osso 0.0.3.4 → 0.0.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +6 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +5 -1
- data/bin/annotate +1 -0
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +90 -1
- data/lib/osso.rb +1 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb +15 -0
- data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
- data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
- data/lib/osso/graphql/mutation.rb +5 -2
- data/lib/osso/graphql/mutations.rb +5 -1
- data/lib/osso/graphql/mutations/base_mutation.rb +24 -7
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -13
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
- data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
- data/lib/osso/graphql/query.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/schema.rb +5 -1
- data/lib/osso/graphql/types.rb +2 -0
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +2 -0
- data/lib/osso/graphql/types/enterprise_account.rb +5 -5
- data/lib/osso/graphql/types/identity_provider.rb +6 -13
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -1
- data/lib/osso/graphql/types/identity_provider_status.rb +14 -0
- data/lib/osso/graphql/types/oauth_client.rb +13 -1
- data/lib/osso/helpers/auth.rb +16 -15
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/access_token.rb +18 -0
- data/lib/osso/models/authorization_code.rb +20 -0
- data/lib/osso/models/enterprise_account.rb +24 -4
- data/lib/osso/models/identity_provider.rb +77 -0
- data/lib/osso/models/models.rb +3 -1
- data/lib/osso/models/oauth_client.rb +19 -3
- data/lib/osso/models/redirect_uri.rb +17 -0
- data/lib/osso/models/user.rb +25 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +71 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_spec.rb +50 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- metadata +47 -16
- data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -27
- data/lib/osso/models/saml_provider.rb +0 -52
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f0c8535a6ba6dd39ada0f3ba0aa0617ff96bd880ef6985149c0ecbeca57bc1a
|
4
|
+
data.tar.gz: da6bec63d5e071b1c0520e42cd67c3971851445bfad8ec597f1b9d1aef0759d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3e3938abd7b541d6e272cb1b1420e9f4dc75738edd763cc1c35e82db4b315852c125f268ad8ed36528373252c23bdea79b7ac865711abb1c52159cae709c47c5
|
7
|
+
data.tar.gz: fa63314128c1833ddd1136ea1cdacee8e8f4cbfb92a6eaffc0c8ae8dfc0ccb93b62effcac55e0cf916033a32cd1941e5ea915959f032ed6a983133711f4610e0
|
data/.buildkite/pipeline.yml
CHANGED
@@ -1,3 +1,8 @@
|
|
1
1
|
steps:
|
2
2
|
- name: ":rspec:"
|
3
|
-
|
3
|
+
commands:
|
4
|
+
- bundle install
|
5
|
+
- bundle exec rake db:drop
|
6
|
+
- bundle exec rake db:create
|
7
|
+
- RACK_ENV=test bundle exec rake db:migrate
|
8
|
+
- bundle exec rspec
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.9)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
graphql
|
7
7
|
jwt
|
@@ -32,6 +32,9 @@ GEM
|
|
32
32
|
addressable (2.7.0)
|
33
33
|
public_suffix (>= 2.0.2, < 5.0)
|
34
34
|
aes_key_wrap (1.0.1)
|
35
|
+
annotate (3.1.1)
|
36
|
+
activerecord (>= 3.2, < 7.0)
|
37
|
+
rake (>= 10.4, < 14.0)
|
35
38
|
ast (2.4.1)
|
36
39
|
attr_required (1.0.1)
|
37
40
|
backports (3.18.1)
|
@@ -160,6 +163,7 @@ PLATFORMS
|
|
160
163
|
ruby
|
161
164
|
|
162
165
|
DEPENDENCIES
|
166
|
+
annotate (~> 3.1)
|
163
167
|
bundler (~> 2.1)
|
164
168
|
database_cleaner-active_record
|
165
169
|
factory_bot
|
data/bin/annotate
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
annotate --require osso.rb --models --model-dir ./lib/osso/models/ --position bottom -k -i
|
data/bin/console
CHANGED
data/config/database.yml
CHANGED
@@ -2,13 +2,13 @@ development:
|
|
2
2
|
adapter: postgresql
|
3
3
|
encoding: unicode
|
4
4
|
pool: 5
|
5
|
-
database:
|
5
|
+
database: ossorb-development
|
6
6
|
host: ''
|
7
7
|
port: 5432
|
8
8
|
test:
|
9
9
|
adapter: postgresql
|
10
10
|
encoding: unicode
|
11
11
|
pool: 5
|
12
|
-
database:
|
12
|
+
database: ossorb-test
|
13
13
|
host: ''
|
14
14
|
port: 5432
|
data/db/schema.rb
CHANGED
@@ -1 +1,90 @@
|
|
1
|
-
#
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
+
#
|
5
|
+
# This file is the source Rails uses to define your schema when running `rails
|
6
|
+
# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
|
7
|
+
# be faster and is potentially less error prone than running all of your
|
8
|
+
# migrations from scratch. Old migrations may fail to apply correctly if those
|
9
|
+
# migrations use external dependencies or application code.
|
10
|
+
#
|
11
|
+
# It's strongly recommended that you check this file into your version control system.
|
12
|
+
|
13
|
+
ActiveRecord::Schema.define(version: 2020_07_23_162228) do
|
14
|
+
|
15
|
+
# These are extensions that must be enabled in order to support this database
|
16
|
+
enable_extension "pgcrypto"
|
17
|
+
enable_extension "plpgsql"
|
18
|
+
|
19
|
+
create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
20
|
+
t.string "token"
|
21
|
+
t.datetime "expires_at"
|
22
|
+
t.datetime "created_at", precision: 6, null: false
|
23
|
+
t.datetime "updated_at", precision: 6, null: false
|
24
|
+
t.uuid "user_id"
|
25
|
+
t.uuid "oauth_client_id"
|
26
|
+
t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
|
27
|
+
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "token"
|
32
|
+
t.string "redirect_uri"
|
33
|
+
t.datetime "expires_at"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
t.uuid "user_id"
|
37
|
+
t.uuid "oauth_client_id"
|
38
|
+
t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
|
39
|
+
t.index ["token"], name: "index_authorization_codes_on_token", unique: true
|
40
|
+
t.index ["user_id"], name: "index_authorization_codes_on_user_id"
|
41
|
+
end
|
42
|
+
|
43
|
+
create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
44
|
+
t.string "domain", null: false
|
45
|
+
t.uuid "external_uuid"
|
46
|
+
t.integer "external_int_id"
|
47
|
+
t.string "external_id"
|
48
|
+
t.uuid "oauth_client_id"
|
49
|
+
t.string "name", null: false
|
50
|
+
t.datetime "created_at", null: false
|
51
|
+
t.datetime "updated_at", null: false
|
52
|
+
t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
|
53
|
+
t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
|
54
|
+
end
|
55
|
+
|
56
|
+
# Could not dump table "identity_providers" because of following StandardError
|
57
|
+
# Unknown type 'identity_provider_status' for column 'status'
|
58
|
+
|
59
|
+
create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
60
|
+
t.string "name", null: false
|
61
|
+
t.string "secret", null: false
|
62
|
+
t.string "identifier", null: false
|
63
|
+
t.datetime "created_at", null: false
|
64
|
+
t.datetime "updated_at", null: false
|
65
|
+
t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
|
66
|
+
end
|
67
|
+
|
68
|
+
create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
69
|
+
t.string "uri", null: false
|
70
|
+
t.boolean "primary", default: false, null: false
|
71
|
+
t.uuid "oauth_client_id"
|
72
|
+
t.datetime "created_at", null: false
|
73
|
+
t.datetime "updated_at", null: false
|
74
|
+
t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
|
75
|
+
t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
|
76
|
+
end
|
77
|
+
|
78
|
+
create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
79
|
+
t.string "email", null: false
|
80
|
+
t.string "idp_id", null: false
|
81
|
+
t.uuid "identity_provider_id"
|
82
|
+
t.uuid "enterprise_account_id"
|
83
|
+
t.datetime "created_at", null: false
|
84
|
+
t.datetime "updated_at", null: false
|
85
|
+
t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
|
86
|
+
t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
|
87
|
+
end
|
88
|
+
|
89
|
+
add_foreign_key "users", "identity_providers"
|
90
|
+
end
|
data/lib/osso.rb
CHANGED
@@ -4,6 +4,7 @@ module Osso
|
|
4
4
|
require_relative 'osso/helpers/helpers'
|
5
5
|
require_relative 'osso/lib/app_config'
|
6
6
|
require_relative 'osso/lib/oauth2_token'
|
7
|
+
require_relative 'osso/lib/route_map'
|
7
8
|
require_relative 'osso/models/models'
|
8
9
|
require_relative 'osso/routes/routes'
|
9
10
|
require_relative 'osso/graphql/schema'
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :identity_providers, id: :uuid do |t|
|
4
|
+
t.string :service
|
5
|
+
t.string :domain, null: false
|
6
|
+
t.string :idp_sso_target_url
|
7
|
+
t.text :idp_cert
|
8
|
+
end
|
9
|
+
|
10
|
+
add_index :identity_providers, :domain
|
11
|
+
end
|
12
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
|
2
2
|
def change
|
3
|
-
add_column :users, :
|
3
|
+
add_column :users, :identity_provider_id, :uuid
|
4
4
|
|
5
|
-
add_foreign_key :users, :
|
5
|
+
add_foreign_key :users, :identity_providers
|
6
6
|
end
|
7
7
|
end
|
@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
|
|
9
9
|
|
10
10
|
add_index :enterprise_accounts, :domain, unique: true
|
11
11
|
|
12
|
-
add_reference :
|
12
|
+
add_reference :identity_providers, :enterprise_account, type: :uuid, index: true
|
13
13
|
add_reference :users, :enterprise_account, type: :uuid, index: true
|
14
14
|
end
|
15
15
|
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
|
4
|
+
add_reference :identity_providers, :oauth_client, type: :uuid, index: true
|
5
|
+
end
|
6
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
def up
|
4
|
+
execute <<-SQL
|
5
|
+
CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
|
6
|
+
SQL
|
7
|
+
change_column :identity_providers, :service, :identity_provider_service
|
8
|
+
end
|
9
|
+
|
10
|
+
def down
|
11
|
+
chnage_column :identity_providers, :service, :text
|
12
|
+
execute <<-SQL
|
13
|
+
DROP TYPE identity_provider_service;
|
14
|
+
SQL
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class AddIdentityProviderStatusEnumAndUseOnIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def up
|
3
|
+
execute <<~SQL
|
4
|
+
CREATE TYPE identity_provider_status AS ENUM ('PENDING', 'CONFIGURED', 'ACTIVE', 'ERROR');
|
5
|
+
SQL
|
6
|
+
add_column :identity_providers, :status, :identity_provider_status, default: 'PENDING'
|
7
|
+
end
|
8
|
+
|
9
|
+
def down
|
10
|
+
remove_column :identity_providers, :status
|
11
|
+
execute <<~SQL
|
12
|
+
DROP TYPE identity_provider_status;
|
13
|
+
SQL
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class AddMissingTimestamps < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_column :enterprise_accounts, :created_at, :timestamp
|
4
|
+
add_column :enterprise_accounts, :updated_at, :timestamp
|
5
|
+
update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"
|
6
|
+
change_column_null :enterprise_accounts, :created_at, false
|
7
|
+
change_column_null :enterprise_accounts, :updated_at, false
|
8
|
+
|
9
|
+
|
10
|
+
add_column :identity_providers, :created_at, :timestamp
|
11
|
+
add_column :identity_providers, :updated_at, :timestamp
|
12
|
+
update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"
|
13
|
+
change_column_null :enterprise_accounts, :created_at, false
|
14
|
+
change_column_null :enterprise_accounts, :updated_at, false
|
15
|
+
|
16
|
+
add_column :oauth_clients, :created_at, :timestamp
|
17
|
+
add_column :oauth_clients, :updated_at, :timestamp
|
18
|
+
update "UPDATE oauth_clients SET created_at = NOW(), updated_at = NOW()"
|
19
|
+
change_column_null :oauth_clients, :created_at, false
|
20
|
+
change_column_null :oauth_clients, :updated_at, false
|
21
|
+
|
22
|
+
add_column :redirect_uris, :created_at, :timestamp
|
23
|
+
add_column :redirect_uris, :updated_at, :timestamp
|
24
|
+
update "UPDATE redirect_uris SET created_at = NOW(), updated_at = NOW()"
|
25
|
+
change_column_null :redirect_uris, :created_at, false
|
26
|
+
change_column_null :redirect_uris, :updated_at, false
|
27
|
+
|
28
|
+
add_column :users, :created_at, :timestamp
|
29
|
+
add_column :users, :updated_at, :timestamp
|
30
|
+
update "UPDATE users SET created_at = NOW(), updated_at = NOW()"
|
31
|
+
change_column_null :users, :created_at, false
|
32
|
+
change_column_null :users, :updated_at, false
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
@@ -6,9 +6,12 @@ module Osso
|
|
6
6
|
module GraphQL
|
7
7
|
module Types
|
8
8
|
class MutationType < BaseObject
|
9
|
-
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
|
9
|
+
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
|
10
10
|
field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
|
11
|
-
field :
|
11
|
+
field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
|
12
|
+
field :create_oauth_client, mutation: Mutations::CreateOauthClient
|
13
|
+
field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
|
14
|
+
field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
|
12
15
|
end
|
13
16
|
end
|
14
17
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Osso
|
3
4
|
module Mutations
|
4
5
|
end
|
@@ -7,4 +8,7 @@ end
|
|
7
8
|
require_relative 'mutations/base_mutation'
|
8
9
|
require_relative 'mutations/configure_identity_provider'
|
9
10
|
require_relative 'mutations/create_identity_provider'
|
10
|
-
require_relative 'mutations/
|
11
|
+
require_relative 'mutations/create_enterprise_account'
|
12
|
+
require_relative 'mutations/create_oauth_client'
|
13
|
+
require_relative 'mutations/delete_enterprise_account'
|
14
|
+
require_relative 'mutations/delete_oauth_client'
|
@@ -4,20 +4,37 @@ module Osso
|
|
4
4
|
module GraphQL
|
5
5
|
module Mutations
|
6
6
|
class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
|
7
|
-
# This is used for generating payload types
|
8
7
|
object_class Types::BaseObject
|
9
|
-
|
10
|
-
# field_class Types::BaseField
|
11
|
-
# # This is used for generating the `input: { ... }` object type
|
12
|
-
# input_object_class Types::BaseInputObject
|
8
|
+
input_object_class Types::BaseInputObject
|
13
9
|
|
14
|
-
def
|
10
|
+
def response_data(data)
|
15
11
|
data.merge(errors: [])
|
16
12
|
end
|
17
13
|
|
18
|
-
def
|
14
|
+
def response_error(error)
|
19
15
|
error.merge(data: nil)
|
20
16
|
end
|
17
|
+
|
18
|
+
def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
|
19
|
+
return true if context[:scope] == :admin
|
20
|
+
|
21
|
+
domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
|
22
|
+
return true if domain == context[:scope]
|
23
|
+
|
24
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
|
25
|
+
end
|
26
|
+
|
27
|
+
def account_domain(id)
|
28
|
+
return false unless id
|
29
|
+
|
30
|
+
Osso::Models::EnterpriseAccount.find(id)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def provider_domain(id)
|
34
|
+
return false unless id
|
35
|
+
|
36
|
+
Osso::Models::IdentityProvider.find(id)&.domain
|
37
|
+
end
|
21
38
|
end
|
22
39
|
end
|
23
40
|
end
|
@@ -6,23 +6,29 @@ module Osso
|
|
6
6
|
class ConfigureIdentityProvider < BaseMutation
|
7
7
|
null false
|
8
8
|
argument :id, ID, required: true
|
9
|
-
argument :service, Types::IdentityProviderService, required:
|
10
|
-
argument :sso_url, String, required:
|
11
|
-
argument :sso_cert, String, required:
|
9
|
+
argument :service, Types::IdentityProviderService, required: false
|
10
|
+
argument :sso_url, String, required: false
|
11
|
+
argument :sso_cert, String, required: false
|
12
12
|
|
13
|
-
field :identity_provider, Types::IdentityProvider, null:
|
13
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
14
14
|
field :errors, [String], null: false
|
15
15
|
|
16
|
-
def resolve(id:,
|
17
|
-
provider = Osso::Models::
|
18
|
-
provider.update(
|
19
|
-
idp_cert: sso_cert,
|
20
|
-
idp_sso_target_url: sso_url,
|
21
|
-
)
|
16
|
+
def resolve(id:, **args)
|
17
|
+
provider = Osso::Models::IdentityProvider.find(id)
|
22
18
|
|
23
|
-
|
24
|
-
|
25
|
-
|
19
|
+
return response_data(identity_provider: provider) if provider.update(args)
|
20
|
+
|
21
|
+
response_error(errors: provder.errors.messages)
|
22
|
+
end
|
23
|
+
|
24
|
+
def ready?(id:, **_args)
|
25
|
+
return true if context[:scope] == :admin
|
26
|
+
|
27
|
+
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
+
|
29
|
+
return true if domain == context[:scope]
|
30
|
+
|
31
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
|
26
32
|
end
|
27
33
|
end
|
28
34
|
end
|