osso 0.0.3.4 → 0.0.3.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7da5a91a5eda62f96a11772d72afc0e1477e586218233466d2dcd37a89e2aabf
4
- data.tar.gz: 839e333e245142b6fc29738242293f205bae28a4e768e9f35b87d0572708f9f4
3
+ metadata.gz: abe7c30a149dfc3e0b0c457317b07065503bb551e1b93bd9e2a98443460eb426
4
+ data.tar.gz: 41b7772e2a15c6507104b3ceb4922db9b72f9071ac5d0763bb51334bce324a83
5
5
  SHA512:
6
- metadata.gz: 8ede35265fed16afeb20d28608c8b74053ed5e5f11e6a393df87395f5d0ec30f7a58a84834a99bd6c8a16cbe21eaee5f22a4fdec4c0bbf3a7e5d49a760b53f85
7
- data.tar.gz: 3c37e0256ee1758ce915c25ce3d7b83e070ef2cadba85c41649c13b3ede1fa0371eeb10757ce990e47a8669edc3b65424749cf62b5fa8d46f21a132285302e08
6
+ metadata.gz: 90647d30bd113058d75d2e958ac6f116fa26a5e1262460795adbeb438e99dc3fe93ab57610dd705c1ca07a3daf7fb52eba1f651e47979fbc8494ca159cfe8712
7
+ data.tar.gz: 7922ea24bdfff89d21e3f615e8decc4b88c6f672512f5fb04405061c09a178bbe6ab10addec9cd75969e1cec774441d235715c8b4ab631da7bb42a3bd25d8027
@@ -1,3 +1,3 @@
1
1
  steps:
2
2
  - name: ":rspec:"
3
- command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
3
+ command: "bundle install --path vendor/bundle --with development test && RACK_ENV=test bundle exec rake db:migrate && bundle exec rspec"
@@ -1,8 +1,7 @@
1
1
  AllCops:
2
2
  Exclude:
3
- - client/**/*
4
3
  - db/**/*
5
- - node_modules/**/*
4
+ - lib/osso/db/**/*
6
5
 
7
6
  # New rules must be explicitly opted into / out of
8
7
  Lint/RaiseException:
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- osso (0.0.3.4)
4
+ osso (0.0.3.5)
5
5
  activesupport (>= 6.0.3.2)
6
6
  graphql
7
7
  jwt
@@ -1,7 +1,8 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require "bundler/setup"
4
- require "osso"
4
+ require 'bundler/setup'
5
+ require 'osso'
5
6
 
6
- require "irb"
7
+ require 'irb'
7
8
  IRB.start(__FILE__)
@@ -4,6 +4,7 @@ module Osso
4
4
  require_relative 'osso/helpers/helpers'
5
5
  require_relative 'osso/lib/app_config'
6
6
  require_relative 'osso/lib/oauth2_token'
7
+ require_relative 'osso/lib/route_map'
7
8
  require_relative 'osso/models/models'
8
9
  require_relative 'osso/routes/routes'
9
10
  require_relative 'osso/graphql/schema'
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module Osso
3
4
  module Mutations
4
5
  end
@@ -9,4 +9,4 @@ module Osso
9
9
  end
10
10
  end
11
11
  end
12
- end
12
+ end
@@ -4,15 +4,17 @@ module Osso
4
4
  module Helpers
5
5
  module Auth
6
6
  attr_accessor :current_scope
7
-
7
+
8
8
  def enterprise_protected!(domain = nil)
9
9
  return if admin_authorized?
10
10
  return if enterprise_authorized?(domain)
11
11
 
12
+ halt 401 if request.post?
13
+
12
14
  redirect ENV['JWT_URL']
13
15
  end
14
16
 
15
- def enterprise_authorized?(domain)
17
+ def enterprise_authorized?(_domain)
16
18
  payload, _args = JWT.decode(
17
19
  token,
18
20
  ENV['JWT_HMAC_SECRET'],
@@ -66,4 +68,4 @@ module Osso
66
68
  end
67
69
  end
68
70
  end
69
- end
71
+ end
@@ -0,0 +1,28 @@
1
+ # frozen_string_literal: true
2
+
3
+ # rubocop:disable Metrics/MethodLength
4
+
5
+ module Osso
6
+ module RouteMap
7
+ def self.included(klass)
8
+ klass.class_eval do
9
+ use Osso::Admin
10
+ use Osso::Auth
11
+ use Osso::Oauth
12
+
13
+ post '/graphql' do
14
+ enterprise_protected!
15
+
16
+ result = Osso::GraphQL::Schema.execute(
17
+ params[:query],
18
+ variables: params[:variables],
19
+ context: { scope: current_scope },
20
+ )
21
+
22
+ json result
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
28
+ # rubocop:enable Metrics/MethodLength
@@ -29,4 +29,4 @@ module Osso
29
29
  end
30
30
  end
31
31
  end
32
- end
32
+ end
@@ -19,4 +19,4 @@ module Osso
19
19
  end
20
20
  end
21
21
  end
22
- end
22
+ end
@@ -6,33 +6,36 @@ module Osso
6
6
  class Admin < Sinatra::Base
7
7
  include AppConfig
8
8
  helpers Helpers::Auth
9
+ register Sinatra::Namespace
9
10
 
10
11
  before do
11
12
  chomp_token
12
13
  end
13
14
 
14
- get '/' do
15
- admin_protected!
15
+ namespace '/admin' do
16
+ get '' do
17
+ admin_protected!
16
18
 
17
- erb :admin
18
- end
19
+ erb :admin
20
+ end
19
21
 
20
- get '/enterprise' do
21
- admin_protected!
22
+ get '/enterprise' do
23
+ admin_protected!
22
24
 
23
- erb :admin
24
- end
25
+ erb :admin
26
+ end
25
27
 
26
- get '/enterprise/:domain' do
27
- enterprise_protected!(params[:domain])
28
+ get '/enterprise/:domain' do
29
+ enterprise_protected!(params[:domain])
28
30
 
29
- erb :admin
30
- end
31
+ erb :admin
32
+ end
31
33
 
32
- get '/config' do
33
- admin_protected!
34
+ get '/config' do
35
+ admin_protected!
34
36
 
35
- erb :admin
37
+ erb :admin
38
+ end
36
39
  end
37
40
  end
38
41
  end
@@ -8,6 +8,7 @@ require 'omniauth-saml'
8
8
  module Osso
9
9
  class Auth < Sinatra::Base
10
10
  include AppConfig
11
+ register Sinatra::Namespace
11
12
 
12
13
  UUID_REGEXP =
13
14
  /[0-9a-f]{8}-[0-9a-f]{3,4}-[0-9a-f]{4}-[0-9a-f]{3,4}-[0-9a-f]{12}/.
@@ -30,35 +31,37 @@ module Osso
30
31
  end
31
32
  end
32
33
 
33
- # Enterprise users are sent here after authenticating against
34
- # their Identity Provider. We find or create a user record,
35
- # and then create an authorization code for that user. The user
36
- # is redirected back to your application with this code
37
- # as a URL query param, which you then exhange for an access token
38
- post '/saml/:id/callback' do
39
- provider = Models::SamlProvider.find(params[:id])
40
- oauth_client = provider.oauth_client
41
- redirect_uri = env['redirect_uri'] || oauth_client.default_redirect_uri.uri
34
+ namespace '/auth' do
35
+ # Enterprise users are sent here after authenticating against
36
+ # their Identity Provider. We find or create a user record,
37
+ # and then create an authorization code for that user. The user
38
+ # is redirected back to your application with this code
39
+ # as a URL query param, which you then exhange for an access token
40
+ post '/saml/:id/callback' do
41
+ provider = Models::SamlProvider.find(params[:id])
42
+ oauth_client = provider.oauth_client
43
+ redirect_uri = env['redirect_uri'] || oauth_client.default_redirect_uri.uri
42
44
 
43
- attributes = env['omniauth.auth']&.
44
- extra&.
45
- response_object&.
46
- attributes
45
+ attributes = env['omniauth.auth']&.
46
+ extra&.
47
+ response_object&.
48
+ attributes
47
49
 
48
- user = Models::User.where(
49
- email: attributes[:email],
50
- idp_id: attributes[:id],
51
- ).first_or_create! do |new_user|
52
- new_user.enterprise_account_id = provider.enterprise_account_id
53
- new_user.saml_provider_id = provider.id
54
- end
50
+ user = Models::User.where(
51
+ email: attributes[:email],
52
+ idp_id: attributes[:id],
53
+ ).first_or_create! do |new_user|
54
+ new_user.enterprise_account_id = provider.enterprise_account_id
55
+ new_user.saml_provider_id = provider.id
56
+ end
55
57
 
56
- authorization_code = user.authorization_codes.create!(
57
- oauth_client: oauth_client,
58
- redirect_uri: redirect_uri,
59
- )
58
+ authorization_code = user.authorization_codes.create!(
59
+ oauth_client: oauth_client,
60
+ redirect_uri: redirect_uri,
61
+ )
60
62
 
61
- redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{session[:oauth_state]}")
63
+ redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{session[:oauth_state]}")
64
+ end
62
65
  end
63
66
  end
64
67
  end
@@ -5,54 +5,59 @@ require 'rack/oauth2'
5
5
  module Osso
6
6
  class Oauth < Sinatra::Base
7
7
  include AppConfig
8
- # Send your users here in order to being an authentication
9
- # flow. This flow follows the authorization grant oauth
10
- # spec with one exception - you must also pass the domain
11
- # of the user who wants to sign in.
12
- get '/authorize' do
13
- @enterprise = Models::EnterpriseAccount.
14
- includes(:saml_providers).
15
- find_by!(domain: params[:domain])
16
-
17
- Rack::OAuth2::Server::Authorize.new do |req, _res|
18
- client = Models::OauthClient.find_by!(identifier: req.client_id)
19
- req.verify_redirect_uri!(client.redirect_uri_values)
20
- end.call(env)
21
-
22
- if @enterprise.single_provider?
23
- session[:oauth_state] = params[:state]
24
- redirect "/auth/saml/#{@enterprise.provider.id}"
8
+ register Sinatra::Namespace
9
+ # rubocop:disable Metrics/BlockLength
10
+ namespace '/oauth' do
11
+ # Send your users here in order to being an authentication
12
+ # flow. This flow follows the authorization grant oauth
13
+ # spec with one exception - you must also pass the domain
14
+ # of the user who wants to sign in.
15
+ get '/authorize' do
16
+ @enterprise = Models::EnterpriseAccount.
17
+ includes(:saml_providers).
18
+ find_by!(domain: params[:domain])
19
+
20
+ Rack::OAuth2::Server::Authorize.new do |req, _res|
21
+ client = Models::OauthClient.find_by!(identifier: req.client_id)
22
+ req.verify_redirect_uri!(client.redirect_uri_values)
23
+ end.call(env)
24
+
25
+ if @enterprise.single_provider?
26
+ session[:oauth_state] = params[:state]
27
+ redirect "/auth/saml/#{@enterprise.provider.id}"
28
+ end
29
+
30
+ # TODO: multiple provider support
31
+ # erb :multiple_providers
32
+
33
+ rescue Rack::OAuth2::Server::Authorize::BadRequest => e
34
+ @error = e
35
+ return erb :error
25
36
  end
26
37
 
27
- # TODO: multiple provider support
28
- # erb :multiple_providers
29
-
30
- rescue Rack::OAuth2::Server::Authorize::BadRequest => e
31
- @error = e
32
- return erb :error
33
- end
34
-
35
- # Exchange an authorization code token for an access token.
36
- # In addition to the token, you must include all paramaters
37
- # required by Oauth spec: redirect_uri, client ID, and client secret
38
- post '/token' do
39
- Rack::OAuth2::Server::Token.new do |req, res|
40
- code = Models::AuthorizationCode.
41
- find_by_token!(params[:code])
42
- client = Models::OauthClient.find_by!(identifier: req.client_id)
43
- req.invalid_client! if client.secret != req.client_secret
44
- req.invalid_grant! if code.redirect_uri != req.redirect_uri
45
- res.access_token = code.access_token.to_bearer_token
46
- end.call(env)
47
- end
38
+ # Exchange an authorization code token for an access token.
39
+ # In addition to the token, you must include all paramaters
40
+ # required by Oauth spec: redirect_uri, client ID, and client secret
41
+ post '/token' do
42
+ Rack::OAuth2::Server::Token.new do |req, res|
43
+ code = Models::AuthorizationCode.
44
+ find_by_token!(params[:code])
45
+ client = Models::OauthClient.find_by!(identifier: req.client_id)
46
+ req.invalid_client! if client.secret != req.client_secret
47
+ req.invalid_grant! if code.redirect_uri != req.redirect_uri
48
+ res.access_token = code.access_token.to_bearer_token
49
+ end.call(env)
50
+ end
48
51
 
49
- # Use the access token to request a user profile
50
- get '/me' do
51
- json Models::AccessToken.
52
- includes(:user).
53
- valid.
54
- find_by_token!(params[:access_token]).
55
- user
52
+ # Use the access token to request a user profile
53
+ get '/me' do
54
+ json Models::AccessToken.
55
+ includes(:user).
56
+ valid.
57
+ find_by_token!(params[:access_token]).
58
+ user
59
+ end
56
60
  end
57
61
  end
58
62
  end
63
+ # rubocop:enable Metrics/BlockLength
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Osso
4
- VERSION = '0.0.3.4'
4
+ VERSION = '0.0.3.5'
5
5
  end
@@ -2,6 +2,7 @@
2
2
 
3
3
  require_relative 'lib/osso/version'
4
4
 
5
+ # rubocop:disable Metrics/BlockLength
5
6
  Gem::Specification.new do |spec|
6
7
  spec.name = 'osso'
7
8
  spec.version = Osso::VERSION
@@ -30,12 +31,10 @@ Gem::Specification.new do |spec|
30
31
  spec.add_development_dependency 'bundler', '~> 2.1'
31
32
  spec.add_development_dependency 'pry'
32
33
 
33
- # Specify which files should be added to the gem when it is released.
34
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
35
34
  spec.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
36
35
  spec.files = `git ls-files`.split("\n")
37
36
  spec.test_files = `git ls-files -- {spec}/*`.split("\n")
38
37
  spec.bindir = 'bin'
39
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
40
38
  spec.require_paths = ['lib']
41
39
  end
40
+ # rubocop:enable Metrics/BlockLength
@@ -25,7 +25,9 @@ describe Osso::Admin do
25
25
  get('/admin', token: SecureRandom.hex(32))
26
26
 
27
27
  expect(last_response).to be_redirect
28
+
28
29
  follow_redirect!
30
+
29
31
  expect(last_request.url).to eq(jwt_url)
30
32
  end
31
33
 
@@ -14,15 +14,13 @@ ENV['SESSION_SECRET'] = 'supersecret'
14
14
 
15
15
  require File.expand_path '../lib/osso.rb', __dir__
16
16
 
17
+ require File.expand_path 'support/spec_app', __dir__
18
+
17
19
  module RSpecMixin
18
20
  include Rack::Test::Methods
19
21
 
20
22
  def app
21
- Rack::URLMap.new(
22
- '/admin' => Osso::Admin,
23
- '/auth' => Osso::Auth,
24
- '/oauth' => Osso::Oauth,
25
- )
23
+ SpecApp
26
24
  end
27
25
 
28
26
  def mock_saml_omniauth(email: 'user@enterprise.com', id: SecureRandom.uuid)
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ class SpecApp < Sinatra::Base
4
+ include Osso::RouteMap
5
+
6
+ get '/health' do
7
+ 'ok'
8
+ end
9
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: osso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3.4
4
+ version: 0.0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Bauch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-09 00:00:00.000000000 Z
11
+ date: 2020-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -277,6 +277,7 @@ files:
277
277
  - lib/osso/helpers/helpers.rb
278
278
  - lib/osso/lib/app_config.rb
279
279
  - lib/osso/lib/oauth2_token.rb
280
+ - lib/osso/lib/route_map.rb
280
281
  - lib/osso/models/access_token.rb
281
282
  - lib/osso/models/authorization_code.rb
282
283
  - lib/osso/models/enterprise_account.rb
@@ -311,6 +312,7 @@ files:
311
312
  - spec/routes/auth_spec.rb
312
313
  - spec/routes/oauth_spec.rb
313
314
  - spec/spec_helper.rb
315
+ - spec/support/spec_app.rb
314
316
  - spec/support/views/admin.erb
315
317
  homepage: https://github.com/enterprise-oss/osso-rb
316
318
  licenses: