osso 0.0.3.4 → 0.0.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +6 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +5 -1
- data/bin/annotate +1 -0
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +90 -1
- data/lib/osso.rb +1 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/db/migrate/20200722230116_add_identity_provider_status_enum_and_use_on_identity_providers.rb +15 -0
- data/lib/osso/db/migrate/20200723153750_add_missing_timestamps.rb +35 -0
- data/lib/osso/db/migrate/20200723162228_drop_unneeded_tables.rb +9 -0
- data/lib/osso/graphql/mutation.rb +5 -2
- data/lib/osso/graphql/mutations.rb +5 -1
- data/lib/osso/graphql/mutations/base_mutation.rb +24 -7
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +19 -13
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +9 -7
- data/lib/osso/graphql/mutations/create_oauth_client.rb +30 -0
- data/lib/osso/graphql/mutations/delete_enterprise_account.rb +34 -0
- data/lib/osso/graphql/mutations/delete_oauth_client.rb +30 -0
- data/lib/osso/graphql/query.rb +2 -2
- data/lib/osso/graphql/resolvers/oauth_clients.rb +2 -2
- data/lib/osso/graphql/schema.rb +5 -1
- data/lib/osso/graphql/types.rb +2 -0
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +2 -0
- data/lib/osso/graphql/types/enterprise_account.rb +5 -5
- data/lib/osso/graphql/types/identity_provider.rb +6 -13
- data/lib/osso/graphql/types/identity_provider_service.rb +1 -1
- data/lib/osso/graphql/types/identity_provider_status.rb +14 -0
- data/lib/osso/graphql/types/oauth_client.rb +13 -1
- data/lib/osso/helpers/auth.rb +16 -15
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/access_token.rb +18 -0
- data/lib/osso/models/authorization_code.rb +20 -0
- data/lib/osso/models/enterprise_account.rb +24 -4
- data/lib/osso/models/identity_provider.rb +77 -0
- data/lib/osso/models/models.rb +3 -1
- data/lib/osso/models/oauth_client.rb +19 -3
- data/lib/osso/models/redirect_uri.rb +17 -0
- data/lib/osso/models/user.rb +25 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +71 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/mutations/create_oauth_client_spec.rb +55 -0
- data/spec/graphql/mutations/delete_enterprise_account_spec.rb +63 -0
- data/spec/graphql/mutations/delete_oauth_client_spec.rb +51 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_spec.rb +50 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- metadata +47 -16
- data/lib/osso/db/migrate/20200328143303_create_oauth_tables.rb +0 -57
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -27
- data/lib/osso/models/saml_provider.rb +0 -52
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +0 -22
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f0c8535a6ba6dd39ada0f3ba0aa0617ff96bd880ef6985149c0ecbeca57bc1a
|
4
|
+
data.tar.gz: da6bec63d5e071b1c0520e42cd67c3971851445bfad8ec597f1b9d1aef0759d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3e3938abd7b541d6e272cb1b1420e9f4dc75738edd763cc1c35e82db4b315852c125f268ad8ed36528373252c23bdea79b7ac865711abb1c52159cae709c47c5
|
7
|
+
data.tar.gz: fa63314128c1833ddd1136ea1cdacee8e8f4cbfb92a6eaffc0c8ae8dfc0ccb93b62effcac55e0cf916033a32cd1941e5ea915959f032ed6a983133711f4610e0
|
data/.buildkite/pipeline.yml
CHANGED
@@ -1,3 +1,8 @@
|
|
1
1
|
steps:
|
2
2
|
- name: ":rspec:"
|
3
|
-
|
3
|
+
commands:
|
4
|
+
- bundle install
|
5
|
+
- bundle exec rake db:drop
|
6
|
+
- bundle exec rake db:create
|
7
|
+
- RACK_ENV=test bundle exec rake db:migrate
|
8
|
+
- bundle exec rspec
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.9)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
6
|
graphql
|
7
7
|
jwt
|
@@ -32,6 +32,9 @@ GEM
|
|
32
32
|
addressable (2.7.0)
|
33
33
|
public_suffix (>= 2.0.2, < 5.0)
|
34
34
|
aes_key_wrap (1.0.1)
|
35
|
+
annotate (3.1.1)
|
36
|
+
activerecord (>= 3.2, < 7.0)
|
37
|
+
rake (>= 10.4, < 14.0)
|
35
38
|
ast (2.4.1)
|
36
39
|
attr_required (1.0.1)
|
37
40
|
backports (3.18.1)
|
@@ -160,6 +163,7 @@ PLATFORMS
|
|
160
163
|
ruby
|
161
164
|
|
162
165
|
DEPENDENCIES
|
166
|
+
annotate (~> 3.1)
|
163
167
|
bundler (~> 2.1)
|
164
168
|
database_cleaner-active_record
|
165
169
|
factory_bot
|
data/bin/annotate
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
annotate --require osso.rb --models --model-dir ./lib/osso/models/ --position bottom -k -i
|
data/bin/console
CHANGED
data/config/database.yml
CHANGED
@@ -2,13 +2,13 @@ development:
|
|
2
2
|
adapter: postgresql
|
3
3
|
encoding: unicode
|
4
4
|
pool: 5
|
5
|
-
database:
|
5
|
+
database: ossorb-development
|
6
6
|
host: ''
|
7
7
|
port: 5432
|
8
8
|
test:
|
9
9
|
adapter: postgresql
|
10
10
|
encoding: unicode
|
11
11
|
pool: 5
|
12
|
-
database:
|
12
|
+
database: ossorb-test
|
13
13
|
host: ''
|
14
14
|
port: 5432
|
data/db/schema.rb
CHANGED
@@ -1 +1,90 @@
|
|
1
|
-
#
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
+
#
|
5
|
+
# This file is the source Rails uses to define your schema when running `rails
|
6
|
+
# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
|
7
|
+
# be faster and is potentially less error prone than running all of your
|
8
|
+
# migrations from scratch. Old migrations may fail to apply correctly if those
|
9
|
+
# migrations use external dependencies or application code.
|
10
|
+
#
|
11
|
+
# It's strongly recommended that you check this file into your version control system.
|
12
|
+
|
13
|
+
ActiveRecord::Schema.define(version: 2020_07_23_162228) do
|
14
|
+
|
15
|
+
# These are extensions that must be enabled in order to support this database
|
16
|
+
enable_extension "pgcrypto"
|
17
|
+
enable_extension "plpgsql"
|
18
|
+
|
19
|
+
create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
20
|
+
t.string "token"
|
21
|
+
t.datetime "expires_at"
|
22
|
+
t.datetime "created_at", precision: 6, null: false
|
23
|
+
t.datetime "updated_at", precision: 6, null: false
|
24
|
+
t.uuid "user_id"
|
25
|
+
t.uuid "oauth_client_id"
|
26
|
+
t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
|
27
|
+
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "token"
|
32
|
+
t.string "redirect_uri"
|
33
|
+
t.datetime "expires_at"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
t.uuid "user_id"
|
37
|
+
t.uuid "oauth_client_id"
|
38
|
+
t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
|
39
|
+
t.index ["token"], name: "index_authorization_codes_on_token", unique: true
|
40
|
+
t.index ["user_id"], name: "index_authorization_codes_on_user_id"
|
41
|
+
end
|
42
|
+
|
43
|
+
create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
44
|
+
t.string "domain", null: false
|
45
|
+
t.uuid "external_uuid"
|
46
|
+
t.integer "external_int_id"
|
47
|
+
t.string "external_id"
|
48
|
+
t.uuid "oauth_client_id"
|
49
|
+
t.string "name", null: false
|
50
|
+
t.datetime "created_at", null: false
|
51
|
+
t.datetime "updated_at", null: false
|
52
|
+
t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
|
53
|
+
t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
|
54
|
+
end
|
55
|
+
|
56
|
+
# Could not dump table "identity_providers" because of following StandardError
|
57
|
+
# Unknown type 'identity_provider_status' for column 'status'
|
58
|
+
|
59
|
+
create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
60
|
+
t.string "name", null: false
|
61
|
+
t.string "secret", null: false
|
62
|
+
t.string "identifier", null: false
|
63
|
+
t.datetime "created_at", null: false
|
64
|
+
t.datetime "updated_at", null: false
|
65
|
+
t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
|
66
|
+
end
|
67
|
+
|
68
|
+
create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
69
|
+
t.string "uri", null: false
|
70
|
+
t.boolean "primary", default: false, null: false
|
71
|
+
t.uuid "oauth_client_id"
|
72
|
+
t.datetime "created_at", null: false
|
73
|
+
t.datetime "updated_at", null: false
|
74
|
+
t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
|
75
|
+
t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
|
76
|
+
end
|
77
|
+
|
78
|
+
create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
79
|
+
t.string "email", null: false
|
80
|
+
t.string "idp_id", null: false
|
81
|
+
t.uuid "identity_provider_id"
|
82
|
+
t.uuid "enterprise_account_id"
|
83
|
+
t.datetime "created_at", null: false
|
84
|
+
t.datetime "updated_at", null: false
|
85
|
+
t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
|
86
|
+
t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
|
87
|
+
end
|
88
|
+
|
89
|
+
add_foreign_key "users", "identity_providers"
|
90
|
+
end
|
data/lib/osso.rb
CHANGED
@@ -4,6 +4,7 @@ module Osso
|
|
4
4
|
require_relative 'osso/helpers/helpers'
|
5
5
|
require_relative 'osso/lib/app_config'
|
6
6
|
require_relative 'osso/lib/oauth2_token'
|
7
|
+
require_relative 'osso/lib/route_map'
|
7
8
|
require_relative 'osso/models/models'
|
8
9
|
require_relative 'osso/routes/routes'
|
9
10
|
require_relative 'osso/graphql/schema'
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :identity_providers, id: :uuid do |t|
|
4
|
+
t.string :service
|
5
|
+
t.string :domain, null: false
|
6
|
+
t.string :idp_sso_target_url
|
7
|
+
t.text :idp_cert
|
8
|
+
end
|
9
|
+
|
10
|
+
add_index :identity_providers, :domain
|
11
|
+
end
|
12
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
|
2
2
|
def change
|
3
|
-
add_column :users, :
|
3
|
+
add_column :users, :identity_provider_id, :uuid
|
4
4
|
|
5
|
-
add_foreign_key :users, :
|
5
|
+
add_foreign_key :users, :identity_providers
|
6
6
|
end
|
7
7
|
end
|
@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
|
|
9
9
|
|
10
10
|
add_index :enterprise_accounts, :domain, unique: true
|
11
11
|
|
12
|
-
add_reference :
|
12
|
+
add_reference :identity_providers, :enterprise_account, type: :uuid, index: true
|
13
13
|
add_reference :users, :enterprise_account, type: :uuid, index: true
|
14
14
|
end
|
15
15
|
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
|
4
|
+
add_reference :identity_providers, :oauth_client, type: :uuid, index: true
|
5
|
+
end
|
6
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
def up
|
4
|
+
execute <<-SQL
|
5
|
+
CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
|
6
|
+
SQL
|
7
|
+
change_column :identity_providers, :service, :identity_provider_service
|
8
|
+
end
|
9
|
+
|
10
|
+
def down
|
11
|
+
chnage_column :identity_providers, :service, :text
|
12
|
+
execute <<-SQL
|
13
|
+
DROP TYPE identity_provider_service;
|
14
|
+
SQL
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class AddIdentityProviderStatusEnumAndUseOnIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def up
|
3
|
+
execute <<~SQL
|
4
|
+
CREATE TYPE identity_provider_status AS ENUM ('PENDING', 'CONFIGURED', 'ACTIVE', 'ERROR');
|
5
|
+
SQL
|
6
|
+
add_column :identity_providers, :status, :identity_provider_status, default: 'PENDING'
|
7
|
+
end
|
8
|
+
|
9
|
+
def down
|
10
|
+
remove_column :identity_providers, :status
|
11
|
+
execute <<~SQL
|
12
|
+
DROP TYPE identity_provider_status;
|
13
|
+
SQL
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class AddMissingTimestamps < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_column :enterprise_accounts, :created_at, :timestamp
|
4
|
+
add_column :enterprise_accounts, :updated_at, :timestamp
|
5
|
+
update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"
|
6
|
+
change_column_null :enterprise_accounts, :created_at, false
|
7
|
+
change_column_null :enterprise_accounts, :updated_at, false
|
8
|
+
|
9
|
+
|
10
|
+
add_column :identity_providers, :created_at, :timestamp
|
11
|
+
add_column :identity_providers, :updated_at, :timestamp
|
12
|
+
update "UPDATE enterprise_accounts SET created_at = NOW(), updated_at = NOW()"
|
13
|
+
change_column_null :enterprise_accounts, :created_at, false
|
14
|
+
change_column_null :enterprise_accounts, :updated_at, false
|
15
|
+
|
16
|
+
add_column :oauth_clients, :created_at, :timestamp
|
17
|
+
add_column :oauth_clients, :updated_at, :timestamp
|
18
|
+
update "UPDATE oauth_clients SET created_at = NOW(), updated_at = NOW()"
|
19
|
+
change_column_null :oauth_clients, :created_at, false
|
20
|
+
change_column_null :oauth_clients, :updated_at, false
|
21
|
+
|
22
|
+
add_column :redirect_uris, :created_at, :timestamp
|
23
|
+
add_column :redirect_uris, :updated_at, :timestamp
|
24
|
+
update "UPDATE redirect_uris SET created_at = NOW(), updated_at = NOW()"
|
25
|
+
change_column_null :redirect_uris, :created_at, false
|
26
|
+
change_column_null :redirect_uris, :updated_at, false
|
27
|
+
|
28
|
+
add_column :users, :created_at, :timestamp
|
29
|
+
add_column :users, :updated_at, :timestamp
|
30
|
+
update "UPDATE users SET created_at = NOW(), updated_at = NOW()"
|
31
|
+
change_column_null :users, :created_at, false
|
32
|
+
change_column_null :users, :updated_at, false
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
@@ -6,9 +6,12 @@ module Osso
|
|
6
6
|
module GraphQL
|
7
7
|
module Types
|
8
8
|
class MutationType < BaseObject
|
9
|
-
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider
|
9
|
+
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
|
10
10
|
field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
|
11
|
-
field :
|
11
|
+
field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
|
12
|
+
field :create_oauth_client, mutation: Mutations::CreateOauthClient
|
13
|
+
field :delete_enterprise_account, mutation: Mutations::DeleteEnterpriseAccount
|
14
|
+
field :delete_oauth_client, mutation: Mutations::DeleteOauthClient
|
12
15
|
end
|
13
16
|
end
|
14
17
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Osso
|
3
4
|
module Mutations
|
4
5
|
end
|
@@ -7,4 +8,7 @@ end
|
|
7
8
|
require_relative 'mutations/base_mutation'
|
8
9
|
require_relative 'mutations/configure_identity_provider'
|
9
10
|
require_relative 'mutations/create_identity_provider'
|
10
|
-
require_relative 'mutations/
|
11
|
+
require_relative 'mutations/create_enterprise_account'
|
12
|
+
require_relative 'mutations/create_oauth_client'
|
13
|
+
require_relative 'mutations/delete_enterprise_account'
|
14
|
+
require_relative 'mutations/delete_oauth_client'
|
@@ -4,20 +4,37 @@ module Osso
|
|
4
4
|
module GraphQL
|
5
5
|
module Mutations
|
6
6
|
class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
|
7
|
-
# This is used for generating payload types
|
8
7
|
object_class Types::BaseObject
|
9
|
-
|
10
|
-
# field_class Types::BaseField
|
11
|
-
# # This is used for generating the `input: { ... }` object type
|
12
|
-
# input_object_class Types::BaseInputObject
|
8
|
+
input_object_class Types::BaseInputObject
|
13
9
|
|
14
|
-
def
|
10
|
+
def response_data(data)
|
15
11
|
data.merge(errors: [])
|
16
12
|
end
|
17
13
|
|
18
|
-
def
|
14
|
+
def response_error(error)
|
19
15
|
error.merge(data: nil)
|
20
16
|
end
|
17
|
+
|
18
|
+
def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
|
19
|
+
return true if context[:scope] == :admin
|
20
|
+
|
21
|
+
domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
|
22
|
+
return true if domain == context[:scope]
|
23
|
+
|
24
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
|
25
|
+
end
|
26
|
+
|
27
|
+
def account_domain(id)
|
28
|
+
return false unless id
|
29
|
+
|
30
|
+
Osso::Models::EnterpriseAccount.find(id)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def provider_domain(id)
|
34
|
+
return false unless id
|
35
|
+
|
36
|
+
Osso::Models::IdentityProvider.find(id)&.domain
|
37
|
+
end
|
21
38
|
end
|
22
39
|
end
|
23
40
|
end
|
@@ -6,23 +6,29 @@ module Osso
|
|
6
6
|
class ConfigureIdentityProvider < BaseMutation
|
7
7
|
null false
|
8
8
|
argument :id, ID, required: true
|
9
|
-
argument :service, Types::IdentityProviderService, required:
|
10
|
-
argument :sso_url, String, required:
|
11
|
-
argument :sso_cert, String, required:
|
9
|
+
argument :service, Types::IdentityProviderService, required: false
|
10
|
+
argument :sso_url, String, required: false
|
11
|
+
argument :sso_cert, String, required: false
|
12
12
|
|
13
|
-
field :identity_provider, Types::IdentityProvider, null:
|
13
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
14
14
|
field :errors, [String], null: false
|
15
15
|
|
16
|
-
def resolve(id:,
|
17
|
-
provider = Osso::Models::
|
18
|
-
provider.update(
|
19
|
-
idp_cert: sso_cert,
|
20
|
-
idp_sso_target_url: sso_url,
|
21
|
-
)
|
16
|
+
def resolve(id:, **args)
|
17
|
+
provider = Osso::Models::IdentityProvider.find(id)
|
22
18
|
|
23
|
-
|
24
|
-
|
25
|
-
|
19
|
+
return response_data(identity_provider: provider) if provider.update(args)
|
20
|
+
|
21
|
+
response_error(errors: provder.errors.messages)
|
22
|
+
end
|
23
|
+
|
24
|
+
def ready?(id:, **_args)
|
25
|
+
return true if context[:scope] == :admin
|
26
|
+
|
27
|
+
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
+
|
29
|
+
return true if domain == context[:scope]
|
30
|
+
|
31
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
|
26
32
|
end
|
27
33
|
end
|
28
34
|
end
|