpclient (2.8.3)

data/bin/console

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "osso"
+require 'bundler/setup'
+require 'osso'
 
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/config/database.yml

@@ -2,13 +2,13 @@ development:
   adapter: postgresql
   encoding: unicode
   pool: 5
-  database: osso
+  database: ossorb-development
   host: ''
   port: 5432
 test:
   adapter: postgresql
   encoding: unicode
   pool: 5
-  database: osso-test
+  database: ossorb-test
   host: ''
   port: 5432

data/{lib/osso/db → db}/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_05_02_135008) do
+ActiveRecord::Schema.define(version: 2020_07_22_230116) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
@@ -46,10 +46,14 @@ ActiveRecord::Schema.define(version: 2020_05_02_135008) do
     t.integer "external_int_id"
     t.string "external_id"
     t.uuid "oauth_client_id"
+    t.string "name", null: false
     t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
     t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
   end
 
+# Could not dump table "identity_providers" because of following StandardError
+#   Unknown type 'identity_provider_status' for column 'status'
+
   create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.uuid "resource_owner_id", null: false
     t.uuid "application_id", null: false
@@ -103,22 +107,10 @@ ActiveRecord::Schema.define(version: 2020_05_02_135008) do
     t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
   end
 
-  create_table "saml_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
-    t.string "provider", null: false
-    t.string "domain", null: false
-    t.string "idp_sso_target_url"
-    t.text "idp_cert"
-    t.uuid "enterprise_account_id"
-    t.uuid "oauth_client_id"
-    t.index ["domain", "provider"], name: "index_saml_providers_on_domain_and_provider", unique: true
-    t.index ["enterprise_account_id"], name: "index_saml_providers_on_enterprise_account_id"
-    t.index ["oauth_client_id"], name: "index_saml_providers_on_oauth_client_id"
-  end
-
   create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "email", null: false
     t.string "idp_id", null: false
-    t.uuid "saml_provider_id"
+    t.uuid "identity_provider_id"
     t.uuid "enterprise_account_id"
     t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
     t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
@@ -128,5 +120,5 @@ ActiveRecord::Schema.define(version: 2020_05_02_135008) do
   add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
   add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
   add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
-  add_foreign_key "users", "saml_providers"
+  add_foreign_key "users", "identity_providers"
 end

data/lib/osso.rb

@@ -4,6 +4,8 @@ module Osso
   require_relative 'osso/helpers/helpers'
   require_relative 'osso/lib/app_config'
   require_relative 'osso/lib/oauth2_token'
+  require_relative 'osso/lib/route_map'
   require_relative 'osso/models/models'
   require_relative 'osso/routes/routes'
+  require_relative 'osso/graphql/schema'
 end

data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb

@@ -0,0 +1,12 @@
+class CreateIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    create_table :identity_providers, id: :uuid do |t|
+      t.string  :service
+      t.string  :domain, null: false
+      t.string :idp_sso_target_url
+      t.text :idp_cert
+    end
+
+    add_index :identity_providers, :domain
+  end
+end

data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb

@@ -1,7 +1,7 @@
 class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
   def change
-    add_column :users, :saml_provider_id, :uuid
+    add_column :users, :identity_provider_id, :uuid
 
-    add_foreign_key :users, :saml_providers
+    add_foreign_key :users, :identity_providers
   end
 end

data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb

@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
 
     add_index :enterprise_accounts, :domain, unique: true
 
-    add_reference :saml_providers, :enterprise_account, type: :uuid, index: true    
+    add_reference :identity_providers, :enterprise_account, type: :uuid, index: true    
     add_reference :users, :enterprise_account, type: :uuid, index: true
   end
 end

data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb

@@ -0,0 +1,6 @@
+class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
+  def change
+    add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
+    add_reference :identity_providers, :oauth_client, type: :uuid, index: true
+  end
+end

data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb

@@ -0,0 +1,17 @@
+class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
+  def change
+    def up
+      execute <<-SQL
+        CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
+      SQL
+      change_column :identity_providers, :service, :identity_provider_service
+    end
+  
+    def down
+      chnage_column :identity_providers, :service, :text
+      execute <<-SQL
+        DROP TYPE identity_provider_service;
+      SQL
+    end
+  end
+end

data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb

@@ -0,0 +1,6 @@
+class RenameIdpFieldsOnIdentityProviderToSso < ActiveRecord::Migration[6.0]
+  def change
+    rename_column :identity_providers, :idp_cert, :sso_cert
+    rename_column :identity_providers, :idp_sso_target_url, :sso_url
+  end
+end

data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb

@@ -0,0 +1,5 @@
+class AddNameToEnterpriseAccount < ActiveRecord::Migration[6.0]
+  def change
+    add_column :enterprise_accounts, :name, :string, null: false
+  end
+end

data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb

@@ -0,0 +1,15 @@
+class AddIdentityProviderStatusEnumAndUseOnIdentityProviders < ActiveRecord::Migration[6.0]
+  def up
+    execute <<~SQL
+      CREATE TYPE identity_provider_status AS ENUM ('PENDING', 'CONFIGURED', 'ACTIVE', 'ERROR');
+    SQL
+    add_column :identity_providers, :status, :identity_provider_status, default: 'PENDING'
+  end
+
+  def down
+    remove_column :identity_providers, :status
+    execute <<~SQL
+      DROP TYPE identity_provider_status;
+    SQL
+  end
+end

data/lib/osso/graphql/mutation.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'mutations'
+
+module Osso
+  module GraphQL
+    module Types
+      class MutationType < BaseObject
+        field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
+        field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
+        field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
+        field :set_identity_provider, mutation: Mutations::SetSamlProvider
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Osso
+  module Mutations
+  end
+end
+
+require_relative 'mutations/base_mutation'
+require_relative 'mutations/configure_identity_provider'
+require_relative 'mutations/create_identity_provider'
+require_relative 'mutations/create_enterprise_account'
+require_relative 'mutations/set_identity_provider'

data/lib/osso/graphql/mutations/base_mutation.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
+        object_class Types::BaseObject
+        input_object_class Types::BaseInputObject
+
+        def response_data(data)
+          data.merge(errors: [])
+        end
+
+        def response_error(error)
+          error.merge(data: nil)
+        end
+
+        def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
+          return true if context[:scope] == :admin
+
+          domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
+        end
+
+        def account_domain(id)
+          return false unless id
+
+          Osso::Models::EnterpriseAccount.find(id)&.domain
+        end
+
+        def provider_domain(id)
+          return false unless id
+
+          Osso::Models::IdentityProvider.find(id)&.domain
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/configure_identity_provider.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class ConfigureIdentityProvider < BaseMutation
+        null false
+        argument :id, ID, required: true
+        argument :service, Types::IdentityProviderService, required: false
+        argument :sso_url, String, required: false
+        argument :sso_cert, String, required: false
+
+        field :identity_provider, Types::IdentityProvider, null: false
+        field :errors, [String], null: false
+
+        def resolve(id:, **args)
+          provider = Osso::Models::IdentityProvider.find(id)
+
+          return response_data(identity_provider: provider) if provider.update(args)
+
+          response_error(errors: provder.errors.messages)
+        end
+
+        def ready?(id:, **args)
+          return true if context[:scope] == :admin
+
+          domain = Osso::Models::IdentityProvider.find(id)&.domain
+
+          return true if domain == context[:scope]
+
+          raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/create_enterprise_account.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class CreateEnterpriseAccount < BaseMutation
+        null false
+
+        argument :domain, String, required: true
+        argument :name, String, required: true
+
+        field :enterprise_account, Types::EnterpriseAccount, null: false
+        field :errors, [String], null: false
+
+        def resolve(**args)
+          enterprise_account = Osso::Models::EnterpriseAccount.new(args)
+
+          return response_data(enterprise_account: enterprise_account) if enterprise_account.save
+
+          response_error(errors: enterprise_account.errors.full_messages)
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/create_identity_provider.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class CreateIdentityProvider < BaseMutation
+        null false
+
+        argument :enterprise_account_id, ID, required: true
+        argument :service, Types::IdentityProviderService, required: false
+
+        field :identity_provider, Types::IdentityProvider, null: false
+        field :errors, [String], null: false
+
+        def resolve(enterprise_account_id:, service: nil)
+          enterprise_account = Osso::Models::EnterpriseAccount.find(enterprise_account_id)
+          identity_provider = enterprise_account.identity_providers.build(
+            enterprise_account_id: enterprise_account_id,
+            service: service,
+            domain: enterprise_account.domain,
+          )
+
+          return response_data(identity_provider: identity_provider) if identity_provider.save
+
+          response_error(errors: identity_provider.errors.full_messages)
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/mutations/set_identity_provider.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Mutations
+      class SetSamlProvider < BaseMutation
+        null false
+
+        argument :provider, Types::IdentityProviderService, required: true
+        argument :id, ID, required: true
+
+        field :identity_provider, Types::IdentityProvider, null: false
+        field :errors, [String], null: false
+
+        def resolve(provider:, id:)
+          identity_provider = Osso::Models::IdentityProvider.find(id)
+          identity_provider.service = provider
+          identity_provider.save!
+          {
+            identity_provider: identity_provider,
+            errors: [],
+          }
+        end
+      end
+    end
+  end
+end

data/lib/osso/graphql/query.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Osso
+  module GraphQL
+    module Types
+      class QueryType < ::GraphQL::Schema::Object
+        field :enterprise_accounts, null: true, resolver: Resolvers::EnterpriseAccounts
+        field :oauth_clients, null: true, resolver: Resolvers::OAuthClients
+
+        field :enterprise_account, null: true, resolver: Resolvers::EnterpriseAccount do
+          argument :domain, String, required: true
+        end
+
+        field(
+          :identity_provider,
+          Types::IdentityProvider,
+          null: true,
+          resolve: ->(_obj, args, _context) { Osso::Models::IdentityProvider.find(args[:id]) },
+        ) do
+          argument :id, ID, required: true
+        end
+      end
+    end
+  end
+end